diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/util/net/private/ssl_expiration.cpp | 20 | ||||
-rw-r--r-- | src/mongo/util/net/private/ssl_expiration.h | 42 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 4 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 4 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 4 |
5 files changed, 48 insertions, 26 deletions
diff --git a/src/mongo/util/net/private/ssl_expiration.cpp b/src/mongo/util/net/private/ssl_expiration.cpp index 59810487b11..142ee713405 100644 --- a/src/mongo/util/net/private/ssl_expiration.cpp +++ b/src/mongo/util/net/private/ssl_expiration.cpp @@ -34,20 +34,29 @@ #include <string> #include "mongo/logv2/log.h" +#include "mongo/util/net/ssl_manager.h" #include "mongo/util/time_support.h" namespace mongo { static const auto oneDay = Hours(24); -CertificateExpirationMonitor::CertificateExpirationMonitor(Date_t date) - : _certExpiration(date), _lastCheckTime(Date_t::now()) {} +std::unique_ptr<CertificateExpirationMonitor::CertificateExpirationMonitorTask> + CertificateExpirationMonitor::_task; -std::string CertificateExpirationMonitor::taskName() const { +void CertificateExpirationMonitor::updateExpirationDeadline(Date_t date) { + if (!_task) { + _task = std::make_unique<CertificateExpirationMonitorTask>(); + } + stdx::lock_guard<Mutex> lock(_task->_mutex); + _task->_certExpiration = date; +} + +std::string CertificateExpirationMonitor::CertificateExpirationMonitorTask::taskName() const { return "CertificateExpirationMonitor"; } -void CertificateExpirationMonitor::taskDoWork() { +void CertificateExpirationMonitor::CertificateExpirationMonitorTask::taskDoWork() { const Milliseconds timeSinceLastCheck = Date_t::now() - _lastCheckTime; if (timeSinceLastCheck < oneDay) @@ -56,6 +65,7 @@ void CertificateExpirationMonitor::taskDoWork() { const Date_t now = Date_t::now(); _lastCheckTime = now; + stdx::lock_guard<Mutex> lock(_mutex); if (_certExpiration <= now) { // The certificate has expired. LOGV2_WARNING(23785, @@ -68,7 +78,7 @@ void CertificateExpirationMonitor::taskDoWork() { const auto remainingValidDuration = _certExpiration - now; if (remainingValidDuration <= 30 * oneDay) { - // The certificate will expire in the next 30 days. + // The certificate will expire in the next 30 days LOGV2_WARNING(23786, "Server certificate will expire on {certExpiration} in " "{validDuration}.", diff --git a/src/mongo/util/net/private/ssl_expiration.h b/src/mongo/util/net/private/ssl_expiration.h index fb22505c020..bd1370ce28f 100644 --- a/src/mongo/util/net/private/ssl_expiration.h +++ b/src/mongo/util/net/private/ssl_expiration.h @@ -34,27 +34,39 @@ namespace mongo { -class CertificateExpirationMonitor : public PeriodicTask { -public: - explicit CertificateExpirationMonitor(Date_t date); +class CertificateExpirationMonitor { +private: + class CertificateExpirationMonitorTask : public PeriodicTask { + /** + * Gets the PeriodicTask's name. + * @return CertificateExpirationMonitorTask's name. + */ + std::string taskName() const override; - /** - * Gets the PeriodicTask's name. - * @return CertificateExpirationMonitor's name. - */ - virtual std::string taskName() const; + /** + * Wakes up every minute as it is a PeriodicTask. + * Checks once a day if the server certificate has expired + * or will expire in the next 30 days and sends a warning + * to the log accordingly. + */ + void taskDoWork() override; + Date_t _lastCheckTime{Date_t::now()}; + + public: + Mutex _mutex = MONGO_MAKE_LATCH("CertificateExpirationMonitorTask::_mutex"); + Date_t _certExpiration; + }; + +public: /** - * Wakes up every minute as it is a PeriodicTask. - * Checks once a day if the server certificate has expired - * or will expire in the next 30 days and sends a warning - * to the log accordingly. + * Updates the server certificate's expiration deadline. + * Instantiates a CertificateExpirationMonitorTask if needed. */ - virtual void taskDoWork(); + static void updateExpirationDeadline(Date_t date); private: - const Date_t _certExpiration; - Date_t _lastCheckTime; + static std::unique_ptr<CertificateExpirationMonitorTask> _task; }; } // namespace mongo diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index d96ee83ced1..ceef3eff55f 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1294,8 +1294,8 @@ SSLManagerApple::SSLManagerApple(const SSLParams& params, bool isServer) uassertStatusOK( _sslConfiguration.setServerSubjectName(uassertStatusOK(certificateGetSubject( _serverCtx.certs.get(), &_sslConfiguration.serverCertificateExpirationDate)))); - static auto task = - CertificateExpirationMonitor(_sslConfiguration.serverCertificateExpirationDate); + CertificateExpirationMonitor::updateExpirationDeadline( + _sslConfiguration.serverCertificateExpirationDate); } } diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index 90fd2d5eba9..466da80d840 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -1381,8 +1381,8 @@ SSLManagerOpenSSL::SSLManagerOpenSSL(const SSLParams& params, bool isServer) uassertStatusOK(_sslConfiguration.setServerSubjectName(std::move(serverSubjectName))); - static CertificateExpirationMonitor task = - CertificateExpirationMonitor(_sslConfiguration.serverCertificateExpirationDate); + CertificateExpirationMonitor::updateExpirationDeadline( + _sslConfiguration.serverCertificateExpirationDate); } } diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index 5eed0bdb6a1..0e50c4c98fd 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -435,8 +435,8 @@ SSLManagerWindows::SSLManagerWindows(const SSLParams& params, bool isServer) } // Monitor the server certificate's expiration - static CertificateExpirationMonitor task = - CertificateExpirationMonitor(_sslConfiguration.serverCertificateExpirationDate); + CertificateExpirationMonitor::updateExpirationDeadline( + _sslConfiguration.serverCertificateExpirationDate); } uassertStatusOK(_initChainEngines(&_serverEngine)); |