SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface

2 files changed, 11 insertions, 29 deletions

diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp
index 60d66c0c04b..205a3066949 100644
--- a/src/mongo/transport/transport_layer_asio.cpp
+++ b/src/mongo/transport/transport_layer_asio.cpp
@@ -1229,8 +1229,7 @@ SSLParams::SSLModes TransportLayerASIO::_sslMode() const {
 Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterface> manager,
                                               bool asyncOCSPStaple) {
 
-    auto contextOrStatus =
-        _createSSLContext(manager, _sslMode(), TransientSSLParams(), asyncOCSPStaple);
+    auto contextOrStatus = _createSSLContext(manager, _sslMode(), asyncOCSPStaple);
     if (!contextOrStatus.isOK()) {
         return contextOrStatus.getStatus();
     }
@@ -1241,7 +1240,6 @@ Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterfac
 StatusWith<std::shared_ptr<const transport::SSLConnectionContext>>
 TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& manager,
                                       SSLParams::SSLModes sslMode,
-                                      TransientSSLParams transientEgressSSLParams,
                                       bool asyncOCSPStaple) const {
 
     std::shared_ptr<SSLConnectionContext> newSSLContext = std::make_shared<SSLConnectionContext>();
@@ -1254,7 +1252,6 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
         Status status = newSSLContext->manager->initSSLContext(
             newSSLContext->ingress->native_handle(),
             sslParams,
-            TransientSSLParams(),  // Ingress is not using transient params, they are egress.
             SSLManagerInterface::ConnectionDirection::kIncoming);
         if (!status.isOK()) {
             return status;
@@ -1271,28 +1268,17 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
     }
 
     if (_listenerOptions.isEgress() && newSSLContext->manager) {
-        if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) {
-            LOGV2_DEBUG(5270602,
-                        2,
-                        "Initializing transient egress SSL context",
-                        "targetClusterConnectionString"_attr =
-                            transientEgressSSLParams.targetedClusterConnectionString);
-        }
-
         newSSLContext->egress = std::make_unique<asio::ssl::context>(asio::ssl::context::sslv23);
         Status status = newSSLContext->manager->initSSLContext(
             newSSLContext->egress->native_handle(),
             sslParams,
-            transientEgressSSLParams,
             SSLManagerInterface::ConnectionDirection::kOutgoing);
         if (!status.isOK()) {
             return status;
         }
-        if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) {
-            if (transientEgressSSLParams.targetedClusterConnectionString) {
-                newSSLContext->targetClusterURI =
-                    transientEgressSSLParams.targetedClusterConnectionString.toString();
-            }
+        if (newSSLContext->manager->isTransient()) {
+            newSSLContext->targetClusterURI =
+                newSSLContext->manager->getTargetedClusterConnectionString();
         }
     }
     return newSSLContext;
@@ -1300,12 +1286,17 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana
 
 StatusWith<std::shared_ptr<const transport::SSLConnectionContext>>
 TransportLayerASIO::createTransientSSLContext(const TransientSSLParams& transientSSLParams) {
-    auto manager = getSSLManager();
+    auto coordinator = SSLManagerCoordinator::get();
+    if (!coordinator) {
+        return Status(ErrorCodes::InvalidSSLConfiguration,
+                      "SSLManagerCoordinator is not initialized");
+    }
+    auto manager = coordinator->createTransientSSLManager(transientSSLParams);
     if (!manager) {
         return Status(ErrorCodes::InvalidSSLConfiguration, "TransportLayerASIO has no SSL manager");
     }
 
-    return _createSSLContext(manager, _sslMode(), transientSSLParams, true /* asyncOCSPStaple */);
+    return _createSSLContext(manager, _sslMode(), true /* asyncOCSPStaple */);
 }
 
 #endif
diff --git a/src/mongo/transport/transport_layer_asio.h b/src/mongo/transport/transport_layer_asio.h
index 04d2d136427..3ed909f1801 100644
--- a/src/mongo/transport/transport_layer_asio.h
+++ b/src/mongo/transport/transport_layer_asio.h
@@ -152,14 +152,6 @@ public:
     Status rotateCertificates(std::shared_ptr<SSLManagerInterface> manager,
                               bool asyncOCSPStaple) override;
 
-    std::shared_ptr<SSLManagerInterface> getSSLManager() {
-        auto sslContext = _sslContext.get();
-        if (!sslContext) {
-            return std::shared_ptr<SSLManagerInterface>{};
-        }
-        return sslContext->manager;
-    }
-
     /**
      * Creates a transient SSL context using targeted (non default) SSL params.
      * @param transientSSLParams overrides any value in stored SSLConnectionContext.
@@ -191,7 +183,6 @@ private:
     StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> _createSSLContext(
         std::shared_ptr<SSLManagerInterface>& manager,
         SSLParams::SSLModes sslMode,
-        TransientSSLParams transientEgressSSLParams,
         bool asyncOCSPStaple) const;
 
     void _runListener() noexcept;