ntex-tls 3.6.0

An implementation of SSL streams for ntex backed by OpenSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

//! An implementation of SSL streams for ntex backed by OpenSSL
use std::{any, cell::RefCell, io, sync::Arc};

use ntex_io::{Filter, FilterBuf, FilterLayer, Io, Layer};
use ntex_util::{time, time::Millis};
use tls_rustls::{ServerConfig, ServerConnection};

use crate::{Servername, rustls::Stream};

#[derive(Debug)]
/// An implementation of SSL streams
pub struct TlsServerFilter {
    session: RefCell<ServerConnection>,
}

impl FilterLayer for TlsServerFilter {
    fn query(&self, id: any::TypeId) -> Option<Box<dyn any::Any>> {
        let session = &mut *self.session.borrow_mut();
        if let Some(item) = Stream::new(session).query(id) {
            Some(item)
        } else if id == any::TypeId::of::<Servername>() {
            if let Some(name) = session.server_name() {
                Some(Box::new(Servername(name.to_string())))
            } else {
                None
            }
        } else {
            None
        }
    }

    fn process_read_buf(&self, buf: &mut FilterBuf<'_>) -> io::Result<()> {
        Stream::new(&mut *self.session.borrow_mut()).process_read_buf(buf)
    }

    fn process_write_buf(&self, buf: &mut FilterBuf<'_>) -> io::Result<()> {
        Stream::new(&mut *self.session.borrow_mut()).process_write_buf(buf)
    }
}

impl TlsServerFilter {
    pub async fn create<F: Filter>(
        io: Io<F>,
        cfg: Arc<ServerConfig>,
        timeout: Millis,
    ) -> Result<Io<Layer<TlsServerFilter, F>>, io::Error> {
        log::trace!("{}: Initiate server connection", io.tag());

        time::timeout(timeout, async {
            let mut session = ServerConnection::new(cfg).map_err(io::Error::other)?;
            session.set_buffer_limit(Some(io.cfg().write_page_size().capacity()));
            let io = io.add_filter(TlsServerFilter {
                session: RefCell::new(session),
            });

            super::stream::handshake(&io.filter().session, &io).await?;
            log::trace!("{}: TLS Handshake successed", io.tag());

            Ok(io)
        })
        .await
        .map_err(|()| io::Error::new(io::ErrorKind::TimedOut, "rustls handshake timeout"))
        .and_then(|item| item)
    }
}