Add back the sometimes-used ssl context supplier

author: jonmv <venstad@gmail.com> 2023-12-15 12:52:14 +0100
committer: jonmv <venstad@gmail.com> 2023-12-15 12:52:14 +0100
commit: a8a34ca51b7958962a4247abc0abc8bcad8fbef8 (patch)
tree: fa9420127094923ea293ac936b4c1ed4acdb714f /zookeeper-server
parent: 01b40d7e149df23c84a7a13560208e862480ce3a (diff)
3 files changed, 7 insertions, 17 deletions
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
index 14288bab710..06e4d0da00c 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/Configurator.java
@@ -216,6 +216,7 @@ public class Configurator {
         default void appendSharedTlsConfig(Map<String, String> configEntries, VespaTlsConfig vespaTlsConfig) {
             vespaTlsConfig.context().ifPresent(ctx -> {
                 String enabledCiphers = Arrays.stream(ctx.parameters().getCipherSuites()).sorted().collect(Collectors.joining(","));
+                configEntries.put(configFieldPrefix() + ".context.supplier.class", VespaSslContextProvider.class.getName());
                 configEntries.put(configFieldPrefix() + ".ciphersuites", enabledCiphers);
                 String enabledProtocols = Arrays.stream(ctx.parameters().getProtocols()).sorted().collect(Collectors.joining(","));
                 configEntries.put(configFieldPrefix() + ".enabledProtocols", enabledProtocols);
diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
index 71cc81a0db0..eca5df73dfb 100644
--- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
+++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java
@@ -1,11 +1,9 @@
 // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.zookeeper;
 
-import com.yahoo.security.X509SslContext;
-import com.yahoo.security.tls.TlsContext;
+import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils;
 
 import javax.net.ssl.SSLContext;
-import java.util.Optional;
 import java.util.function.Supplier;
 
 /**
@@ -15,22 +13,11 @@ import java.util.function.Supplier;
  */
 public class VespaSslContextProvider implements Supplier<SSLContext> {
 
-    private static TlsContext tlsContext;
-
     @Override
     public SSLContext get() {
-        return tlsContext().orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")).context();
-    }
-
-    public Optional<X509SslContext> tlsContext() {
-        synchronized (VespaSslContextProvider.class) {
-            return Optional.ofNullable(tlsContext.sslContext());
-        }
-    }
-
-    static synchronized void set(TlsContext ctx) {
-        if (tlsContext != null) tlsContext.close();
-        tlsContext = ctx;
+        return VespaZookeeperTlsContextUtils.tlsContext()
+                                            .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled"))
+                                            .sslContext().context();
     }
 
 }
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
index 2a4c8065346..2c3c4ead420 100644
--- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
+++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
@@ -225,6 +225,7 @@ public class ConfiguratorTest {
 
     private String tlsQuorumConfig() {
         return """
+               ssl.quorum.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider
                ssl.quorum.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
                ssl.quorum.enabledProtocols=TLSv1.2,TLSv1.3
                ssl.quorum.clientAuth=NEED
@@ -233,6 +234,7 @@ public class ConfiguratorTest {
 
     private String tlsClientServerConfig() {
         return """
+               ssl.context.supplier.class=com.yahoo.vespa.zookeeper.VespaSslContextProvider
                ssl.ciphersuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
                ssl.enabledProtocols=TLSv1.2,TLSv1.3
                ssl.clientAuth=NEED
author	jonmv <venstad@gmail.com>	2023-12-15 12:52:14 +0100
committer	jonmv <venstad@gmail.com>	2023-12-15 12:52:14 +0100
commit	a8a34ca51b7958962a4247abc0abc8bcad8fbef8 (patch)
tree	fa9420127094923ea293ac936b4c1ed4acdb714f /zookeeper-server
parent	01b40d7e149df23c84a7a13560208e862480ce3a (diff)