aboutsummaryrefslogtreecommitdiffstats
path: root/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java')
-rw-r--r--zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java12
1 files changed, 9 insertions, 3 deletions
diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java
index af49fab0d40..5c969454d11 100644
--- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java
+++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java
@@ -1,8 +1,9 @@
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.zookeeper.client;
+import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.TlsContext;
-import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils;
+import com.yahoo.security.tls.TransportSecurityUtils;
import org.apache.zookeeper.client.ZKClientConfig;
import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
@@ -13,6 +14,7 @@ import java.nio.file.StandardCopyOption;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
+import java.util.Optional;
import java.util.stream.Collectors;
/**
@@ -29,7 +31,7 @@ public class ZkClientConfigBuilder {
public static final String SSL_CLIENTAUTH_PROPERTY = "zookeeper.ssl.clientAuth";
public static final String CLIENT_CONNECTION_SOCKET = "zookeeper.clientCnxnSocket";
- private static final TlsContext defaultTlsContext = VespaZookeeperTlsContextUtils.tlsContext().orElse(null);
+ private static final TlsContext defaultTlsContext = getTlsContext().orElse(null);
private final TlsContext tlsContext;
@@ -69,8 +71,8 @@ public class ZkClientConfigBuilder {
builder.put(CLIENT_SECURE_PROPERTY, Boolean.toString(tlsContext != null));
builder.put(CLIENT_CONNECTION_SOCKET, "org.apache.zookeeper.ClientCnxnSocketNetty");
if (tlsContext != null) {
- String protocolsConfigValue = Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(","));
builder.put(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY, VespaSslContextProvider.class.getName());
+ String protocolsConfigValue = Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(","));
builder.put(SSL_ENABLED_PROTOCOLS_PROPERTY, protocolsConfigValue);
String ciphersConfigValue = Arrays.stream(tlsContext.parameters().getCipherSuites()).sorted().collect(Collectors.joining(","));
builder.put(SSL_ENABLED_CIPHERSUITES_PROPERTY, ciphersConfigValue);
@@ -79,4 +81,8 @@ public class ZkClientConfigBuilder {
return Map.copyOf(builder);
}
+ private static Optional<TlsContext> getTlsContext() {
+ if (TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) return Optional.empty();
+ return TransportSecurityUtils.getSystemTlsContext();
+ }
}