Revert "SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface"

This reverts commit 8e1cd3402cc0c27d1332ac78a93919bd17d3d556.

2 files changed, 29 insertions, 11 deletions

diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp
index 205a3066949..60d66c0c04b 100644
--- a/src/mongo/transport/transport_layer_asio.cpp
+++ b/src/mongo/transport/transport_layer_asio.cpp
@@ -1229,7 +1229,8 @@ SSLParams::SSLModes TransportLayerASIO::_sslMode() const {
 Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterface> manager,
                                               bool asyncOCSPStaple) {
 
-    auto contextOrStatus = _createSSLContext(manager, _sslMode(), asyncOCSPStaple);
+    auto contextOrStatus =
+        _createSSLContext(manager, _sslMode(), TransientSSLParams(), asyncOCSPStaple);
     if (!contextOrStatus.isOK()) {
         return contextOrStatus.getStatus();
     }
@@ -1240,6 +1241,7 @@ Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterfac
 StatusWith<std::shared_ptr<const transport::SSLConnectionContext>>
 TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& manager,
                                       SSLParams::SSLModes sslMode,
+                                      TransientSSLParams transientEgressSSLParams,
                                       bool asyncOCSPStaple) const {
 
     std::shared_ptr<SSLConnectionContext> newSSLContext = std::make_shared<SSLConnectionContext>();
@@ -1252,6 +1254,7 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
         Status status = newSSLContext->manager->initSSLContext(
             newSSLContext->ingress->native_handle(),
             sslParams,
+            TransientSSLParams(),  // Ingress is not using transient params, they are egress.
             SSLManagerInterface::ConnectionDirection::kIncoming);
         if (!status.isOK()) {
             return status;
@@ -1268,17 +1271,28 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
     }
 
     if (_listenerOptions.isEgress() && newSSLContext->manager) {
+        if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) {
+            LOGV2_DEBUG(5270602,
+                        2,
+                        "Initializing transient egress SSL context",
+                        "targetClusterConnectionString"_attr =
+                            transientEgressSSLParams.targetedClusterConnectionString);
+        }
+
         newSSLContext->egress = std::make_unique<asio::ssl::context>(asio::ssl::context::sslv23);
         Status status = newSSLContext->manager->initSSLContext(
             newSSLContext->egress->native_handle(),
             sslParams,
+            transientEgressSSLParams,
             SSLManagerInterface::ConnectionDirection::kOutgoing);
         if (!status.isOK()) {
             return status;
         }
-        if (newSSLContext->manager->isTransient()) {
-            newSSLContext->targetClusterURI =
-                newSSLContext->manager->getTargetedClusterConnectionString();
+        if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) {
+            if (transientEgressSSLParams.targetedClusterConnectionString) {
+                newSSLContext->targetClusterURI =
+                    transientEgressSSLParams.targetedClusterConnectionString.toString();
+            }
         }
     }
     return newSSLContext;
@@ -1286,17 +1300,12 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
 
 StatusWith<std::shared_ptr<const transport::SSLConnectionContext>>
 TransportLayerASIO::createTransientSSLContext(const TransientSSLParams& transientSSLParams) {
-    auto coordinator = SSLManagerCoordinator::get();
-    if (!coordinator) {
-        return Status(ErrorCodes::InvalidSSLConfiguration,
-                      "SSLManagerCoordinator is not initialized");
-    }
-    auto manager = coordinator->createTransientSSLManager(transientSSLParams);
+    auto manager = getSSLManager();
     if (!manager) {
         return Status(ErrorCodes::InvalidSSLConfiguration, "TransportLayerASIO has no SSL manager");
     }
 
-    return _createSSLContext(manager, _sslMode(), true /* asyncOCSPStaple */);
+    return _createSSLContext(manager, _sslMode(), transientSSLParams, true /* asyncOCSPStaple */);
 }
 
 #endif
diff --git a/src/mongo/transport/transport_layer_asio.h b/src/mongo/transport/transport_layer_asio.h
index 3ed909f1801..04d2d136427 100644
--- a/src/mongo/transport/transport_layer_asio.h
+++ b/src/mongo/transport/transport_layer_asio.h
@@ -152,6 +152,14 @@ public:
     Status rotateCertificates(std::shared_ptr<SSLManagerInterface> manager,
                               bool asyncOCSPStaple) override;
 
+    std::shared_ptr<SSLManagerInterface> getSSLManager() {
+        auto sslContext = _sslContext.get();
+        if (!sslContext) {
+            return std::shared_ptr<SSLManagerInterface>{};
+        }
+        return sslContext->manager;
+    }
+
     /**
      * Creates a transient SSL context using targeted (non default) SSL params.
      * @param transientSSLParams overrides any value in stored SSLConnectionContext.
@@ -183,6 +191,7 @@ private:
     StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> _createSSLContext(
         std::shared_ptr<SSLManagerInterface>& manager,
         SSLParams::SSLModes sslMode,
+        TransientSSLParams transientEgressSSLParams,
         bool asyncOCSPStaple) const;
 
     void _runListener() noexcept;