diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2022-05-25 16:49:36 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2022-05-30 16:20:56 +0200 |
commit | 326fdc2edcddd10ff2b70b39345b01d97819e7c6 (patch) | |
tree | 955fe54adc355cbac027f143b63a3dc3cd577725 /container-core/src/main/java/com/yahoo/jdisc/http/server | |
parent | 3244b261356b944095215c204abda07ed2191029 (diff) |
Add `SslProvider` interface as replacement for `SslContextFactoryProvider`
Diffstat (limited to 'container-core/src/main/java/com/yahoo/jdisc/http/server')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index a7c5b83f6a6..b56743954f4 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -4,7 +4,9 @@ package com.yahoo.jdisc.http.server.jetty; import com.google.inject.Inject; import com.yahoo.jdisc.Metric; import com.yahoo.jdisc.http.ConnectorConfig; +import com.yahoo.jdisc.http.SslProvider; import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider; +import com.yahoo.jdisc.http.ssl.impl.DefaultConnectorSsl; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TransportSecurityUtils; import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; @@ -41,14 +43,14 @@ public class ConnectorFactory { private static final Logger log = Logger.getLogger(ConnectorFactory.class.getName()); private final ConnectorConfig connectorConfig; - private final SslContextFactoryProvider sslContextFactoryProvider; + private final SslProvider sslProvider; @Inject public ConnectorFactory(ConnectorConfig connectorConfig, - SslContextFactoryProvider sslContextFactoryProvider) { + SslProvider sslProvider) { runtimeConnectorConfigValidation(connectorConfig); this.connectorConfig = connectorConfig; - this.sslContextFactoryProvider = sslContextFactoryProvider; + this.sslProvider = sslProvider; } // Perform extra connector config validation that can only be performed at runtime, @@ -180,12 +182,28 @@ public class ConnectorFactory { } private SslConnectionFactory newSslConnectionFactory(Metric metric, ConnectionFactory wrappedFactory) { - SslContextFactory ctxFactory = sslContextFactoryProvider.getInstance(connectorConfig.name(), connectorConfig.listenPort()); - SslConnectionFactory connectionFactory = new SslConnectionFactory(ctxFactory, wrappedFactory.getProtocol()); + SslConnectionFactory connectionFactory = new SslConnectionFactory(createSslContextFactory(), wrappedFactory.getProtocol()); connectionFactory.addBean(new SslHandshakeFailedListener(metric, connectorConfig.name(), connectorConfig.listenPort())); return connectionFactory; } + @SuppressWarnings("removal") + private SslContextFactory createSslContextFactory() { + try { + DefaultConnectorSsl ssl = new DefaultConnectorSsl(); + sslProvider.configureSsl(ssl, connectorConfig.name(), connectorConfig.listenPort()); + return ssl.createSslContextFactory(); + } catch (UnsupportedOperationException e) { + // TODO(bjorncs) Vespa 8 Remove this compatibility workaround + if (sslProvider instanceof SslContextFactoryProvider) { + return ((SslContextFactoryProvider) sslProvider) + .getInstance(connectorConfig.name(), connectorConfig.listenPort()); + } else { + throw e; + } + } + } + private ALPNServerConnectionFactory newAlpnConnectionFactory() { ALPNServerConnectionFactory factory = new ALPNServerConnectionFactory("h2", "http/1.1"); factory.setDefaultProtocol("http/1.1"); |