microsandbox_network/tls/handler.rs
1//! Intercept handler trait — hook point for the secrets layer.
2//!
3//! The TLS proxy calls this trait for each intercepted connection's plaintext
4//! bytes between TLS termination and re-encryption. The default implementation
5//! passes data through unchanged. The secrets layer replaces it with
6//! substitution logic.
7
8use std::net::SocketAddr;
9
10//--------------------------------------------------------------------------------------------------
11// Types
12//--------------------------------------------------------------------------------------------------
13
14/// Called by the TLS proxy for each intercepted request's plaintext bytes.
15///
16/// This is an internal trait, not public API. The secrets layer implements it
17/// with the substitution engine.
18pub trait InterceptHandler: Send + Sync {
19 /// Inspect/modify outbound plaintext bytes before re-encryption.
20 ///
21 /// Returns the (possibly modified) bytes to send to the real server.
22 fn on_request(&self, _dst: &SocketAddr, _sni: &str, data: &[u8]) -> Vec<u8> {
23 data.to_vec()
24 }
25
26 /// Inspect/modify inbound plaintext bytes before re-encryption toward guest.
27 ///
28 /// Returns the (possibly modified) bytes to send to the guest.
29 fn on_response(&self, _dst: &SocketAddr, _sni: &str, data: &[u8]) -> Vec<u8> {
30 data.to_vec()
31 }
32}
33
34/// No-op handler used when no secrets layer is active.
35pub struct NoopHandler;
36
37//--------------------------------------------------------------------------------------------------
38// Trait Implementations
39//--------------------------------------------------------------------------------------------------
40
41impl InterceptHandler for NoopHandler {}