foctet-net 0.0.2

Networking and transport layer layer for Foctet, providing connection management and stream handling.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

use crate::{
    config::TransportConfig,
    dns::Resolver,
    transport::{
        connection::{Connection, ConnectionEvent},
        tcp::connection::TcpConnection,
        ConnectionListener, TransportHandle,
    },
};
use anyhow::{anyhow, Result};
use foctet_core::{connection::SessionId, id::NodeId};
use foctet_core::{connection::Direction, transport::ListenerId};
use foctet_mux::Session;
use stackaddr::{Protocol, StackAddr};
use std::{
    sync::{
        atomic::{AtomicU32, Ordering},
        Arc,
    },
    time::Duration,
};
use tokio::{
    net::{TcpListener, TcpStream},
    sync::Mutex,
};
use tokio_rustls::{TlsAcceptor, TlsConnector, TlsStream};
use tokio_util::sync::CancellationToken;

pub struct TcpTransport {
    tls_connector: TlsConnector,
    tls_acceptor: TlsAcceptor,
    resolver: Resolver,
    pub local_node_id: NodeId,
    pub connection_timeout: Duration,
    pub write_buffer_size: usize,
    pub read_buffer_size: usize,
    next_session_id: Arc<Mutex<AtomicU32>>,
}

impl TcpTransport {
    pub fn new(config: TransportConfig) -> Result<Self> {
        let connection_timeout = config.connection_timeout;
        let write_buffer_size = config.write_buffer_size;
        let read_buffer_size = config.read_buffer_size;
        let resolver = Resolver::from_option(config.dns_resolver_option.clone())?;

        // Create TLS connector and acceptor from given config.
        let tls_connector = TlsConnector::from(Arc::new(config.client_tls_config().clone()));
        let tls_acceptor = TlsAcceptor::from(Arc::new(config.server_tls_config().clone()));

        Ok(Self {
            tls_connector: tls_connector,
            tls_acceptor: tls_acceptor,
            local_node_id: config.keypair().public(),
            connection_timeout: connection_timeout,
            write_buffer_size: write_buffer_size,
            read_buffer_size: read_buffer_size,
            resolver: resolver,
            next_session_id: Arc::new(Mutex::new(AtomicU32::new(1))),
        })
    }
}

impl TransportHandle for TcpTransport {
    /// Start listening for incoming connections
    async fn listen_on(&mut self, id: ListenerId, addr: StackAddr) -> Result<ConnectionListener> {
        let mut addr = addr;
        if !addr.resolved() {
            self.resolver.resolve_addr(&mut addr).await?;
        }
        // Create a channel for sending accepted connections
        let (sender, receiver) = tokio::sync::mpsc::channel(100);

        let socket_addr = addr
            .socket_addr()
            .ok_or_else(|| anyhow!("Invalid address"))?;
        let listener = TcpListener::bind(socket_addr).await?;

        let local_socket_addr = listener.local_addr()?;
        let local_addr = StackAddr::empty()
            .with_ip(local_socket_addr.ip())
            .with_protocol(Protocol::Tcp(local_socket_addr.port()))
            .with_protocol(Protocol::Tls);
        let write_buffer_size = self.write_buffer_size;
        let read_buffer_size = self.read_buffer_size;
        let local_node_id = self.local_node_id.clone();

        let cancel_token: CancellationToken = CancellationToken::new();
        let cancel_token_clone = cancel_token.clone();

        let tls_acceptor = self.tls_acceptor.clone();
        let session_id_clone = self.next_session_id.clone();
        // Start listening for incoming connections
        tokio::spawn(async move {
            tracing::info!("Listening on {:?}/TCP(TLS)", local_addr.socket_addr());
            loop {
                tokio::select! {
                    // Monitor the cancellation token
                    _ = cancel_token_clone.cancelled() => {
                        tracing::info!("TcpTransport listen cancelled");
                        break;
                    }
                    // Accept incoming connections
                    incoming = listener.accept() => {
                        match incoming {
                            Ok((stream, addr)) => {
                                match tls_acceptor.accept(stream).await {
                                    Ok(tls_stream) => {
                                        let session_id_lock = session_id_clone.lock().await;
                                        let session_id = SessionId::new(session_id_lock.fetch_add(1, Ordering::SeqCst));
                                        drop(session_id_lock);
                                        // Check peer certificate
                                        let remote_node_id = match extract_server_remote_node_id(&tls_stream) {
                                            Ok(node_id) => node_id,
                                            Err(e) => {
                                                tracing::error!("Failed to extract remote node ID: {:?}", e);
                                                return;
                                            }
                                        };
                                        tracing::debug!("Remote Node ID: {:?}", remote_node_id.to_bytes());

                                        let mut connection = Session::new_server(TlsStream::Server(tls_stream), session_id).await;
                                        connection.set_local_addr(local_socket_addr);
                                        connection.set_remote_addr(addr);

