mirror of
https://github.com/signalapp/libsignal.git
synced 2024-09-19 19:42:19 +02:00
Restrict args passed to transport connector
This commit is contained in:
parent
dcc12c1187
commit
cbb649d07c
@ -68,7 +68,7 @@ async fn main() -> ExitCode {
|
||||
let mut any_failures = false;
|
||||
if config.try_all_routes {
|
||||
for route in connection_params {
|
||||
log::info!("trying {} ({})", route.sni, route.route_type);
|
||||
log::info!("trying {} ({})", route.transport.sni, route.route_type);
|
||||
test_connection(&env, vec![route])
|
||||
.await
|
||||
.unwrap_or_else(|e| {
|
||||
|
@ -11,7 +11,9 @@ use libsignal_net::infra::dns::dns_lookup::{DnsLookup, DnsLookupRequest};
|
||||
use libsignal_net::infra::dns::dns_transport_doh::DohTransport;
|
||||
use libsignal_net::infra::dns::dns_transport_udp::UdpTransport;
|
||||
use libsignal_net::infra::host::Host;
|
||||
use libsignal_net::infra::{ConnectionParams, HttpRequestDecoratorSeq, RouteType};
|
||||
use libsignal_net::infra::{
|
||||
ConnectionParams, HttpRequestDecoratorSeq, RouteType, TransportConnectionParams,
|
||||
};
|
||||
use libsignal_net::utils::ObservableEvent;
|
||||
use nonzero_ext::nonzero;
|
||||
use std::net::IpAddr;
|
||||
@ -56,13 +58,15 @@ async fn main() {
|
||||
let host = "1.1.1.1".into();
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Direct,
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Ip(ip_addr!("1.1.1.1")),
|
||||
http_host: host,
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Native,
|
||||
connection_confirmation_header: None,
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Ip(ip_addr!("1.1.1.1")),
|
||||
port: nonzero!(443u16),
|
||||
certs: RootCertificates::Native,
|
||||
},
|
||||
http_host: host,
|
||||
};
|
||||
Either::Right(CustomDnsResolver::<DohTransport>::new(
|
||||
connection_params,
|
||||
|
@ -9,7 +9,9 @@ use libsignal_net::infra::dns::custom_resolver::DnsTransport;
|
||||
use libsignal_net::infra::dns::dns_lookup::DnsLookupRequest;
|
||||
use libsignal_net::infra::dns::dns_transport_doh::DohTransport;
|
||||
use libsignal_net::infra::host::Host;
|
||||
use libsignal_net::infra::{ConnectionParams, HttpRequestDecoratorSeq, RouteType};
|
||||
use libsignal_net::infra::{
|
||||
ConnectionParams, HttpRequestDecoratorSeq, RouteType, TransportConnectionParams,
|
||||
};
|
||||
use std::convert::Infallible;
|
||||
use std::num::NonZeroU16;
|
||||
use std::sync::Arc;
|
||||
@ -45,12 +47,14 @@ async fn main() {
|
||||
let host = args.ns_address.to_string().into();
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Direct,
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: args.ns_address,
|
||||
http_host: host,
|
||||
port: NonZeroU16::try_from(args.ns_port).expect("valid port value"),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Native,
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: args.ns_address,
|
||||
port: NonZeroU16::try_from(args.ns_port).expect("valid port value"),
|
||||
certs: RootCertificates::Native,
|
||||
},
|
||||
http_host: host,
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
|
||||
|
@ -15,9 +15,7 @@ use libsignal_net::infra::certs::RootCertificates;
|
||||
use libsignal_net::infra::dns::DnsResolver;
|
||||
use libsignal_net::infra::host::Host;
|
||||
use libsignal_net::infra::tcp_ssl::proxy::socks::{Protocol, SocksConnector};
|
||||
use libsignal_net::infra::{
|
||||
Alpn, ConnectionParams, HttpRequestDecoratorSeq, RouteType, StreamAndInfo, TransportConnector,
|
||||
};
|
||||
use libsignal_net::infra::{Alpn, StreamAndInfo, TransportConnectionParams, TransportConnector};
|
||||
use url::Url;
|
||||
|
||||
#[derive(Clone, Debug, Parser)]
|
||||
@ -89,15 +87,11 @@ async fn main() {
|
||||
let Target(host, port) = target;
|
||||
|
||||
let host_name = host.to_string().into();
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::SocksProxy,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: Arc::clone(&host_name),
|
||||
http_host: host_name,
|
||||
tcp_host: host,
|
||||
port,
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Native,
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
let StreamAndInfo(mut connection, info) = connector
|
||||
.connect(&connection_params, Alpn::Http1_1)
|
||||
|
@ -554,7 +554,7 @@ pub(crate) mod test {
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::service::{ServiceConnector, ServiceState};
|
||||
use crate::infra::test::shared::{NoReconnectService, TIMEOUT_DURATION};
|
||||
use crate::infra::{ConnectionParams, RouteType};
