diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2021-08-17 13:01:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-17 13:01:41 +0200 |
commit | c7cddccf31151c22b2e1d882b9bd36a243815a0b (patch) | |
tree | b8202a2da8c1d7c4950ffa51942779fc9034e6f7 /container-core/src/main/java/com/yahoo/jdisc | |
parent | fed02e0b81cedd76962da597d73462d0d23e0bf3 (diff) |
Revert "Bjorncs/http2"
Diffstat (limited to 'container-core/src/main/java/com/yahoo/jdisc')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 95 |
1 files changed, 43 insertions, 52 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index f4f33afe535..92d2cc5d1cd 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -8,8 +8,7 @@ import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TransportSecurityUtils; import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; -import org.eclipse.jetty.http2.server.AbstractHTTP2ServerConnectionFactory; -import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory; +import org.eclipse.jetty.http2.parser.RateControl; import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory; import org.eclipse.jetty.server.ConnectionFactory; import org.eclipse.jetty.server.DetectorConnectionFactory; @@ -22,13 +21,7 @@ import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.ssl.SslContextFactory; -import java.util.ArrayList; import java.util.List; -import java.util.logging.Logger; - -import static com.yahoo.security.tls.MixedMode.DISABLED; -import static com.yahoo.security.tls.MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER; -import static com.yahoo.security.tls.MixedMode.TLS_CLIENT_MIXED_SERVER; /** * @author Einar M R Rosenvinge @@ -36,8 +29,6 @@ import static com.yahoo.security.tls.MixedMode.TLS_CLIENT_MIXED_SERVER; */ public class ConnectorFactory { - private static final Logger log = Logger.getLogger(ConnectorFactory.class.getName()); - private final ConnectorConfig connectorConfig; private final SslContextFactoryProvider sslContextFactoryProvider; @@ -59,7 +50,7 @@ public class ConnectorFactory { private static void validateProxyProtocolConfiguration(ConnectorConfig config) { ConnectorConfig.ProxyProtocol proxyProtocolConfig = config.proxyProtocol(); if (proxyProtocolConfig.enabled()) { - boolean tlsMixedModeEnabled = TransportSecurityUtils.getInsecureMixedMode() != DISABLED; + boolean tlsMixedModeEnabled = TransportSecurityUtils.getInsecureMixedMode() != MixedMode.DISABLED; if (!isSslEffectivelyEnabled(config) || tlsMixedModeEnabled) { throw new IllegalArgumentException("Proxy protocol can only be enabled if connector is effectively HTTPS only"); } @@ -90,51 +81,61 @@ public class ConnectorFactory { } private List<ConnectionFactory> createConnectionFactories(Metric metric) { - boolean vespaTlsEnabled = TransportSecurityUtils.isTransportSecurityEnabled(); - MixedMode tlsMixedMode = TransportSecurityUtils.getInsecureMixedMode(); - if (connectorConfig.ssl().enabled() || (vespaTlsEnabled && tlsMixedMode == DISABLED)) { + if (!isSslEffectivelyEnabled(connectorConfig)) { + return List.of(newHttp1ConnectionFactory()); + } else if (connectorConfig.ssl().enabled()) { return connectionFactoriesForHttps(metric); - } else if (vespaTlsEnabled) { - if (tlsMixedMode != TLS_CLIENT_MIXED_SERVER && tlsMixedMode != PLAINTEXT_CLIENT_MIXED_SERVER) { - throw new IllegalArgumentException("Unknown mixed mode " + tlsMixedMode); + } else if (TransportSecurityUtils.isTransportSecurityEnabled()) { + switch (TransportSecurityUtils.getInsecureMixedMode()) { + case TLS_CLIENT_MIXED_SERVER: + case PLAINTEXT_CLIENT_MIXED_SERVER: + return connectionFactoriesForHttpsMixedMode(metric); + case DISABLED: + return connectionFactoriesForHttps(metric); + default: + throw new IllegalStateException(); } - return connectionFactoriesForTlsMixedMode(metric); } else { - return connectorConfig.http2Enabled() - ? List.of(newHttp1ConnectionFactory(), newHttp2ClearTextConnectionFactory()) - : List.of(newHttp1ConnectionFactory()); + return List.of(newHttp1ConnectionFactory()); } } private