                                        let remote_addr = StackAddr::empty().with_ip(addr.ip()).with_protocol(Protocol::Tcp(addr.port())).with_protocol(Protocol::Tls);
                                        tracing::info!("Accepted connection from {}", addr);

                                        let tcp_conn = TcpConnection::new(
                                            Direction::Incoming,
                                            local_addr.clone(),
                                            remote_addr,
                                            connection,
                                        ).with_write_buffer_size(write_buffer_size)
                                         .with_read_buffer_size(read_buffer_size)
                                         .with_local_node_id(local_node_id)
                                         .with_remote_node_id(remote_node_id);
                                        if sender.send(ConnectionEvent::Accepted(Connection::Tcp(tcp_conn))).await.is_err() {
                                            tracing::warn!("Failed to send TcpConnection to the channel");
                                            break;
                                        }
                                    }
                                    Err(e) => {
                                        tracing::error!("Failed to complete TLS handshake: {:?}", e);
                                    }
                                }
                            }
                            Err(e) => {
                                tracing::error!("Error accepting TCP connection: {:?}", e);
                                break;
                            }
                        }
                    }
                }
            }
        });

        Ok(ConnectionListener::new(id, receiver, cancel_token))
    }
    /// Connect to a remote node
    async fn connect(&mut self, addr: StackAddr) -> Result<Connection> {
        let mut addr = addr;
        if !addr.resolved() {
            self.resolver.resolve_addr(&mut addr).await?;
        }
        let server_socket_addr = addr
            .socket_addr()
            .ok_or(anyhow::anyhow!("Invalid address"))?;
        let name =
            rustls_pki_types::ServerName::try_from(addr.name().unwrap_or("localhost").to_string())?;
        let stream = match tokio::time::timeout(
            self.connection_timeout,
            TcpStream::connect(server_socket_addr),
        )
        .await
        {
            Ok(connect_result) => connect_result?,
            Err(elapsed) => return Err(anyhow!("TCP Connection timed out after {:?}", elapsed)),
        };
        let local_socket_addr = stream.local_addr()?;
        let local_addr = StackAddr::empty()
            .with_ip(local_socket_addr.ip())
            .with_protocol(Protocol::Tcp(local_socket_addr.port()))
            .with_protocol(Protocol::Tls);
        let tls_stream = match tokio::time::timeout(
            self.connection_timeout,
            self.tls_connector.connect(name, stream),
        )
        .await
        {
            Ok(connect_result) => connect_result?,
            Err(elapsed) => return Err(anyhow!("TLS Connection timed out after {:?}", elapsed)),
        };

        // Check peer certificate
        let remote_node_id = match extract_client_remote_node_id(&tls_stream) {
            Ok(node_id) => node_id,
            Err(e) => {
                tracing::error!("Failed to extract remote node ID: {:?}", e);
                return Err(e);
            }
        };
        tracing::debug!("Remote Node ID: {:?}", remote_node_id.to_bytes());

        let session_id_lock = self.next_session_id.lock().await;
        let session_id = SessionId::new(session_id_lock.fetch_add(1, Ordering::SeqCst));
        drop(session_id_lock);
        let mut connection = Session::new_client(
            TlsStream::Client(tls_stream),
            session_id,
        )
        .await;
        connection.set_local_addr(local_socket_addr);
        connection.set_remote_addr(server_socket_addr);

        let tcp_connection = TcpConnection::new(
            Direction::Outgoing,
            local_addr,
            addr,
            connection,
        ).with_write_buffer_size(self.write_buffer_size)
        .with_read_buffer_size(self.read_buffer_size)
        .with_local_node_id(self.local_node_id)
        .with_remote_node_id(remote_node_id);
        Ok(Connection::Tcp(tcp_connection))
    }
}

/// Extract the remote node ID from the server TLS stream
fn extract_server_remote_node_id(tls_stream: &tokio_rustls::server::TlsStream<tokio::net::TcpStream>) -> Result<NodeId> {
    // Check peer certificate
    let certs = tls_stream.get_ref().1.peer_certificates()
        .ok_or(anyhow!("No peer identity"))?;
    let cert = certs.get(0).ok_or(anyhow!("No certificate found"))?;
    // Parse the certificate
    let foctet_cert = crate::tls::cert::parse(cert)?;
    Ok(foctet_cert.node_id())
}

/// Extract the remote node ID from the client TLS stream
fn extract_client_remote_node_id(tls_stream: &tokio_rustls::client::TlsStream<tokio::net::TcpStream>) -> Result<NodeId> {
    // Check peer certificate
    let certs = tls_stream.get_ref().1.peer_certificates()
        .ok_or(anyhow!("No peer identity"))?;
    let cert = certs.get(0).ok_or(anyhow!("No certificate found"))?;
    // Parse the certificate
    let foctet_cert = crate::tls::cert::parse(cert)?;
    Ok(foctet_cert.node_id())
}