|
||||
use crate::infra::{ConnectionParams, RouteType, TransportConnectionParams};
|
||||
use crate::utils::ObservableEvent;
|
||||
|
||||
#[async_trait]
|
||||
@ -604,12 +604,14 @@ pub(crate) mod test {
|
||||
let host = Host::Domain(Arc::clone(&hostname));
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: host,
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: host,
|
||||
port: nonzero!(443u16),
|
||||
certs: RootCertificates::Signal,
|
||||
},
|
||||
http_host: hostname,
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: Default::default(),
|
||||
certs: RootCertificates::Signal,
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
};
|
||||
|
@ -446,7 +446,9 @@ mod test {
|
||||
use crate::infra::connection_manager::ConnectionAttemptOutcome;
|
||||
use crate::infra::errors::TransportConnectError;
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::{Alpn, HttpRequestDecoratorSeq, RouteType, StreamAndInfo};
|
||||
use crate::infra::{
|
||||
Alpn, HttpRequestDecoratorSeq, RouteType, StreamAndInfo, TransportConnectionParams,
|
||||
};
|
||||
|
||||
use super::*;
|
||||
|
||||
@ -459,7 +461,7 @@ mod test {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
_connection_params: &ConnectionParams,
|
||||
_connection_params: &TransportConnectionParams,
|
||||
_alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
Err(TransportConnectError::TcpConnectionFailed)
|
||||
@ -497,12 +499,14 @@ mod test {
|
||||
fn fake_connection_params() -> ConnectionParams {
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Direct,
|
||||
sni: Arc::from("fake-sni"),
|
||||
tcp_host: Host::Domain("fake".into()),
|
||||
http_host: Arc::from("fake-http"),
|
||||
port: nonzero!(1234u16),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::from("fake-sni"),
|
||||
tcp_host: Host::Domain("fake".into()),
|
||||
port: nonzero!(1234u16),
|
||||
certs: crate::infra::certs::RootCertificates::Native,
|
||||
},
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: crate::infra::certs::RootCertificates::Native,
|
||||
http_host: Arc::from("fake-http"),
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
}
|
||||
|
@ -20,6 +20,7 @@ use crate::infra::dns::lookup_result::LookupResult;
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::{
|
||||
ConnectionParams, DnsSource, HttpRequestDecorator, HttpRequestDecoratorSeq, RouteType,
|
||||
TransportConnectionParams,
|
||||
};
|
||||
|
||||
const DEFAULT_HTTPS_PORT: NonZeroU16 = nonzero!(443_u16);
|
||||
@ -286,12 +287,14 @@ impl DomainConfig {
|
||||
let hostname = self.hostname.into();
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Direct,
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: Host::Domain(Arc::clone(&hostname)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: Host::Domain(Arc::clone(&hostname)),
|
||||
port: self.port,
|
||||
certs: self.cert.clone(),
|
||||
},
|
||||
http_host: hostname,
|
||||
port: self.port,
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: self.cert.clone(),
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
};
|
||||
@ -360,12 +363,14 @@ impl ProxyConfig {
|
||||
let sni_and_dns_host = sni.into();
|
||||
ConnectionParams {
|
||||
route_type: self.route_type,
|
||||
sni: Arc::clone(&sni_and_dns_host),
|
||||
tcp_host: Host::Domain(sni_and_dns_host),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&sni_and_dns_host),
|
||||
tcp_host: Host::Domain(sni_and_dns_host),
|
||||
port: nonzero!(443u16),
|
||||
certs: RootCertificates::Native,
|
||||
},
|
||||
http_host: self.http_host.into(),
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: HttpRequestDecorator::PathPrefix(proxy_path).into(),
|
||||
certs: RootCertificates::Native,
|
||||
connection_confirmation_header: confirmation_header_name
|
||||
.map(http::HeaderName::from_static),
|
||||
}
|
||||
@ -503,7 +508,7 @@ mod test {
|
||||
.as_ref()
|
||||
.map(|header| header.as_str()),
|
||||
"{}",
|
||||
params.sni,
|
||||
params.transport.sni,
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -526,7 +531,7 @@ mod test {
|
||||
.as_ref()
|
||||
.map(|header| header.as_str()),
|
||||
"{}",
|
||||
params.sni,
|
||||
params.transport.sni,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -90,21 +90,15 @@ impl HttpRequestDecoratorSeq {
|
||||
pub struct ConnectionParams {
|
||||
/// High-level classification of the route (mostly for logging)
|
||||
pub route_type: RouteType,
|
||||
/// Host name to be used in the TLS handshake SNI field.
