Move uses of SSLIOSessionStrategy to profile

Author: tvernum

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLService.java

@@ -233,17 +233,17 @@ public SslProfile profile(String profileName) {
      *                      return a context created from the default configuration
      * @return Never {@code null}.
      * @deprecated This method will fail if the SSL configuration uses a {@link org.elasticsearch.common.settings.SecureSetting} but the
-     * {@link org.elasticsearch.common.settings.SecureSettings} have been closed. Use {@link #getSSLConfiguration(String)}
-     * and {@link #sslIOSessionStrategy(SslConfiguration)} (Deprecated, but not removed because monitoring uses dynamic SSL settings)
+     * {@link org.elasticsearch.common.settings.SecureSettings} have been closed. Use {@link #profile(String)}
+     * and {@link SslProfile#ioSessionStrategy4()}
+     * (Deprecated, but not removed because monitoring uses dynamic SSL settings)
      */
     @Deprecated
     public SSLIOSessionStrategy sslIOSessionStrategy(Settings settingsToUse) {
         SslConfiguration config = sslConfiguration(settingsToUse);
-        return sslIOSessionStrategy(config);
+        return sslIOSessionStrategy(config, sslContext(config));
     }
 
-    public SSLIOSessionStrategy sslIOSessionStrategy(SslConfiguration config) {
-        SSLContext sslContext = sslContext(config);
+    SSLIOSessionStrategy sslIOSessionStrategy(SslConfiguration config, SSLContext sslContext) {
         String[] ciphers = supportedCiphers(sslParameters(sslContext).getCipherSuites(), config.getCipherSuites(), false);
         String[] supportedProtocols = config.supportedProtocols().toArray(Strings.EMPTY_ARRAY);
         HostnameVerifier verifier;
@@ -254,8 +254,7 @@ public SSLIOSessionStrategy sslIOSessionStrategy(SslConfiguration config) {
             verifier = NoopHostnameVerifier.INSTANCE;
         }
 
-        final SSLIOSessionStrategy strategy = sslIOSessionStrategy(sslContext, supportedProtocols, ciphers, verifier);
-        return strategy;
+        return sslIOSessionStrategy(sslContext, supportedProtocols, ciphers, verifier);
     }
 
     public static HostnameVerifier getHostnameVerifier(SslConfiguration sslConfiguration) {
@@ -847,7 +846,7 @@ public SSLConnectionSocketFactory socketConnectionFactory() {
 
         @Override
         public SSLIOSessionStrategy ioSessionStrategy4() {
-            return SSLService.this.sslIOSessionStrategy(this.sslConfiguration);
+            return sslIOSessionStrategy(this.sslConfiguration, context);
         }
 
         @Override

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLServiceTests.java

@@ -37,6 +37,7 @@
 import org.elasticsearch.xpack.core.XPackSettings;
 import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;
 import org.junit.Before;
+import org.mockito.Mockito;
 
 import java.nio.file.Path;
 import java.security.AccessController;
@@ -655,7 +656,7 @@ public void testSSLStrategy() {
 
         // ensure it actually goes through and calls the real method
         when(sslService.sslIOSessionStrategy(settings)).thenCallRealMethod();
-        when(sslService.sslIOSessionStrategy(sslConfig)).thenCallRealMethod();
+        when(sslService.sslIOSessionStrategy(Mockito.eq(sslConfig), Mockito.any(SSLContext.class))).thenCallRealMethod();
 
