fix: validate PSC DNS name in server certificate (GoogleCloudPlatform#628)

enocom · web-flow · commit 32c934f6e641 · 2025-04-29T11:07:19.000-06:00
diff --git a/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConnectionSocket.java b/alloydb-jdbc-connector/src/main/java/com/google/cloud/alloydb/ConnectionSocket.java
@@ -108,23 +108,14 @@ Socket connect() throws IOException {
               "Instance does not have an address matching type: %s", connectionConfig.getIpType()));
     }
 
-    // Use the instance's address as a HostName.
-    String serverName = address;
-    // TODO: use the correct address as server name once PSC DNS is populated
-    // in all existing clusters. When that happens, delete this if statement.
-    // https://github.com/GoogleCloudPlatform/alloydb-java-connector/issues/499
-    if (connectionConfig.getIpType().equals(IpType.PSC)) {
-      serverName = connectionInfo.getIpAddress();
-    }
-
     logger.debug(String.format("[%s] Connecting to instance.", address));
 
     SSLParameters sslParameters = socket.getSSLParameters();
     // Set HTTPS as the the endpoint identification algorithm
     // in order to verify the identity of the certificate as
     // suggested at https://stackoverflow.com/a/17979954/927514
     sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
-    sslParameters.setServerNames(Collections.singletonList(new SNIHostName(serverName)));
+    sslParameters.setServerNames(Collections.singletonList(new SNIHostName(address)));
 
     socket.setSSLParameters(sslParameters);
     socket.setKeepAlive(true);