|
||||
pub sni: Arc<str>,
|
||||
/// Host name used for DNS resolution.
|
||||
pub tcp_host: Host<Arc<str>>,
|
||||
/// Host name used in the HTTP headers.
|
||||
pub http_host: Arc<str>,
|
||||
/// Port to connect to.
|
||||
pub port: NonZeroU16,
|
||||
/// Applied to all HTTP requests.
|
||||
pub http_request_decorator: HttpRequestDecoratorSeq,
|
||||
/// Trusted certificates for this connection.
|
||||
pub certs: RootCertificates,
|
||||
/// If present, differentiates HTTP responses that actually come from the remote endpoint from
|
||||
/// those produced by an intermediate server.
|
||||
pub connection_confirmation_header: Option<http::HeaderName>,
|
||||
/// Transport-level connection configuration
|
||||
pub transport: TransportConnectionParams,
|
||||
}
|
||||
|
||||
impl ConnectionParams {
|
||||
@ -114,17 +108,25 @@ impl ConnectionParams {
|
||||
self
|
||||
}
|
||||
|
||||
pub fn with_certs(mut self, certs: RootCertificates) -> Self {
|
||||
self.certs = certs;
|
||||
self
|
||||
}
|
||||
|
||||
pub fn with_confirmation_header(mut self, header: http::HeaderName) -> Self {
|
||||
self.connection_confirmation_header = Some(header);
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
/// Contains all information required to establish a TLS connection to a remote endpoint.
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct TransportConnectionParams {
|
||||
/// Host name to be used in the TLS handshake SNI field.
|
||||
pub sni: Arc<str>,
|
||||
/// Host name used for DNS resolution.
|
||||
pub tcp_host: Host<Arc<str>>,
|
||||
/// Port to connect to.
|
||||
pub port: NonZeroU16,
|
||||
/// Trusted certificates for this connection.
|
||||
pub certs: RootCertificates,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
#[cfg_attr(test, derive(PartialEq))]
|
||||
pub struct ConnectionInfo {
|
||||
@ -248,7 +250,7 @@ pub trait TransportConnector: Clone + Send + Sync {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError>;
|
||||
}
|
||||
@ -339,7 +341,7 @@ pub(crate) mod test {
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::service::{ServiceConnector, ServiceInitializer, ServiceState};
|
||||
use crate::infra::{
|
||||
Alpn, ConnectionInfo, ConnectionParams, DnsSource, RouteType, StreamAndInfo,
|
||||
Alpn, ConnectionInfo, DnsSource, RouteType, StreamAndInfo, TransportConnectionParams,
|
||||
TransportConnector,
|
||||
};
|
||||
|
||||
@ -430,7 +432,7 @@ pub(crate) mod test {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
_alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
let (client, server) = tokio::io::duplex(1024);
|
||||
|
@ -441,7 +441,7 @@ mod test {
|
||||
ClassifiableTestError, TestError, FEW_ATTEMPTS, LONG_CONNECTION_TIME, MANY_ATTEMPTS,
|
||||
TIMEOUT_DURATION, TIME_ADVANCE_VALUE,
|
||||
};
|
||||
use crate::infra::{HttpRequestDecoratorSeq, RouteType};
|
||||
use crate::infra::{HttpRequestDecoratorSeq, RouteType, TransportConnectionParams};
|
||||
|
||||
use super::*;
|
||||
|
||||
@ -963,7 +963,7 @@ mod test {
|
||||
None => Ok(ROUTE_1),
|
||||
Some(err) => Err(err),
|
||||
};
|
||||
let domain = match &connection_params.tcp_host {
|
||||
let domain = match &connection_params.transport.tcp_host {
|
||||
Host::Domain(domain) => &**domain,
|
||||
h => panic!("unexpected host {h}"),
|
||||
};
|
||||
@ -982,12 +982,14 @@ mod test {
|
||||
let host = host.into();
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
certs: RootCertificates::Signal,
|
||||
port: nonzero!(443u16),
|
||||
},
|
||||
http_host: host,
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Signal,
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
