aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java25
1 files changed, 22 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
index f28cad2a071..af77827ae16 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
@@ -13,6 +13,8 @@ import java.util.Optional;
*/
public class TransportSecurityUtils {
+ private static ConfigFileBasedTlsContext systemTlsContext;
+
public static final String CONFIG_FILE_ENVIRONMENT_VARIABLE = "VESPA_TLS_CONFIG_FILE";
public static final String INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_MIXED_MODE";
public static final String INSECURE_AUTHORIZATION_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_AUTHORIZATION_MODE";
@@ -64,13 +66,30 @@ public class TransportSecurityUtils {
.map(TransportSecurityOptions::fromJsonFile);
}
- public static Optional<TlsContext> createTlsContext() {
- return getConfigFile()
- .map(configFile -> new ConfigFileBasedTlsContext(configFile, getInsecureAuthorizationMode()));
+ /**
+ * @return The shared {@link TlsContext} for the Vespa system environment
+ */
+ public static Optional<TlsContext> getSystemTlsContext() {
+ synchronized (TransportSecurityUtils.class) {
+ Path configFile = getConfigFile().orElse(null);
+ if (configFile == null) return Optional.empty();
+ if (systemTlsContext == null) {
+ systemTlsContext = new SystemTlsContext(configFile);
+ }
+ return Optional.of(systemTlsContext);
+ }
}
private static Optional<String> getEnvironmentVariable(Map<String, String> environmentVariables, String variableName) {
return Optional.ofNullable(environmentVariables.get(variableName))
.filter(var -> !var.isEmpty());
}
+
+ private static class SystemTlsContext extends ConfigFileBasedTlsContext {
+ SystemTlsContext(Path tlsOptionsConfigFile) {
+ super(tlsOptionsConfigFile, getInsecureAuthorizationMode());
+ }
+
+ @Override public void close() { throw new UnsupportedOperationException("Shared TLS context cannot be closed"); }
+ }
}