Merge system certs with internal one

8 files changed, 24 insertions, 20 deletions

diff --git a/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt b/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
index d3cca0b084..685a79876b 100644
--- a/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
@@ -692,10 +692,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc
diff --git a/contrib/libs/grpc/CMakeLists.linux-aarch64.txt b/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
index 1eabb8ec85..3492a1c28c 100644
--- a/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
@@ -693,10 +693,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc
diff --git a/contrib/libs/grpc/CMakeLists.linux-x86_64.txt b/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
index 1eabb8ec85..3492a1c28c 100644
--- a/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
@@ -693,10 +693,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc
diff --git a/contrib/libs/grpc/CMakeLists.windows-x86_64.txt b/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
index 521c850635..029fc35620 100644
--- a/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
@@ -691,10 +691,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc
diff --git a/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp b/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
new file mode 100644
index 0000000000..15629cfbe7
--- /dev/null
+++ b/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
@@ -0,0 +1,16 @@
+#include "add_arcadia_root_certs.h"
+#include "grpc/support/alloc.h"
+
+#include <library/cpp/resource/resource.h>
+
+namespace grpc_core {
+    grpc_slice AddArcadiaRootCerts(grpc_slice systemCerts) {
+        TString cacert = NResource::Find("/builtin/cacert");
+        size_t sumSize = cacert.size() + GRPC_SLICE_LENGTH(systemCerts);
+        char* bundleString = static_cast<char*>(gpr_zalloc(sumSize + 1)); // With \0.
+        memcpy(bundleString, cacert.data(), cacert.size());
+        memcpy(bundleString + cacert.size(), GRPC_SLICE_START_PTR(systemCerts), GRPC_SLICE_LENGTH(systemCerts));
+        grpc_slice_unref(systemCerts);
+        return grpc_slice_new(bundleString, sumSize, gpr_free);
+    }
+}
diff --git a/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.h b/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.h
index fb57648e48..d41bb2032f 100644
--- a/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.h
+++ b/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.h
@@ -3,5 +3,5 @@
 #include <grpc/slice.h>
 
 namespace grpc_core {
-    grpc_slice LoadArcadiaRootCerts();
+    grpc_slice AddArcadiaRootCerts(grpc_slice systemCerts);
 }
diff --git a/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp b/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
deleted file mode 100644
index d07d3b21b8..0000000000
--- a/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
+++ /dev/null
@@ -1,10 +0,0 @@
-#include "load_arcadia_root_certs.h"
-
-#include <library/cpp/resource/resource.h>
-
-namespace grpc_core {
-    grpc_slice LoadArcadiaRootCerts() {
-        TString cacert = NResource::Find("/builtin/cacert");
-        return grpc_slice_from_copied_buffer(cacert.data(), cacert.size() + 1); // With \0.
-    }
-}
diff --git a/contrib/libs/grpc/src/core/lib/security/security_connector/ssl_utils.cc b/contrib/libs/grpc/src/core/lib/security/security_connector/ssl_utils.cc
index c6996e6d12..d5e50a4213 100644
--- a/contrib/libs/grpc/src/core/lib/security/security_connector/ssl_utils.cc
+++ b/contrib/libs/grpc/src/core/lib/security/security_connector/ssl_utils.cc
@@ -39,7 +39,7 @@
 #include "src/core/lib/security/security_connector/ssl_utils_config.h"
 #include "src/core/tsi/ssl_transport_security.h"
 
-#include "load_arcadia_root_certs.h"
+#include "add_arcadia_root_certs.h"
 
 /* -- Constants. -- */
 
@@ -589,13 +589,11 @@ grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
     }
     gpr_free(pem_root_certs);
   }
-  // Load Arcadia certs.
-  if (GRPC_SLICE_IS_EMPTY(result)) {
-    result = LoadArcadiaRootCerts();
-  }
   // Try loading roots from OS trust store if flag is enabled.
   if (GRPC_SLICE_IS_EMPTY(result) && !not_use_system_roots) {
     result = LoadSystemRootCerts();
+    // Merge with Arcadia certs.
+    result = AddArcadiaRootCerts(result);
   }
   // Fallback to roots manually shipped with gRPC.
   if (GRPC_SLICE_IS_EMPTY(result) &&