proxygen
SSLAcceptorHandshakeHelper.cpp
Go to the documentation of this file.
1 /*
2  * Copyright 2017-present Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include <wangle/acceptor/SSLAcceptorHandshakeHelper.h>
17 
18 #include <string>
19 #include <wangle/acceptor/Acceptor.h>
20 #include <wangle/acceptor/SecureTransportType.h>
21 
22 namespace wangle {
23 
24 static const std::string empty_string;
25 
26 using namespace folly;
27 
28 void SSLAcceptorHandshakeHelper::start(
29  folly::AsyncSSLSocket::UniquePtr sock,
30  AcceptorHandshakeHelper::Callback* callback) noexcept {
31  socket_ = std::move(sock);
32  callback_ = callback;
33 
34  socket_->enableClientHelloParsing();
35  socket_->forceCacheAddrOnFailure(true);
36  socket_->sslAccept(this);
37 }
38 
39 void SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(
40  AsyncSSLSocket* sock, TransportInfo& tinfo) {
41  tinfo.secure = true;
42  tinfo.securityType = sock->getSecurityProtocol();
43  tinfo.sslSetupBytesRead = sock->getRawBytesReceived();
44  tinfo.sslSetupBytesWritten = sock->getRawBytesWritten();
45  tinfo.sslServerName = sock->getSSLServerName() ?
46  std::make_shared<std::string>(sock->getSSLServerName()) : nullptr;
47  tinfo.sslCipher = sock->getNegotiatedCipherName() ?
48  std::make_shared<std::string>(sock->getNegotiatedCipherName()) : nullptr;
49  tinfo.sslVersion = sock->getSSLVersion();
50  const char* sigAlgName = sock->getSSLCertSigAlgName();
51  tinfo.sslCertSigAlgName =
52  std::make_shared<std::string>(sigAlgName ? sigAlgName : "");
53  tinfo.sslCertSize = sock->getSSLCertSize();
54  tinfo.sslResume = SSLUtil::getResumeState(sock);
55  tinfo.sslClientCiphers = std::make_shared<std::string>();
56  sock->getSSLClientCiphers(*tinfo.sslClientCiphers);
57  tinfo.sslClientCiphersHex = std::make_shared<std::string>();
58  sock->getSSLClientCiphers(
59  *tinfo.sslClientCiphersHex, /* convertToString = */ false);
60  tinfo.sslServerCiphers = std::make_shared<std::string>();
61  sock->getSSLServerCiphers(*tinfo.sslServerCiphers);
62  tinfo.sslClientComprMethods =
63  std::make_shared<std::string>(sock->getSSLClientComprMethods());
64  tinfo.sslClientExts =
65  std::make_shared<std::string>(sock->getSSLClientExts());
66  tinfo.sslClientSigAlgs =
67  std::make_shared<std::string>(sock->getSSLClientSigAlgs());
68  tinfo.sslClientSupportedVersions =
69  std::make_shared<std::string>(sock->getSSLClientSupportedVersions());
70 }
71 
72 void SSLAcceptorHandshakeHelper::handshakeSuc(AsyncSSLSocket* sock) noexcept {
73  const unsigned char* nextProto = nullptr;
74  unsigned nextProtoLength = 0;
75  sock->getSelectedNextProtocolNoThrow(&nextProto, &nextProtoLength);
76  if (VLOG_IS_ON(3)) {
77  if (nextProto) {
78  VLOG(3) << "Client selected next protocol " <<
79  std::string((const char*)nextProto, nextProtoLength);
80  } else {
81  VLOG(3) << "Client did not select a next protocol";
82  }
83  }
84 
85  // fill in SSL-related fields from TransportInfo
86  // the other fields like RTT are filled in the Acceptor
87  tinfo_.acceptTime = acceptTime_;
88  tinfo_.sslSetupTime = std::chrono::duration_cast<std::chrono::milliseconds>(
89  std::chrono::steady_clock::now() - acceptTime_
90  );
91  fillSSLTransportInfoFields(sock, tinfo_);
92 
93  auto nextProtocol = nextProto ?
94  std::string((const char*)nextProto, nextProtoLength) : empty_string;
95 
96  // The callback will delete this.
97  callback_->connectionReady(
98  std::move(socket_),
99  std::move(nextProtocol),
100  SecureTransportType::TLS,
101  SSLErrorEnum::NO_ERROR);
102 }
103 
104 void SSLAcceptorHandshakeHelper::handshakeErr(
105  AsyncSSLSocket* sock,
106  const AsyncSocketException& ex) noexcept {
107  auto elapsedTime =
108  std::chrono::duration_cast<std::chrono::milliseconds>(
109  std::chrono::steady_clock::now() - acceptTime_);
110  VLOG(3) << "SSL handshake error after " << elapsedTime.count() <<
111  " ms; " << sock->getRawBytesReceived() << " bytes received & " <<
112  sock->getRawBytesWritten() << " bytes sent: " <<
113  ex.what();
114 
115  auto sslEx = folly::make_exception_wrapper<SSLException>(
116  sslError_, elapsedTime, sock->getRawBytesReceived());
117 
118  // The callback will delete this.
