diff options
author | jonmv <venstad@gmail.com> | 2023-12-15 12:52:14 +0100 |
---|---|---|
committer | jonmv <venstad@gmail.com> | 2023-12-15 12:52:14 +0100 |
commit | a8a34ca51b7958962a4247abc0abc8bcad8fbef8 (patch) | |
tree | fa9420127094923ea293ac936b4c1ed4acdb714f /zookeeper-server | |
parent | 01b40d7e149df23c84a7a13560208e862480ce3a (diff) |
Add back the sometimes-used ssl context supplier
Diffstat (limited to 'zookeeper-server')
3 files changed, 7 insertions, 17 deletions
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java index 14288bab710..06e4d0da00c 100644 --- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java +++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java @@ -216,6 +216,7 @@ public class Configurator { default void appendSharedTlsConfig(Map<String, String> configEntries, VespaTlsConfig vespaTlsConfig) { vespaTlsConfig.context().ifPresent(ctx -> { String enabledCiphers = Arrays.stream(ctx.parameters().getCipherSuites()).sorted().collect(Collectors.joining(",")); + configEntries.put(configFieldPrefix() + ".context.supplier.class", VespaSslContextProvider.class.getName()); configEntries.put(configFieldPrefix() + ".ciphersuites", enabledCiphers); String enabledProtocols = Arrays.stream(ctx.parameters().getProtocols()).sorted().collect(Collectors.joining(",")); configEntries.put(configFieldPrefix() + ".enabledProtocols", enabledProtocols); diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java index 71cc81a0db0..eca5df73dfb 100644 --- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java +++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java @@ -1,11 +1,9 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; -import com.yahoo.security.X509SslContext; -import com.yahoo.security.tls.TlsContext; +import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils; import javax.net.ssl.SSLContext; -import java.util.Optional; import java.util.function.Supplier; /** @@ -15,22 +13,11 @@ import java.util.function.Supplier; */ public class VespaSslContextProvider implements Supplier<SSLContext> { - private static TlsContext tlsContext; - @Override public SSLContext get() { - return tlsContext().orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")).context(); - } - - public Optional<X509SslContext> tlsContext() { - synchronized (VespaSslContextProvider.class) { - return Optional.ofNullable(tlsContext.sslContext()); - } - } - - static synchronized void set(TlsContext ctx) { - if (tlsContext != null) tlsContext.close(); - tlsContext = ctx; + return VespaZookeeperTlsContextUtils.tlsContext() + .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")) + .sslContext().context(); } } diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index 2a4c8065346..2c3c4ead420 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -225,6 +225,7 @@ public class ConfiguratorTest { private String tlsQuorumConfig() { return """ + ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ssl.quorum.enabledProtocols=TLSv1.2,TLSv1.3 ssl.quorum.clientAuth=NEED @@ -233,6 +234,7 @@ public class ConfiguratorTest { private String tlsClientServerConfig() { return """ + ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ssl.enabledProtocols=TLSv1.2,TLSv1.3 ssl.clientAuth=NEED |