         final SSLIOSessionStrategy actual = sslService.sslIOSessionStrategy(settings);
         assertThat(actual, sameInstance(sslStrategy));
@@ -961,7 +962,7 @@ public void testThatSSLContextWithoutSettingsWorks() throws Exception {
         final SSLService sslService = new SSLService(env);
         final SSLContext sslContext1 = sslService.sslContext(sslService.sslConfiguration(Settings.EMPTY));
         final SSLContext sslContext2 = sslService.profile("xpack.http.ssl").sslContext();
-     
+
         for (var sslContext : List.of(sslContext1, sslContext2)) {
             try (CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build()) {
                 // Execute a GET on a site known to have a valid certificate signed by a trusted public CA
@@ -992,9 +993,9 @@ public void testThatSSLContextTrustsJDKTrustedCAs() throws Exception {
     @Network
     public void testThatSSLIOSessionStrategyWithoutSettingsWorks() throws Exception {
         SSLService sslService = new SSLService(env);
-        SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        logger.info("SSL Configuration: {}", sslConfiguration);
-        SSLIOSessionStrategy sslStrategy = sslService.sslIOSessionStrategy(sslConfiguration);
+        SslProfile profile = sslService.profile("xpack.security.transport.ssl");
+        logger.info("SSL Configuration: {}", profile.configuration());
+        SSLIOSessionStrategy sslStrategy = profile.ioSessionStrategy4();
         try (CloseableHttpAsyncClient client = getAsyncHttpClient(sslStrategy)) {
             client.start();
 
@@ -1014,7 +1015,8 @@ public void testThatSSLIOSessionStrategyTrustsJDKTrustedCAs() throws Exception {
             .setSecureSettings(secureSettings)
             .build();
         final SSLService sslService = new SSLService(TestEnvironment.newEnvironment(buildEnvSettings(settings)));
-        SSLIOSessionStrategy sslStrategy = sslService.sslIOSessionStrategy(sslService.getSSLConfiguration("xpack.security.transport.ssl"));
+        final SslProfile profile = sslService.profile("xpack.security.transport.ssl");
+        final SSLIOSessionStrategy sslStrategy = profile.ioSessionStrategy4();
         try (CloseableHttpAsyncClient client = getAsyncHttpClient(sslStrategy)) {
             client.start();
 

x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/external/http/HttpClientManager.java

@@ -117,10 +117,8 @@ public static HttpClientManager create(
         TimeValue connectionTtl
     ) {
         // Set the sslStrategy to ensure an encrypted connection, as Elastic Inference Service requires it.
-        SSLIOSessionStrategy sslioSessionStrategy = sslService.sslIOSessionStrategy(
-            sslService.getSSLConfiguration(ELASTIC_INFERENCE_SERVICE_SSL_CONFIGURATION_PREFIX)
-        );
-
+        final SSLIOSessionStrategy sslioSessionStrategy = sslService.profile(ELASTIC_INFERENCE_SERVICE_SSL_CONFIGURATION_PREFIX)
+            .ioSessionStrategy4();
         PoolingNHttpClientConnectionManager connectionManager = createConnectionManager(sslioSessionStrategy, connectionTtl);
         return new HttpClientManager(settings, connectionManager, threadPool, clusterService, throttlerManager);
     }

x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java

@@ -39,6 +39,7 @@
 import org.elasticsearch.core.TimeValue;
 import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;
 import org.elasticsearch.xpack.core.ssl.SSLService;
+import org.elasticsearch.xpack.core.ssl.SslProfile;
 import org.elasticsearch.xpack.monitoring.Monitoring;
 import org.elasticsearch.xpack.monitoring.MonitoringTemplateRegistry;
 import org.elasticsearch.xpack.monitoring.exporter.ClusterAlertsUtil;
@@ -758,8 +759,8 @@ private static SSLIOSessionStrategy configureSslStrategy(
             // This configuration uses secure settings. We cannot load a new SSL strategy, as the secure settings have already been closed.
             // Due to #registerSettingValidators we know that the settings not been dynamically updated, and the pre-configured strategy
             // is still the correct configuration for use in this exporter.
-            final SslConfiguration sslConfiguration = sslService.getSSLConfiguration(concreteSetting.getKey());
-            sslStrategy = sslService.sslIOSessionStrategy(sslConfiguration);
+            final SslProfile profile = sslService.profile(concreteSetting.getKey());
+            sslStrategy = profile.ioSessionStrategy4();
         }
         return sslStrategy;
     }