119  callback_->connectionError(socket_.get(), sslEx, sslError_);
120 }
121 
122 }
wangle::SSLAcceptorHandshakeHelper::handshakeSuc
void handshakeSuc(folly::AsyncSSLSocket *sock) noexceptoverride
Definition: SSLAcceptorHandshakeHelper.cpp:72
folly::AsyncSSLSocket::getRawBytesReceived
size_t getRawBytesReceived() const override
Definition: AsyncSSLSocket.cpp:429
wangle::empty_string
static const std::string empty_string
Definition: Acceptor.cpp:51
wangle::TransportInfo::sslClientCiphers
std::shared_ptr< std::string > sslClientCiphers
Definition: TransportInfo.h:154
folly::AsyncSSLSocket::getSSLCertSigAlgName
const char * getSSLCertSigAlgName() const
Definition: AsyncSSLSocket.cpp:915
folly::AsyncSSLSocket::getRawBytesWritten
size_t getRawBytesWritten() const override
Definition: AsyncSSLSocket.cpp:411
folly::AsyncSSLSocket::getSSLClientComprMethods
std::string getSSLClientComprMethods() const
Definition: AsyncSSLSocket.cpp:1962
folly::AsyncSSLSocket::getSSLClientSupportedVersions
std::string getSSLClientSupportedVersions() const
Definition: AsyncSSLSocket.cpp:1997
now
std::chrono::steady_clock::time_point now()
Definition: TimekeeperTest.cpp:31
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
folly::AsyncSSLSocket::getSecurityProtocol
std::string getSecurityProtocol() const override
Definition: AsyncSSLSocket.h:330
wangle::TransportInfo::sslClientExts
std::shared_ptr< std::string > sslClientExts
Definition: TransportInfo.h:169
wangle::TransportInfo::securityType
std::string securityType
Definition: TransportInfo.h:371
wangle::SSLAcceptorHandshakeHelper::start
void start(folly::AsyncSSLSocket::UniquePtr sock, AcceptorHandshakeHelper::Callback *callback) noexceptoverride
Definition: SSLAcceptorHandshakeHelper.cpp:28
folly::AsyncSSLSocket::getSSLServerName
const char * getSSLServerName() const
Definition: AsyncSSLSocket.cpp:898
wangle::TransportInfo::sslClientSigAlgs
std::shared_ptr< std::string > sslClientSigAlgs
Definition: TransportInfo.h:174
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
folly::pushmi::__adl::noexcept
requires E e noexcept(noexcept(s.error(std::move(e))))
Definition: extension_points.h:40
wangle::TransportInfo::sslResume
SSLResumeEnum sslResume
Definition: TransportInfo.h:356
folly::AsyncSSLSocket::UniquePtr
std::unique_ptr< AsyncSSLSocket, Destructor > UniquePtr
Definition: AsyncSSLSocket.h:72
wangle::TransportInfo::sslServerCiphers
std::shared_ptr< std::string > sslServerCiphers
Definition: TransportInfo.h:189
wangle::TransportInfo::sslServerName
std::shared_ptr< std::string > sslServerName
Definition: TransportInfo.h:149
wangle::SSLUtil::getResumeState
static SSLResumeEnum getResumeState(folly::AsyncSSLSocket *sslSocket)
Definition: SSLUtil.cpp:46
wangle::SSLAcceptorHandshakeHelper::handshakeErr
void handshakeErr(folly::AsyncSSLSocket *sock, const folly::AsyncSocketException &ex) noexceptoverride
Definition: SSLAcceptorHandshakeHelper.cpp:104
socket_
AsyncServerSocket::UniquePtr socket_
Definition: FizzServerCommand.cpp:75
wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields
static void fillSSLTransportInfoFields(folly::AsyncSSLSocket *sock, TransportInfo &tinfo)
Definition: SSLAcceptorHandshakeHelper.cpp:39
folly::AsyncSSLSocket::getSSLClientCiphers
void getSSLClientCiphers(std::string &clientCiphers, bool convertToString=true) const
Definition: AsyncSSLSocket.cpp:1919
wangle::TransportInfo::sslCertSigAlgName
std::shared_ptr< std::string > sslCertSigAlgName
Definition: TransportInfo.h:340
wangle::TransportInfo::sslCipher
std::shared_ptr< std::string > sslCipher
Definition: TransportInfo.h:143
folly::AsyncSSLSocket::getSSLClientExts
std::string getSSLClientExts() const
Definition: AsyncSSLSocket.cpp:1969
folly::AsyncSSLSocket::getSSLServerCiphers
void getSSLServerCiphers(std::string &serverCiphers) const
Definition: AsyncSSLSocket.cpp:2032
folly::AsyncSSLSocket::getSSLClientSigAlgs
std::string getSSLClientSigAlgs() const
Definition: AsyncSSLSocket.cpp:1976
string
const char * string
Definition: Conv.cpp:212
wangle::TransportInfo::sslClientComprMethods
std::shared_ptr< std::string > sslClientComprMethods
Definition: TransportInfo.h:164
callback_
folly::Function< void()> callback_
Definition: FizzClientCommand.cpp:225
folly::AsyncSSLSocket::getNegotiatedCipherName
virtual const char * getNegotiatedCipherName() const
Definition: AsyncSSLSocket.cpp:882
wangle::TransportInfo::sslClientSupportedVersions
std::shared_ptr< std::string > sslClientSupportedVersions
Definition: TransportInfo.h:179
wangle::TransportInfo::sslClientCiphersHex
std::shared_ptr< std::string > sslClientCiphersHex
Definition: TransportInfo.h:159