diff options
Diffstat (limited to 'src/mongo/util/net/ssl_manager.h')
-rw-r--r-- | src/mongo/util/net/ssl_manager.h | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h index b7cfd8b8099..567011971b5 100644 --- a/src/mongo/util/net/ssl_manager.h +++ b/src/mongo/util/net/ssl_manager.h @@ -208,7 +208,16 @@ class SSLManagerInterface : public Decorable<SSLManagerInterface> { public: /** * Creates an instance of SSLManagerInterface. - * Note: as we normally have one instance of the manager, it cannot take TransientSSLParams. + * Note: if 'transientSSLParams' is set, this will create a transient instance of the manager, + * otherwise, normally, this will be a global instance. + */ + static std::shared_ptr<SSLManagerInterface> create( + const SSLParams& params, + const std::optional<TransientSSLParams>& transientSSLParams, + bool isServer); + + /** + * Creates an instance of SSLManagerInterface without transient SSL params. */ static std::shared_ptr<SSLManagerInterface> create(const SSLParams& params, bool isServer); @@ -250,6 +259,23 @@ public: */ virtual const SSLConfiguration& getSSLConfiguration() const = 0; + /** + * @return true if this manager was created with 'transientSSLParams' to authenticate with + * a particular remote cluster. + */ + virtual bool isTransient() const { + return false; + } + + /** + * @return Connection string for the remote cluster if this manager is transient (isTransient() + * == true), otherwise returns empty string. + */ + virtual std::string getTargetedClusterConnectionString() const { + invariant(!isTransient()); + return {}; + } + #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL /** * Fetches the error text for an error code, in a thread-safe manner. @@ -293,7 +319,6 @@ public: */ virtual Status initSSLContext(SSLContextType context, const SSLParams& params, - const TransientSSLParams& transientParams, ConnectionDirection direction) = 0; /** @@ -350,6 +375,13 @@ public: std::shared_ptr<SSLManagerInterface> getSSLManager(); /** + * Create a transient instance of SSL Manager. + * Ownership of the new manager is passed to the invoker. + */ + std::shared_ptr<SSLManagerInterface> createTransientSSLManager( + const TransientSSLParams& transientSSLParams) const; + + /** * Perform certificate rotation safely. */ void rotate(); |