From 190381b1a0290e2f28c6f7744cecf8df5f45c8cd Mon Sep 17 00:00:00 2001
From: srkethireddy <73372452+srkethireddy@users.noreply.github.com>
Date: Fri, 31 Oct 2025 08:22:42 -0700
Subject: [PATCH 1/2] alts: Override metadata server address with env variable

Adding an option to override "metadata.google.internal.:8080" by setting
a value for GCE_METADATA_HOST environment variable.

b/451639946
---
 .../main/java/io/grpc/alts/HandshakerServiceChannel.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
index fa1d4f7fa1c..f03cc6f8c94 100644
--- a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
+++ b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
@@ -16,6 +16,7 @@
 
 package io.grpc.alts;
 
+import com.google.common.base.MoreObjects;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -39,7 +40,10 @@
 final class HandshakerServiceChannel {
 
   static final Resource<Channel> SHARED_HANDSHAKER_CHANNEL =
-      new ChannelResource("metadata.google.internal.:8080");
+      new ChannelResource(
+          MoreObjects.firstNonNull(
+              System.getenv("GCE_METADATA_HOST"), "metadata.google.internal.:8080"));
+
 
   /** Returns a resource of handshaker service channel for testing only. */
   static Resource<Channel> getHandshakerChannelForTesting(String handshakerAddress) {

From e63cae390b674b6781d4d8915a2279a776d6a2da Mon Sep 17 00:00:00 2001
From: srkethireddy <73372452+srkethireddy@users.noreply.github.com>
Date: Wed, 12 Nov 2025 10:39:33 -0800
Subject: [PATCH 2/2] alts: Metadata server address modification to account for
 default port

Fixing the utilization of the GCE Metadata host server address
environment variable to account for the case where the user does not
specify a port (defaults to port 8080)

b/451639946
---
 .../grpc/alts/HandshakerServiceChannel.java   | 27 ++++++++++++++-----
 .../alts/HandshakerServiceChannelTest.java    | 18 +++++++++++++
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
index f03cc6f8c94..5e32d22d901 100644
--- a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
+++ b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
@@ -16,7 +16,6 @@
 
 package io.grpc.alts;
 
-import com.google.common.base.MoreObjects;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -38,13 +37,29 @@
  * application will have at most one connection to the handshaker service.
  */
 final class HandshakerServiceChannel {
+  // Port 8080 is necessary for ALTS handshake.
+  private static final int ALTS_PORT = 8080;
+  private static final String DEFAULT_TARGET = "metadata.google.internal.:8080";
 
   static final Resource<Channel> SHARED_HANDSHAKER_CHANNEL =
-      new ChannelResource(
-          MoreObjects.firstNonNull(
-              System.getenv("GCE_METADATA_HOST"), "metadata.google.internal.:8080"));
-
-
+      new ChannelResource(getHandshakerTarget(System.getenv("GCE_METADATA_HOST")));
+  
+  /**
+   * Returns handshaker target. When GCE_METADATA_HOST is provided, it might contain port which we
+   * will discard and use ALTS_PORT instead.
+   */
+  static String getHandshakerTarget(String envValue) {
+    if (envValue == null || envValue.isEmpty()) {
+      return DEFAULT_TARGET;
+    }
+    String host = envValue;
+    int portIndex = host.lastIndexOf(':');
+    if (portIndex != -1) {
+      host = host.substring(0, portIndex); // Discard port if specified
+    }
+    return host + ":" + ALTS_PORT; // Utilize ALTS port in all cases
+  }
+  
   /** Returns a resource of handshaker service channel for testing only. */
   static Resource<Channel> getHandshakerChannelForTesting(String handshakerAddress) {
     return new ChannelResource(handshakerAddress);
diff --git a/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java b/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
index a3937904cd7..221001157f1 100644
--- a/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
+++ b/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
@@ -67,6 +67,24 @@ public void sharedChannel_authority() {
     }
   }
 
+  @Test
+  public void getHandshakerTarget_nullEnvVar() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget(null))
+        .isEqualTo("metadata.google.internal.:8080");
+  }
+
+  @Test
+  public void getHandshakerTarget_envVarWithPort() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget("169.254.169.254:80"))
+        .isEqualTo("169.254.169.254:8080");
+  }
+
+  @Test
+  public void getHandshakerTarget_envVarWithHostOnly() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget("169.254.169.254"))
+        .isEqualTo("169.254.169.254:8080");
+  }
+  
   @Test
   public void resource_works() {
     Channel channel = resource.create();