List<ConnectionFactory> connectionFactoriesForHttps(Metric metric) { - List<ConnectionFactory> factories = new ArrayList<>(); ConnectorConfig.ProxyProtocol proxyProtocolConfig = connectorConfig.proxyProtocol(); HttpConnectionFactory http1Factory = newHttp1ConnectionFactory(); - ALPNServerConnectionFactory alpnFactory; - SslConnectionFactory sslFactory; if (connectorConfig.http2Enabled()) { - alpnFactory = newAlpnConnectionFactory(); - sslFactory = newSslConnectionFactory(metric, alpnFactory); + HTTP2ServerConnectionFactory http2Factory = newHttp2ConnectionFactory(); + ALPNServerConnectionFactory alpnFactory = newAlpnConnectionFactory(); + SslConnectionFactory sslFactory = newSslConnectionFactory(metric, alpnFactory); + if (proxyProtocolConfig.enabled()) { + ProxyConnectionFactory proxyProtocolFactory = newProxyProtocolConnectionFactory(sslFactory); + if (proxyProtocolConfig.mixedMode()) { + DetectorConnectionFactory detectorFactory = newDetectorConnectionFactory(sslFactory); + return List.of(detectorFactory, proxyProtocolFactory, sslFactory, alpnFactory, http1Factory, http2Factory); + } else { + return List.of(proxyProtocolFactory, sslFactory, alpnFactory, http1Factory, http2Factory); + } + } else { + return List.of(sslFactory, alpnFactory, http1Factory, http2Factory); + } } else { - alpnFactory = null; - sslFactory = newSslConnectionFactory(metric, http1Factory); - } - if (proxyProtocolConfig.enabled()) { - if (proxyProtocolConfig.mixedMode()) { - factories.add(newDetectorConnectionFactory(sslFactory)); + SslConnectionFactory sslFactory = newSslConnectionFactory(metric, http1Factory); + if (proxyProtocolConfig.enabled()) { + ProxyConnectionFactory proxyProtocolFactory = newProxyProtocolConnectionFactory(sslFactory); + if (proxyProtocolConfig.mixedMode()) { + DetectorConnectionFactory detectorFactory = newDetectorConnectionFactory(sslFactory); + return List.of(detectorFactory, proxyProtocolFactory, sslFactory, http1Factory); + } else { + return List.of(proxyProtocolFactory, sslFactory, http1Factory); + } + } else { + return List.of(sslFactory, http1Factory); } - factories.add(newProxyProtocolConnectionFactory(sslFactory)); } - factories.add(sslFactory); - if (connectorConfig.http2Enabled()) factories.add(alpnFactory); - factories.add(http1Factory); - if (connectorConfig.http2Enabled()) factories.add(newHttp2ConnectionFactory()); - return List.copyOf(factories); } - private List<ConnectionFactory> connectionFactoriesForTlsMixedMode(Metric metric) { - log.warning(String.format("TLS mixed mode enabled for port %d - HTTP/2 and proxy-protocol are not supported", - connectorConfig.listenPort())); + private List<ConnectionFactory> connectionFactoriesForHttpsMixedMode(Metric metric) { + // No support for proxy-protocol/http2 when using HTTP with TLS mixed mode HttpConnectionFactory httpFactory = newHttp1ConnectionFactory(); SslConnectionFactory sslFactory = newSslConnectionFactory(metric, httpFactory); DetectorConnectionFactory detectorFactory = newDetectorConnectionFactory(sslFactory); @@ -162,21 +163,11 @@ public class ConnectorFactory { private HTTP2ServerConnectionFactory newHttp2ConnectionFactory() { HTTP2ServerConnectionFactory factory = new HTTP2ServerConnectionFactory(newHttpConfiguration()); - setHttp2Config(factory); - return factory; - } - - private HTTP2CServerConnectionFactory newHttp2ClearTextConnectionFactory() { - HTTP2CServerConnectionFactory factory = new HTTP2CServerConnectionFactory(newHttpConfiguration()); - setHttp2Config(factory); - return factory; - } - - private void setHttp2Config(AbstractHTTP2ServerConnectionFactory factory) { factory.setStreamIdleTimeout(toMillis(connectorConfig.http2().streamIdleTimeout())); factory.setMaxConcurrentStreams(connectorConfig.http2().maxConcurrentStreams()); factory.setInitialSessionRecvWindow(1 << 24); factory.setInitialStreamRecvWindow(1 << 20); + return factory; } private SslConnectionFactory newSslConnectionFactory(Metric metric, ConnectionFactory wrappedFactory) { |