diff options
author | Håvard Pettersen <havardpe@yahooinc.com> | 2023-01-09 14:33:13 +0000 |
---|---|---|
committer | Håvard Pettersen <havardpe@yahooinc.com> | 2023-01-09 14:48:47 +0000 |
commit | ac11930e8cbde753699e1643a3d37bd4f1628802 (patch) | |
tree | 3f8373f86733b66a2a4e9dfeb8513120251999ae /vespalib | |
parent | baf54beef9119768f99d41d950373f742a42df62 (diff) |
expose crypto codec from tls crypto engine
Diffstat (limited to 'vespalib')
5 files changed, 36 insertions, 25 deletions
diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp index 7d0d94b3627..4b287c1c86b 100644 --- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp @@ -6,6 +6,7 @@ #include "tls_crypto_engine.h" #include "transport_security_options.h" #include "transport_security_options_reading.h" +#include "crypto_codec.h" #include <functional> #include <stdexcept> @@ -111,14 +112,14 @@ AutoReloadingTlsCryptoEngine::always_use_tls_when_server() const return acquire_current_engine()->always_use_tls_when_server(); } -std::unique_ptr<TlsCryptoSocket> -AutoReloadingTlsCryptoEngine::create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) { - return acquire_current_engine()->create_tls_client_crypto_socket(std::move(socket), spec); +std::unique_ptr<CryptoCodec> +AutoReloadingTlsCryptoEngine::create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) { + return acquire_current_engine()->create_tls_client_crypto_codec(socket, spec); } -std::unique_ptr<TlsCryptoSocket> -AutoReloadingTlsCryptoEngine::create_tls_server_crypto_socket(SocketHandle socket) { - return acquire_current_engine()->create_tls_server_crypto_socket(std::move(socket)); +std::unique_ptr<CryptoCodec> +AutoReloadingTlsCryptoEngine::create_tls_server_crypto_codec(const SocketHandle &socket) { + return acquire_current_engine()->create_tls_server_crypto_codec(socket); } } diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h index b379fd75b99..e642d93bfac 100644 --- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h @@ -49,8 +49,8 @@ public: CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; bool use_tls_when_client() const override; bool always_use_tls_when_server() const override; - std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; - std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override; + std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) override; + std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) override; }; } diff --git a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp index 04613cb3a65..0d00ab51309 100644 --- a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_socket.cpp @@ -4,6 +4,7 @@ #include "statistics.h" #include "tls_crypto_socket.h" #include "protocol_snooping.h" +#include "crypto_codec_adapter.h" #include <vespa/vespalib/data/smart_buffer.h> #include <vespa/vespalib/net/connection_auth_context.h> #include <vespa/vespalib/util/size_literals.h> @@ -52,7 +53,8 @@ public: } if (looksLikeTlsToMe(src.data)) { CryptoSocket::UP &self = _self; // need copy due to self destruction - auto tls_socket = _factory->create_tls_server_crypto_socket(std::move(_socket)); + auto tls_codec = _factory->create_tls_server_crypto_codec(_socket); + auto tls_socket = std::make_unique<net::tls::CryptoCodecAdapter>(std::move(_socket), std::move(tls_codec)); tls_socket->inject_read_data(src.data, src.size); self = std::move(tls_socket); return self->handshake(); diff --git a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp index 9ae270780b5..ecc62a03cad 100644 --- a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.cpp @@ -13,16 +13,26 @@ TlsCryptoEngine::TlsCryptoEngine(net::tls::TransportSecurityOptions tls_opts, ne { } -std::unique_ptr<TlsCryptoSocket> -TlsCryptoEngine::create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &peer_spec) +std::unique_ptr<net::tls::CryptoCodec> +TlsCryptoEngine::create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &peer_spec) { + return net::tls::CryptoCodec::create_default_client_codec(_tls_ctx, peer_spec, SocketAddress::peer_address(socket.get())); +} + +std::unique_ptr<net::tls::CryptoCodec> +TlsCryptoEngine::create_tls_server_crypto_codec(const SocketHandle &socket) +{ + return net::tls::CryptoCodec::create_default_server_codec(_tls_ctx, SocketAddress::peer_address(socket.get())); +} + +CryptoSocket::UP +TlsCryptoEngine::create_client_crypto_socket(SocketHandle socket, const SocketSpec &peer_spec) { auto codec = net::tls::CryptoCodec::create_default_client_codec(_tls_ctx, peer_spec, SocketAddress::peer_address(socket.get())); return std::make_unique<net::tls::CryptoCodecAdapter>(std::move(socket), std::move(codec)); } -std::unique_ptr<TlsCryptoSocket> -TlsCryptoEngine::create_tls_server_crypto_socket(SocketHandle socket) -{ +CryptoSocket::UP +TlsCryptoEngine::create_server_crypto_socket(SocketHandle socket) { auto codec = net::tls::CryptoCodec::create_default_server_codec(_tls_ctx, SocketAddress::peer_address(socket.get())); return std::make_unique<net::tls::CryptoCodecAdapter>(std::move(socket), std::move(codec)); } diff --git a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h index 0e05363ab1b..1ee4cf07559 100644 --- a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h @@ -9,10 +9,13 @@ namespace vespalib { +namespace net { namespace tls { class CryptoCodec; }} + class AbstractTlsCryptoEngine : public CryptoEngine { public: - virtual std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) = 0; - virtual std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) = 0; + using CryptoCodec = net::tls::CryptoCodec; + virtual std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) = 0; + virtual std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) = 0; }; /** @@ -26,17 +29,12 @@ public: explicit TlsCryptoEngine(net::tls::TransportSecurityOptions tls_opts, net::tls::AuthorizationMode authz_mode = net::tls::AuthorizationMode::Enforce); ~TlsCryptoEngine() override; - std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; - std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override; + std::unique_ptr<CryptoCodec> create_tls_client_crypto_codec(const SocketHandle &socket, const SocketSpec &spec) override; + std::unique_ptr<CryptoCodec> create_tls_server_crypto_codec(const SocketHandle &socket) override; bool use_tls_when_client() const override { return true; } bool always_use_tls_when_server() const override { return true; } - CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override { - return create_tls_client_crypto_socket(std::move(socket), spec); - } - CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override { - return create_tls_server_crypto_socket(std::move(socket)); - } - + CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; + CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; std::shared_ptr<net::tls::TlsContext> tls_context() const noexcept { return _tls_ctx; }; }; |