diff options
author | Andrew Shuvalov <andrew.shuvalov@mongodb.com> | 2021-02-05 02:59:19 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-02-11 14:45:36 +0000 |
commit | 8e1cd3402cc0c27d1332ac78a93919bd17d3d556 (patch) | |
tree | f21e2835f5baeb47d2e3e8a662e0cd1cbbd91ce7 /src/mongo/transport | |
parent | e9b02873749f2331f1853d00e13c8a67b39bf53a (diff) | |
download | mongo-8e1cd3402cc0c27d1332ac78a93919bd17d3d556.tar.gz |
SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface
Diffstat (limited to 'src/mongo/transport')
-rw-r--r-- | src/mongo/transport/transport_layer_asio.cpp | 31 | ||||
-rw-r--r-- | src/mongo/transport/transport_layer_asio.h | 9 |
2 files changed, 11 insertions, 29 deletions
diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp index 60d66c0c04b..205a3066949 100644 --- a/src/mongo/transport/transport_layer_asio.cpp +++ b/src/mongo/transport/transport_layer_asio.cpp @@ -1229,8 +1229,7 @@ SSLParams::SSLModes TransportLayerASIO::_sslMode() const { Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterface> manager, bool asyncOCSPStaple) { - auto contextOrStatus = - _createSSLContext(manager, _sslMode(), TransientSSLParams(), asyncOCSPStaple); + auto contextOrStatus = _createSSLContext(manager, _sslMode(), asyncOCSPStaple); if (!contextOrStatus.isOK()) { return contextOrStatus.getStatus(); } @@ -1241,7 +1240,6 @@ Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterfac StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& manager, SSLParams::SSLModes sslMode, - TransientSSLParams transientEgressSSLParams, bool asyncOCSPStaple) const { std::shared_ptr<SSLConnectionContext> newSSLContext = std::make_shared<SSLConnectionContext>(); @@ -1254,7 +1252,6 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana Status status = newSSLContext->manager->initSSLContext( newSSLContext->ingress->native_handle(), sslParams, - TransientSSLParams(), // Ingress is not using transient params, they are egress. SSLManagerInterface::ConnectionDirection::kIncoming); if (!status.isOK()) { return status; @@ -1271,28 +1268,17 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana } if (_listenerOptions.isEgress() && newSSLContext->manager) { - if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) { - LOGV2_DEBUG(5270602, - 2, - "Initializing transient egress SSL context", - "targetClusterConnectionString"_attr = - transientEgressSSLParams.targetedClusterConnectionString); - } - newSSLContext->egress = std::make_unique<asio::ssl::context>(asio::ssl::context::sslv23); Status status = newSSLContext->manager->initSSLContext( newSSLContext->egress->native_handle(), sslParams, - transientEgressSSLParams, SSLManagerInterface::ConnectionDirection::kOutgoing); if (!status.isOK()) { return status; } - if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) { - if (transientEgressSSLParams.targetedClusterConnectionString) { - newSSLContext->targetClusterURI = - transientEgressSSLParams.targetedClusterConnectionString.toString(); - } + if (newSSLContext->manager->isTransient()) { + newSSLContext->targetClusterURI = + newSSLContext->manager->getTargetedClusterConnectionString(); } } return newSSLContext; @@ -1300,12 +1286,17 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> TransportLayerASIO::createTransientSSLContext(const TransientSSLParams& transientSSLParams) { - auto manager = getSSLManager(); + auto coordinator = SSLManagerCoordinator::get(); + if (!coordinator) { + return Status(ErrorCodes::InvalidSSLConfiguration, + "SSLManagerCoordinator is not initialized"); + } + auto manager = coordinator->createTransientSSLManager(transientSSLParams); if (!manager) { return Status(ErrorCodes::InvalidSSLConfiguration, "TransportLayerASIO has no SSL manager"); } - return _createSSLContext(manager, _sslMode(), transientSSLParams, true /* asyncOCSPStaple */); + return _createSSLContext(manager, _sslMode(), true /* asyncOCSPStaple */); } #endif diff --git a/src/mongo/transport/transport_layer_asio.h b/src/mongo/transport/transport_layer_asio.h index 04d2d136427..3ed909f1801 100644 --- a/src/mongo/transport/transport_layer_asio.h +++ b/src/mongo/transport/transport_layer_asio.h @@ -152,14 +152,6 @@ public: Status rotateCertificates(std::shared_ptr<SSLManagerInterface> manager, bool asyncOCSPStaple) override; - std::shared_ptr<SSLManagerInterface> getSSLManager() { - auto sslContext = _sslContext.get(); - if (!sslContext) { - return std::shared_ptr<SSLManagerInterface>{}; - } - return sslContext->manager; - } - /** * Creates a transient SSL context using targeted (non default) SSL params. * @param transientSSLParams overrides any value in stored SSLConnectionContext. @@ -191,7 +183,6 @@ private: StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> _createSSLContext( std::shared_ptr<SSLManagerInterface>& manager, SSLParams::SSLModes sslMode, - TransientSSLParams transientEgressSSLParams, bool asyncOCSPStaple) const; void _runListener() noexcept; |