From 6a622451462340fe9bb7a5d885651d87404b59d7 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Thu, 5 Mar 2020 13:44:01 +0100
Subject: Handle SslConnectionFactory wrapped in DetectorConnectionFactory

Support TLS mixed mode after recent Jetty upgrade in health check proxy handler.
SslConnectionFactory is no longer a top-level connection factory in connector if mixed mode is enabled.
---
 .../com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java     | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'jdisc_http_service/src')

diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
index aeb08e042a1..9dc3380baac 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
@@ -13,6 +13,7 @@ import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.ssl.SSLContexts;
+import org.eclipse.jetty.server.DetectorConnectionFactory;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.server.handler.HandlerWrapper;
@@ -74,6 +75,8 @@ class HealthCheckProxyHandler extends HandlerWrapper {
                 .orElseThrow(() -> new IllegalArgumentException("Could not find any connector with listen port " + targetPort));
         SslContextFactory.Server sslContextFactory =
                 Optional.ofNullable(targetConnector.getConnectionFactory(SslConnectionFactory.class))
+                        .or(() -> Optional.ofNullable(targetConnector.getConnectionFactory(DetectorConnectionFactory.class))
+                                .map(detectorConnFactory -> detectorConnFactory.getBean(SslConnectionFactory.class)))
                         .map(connFactory -> (SslContextFactory.Server) connFactory.getSslContextFactory())
                         .orElseThrow(() -> new IllegalArgumentException("Health check proxy can only target https port"));
         return new ProxyTarget(targetPort, sslContextFactory);
-- 
cgit v1.2.3