diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2023-12-15 15:31:56 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-15 15:31:56 +0100 |
commit | 76a89eb98d9e5ce63cd7a725d3549c38d0b681e8 (patch) | |
tree | 5767022d30c0bd4de34a6671e514e1e5c7fb6aea /zookeeper-client-common/src | |
parent | 3a9f89fe60e3420eed435daee435a4f8534c9512 (diff) |
Revert "Jonmv/reapply zk 3.9.1"
Diffstat (limited to 'zookeeper-client-common/src')
3 files changed, 17 insertions, 10 deletions
diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java index 5772070d550..9cc71eab96e 100644 --- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java +++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java @@ -1,23 +1,25 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; -import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils; +import com.yahoo.security.tls.TransportSecurityUtils; import javax.net.ssl.SSLContext; import java.util.function.Supplier; /** - * Provider for Vespa {@link SSLContext} instance to Zookeeper. + * Provider for Vespa {@link SSLContext} instance to Zookeeper + misc utility methods for providing Vespa TLS specific ZK configuration. * * @author bjorncs */ public class VespaSslContextProvider implements Supplier<SSLContext> { + private static final SSLContext sslContext = TransportSecurityUtils.getSystemTlsContext() + .map(tc -> tc.sslContext().context()).orElse(null); + @Override public SSLContext get() { - return VespaZookeeperTlsContextUtils.tlsContext() - .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")) - .sslContext().context(); + if (sslContext == null) throw new IllegalStateException("Vespa TLS is not enabled"); + return sslContext; } } diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java index af49fab0d40..5c969454d11 100644 --- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java +++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java @@ -1,8 +1,9 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; +import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TlsContext; -import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils; +import com.yahoo.security.tls.TransportSecurityUtils; import org.apache.zookeeper.client.ZKClientConfig; import org.apache.zookeeper.server.quorum.QuorumPeerConfig; @@ -13,6 +14,7 @@ import java.nio.file.StandardCopyOption; import java.util.Arrays; import java.util.HashMap; import java.util.Map; +import java.util.Optional; import java.util.stream.Collectors; /** @@ -29,7 +31,7 @@ public class ZkClientConfigBuilder { public static final String SSL_CLIENTAUTH_PROPERTY = "zookeeper.ssl.clientAuth"; public static final String CLIENT_CONNECTION_SOCKET = "zookeeper.clientCnxnSocket"; - private static final TlsContext defaultTlsContext = VespaZookeeperTlsContextUtils.tlsContext().orElse(null); + private static final TlsContext defaultTlsContext = getTlsContext().orElse(null); private final TlsContext tlsContext; @@ -69,8 +71,8 @@ public class ZkClientConfigBuilder { builder.put(CLIENT_SECURE_PROPERTY, Boolean.toString(tlsContext != null)); builder.put(CLIENT_CONNECTION_SOCKET, "org.apache.zookeeper.ClientCnxnSocketNetty"); if (tlsContext != null) { - String protocolsConfigValue = Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(",")); builder.put(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY, VespaSslContextProvider.class.getName()); + String protocolsConfigValue = Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(",")); builder.put(SSL_ENABLED_PROTOCOLS_PROPERTY, protocolsConfigValue); String ciphersConfigValue = Arrays.stream(tlsContext.parameters().getCipherSuites()).sorted().collect(Collectors.joining(",")); builder.put(SSL_ENABLED_CIPHERSUITES_PROPERTY, ciphersConfigValue); @@ -79,4 +81,8 @@ public class ZkClientConfigBuilder { return Map.copyOf(builder); } + private static Optional<TlsContext> getTlsContext() { + if (TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) return Optional.empty(); + return TransportSecurityUtils.getSystemTlsContext(); + } } diff --git a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java index 45ae68cb41d..56bfe8381c2 100644 --- a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java +++ b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java @@ -31,7 +31,6 @@ public class ZkClientConfigBuilderTest { assertEquals("org.apache.zookeeper.ClientCnxnSocketNetty", config.getProperty(CLIENT_CONNECTION_SOCKET)); assertNull(config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); assertNull(config.getProperty(SSL_CLIENTAUTH_PROPERTY)); - assertNull(config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); } @Test @@ -40,10 +39,10 @@ public class ZkClientConfigBuilderTest { ZKClientConfig config = builder.toConfig(); assertEquals("true", config.getProperty(CLIENT_SECURE_PROPERTY)); assertEquals("org.apache.zookeeper.ClientCnxnSocketNetty", config.getProperty(CLIENT_CONNECTION_SOCKET)); + assertEquals(com.yahoo.vespa.zookeeper.client.VespaSslContextProvider.class.getName(), config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); assertEquals("TLSv1.3", config.getProperty(SSL_ENABLED_PROTOCOLS_PROPERTY)); assertEquals("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", config.getProperty(SSL_ENABLED_CIPHERSUITES_PROPERTY)); assertEquals("NEED", config.getProperty(SSL_CLIENTAUTH_PROPERTY)); - assertEquals(VespaSslContextProvider.class.getName(), config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); } private static class MockTlsContext implements TlsContext { |