diff options
author | Håvard Pettersen <havardpe@oath.com> | 2020-02-17 13:21:43 +0000 |
---|---|---|
committer | Håvard Pettersen <havardpe@oath.com> | 2020-02-21 09:47:50 +0000 |
commit | 6e23a79c7cef059495a2163de38aca02b8e3c79d (patch) | |
tree | 416e3fca69e6b00b643345bf68de9d4d8c81f444 /fbench | |
parent | 25bcc44fcf22a5e4737d6d4551b4a292bc04d4e0 (diff) |
use authority for sni
Diffstat (limited to 'fbench')
-rw-r--r-- | fbench/CMakeLists.txt | 1 | ||||
-rw-r--r-- | fbench/src/httpclient/CMakeLists.txt | 1 | ||||
-rw-r--r-- | fbench/src/httpclient/httpclient.cpp | 16 | ||||
-rw-r--r-- | fbench/src/httpclient/httpclient.h | 4 | ||||
-rw-r--r-- | fbench/src/test/authority/CMakeLists.txt | 10 | ||||
-rw-r--r-- | fbench/src/test/authority/authority_test.cpp | 89 | ||||
-rw-r--r-- | fbench/src/util/CMakeLists.txt | 3 | ||||
-rw-r--r-- | fbench/src/util/authority.cpp | 42 | ||||
-rw-r--r-- | fbench/src/util/authority.h | 30 |
9 files changed, 184 insertions, 12 deletions
diff --git a/fbench/CMakeLists.txt b/fbench/CMakeLists.txt index 5cc56786227..3da632d98a6 100644 --- a/fbench/CMakeLists.txt +++ b/fbench/CMakeLists.txt @@ -15,6 +15,7 @@ vespa_define_module( TESTS src/test + src/test/authority ) vespa_install_script(util/resultfilter.pl vespa-fbench-result-filter.pl bin) diff --git a/fbench/src/httpclient/CMakeLists.txt b/fbench/src/httpclient/CMakeLists.txt index 5f3333128b3..a28f3666383 100644 --- a/fbench/src/httpclient/CMakeLists.txt +++ b/fbench/src/httpclient/CMakeLists.txt @@ -3,5 +3,6 @@ vespa_add_library(fbench_httpclient STATIC SOURCES httpclient.cpp DEPENDS + fbench_util fastos ) diff --git a/fbench/src/httpclient/httpclient.cpp b/fbench/src/httpclient/httpclient.cpp index 99134a6e297..9615a6e6df7 100644 --- a/fbench/src/httpclient/httpclient.cpp +++ b/fbench/src/httpclient/httpclient.cpp @@ -1,6 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. #include "httpclient.h" #include <vespa/vespalib/net/socket_spec.h> +#include <util/authority.h> #include <cassert> #include <cstring> @@ -29,7 +30,8 @@ HTTPClient::HTTPClient(vespalib::CryptoEngine::SP engine, const char *hostname, _keepAlive(keepAlive), _headerBenchmarkdataCoverage(headerBenchmarkdataCoverage), _extraHeaders(extraHeaders), - _authority(authority), + _sni_spec(make_sni_spec(authority, hostname, port, _engine->use_tls_when_client())), + _host_header_value(make_host_header_value(_sni_spec, _engine->use_tls_when_client())), _reuseCount(0), _bufsize(10240), _buf(new char[_bufsize]), @@ -51,11 +53,6 @@ HTTPClient::HTTPClient(vespalib::CryptoEngine::SP engine, const char *hostname, _dataDone(false), _reader(NULL) { - if (_authority == "") { - char tmp[1024]; - snprintf(tmp, 1024, "%s:%d", hostname, port); - _authority = tmp; - } } bool @@ -70,8 +67,7 @@ HTTPClient::connect_socket() if (!handle.valid()) { return false; } - _socket = vespalib::SyncCryptoSocket::create_client(*_engine, std::move(handle), - vespalib::SocketSpec::from_host_port(_hostname, _port)); + _socket = vespalib::SyncCryptoSocket::create_client(*_engine, std::move(handle), _sni_spec); return bool(_socket); } @@ -153,14 +149,14 @@ HTTPClient::Connect(const char *url, bool usePost, const char *content, int cLen "Content-Length: %d\r\n" "%s" "\r\n", - url, _authority.c_str(), cLen, headers.c_str()); + url, _host_header_value.c_str(), cLen, headers.c_str()); } else { snprintf(req, req_max, "GET %s HTTP/1.1\r\n" "Host: %s\r\n" "%s" "\r\n", - url, _authority.c_str(), headers.c_str()); + url, _host_header_value.c_str(), headers.c_str()); } // try to reuse connection if keep-alive is enabled diff --git a/fbench/src/httpclient/httpclient.h b/fbench/src/httpclient/httpclient.h index 9c3ccd437d1..cad01826db7 100644 --- a/fbench/src/httpclient/httpclient.h +++ b/fbench/src/httpclient/httpclient.h @@ -6,6 +6,7 @@ #include <vespa/vespalib/net/sync_crypto_socket.h> #include <vespa/vespalib/net/crypto_engine.h> #include <vespa/vespalib/net/socket_address.h> +#include <vespa/vespalib/net/socket_spec.h> /** * This class implements a HTTP client that may be used to fetch @@ -99,7 +100,8 @@ protected: bool _keepAlive; bool _headerBenchmarkdataCoverage; std::string _extraHeaders; - std::string _authority; + vespalib::SocketSpec _sni_spec; + std::string _host_header_value; uint64_t _reuseCount; size_t _bufsize; diff --git a/fbench/src/test/authority/CMakeLists.txt b/fbench/src/test/authority/CMakeLists.txt new file mode 100644 index 00000000000..00f804f43f6 --- /dev/null +++ b/fbench/src/test/authority/CMakeLists.txt @@ -0,0 +1,10 @@ +# Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +vespa_add_executable(fbench_authority_test_app TEST + SOURCES + authority_test.cpp + DEPENDS + fbench_util + vespalib + gtest +) +vespa_add_test(NAME fbench_authority_test_app COMMAND fbench_authority_test_app) diff --git a/fbench/src/test/authority/authority_test.cpp b/fbench/src/test/authority/authority_test.cpp new file mode 100644 index 00000000000..f5d0afa32bb --- /dev/null +++ b/fbench/src/test/authority/authority_test.cpp @@ -0,0 +1,89 @@ +// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#include <util/authority.h> +#include <vespa/vespalib/gtest/gtest.h> + +using vespalib::SocketSpec; + +//----------------------------------------------------------------------------- + +TEST(MakeSNISpecTest, host_port_is_parsed_as_expected) { + EXPECT_EQ(make_sni_spec("my_host:123", "fallback", 456, false).host(), "my_host"); + EXPECT_EQ(make_sni_spec("my_host:123", "fallback", 456, true).host(), "my_host"); + EXPECT_EQ(make_sni_spec("my_host:123", "fallback", 456, false).port(), 123); + EXPECT_EQ(make_sni_spec("my_host:123", "fallback", 456, true).port(), 123); +} + +TEST(MakeSNISpecTest, user_info_is_stripped) { + EXPECT_EQ(make_sni_spec("myuser:deprecated@my_host:123", "fallback", 456, false).host(), "my_host"); + EXPECT_EQ(make_sni_spec("myuser:deprecated@my_host:123", "fallback", 456, true).host(), "my_host"); + EXPECT_EQ(make_sni_spec("myuser:deprecated@my_host:123", "fallback", 456, false).port(), 123); + EXPECT_EQ(make_sni_spec("myuser:deprecated@my_host:123", "fallback", 456, true).port(), 123); +} + +TEST(MakeSNISpecTest, port_can_be_skipped) { + EXPECT_EQ(make_sni_spec("my_host", "fallback", 456, false).host(), "my_host"); + EXPECT_EQ(make_sni_spec("my_host", "fallback", 456, true).host(), "my_host"); + EXPECT_EQ(make_sni_spec("my_host", "fallback", 456, false).port(), 80); + EXPECT_EQ(make_sni_spec("my_host", "fallback", 456, true).port(), 443); +} + +TEST(MakeSNISpecTest, quoted_ip_addresses_work_as_expected) { + EXPECT_EQ(make_sni_spec("[::1]:123", "fallback", 456, false).host(), "::1"); + EXPECT_EQ(make_sni_spec("[::1]:123", "fallback", 456, true).host(), "::1"); + EXPECT_EQ(make_sni_spec("[::1]:123", "fallback", 456, false).port(), 123); + EXPECT_EQ(make_sni_spec("[::1]:123", "fallback", 456, true).port(), 123); + EXPECT_EQ(make_sni_spec("[::1]", "fallback", 456, false).host(), "::1"); + EXPECT_EQ(make_sni_spec("[::1]", "fallback", 456, true).host(), "::1"); + EXPECT_EQ(make_sni_spec("[::1]", "fallback", 456, false).port(), 80); + EXPECT_EQ(make_sni_spec("[::1]", "fallback", 456, true).port(), 443); +} + +TEST(MakeSNISpecTest, supplied_host_port_is_used_as_fallback) { + EXPECT_EQ(make_sni_spec("", "fallback", 456, false).host(), "fallback"); + EXPECT_EQ(make_sni_spec("", "fallback", 456, true).host(), "fallback"); + EXPECT_EQ(make_sni_spec("", "fallback", 456, false).port(), 456); + EXPECT_EQ(make_sni_spec("", "fallback", 456, true).port(), 456); +} + +//----------------------------------------------------------------------------- + +std::string make_host_header_value(const vespalib::SocketSpec &sni_spec, bool use_https); + +TEST(MakeHostHeaderValueTest, host_port_is_formatted_as_expected) { + auto my_spec = SocketSpec::from_host_port("myhost", 123); + EXPECT_EQ(make_host_header_value(my_spec, false), "myhost:123"); + EXPECT_EQ(make_host_header_value(my_spec, true), "myhost:123"); +} + +TEST(MakeHostHeaderValueTest, inappropriate_spec_gives_empty_host_value) { + std::vector<SocketSpec> bad_specs = { + SocketSpec::invalid, + SocketSpec::from_port(123), + SocketSpec::from_name("foo"), + SocketSpec::from_path("bar") + }; + for (const auto &spec: bad_specs) { + EXPECT_EQ(make_host_header_value(spec, false), ""); + EXPECT_EQ(make_host_header_value(spec, true), ""); + } +} + +TEST(MakeHostHeaderValueTest, default_port_is_omitted) { + auto spec1 = SocketSpec::from_host_port("myhost", 80); + auto spec2 = SocketSpec::from_host_port("myhost", 443); + EXPECT_EQ(make_host_header_value(spec1, false), "myhost"); + EXPECT_EQ(make_host_header_value(spec1, true), "myhost:80"); + EXPECT_EQ(make_host_header_value(spec2, false), "myhost:443"); + EXPECT_EQ(make_host_header_value(spec2, true), "myhost"); +} + +TEST(MakeHostHeaderValueTest, ipv6_addresses_are_quoted) { + auto my_spec = SocketSpec::from_host_port("::1", 123); + EXPECT_EQ(make_host_header_value(my_spec, false), "[::1]:123"); + EXPECT_EQ(make_host_header_value(my_spec, true), "[::1]:123"); +} + +//----------------------------------------------------------------------------- + +GTEST_MAIN_RUN_ALL_TESTS() diff --git a/fbench/src/util/CMakeLists.txt b/fbench/src/util/CMakeLists.txt index 47cc46ffc8f..3cdff26ce16 100644 --- a/fbench/src/util/CMakeLists.txt +++ b/fbench/src/util/CMakeLists.txt @@ -1,8 +1,9 @@ # Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. vespa_add_library(fbench_util STATIC SOURCES + authority.cpp + clientstatus.cpp filereader.cpp timer.cpp - clientstatus.cpp DEPENDS ) diff --git a/fbench/src/util/authority.cpp b/fbench/src/util/authority.cpp new file mode 100644 index 00000000000..6247c72d9b0 --- /dev/null +++ b/fbench/src/util/authority.cpp @@ -0,0 +1,42 @@ +// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#include "authority.h" +#include <vespa/vespalib/util/stringfmt.h> +#include <cassert> + +namespace { + +int default_port(bool use_https) { return use_https ? 443 : 80; } + +} + +vespalib::SocketSpec make_sni_spec(const std::string &authority, const char *hostname, int port, bool use_https) { + if (authority.empty()) { + return vespalib::SocketSpec::from_host_port(hostname, port); + } + auto split = authority.rfind('@'); + std::string spec_str = (split == std::string::npos) ? authority : authority.substr(split + 1); + auto a = spec_str.rfind(':'); + auto b = spec_str.rfind(']'); + bool has_port = (a != std::string::npos) && ((b == std::string::npos) || (a > b)); + if (has_port) { + spec_str = "tcp/" + spec_str; + } else { + spec_str = vespalib::make_string("tcp/%s:%d", spec_str.c_str(), default_port(use_https)); + } + // use SocketSpec parser to ensure ipv6 addresses are dequoted + return vespalib::SocketSpec(spec_str); +} + +std::string make_host_header_value(const vespalib::SocketSpec &sni_spec, bool use_https) { + if (sni_spec.host().empty()) { + return ""; + } + if (sni_spec.port() == default_port(use_https)) { + return sni_spec.host(); + } + // use SocketSpec formatter to ensure ipv6 addresses are quoted + std::string spec_str = sni_spec.spec(); + assert(spec_str.find("tcp/") == 0); + return spec_str.substr(4); +} diff --git a/fbench/src/util/authority.h b/fbench/src/util/authority.h new file mode 100644 index 00000000000..49dab4a29fd --- /dev/null +++ b/fbench/src/util/authority.h @@ -0,0 +1,30 @@ +// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#pragma once + +#include <vespa/vespalib/net/socket_spec.h> + +/** + * Assemble an SNI (Server Name Indication) spec that will be used + * when handshaking over TLS. The authority will be used if + * non-empty. Hostname/port will be used as fall-back. Note that the + * SNI spec will also be used to generate the Host header used in + * subsequent HTTP requests. + * + * @return sni spec + * @param authority user-provided authority + * @param hostname name of the host we are connecting to + * @param port which port we are connecting to + * @param use_https are we using https? (TLS) + **/ +vespalib::SocketSpec make_sni_spec(const std::string &authority, const char *hostname, int port, bool use_https); + +/** + * Use an SNI spec to generate a matching Host header to be used in + * HTTP requests. Note that default port numbers will be omitted. + * + * @return host header value + * @param sni_spec SNI spec + * @param use_https are we using https? (TLS) + **/ +std::string make_host_header_value(const vespalib::SocketSpec &sni_spec, bool use_https); |