}
|
||||
@ -1025,7 +1027,7 @@ mod test {
|
||||
let res: ConnectionAttemptOutcome<(), ClassifiableTestError> = multi_route_manager
|
||||
.connect_or_wait(|connection_params| {
|
||||
assert_ne!(
|
||||
connection_params.tcp_host.as_deref(),
|
||||
connection_params.transport.tcp_host.as_deref(),
|
||||
Host::Domain(ROUTE_2),
|
||||
"Should not attempt second route if the first one was fatal"
|
||||
);
|
||||
|
@ -27,6 +27,8 @@ use crate::infra::{ConnectionParams, HttpRequestDecoratorSeq, RouteType};
|
||||
use crate::timeouts::{DNS_FALLBACK_LOOKUP_TIMEOUTS, DNS_SYSTEM_LOOKUP_TIMEOUT};
|
||||
use crate::utils::{self, ObservableEvent};
|
||||
|
||||
use super::TransportConnectionParams;
|
||||
|
||||
pub mod custom_resolver;
|
||||
mod dns_errors;
|
||||
pub mod dns_lookup;
|
||||
@ -119,12 +121,14 @@ impl DnsResolver {
|
||||
let host = CLOUDFLARE_NS.into();
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Direct,
|
||||
port: nonzero!(443u16),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
http_host: Arc::clone(&host),
|
||||
sni: host,
|
||||
transport: TransportConnectionParams {
|
||||
port: nonzero!(443u16),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
sni: host,
|
||||
certs: RootCertificates::Native,
|
||||
},
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Native,
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
let custom_resolver = Box::new(CustomDnsResolver::<DohTransport>::new(
|
||||
|
@ -50,7 +50,7 @@ impl AggregatingHttp2Client {
|
||||
) -> Result<(Parts, Bytes), HttpError> {
|
||||
let uri = format!(
|
||||
"https://{}:{}{}",
|
||||
self.connection_params.http_host, self.connection_params.port, path_and_query
|
||||
self.connection_params.http_host, self.connection_params.transport.port, path_and_query
|
||||
);
|
||||
let mut request_builder = http::Request::builder()
|
||||
.method(method)
|
||||
@ -118,7 +118,7 @@ pub(crate) async fn http2_client<C: TransportConnector>(
|
||||
max_response_size: usize,
|
||||
) -> Result<AggregatingHttp2Client, HttpError> {
|
||||
let StreamAndInfo(ssl_stream, info) = transport_connector
|
||||
.connect(&connection_params, Alpn::Http2)
|
||||
.connect(&connection_params.transport, Alpn::Http2)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
log::error!("error: {}", e);
|
||||
@ -164,7 +164,7 @@ mod test {
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::tcp_ssl::testutil::{SERVER_CERTIFICATE, SERVER_HOSTNAME};
|
||||
use crate::infra::tcp_ssl::DirectConnector;
|
||||
use crate::infra::HttpRequestDecoratorSeq;
|
||||
use crate::infra::{HttpRequestDecoratorSeq, TransportConnectionParams};
|
||||
|
||||
use super::*;
|
||||
|
||||
@ -228,14 +228,16 @@ mod test {
|
||||
&connector,
|
||||
ConnectionParams {
|
||||
route_type: crate::infra::RouteType::Direct,
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
port: NonZeroU16::new(server_addr.port()).unwrap(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
},
|
||||
http_host: host,
|
||||
port: NonZeroU16::new(server_addr.port()).unwrap(),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
connection_confirmation_header: None,
|
||||
},
|
||||
MAX_RESPONSE_SIZE,
|
||||
@ -299,14 +301,16 @@ mod test {
|
||||
&connector,
|
||||
ConnectionParams {
|
||||
route_type: crate::infra::RouteType::Direct,
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
port: NonZeroU16::new(server_addr.port()).unwrap(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
},
|
||||
http_host: host,
|
||||
port: NonZeroU16::new(server_addr.port()).unwrap(),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
