expose crypto codec from tls crypto engine

author: Håvard Pettersen <havardpe@yahooinc.com> 2023-01-09 14:33:13 +0000
committer: Håvard Pettersen <havardpe@yahooinc.com> 2023-01-09 14:48:47 +0000
commit: ac11930e8cbde753699e1643a3d37bd4f1628802 (patch)
tree: 3f8373f86733b66a2a4e9dfeb8513120251999ae /vespalib
parent: baf54beef9119768f99d41d950373f742a42df62 (diff)
5 files changed, 36 insertions, 25 deletions
diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp
index 7d0d94b3627..4b287c1c86b 100644
--- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp
@@ -6,6 +6,7 @@
 #include "tls_crypto_engine.h"
 #include "transport_security_options.h"
 #include "transport_security_options_reading.h"
+#include "crypto_codec.h"
 
 #include <functional>
 #include <stdexcept>
@@ -111,14 +112,14 @@ AutoReloadingTlsCryptoEngine::always_use_tls_when_server() const
     return acquire_current_engine()->always_use_tls_when_server();
 }
 
-std::unique_ptr<TlsCryptoSocket>
-AutoReloadingTlsCryptoEngine::create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) {
-    return acquire_current_engine()->create_tls_client_crypto_socket(std::move(socket), spec);
+std::unique_ptr<CryptoCodec>
+AutoReloadingTlsCryptoEngine::create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) {
+    return acquire_current_engine()->create_tls_client_crypto_codec(socket, spec);
 }
 
-std::unique_ptr<TlsCryptoSocket>
-AutoReloadingTlsCryptoEngine::create_tls_server_crypto_socket(SocketHandle socket) {
-    return acquire_current_engine()->create_tls_server_crypto_socket(std::move(socket));
+std::unique_ptr<CryptoCodec>
+AutoReloadingTlsCryptoEngine::create_tls_server_crypto_codec(const SocketHandle &socket) {
+    return acquire_current_engine()->create_tls_server_crypto_codec(socket);
 }
 
 }
diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h
index b379fd75b99..e642d93bfac 100644
--- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h
+++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h
@@ -49,8 +49,8 @@ public:
     CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override;
     bool use_tls_when_client() const override;
     bool always_use_tls_when_server() const override;
-    std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override;
-    std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override;
+    std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) override;
+    std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) override;
 };
 
 }
diff --git a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp
index 04613cb3a65..0d00ab51309 100644
--- a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp
@@ -4,6 +4,7 @@
 #include "statistics.h"
 #include "tls_crypto_socket.h"
 #include "protocol_snooping.h"
+#include "crypto_codec_adapter.h"
 #include <vespa/vespalib/data/smart_buffer.h>
 #include <vespa/vespalib/net/connection_auth_context.h>
 #include <vespa/vespalib/util/size_literals.h>
@@ -52,7 +53,8 @@ public:
             }
             if (looksLikeTlsToMe(src.data)) {
                 CryptoSocket::UP &self = _self; // need copy due to self destruction
-                auto tls_socket = _factory->create_tls_server_crypto_socket(std::move(_socket));
+                auto tls_codec = _factory->create_tls_server_crypto_codec(_socket);
+                auto tls_socket = std::make_unique<net::tls::CryptoCodecAdapter>(std::move(_socket), std::move(tls_codec));
                 tls_socket->inject_read_data(src.data, src.size);
                 self = std::move(tls_socket);
                 return self->handshake();
diff --git a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp
index 9ae270780b5..ecc62a03cad 100644
--- a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp
@@ -13,16 +13,26 @@ TlsCryptoEngine::TlsCryptoEngine(net::tls::TransportSecurityOptions tls_opts, ne
 {
 }
 
-std::unique_ptr<TlsCryptoSocket>
-TlsCryptoEngine::create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &peer_spec)
+std::unique_ptr<net::tls::CryptoCodec>
+TlsCryptoEngine::create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &peer_spec)
 {
+    return net::tls::CryptoCodec::create_default_client_codec(_tls_ctx, peer_spec, SocketAddress::peer_address(socket.get()));
+}
+
+std::unique_ptr<net::tls::CryptoCodec>
+TlsCryptoEngine::create_tls_server_crypto_codec(const SocketHandle &socket)
+{
+    return net::tls::CryptoCodec::create_default_server_codec(_tls_ctx, SocketAddress::peer_address(socket.get()));
+}
+
+CryptoSocket::UP
+TlsCryptoEngine::create_client_crypto_socket(SocketHandle socket, const SocketSpec &peer_spec) {
     auto codec = net::tls::CryptoCodec::create_default_client_codec(_tls_ctx, peer_spec, SocketAddress::peer_address(socket.get()));
     return std::make_unique<net::tls::CryptoCodecAdapter>(std::move(socket), std::move(codec));
 }
 
-std::unique_ptr<TlsCryptoSocket>
-TlsCryptoEngine::create_tls_server_crypto_socket(SocketHandle socket)
-{
+CryptoSocket::UP
+TlsCryptoEngine::create_server_crypto_socket(SocketHandle socket) {
     auto codec = net::tls::CryptoCodec::create_default_server_codec(_tls_ctx, SocketAddress::peer_address(socket.get()));
     return std::make_unique<net::tls::CryptoCodecAdapter>(std::move(socket), std::move(codec));
 }
diff --git a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h
index 0e05363ab1b..1ee4cf07559 100644
--- a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h
+++ b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h
@@ -9,10 +9,13 @@
 
 namespace vespalib {
 
+namespace net { namespace tls { class CryptoCodec; }}
+
 class AbstractTlsCryptoEngine : public CryptoEngine {
 public:
-    virtual std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) = 0;
-    virtual std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) = 0;
+    using CryptoCodec = net::tls::CryptoCodec;
+    virtual std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) = 0;
+    virtual std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) = 0;
 };
 
 /**
@@ -26,17 +29,12 @@ public:
     explicit TlsCryptoEngine(net::tls::TransportSecurityOptions tls_opts,
                              net::tls::AuthorizationMode authz_mode = net::tls::AuthorizationMode::Enforce);
     ~TlsCryptoEngine() override;
-    std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override;
-    std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override;
+    std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) override;
+    std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) override;
     bool use_tls_when_client() const override { return true; }
     bool always_use_tls_when_server() const override { return true; }
-    CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override {
-        return create_tls_client_crypto_socket(std::move(socket), spec);
-    }
-    CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override {
-        return create_tls_server_crypto_socket(std::move(socket));
-    }
-
+    CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override;
+    CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override;
     std::shared_ptr<net::tls::TlsContext> tls_context() const noexcept { return _tls_ctx; };
 };
author	Håvard Pettersen <havardpe@yahooinc.com>	2023-01-09 14:33:13 +0000
committer	Håvard Pettersen <havardpe@yahooinc.com>	2023-01-09 14:48:47 +0000
commit	ac11930e8cbde753699e1643a3d37bd4f1628802 (patch)
tree	3f8373f86733b66a2a4e9dfeb8513120251999ae /vespalib
parent	baf54beef9119768f99d41d950373f742a42df62 (diff)