diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-01-14 13:41:08 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-01-14 13:49:44 +0100 |
commit | 2985d11c35f0e5eb6f176c1ef758ada7fc910e60 (patch) | |
tree | 93b90ffdd4351b3a808cbb7fb42ac579d187fa23 /security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java | |
parent | ca91a0771b5b4fffd6e883dc2868a1cce2bfb9d5 (diff) |
Use a single, shared TlsContext instance
The configuration is based on environment variables, which are effectively fixed through the life of the JVM instance.
This simplifaction removes the need for complex cleanup logic based on manual reference counting and weak references.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java index 28854c59b2c..b061d2f9165 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java @@ -14,7 +14,6 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.io.IOException; import java.io.UncheckedIOException; -import java.lang.ref.WeakReference; import java.nio.file.Path; import java.security.KeyStore; import java.time.Duration; @@ -140,14 +139,12 @@ public class ConfigFileBasedTlsContext implements TlsContext { } } - // Note: no reference to outer class (directly or indirectly) to ensure trust/key managers are eventually GCed once - // there are no more use of the outer class and the underlying SSLContext private static class CryptoMaterialReloader implements Runnable { final Path tlsOptionsConfigFile; final ScheduledExecutorService scheduler; - final WeakReference<MutableX509TrustManager> trustManager; - final WeakReference<MutableX509KeyManager> keyManager; + final MutableX509TrustManager trustManager; + final MutableX509KeyManager keyManager; CryptoMaterialReloader(Path tlsOptionsConfigFile, ScheduledExecutorService scheduler, @@ -155,25 +152,23 @@ public class ConfigFileBasedTlsContext implements TlsContext { MutableX509KeyManager keyManager) { this.tlsOptionsConfigFile = tlsOptionsConfigFile; this.scheduler = scheduler; - this.trustManager = new WeakReference<>(trustManager); - this.keyManager = new WeakReference<>(keyManager); + this.trustManager = trustManager; + this.keyManager = keyManager; } @Override public void run() { try { - MutableX509TrustManager trustManager = this.trustManager.get(); - MutableX509KeyManager keyManager = this.keyManager.get(); - if (trustManager == null && keyManager == null) { + if (this.trustManager == null && this.keyManager == null) { scheduler.shutdown(); return; } TransportSecurityOptions options = TransportSecurityOptions.fromJsonFile(tlsOptionsConfigFile); - if (trustManager != null) { - reloadTrustManager(options, trustManager); + if (this.trustManager != null) { + reloadTrustManager(options, this.trustManager); } - if (keyManager != null) { - reloadKeyManager(options, keyManager); + if (this.keyManager != null) { + reloadKeyManager(options, this.keyManager); } } catch (Throwable t) { log.log(Level.SEVERE, String.format("Failed to reload crypto material (path='%s'): %s", tlsOptionsConfigFile, t.getMessage()), t); @@ -181,7 +176,6 @@ public class ConfigFileBasedTlsContext implements TlsContext { } } - // Static class to ensure no reference to outer class is contained private static class ReloaderThreadFactory implements ThreadFactory { @Override public Thread newThread(Runnable r) { |