connection_confirmation_header: None,
|
||||
},
|
||||
MAX_RESPONSE_SIZE,
|
||||
|
@ -144,8 +144,8 @@ where
|
||||
.connect_or_wait(|connection_params| {
|
||||
log::debug!(
|
||||
"trying to connect to {}:{}",
|
||||
connection_params.tcp_host,
|
||||
connection_params.port
|
||||
connection_params.transport.tcp_host,
|
||||
connection_params.transport.port
|
||||
);
|
||||
self.service_connector.connect_channel(connection_params)
|
||||
})
|
||||
@ -405,7 +405,9 @@ mod test {
|
||||
ClassifiableTestError, LONG_CONNECTION_TIME, NORMAL_CONNECTION_TIME, TIMEOUT_DURATION,
|
||||
TIME_ADVANCE_VALUE,
|
||||
};
|
||||
use crate::infra::{ConnectionParams, HttpRequestDecoratorSeq, RouteType};
|
||||
use crate::infra::{
|
||||
ConnectionParams, HttpRequestDecoratorSeq, RouteType, TransportConnectionParams,
|
||||
};
|
||||
use crate::utils::{sleep_and_catch_up, ObservableEvent};
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
@ -473,12 +475,14 @@ mod test {
|
||||
let host = "chat.signal.org".into();
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&host),
|
||||
tcp_host: Host::Domain(Arc::clone(&host)),
|
||||
port: nonzero!(443u16),
|
||||
certs: RootCertificates::Signal,
|
||||
},
|
||||
http_host: host,
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Signal,
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
}
|
||||
|
@ -21,7 +21,7 @@ use crate::infra::dns::DnsResolver;
|
||||
use crate::infra::errors::TransportConnectError;
|
||||
use crate::infra::tcp_ssl::proxy::tls::TlsProxyConnector;
|
||||
use crate::infra::{
|
||||
Alpn, ConnectionInfo, ConnectionParams, RouteType, StreamAndInfo, TransportConnector,
|
||||
Alpn, ConnectionInfo, RouteType, StreamAndInfo, TransportConnectionParams, TransportConnector,
|
||||
};
|
||||
use crate::utils::first_ok;
|
||||
|
||||
@ -65,12 +65,12 @@ impl TransportConnector for DirectConnector {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
let StreamAndInfo(tcp_stream, remote_address) = connect_tcp(
|
||||
&self.dns_resolver,
|
||||
connection_params.route_type,
|
||||
RouteType::Direct,
|
||||
connection_params.tcp_host.as_deref(),
|
||||
connection_params.port,
|
||||
)
|
||||
@ -108,7 +108,7 @@ fn ssl_config(
|
||||
|
||||
async fn connect_tls<S: AsyncRead + AsyncWrite + Unpin>(
|
||||
transport: S,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<SslStream<S>, TransportConnectError> {
|
||||
let ssl_config = ssl_config(&connection_params.certs, &connection_params.sni, Some(alpn))?;
|
||||
@ -224,7 +224,7 @@ impl TransportConnector for TcpSslConnector {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
match self {
|
||||
@ -327,7 +327,6 @@ mod test {
|
||||
|
||||
use crate::infra::dns::lookup_result::LookupResult;
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::HttpRequestDecoratorSeq;
|
||||
|
||||
#[test_case(true; "resolved hostname")]
|
||||
#[test_case(false; "by IP")]
|
||||
@ -340,18 +339,14 @@ mod test {
|
||||
SERVER_HOSTNAME,
|
||||
LookupResult::localhost(),
|
||||
)])));
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: match use_hostname {
|
||||
true => Host::Domain(SERVER_HOSTNAME.into()),
|
||||
false => addr.ip().into(),
|
||||
},
|
||||
http_host: "unused".into(),
|
||||
port: addr.port().try_into().expect("bound port"),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::FromDer(Cow::Borrowed(SERVER_CERTIFICATE.cert.der())),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
|
||||
let StreamAndInfo(stream, info) = connector
|
||||
@ -364,7 +359,7 @@ mod test {
|
||||
ConnectionInfo {
|
||||
address: Host::Ip(Ipv6Addr::LOCALHOST.into()),
|
