tower_server/
tls.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//! TLS support.

use std::sync::Arc;

use futures_util::{stream::BoxStream, StreamExt};
use http::Request;
use hyper::body::Incoming;
use rustls::{ServerConfig, ServerConnection};

/// A TLS configurer that may change during lifetime of a server.
///
/// The configurer supports "hotpatching" a running server with new configuration.
pub trait TlsConfigurer {
    /// Whether the configuration may change over time.
    fn is_dynamic(&self) -> bool;

    /// Turn the configurer into a stream of TLS [ServerConfig]s.
    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>>;
}

impl TlsConfigurer for () {
    fn is_dynamic(&self) -> bool {
        false
    }

    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>> {
        futures_util::stream::empty().boxed()
    }
}

impl TlsConfigurer for rustls::server::ServerConfig {
    fn is_dynamic(&self) -> bool {
        false
    }

    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>> {
        futures_util::stream::iter([Arc::new(self)]).boxed()
    }
}

impl TlsConfigurer for Arc<rustls::server::ServerConfig> {
    fn is_dynamic(&self) -> bool {
        false
    }

    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>> {
        futures_util::stream::iter([self]).boxed()
    }
}

impl TlsConfigurer for Arc<dyn Fn() -> Arc<rustls::server::ServerConfig> + Send + Sync> {
    fn is_dynamic(&self) -> bool {
        false
    }

    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>> {
        futures_util::stream::once(async move { (self)() }).boxed()
    }
}

impl TlsConfigurer for BoxStream<'static, Arc<ServerConfig>> {
    fn is_dynamic(&self) -> bool {
        true
    }

    fn into_stream(self) -> BoxStream<'static, Arc<ServerConfig>> {
        self
    }
}

/// A middleware for Tls connections.
///
/// This middleware is implemented in two steps, first a data extraction step taking a [ServerConnection],
/// then a HTTP request middleware runs with that data as a parameter.
pub trait TlsConnectionMiddleware: Clone + Send + 'static {
    /// The data extracted from the rustls ServerConnection.
    type Data: Send;

    /// Extract data from a [ServerConnection].
    fn data(&self, connection: &ServerConnection) -> Self::Data;

    /// Call middleware with extracted data.
    fn call(&self, req: &mut Request<Incoming>, data: &Self::Data);
}

/// A TLS connection middleware that does nothing.
#[derive(Clone, Copy)]
pub struct NoOpTlsConnectionMiddleware;

impl TlsConnectionMiddleware for NoOpTlsConnectionMiddleware {
    type Data = ();

    fn data(&self, _connection: &ServerConnection) -> Self::Data {}

    fn call(&self, _req: &mut Request<Incoming>, _data: &Self::Data) {}
}