Revert "Bjorncs/health check proxy https"

1 files changed, 5 insertions, 15 deletions

diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index ef166bae999..94c08212706 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -18,6 +18,7 @@ import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
+import java.nio.channels.ServerSocketChannel;
 import java.util.List;
 
 /**
@@ -41,25 +42,19 @@ public class ConnectorFactory {
     // e.g. due to TLS configuration through environment variables.
     private static void runtimeConnectorConfigValidation(ConnectorConfig config) {
         validateProxyProtocolConfiguration(config);
-        validateSecureRedirectConfig(config);
     }
 
     private static void validateProxyProtocolConfiguration(ConnectorConfig config) {
         ConnectorConfig.ProxyProtocol proxyProtocolConfig = config.proxyProtocol();
         if (proxyProtocolConfig.enabled()) {
+            boolean sslEnabled = config.ssl().enabled() || TransportSecurityUtils.isTransportSecurityEnabled();
             boolean tlsMixedModeEnabled = TransportSecurityUtils.getInsecureMixedMode() != MixedMode.DISABLED;
-            if (!isSslEffectivelyEnabled(config) || tlsMixedModeEnabled) {
+            if (!sslEnabled || tlsMixedModeEnabled) {
                 throw new IllegalArgumentException("Proxy protocol can only be enabled if connector is effectively HTTPS only");
             }
         }
     }
 
-    private static void validateSecureRedirectConfig(ConnectorConfig config) {
-        if (config.secureRedirect().enabled() && isSslEffectivelyEnabled(config)) {
-            throw new IllegalArgumentException("Secure redirect can only be enabled on connectors without HTTPS");
-        }
-    }
-
     public ConnectorConfig getConnectorConfig() {
         return connectorConfig;
     }
@@ -77,7 +72,7 @@ public class ConnectorFactory {
 
     private List<ConnectionFactory> createConnectionFactories(Metric metric) {
         HttpConnectionFactory httpFactory = newHttpConnectionFactory();
-        if (!isSslEffectivelyEnabled(connectorConfig)) {
+        if (connectorConfig.healthCheckProxy().enable() || connectorConfig.secureRedirect().enabled()) {
             return List.of(httpFactory);
         } else if (connectorConfig.ssl().enabled()) {
             return connectionFactoriesForHttps(metric, httpFactory);
@@ -119,7 +114,7 @@ public class ConnectorFactory {
         httpConfig.setOutputBufferSize(connectorConfig.outputBufferSize());
         httpConfig.setRequestHeaderSize(connectorConfig.requestHeaderSize());
         httpConfig.setResponseHeaderSize(connectorConfig.responseHeaderSize());
-        if (isSslEffectivelyEnabled(connectorConfig)) {
+        if (connectorConfig.ssl().enabled() || TransportSecurityUtils.isTransportSecurityEnabled()) { // TODO Cleanup once mixed mode is gone
             httpConfig.addCustomizer(new SecureRequestCustomizer());
         }
         return new HttpConnectionFactory(httpConfig);
@@ -132,9 +127,4 @@ public class ConnectorFactory {
         return connectionFactory;
     }
 
-    private static boolean isSslEffectivelyEnabled(ConnectorConfig config) {
-        return config.ssl().enabled()
-                || (config.implicitTlsEnabled() && TransportSecurityUtils.isTransportSecurityEnabled());
-    }
-
 }