||||
dns_source: crate::infra::DnsSource::Static,
|
||||
route_type: RouteType::Test,
|
||||
route_type: RouteType::Direct,
|
||||
}
|
||||
);
|
||||
|
||||
@ -379,15 +374,11 @@ mod test {
|
||||
let connector = TcpSslConnector::Invalid(DnsResolver::new_from_static_map(HashMap::from(
|
||||
[(SERVER_HOSTNAME, LookupResult::localhost())],
|
||||
)));
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Ip(addr.ip()),
|
||||
http_host: "unused".into(),
|
||||
port: addr.port().try_into().expect("bound port"),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::FromDer(Cow::Borrowed(SERVER_CERTIFICATE.cert.der())),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
|
||||
match connector.connect(&connection_params, Alpn::Http1_1).await {
|
||||
|
@ -22,7 +22,8 @@ use crate::infra::dns::DnsResolver;
|
||||
use crate::infra::errors::TransportConnectError;
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::{
|
||||
Alpn, ConnectionInfo, ConnectionParams, DnsSource, RouteType, StreamAndInfo, TransportConnector,
|
||||
Alpn, ConnectionInfo, DnsSource, RouteType, StreamAndInfo, TransportConnectionParams,
|
||||
TransportConnector,
|
||||
};
|
||||
|
||||
#[derive(Clone)]
|
||||
@ -53,7 +54,7 @@ impl TransportConnector for SocksConnector {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
let Self {
|
||||
@ -75,7 +76,7 @@ impl TransportConnector for SocksConnector {
|
||||
|
||||
let StreamAndInfo(tcp_stream, remote_address) = crate::infra::tcp_ssl::connect_tcp(
|
||||
dns_resolver,
|
||||
connection_params.route_type,
|
||||
RouteType::SocksProxy,
|
||||
proxy_host.as_deref(),
|
||||
*proxy_port,
|
||||
)
|
||||
@ -226,7 +227,6 @@ mod test {
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::tcp_ssl::proxy::testutil::{TcpServer, TlsServer, PROXY_HOSTNAME};
|
||||
use crate::infra::tcp_ssl::testutil::{SERVER_CERTIFICATE, SERVER_HOSTNAME};
|
||||
use crate::infra::HttpRequestDecoratorSeq;
|
||||
|
||||
use super::*;
|
||||
|
||||
@ -396,17 +396,13 @@ mod test {
|
||||
])),
|
||||
};
|
||||
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::SocksProxy,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: target_host,
|
||||
http_host: SERVER_HOSTNAME.into(),
|
||||
port: NonZeroU16::new(tls_server.tcp.listen_addr.port()).unwrap(),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(std::borrow::Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
let mut connect = connector.connect(&connection_params, Alpn::Http1_1);
|
||||
|
||||
@ -523,17 +519,13 @@ mod test {
|
||||
])),
|
||||
};
|
||||
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::SocksProxy,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain(SERVER_HOSTNAME.into()),
|
||||
http_host: SERVER_HOSTNAME.into(),
|
||||
port: NonZeroU16::new(tls_server.tcp.listen_addr.port()).unwrap(),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: crate::infra::certs::RootCertificates::FromDer(std::borrow::Cow::Borrowed(
|
||||
SERVER_CERTIFICATE.cert.der(),
|
||||
)),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
let connect = connector.connect(&connection_params, Alpn::Http1_1);
|
||||
|
||||
|
@ -17,7 +17,7 @@ use crate::infra::errors::TransportConnectError;
|
||||
use crate::infra::host::Host;
|
||||
use crate::infra::tcp_ssl::{connect_tcp, connect_tls, ssl_config};
|
||||
use crate::infra::{
|
||||
Alpn, ConnectionInfo, ConnectionParams, RouteType, StreamAndInfo, TransportConnector,
|
||||
Alpn, ConnectionInfo, RouteType, StreamAndInfo, TransportConnectionParams, TransportConnector,
|
||||
};
|
||||
|
||||
/// A [`TransportConnector`] that proxies through a TLS server.
|
||||
@ -50,12 +50,12 @@ impl TransportConnector for TlsProxyConnector {
|
||||
|
||||
async fn connect(
|
||||
&self,
|
||||
connection_params: &ConnectionParams,
|
||||
connection_params: &TransportConnectionParams,
|
||||
alpn: Alpn,
|
||||
) -> Result<StreamAndInfo<Self::Stream>, TransportConnectError> {
|
||||
let StreamAndInfo(tcp_stream, remote_address) = connect_tcp(
|
||||
&self.dns_resolver,
|
||||
connection_params.route_type,
|
||||
RouteType::TlsProxy,
|
||||
self.proxy_host.as_deref(),
|
||||
self.proxy_port,
|
||||
)
|
||||
@ -151,7 +151,6 @@ mod test {
|
||||
use crate::infra::tcp_ssl::proxy::testutil::{
|
||||
localhost_tcp_proxy, localhost_tls_proxy, PROXY_CERTIFICATE, PROXY_HOSTNAME,
|
||||
};
|
||||
use crate::infra::HttpRequestDecoratorSeq;
|
||||
|
||||
#[tokio::test]
|
||||
async fn connect_through_proxy() {
|
||||
@ -180,15 +179,11 @@ mod test {
|
||||
);
|
||||
assert_matches!(default_root_cert, RootCertificates::Native);
|
||||
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain("localhost".into()),
|
||||
http_host: "unused".into(),
|
||||
port: addr.port().try_into().expect("bound port"),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::FromDer(Cow::Borrowed(SERVER_CERTIFICATE.cert.der())),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
|
||||
let StreamAndInfo(stream, info) = connector
|
||||
@ -227,15 +222,11 @@ mod test {
|
||||
(modified_proxy_host, proxy_addr.port().try_into().unwrap()),
|
||||
);
|
||||
|
||||
let connection_params = ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
let connection_params = TransportConnectionParams {
|
||||
sni: SERVER_HOSTNAME.into(),
|
||||
tcp_host: Host::Domain("localhost".into()),
|
||||
http_host: "unused".into(),
|
||||
port: addr.port().try_into().expect("bound port"),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::FromDer(Cow::Borrowed(SERVER_CERTIFICATE.cert.der())),
|
||||
connection_confirmation_header: None,
|
||||
};
|
||||
|
||||
let StreamAndInfo(stream, info) = connector
|
||||
|
@ -321,7 +321,7 @@ async fn connect_websocket<T: TransportConnector>(
|
||||
transport_connector: &T,
|
||||
) -> Result<(WebSocketStream<T::Stream>, ConnectionInfo), WebSocketConnectError> {
|
||||
let StreamAndInfo(ssl_stream, remote_address) = transport_connector
|
||||
.connect(connection_params, Alpn::Http1_1)
|
||||
.connect(&connection_params.transport, Alpn::Http1_1)
|
||||
.await?;
|
||||
|
||||
// we need to explicitly create upgrade request
|
||||
@ -339,7 +339,7 @@ async fn connect_websocket<T: TransportConnector>(
|
||||
.header("Sec-WebSocket-Key", generate_key())
|
||||
.uri(
|
||||
http::uri::Builder::new()
|
||||
.authority(connection_params.tcp_host.to_string())
|
||||
.authority(connection_params.http_host.to_string())
|
||||
.path_and_query(endpoint)
|
||||
.scheme("wss")
|
||||
.build()
|
||||
@ -798,7 +798,7 @@ mod test {
|
||||
use test_case::test_matrix;
|
||||
|
||||
use crate::infra::certs::RootCertificates;
|
||||
use crate::infra::{HttpRequestDecoratorSeq, RouteType};
|
||||
use crate::infra::{HttpRequestDecoratorSeq, RouteType, TransportConnectionParams};
|
||||
|
||||
use super::testutil::*;
|
||||
use super::*;
|
||||
@ -979,12 +979,14 @@ mod test {
|
||||
let hostname = hostname.into();
|
||||
ConnectionParams {
|
||||
route_type: RouteType::Test,
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: Host::Domain(Arc::clone(&hostname)),
|
||||
transport: TransportConnectionParams {
|
||||
sni: Arc::clone(&hostname),
|
||||
tcp_host: Host::Domain(Arc::clone(&hostname)),
|
||||
port: nonzero!(443u16),
|
||||
certs: RootCertificates::Signal,
|
||||
},
|
||||
http_host: hostname,
|
||||
port: nonzero!(443u16),
|
||||
http_request_decorator: HttpRequestDecoratorSeq::default(),
|
||||
certs: RootCertificates::Signal,
|
||||
connection_confirmation_header: None,
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user