proxygen: proxygen/wangle/wangle/ssl/SSLSessionCacheManager.h Source File

Go to the documentation of this file.
 /*
  * Copyright 2017-present Facebook, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #pragma once
 
 #include <wangle/ssl/SSLCacheProvider.h>
 #include <wangle/ssl/SSLStats.h>
 
 #include <folly/container/EvictingCacheMap.h>
 #include <mutex>
 #include <folly/hash/Hash.h>
 #include <folly/io/async/AsyncSSLSocket.h>
 
 namespace wangle {
 
 class SSLStats;
 
 typedef folly::EvictingCacheMap<std::string, SSL_SESSION*> SSLSessionCacheMap;
 
 class LocalSSLSessionCache: private boost::noncopyable {
  public:
   LocalSSLSessionCache(uint32_t maxCacheSize, uint32_t cacheCullSize);
 
   ~LocalSSLSessionCache() {
     std::lock_guard<std::mutex> g(lock);
     // EvictingCacheMap dtor doesn't free values
     sessionCache.clear();
   }
 
   SSLSessionCacheMap sessionCache;
   std::mutex lock;
   uint32_t removedSessions_{0};
 
  private:
 
   void pruneSessionCallback(const std::string& sessionId,
                             SSL_SESSION* session);
 };
 
 class ShardedLocalSSLSessionCache : private boost::noncopyable {
  public:
   ShardedLocalSSLSessionCache(uint32_t n_buckets, uint32_t maxCacheSize,
                               uint32_t cacheCullSize);
 
   SSL_SESSION* lookupSession(const std::string& sessionId);
 
   void storeSession(const std::string& sessionId, SSL_SESSION* session,
                     SSLStats* stats);
 
   void removeSession(const std::string& sessionId);
 
   size_t hash(const std::string& key) {
     return folly::Hash()(key) % caches_.size();
   }
 
   std::vector< std::unique_ptr<LocalSSLSessionCache> > caches_;
 };
 
 /* A socket/DestructorGuard pair */
 typedef std::pair<folly::AsyncSSLSocket *,
                   std::unique_ptr<folly::DelayedDestruction::DestructorGuard>>
   AttachedLookup;
 
 struct PendingLookup {
   bool request_in_progress;
   SSL_SESSION* session;
   std::list<AttachedLookup> waiters;
 
   PendingLookup() {
     request_in_progress = true;
     session = nullptr;
   }
 };
 
 /* Maps SSL session id to a PendingLookup structure */
 typedef std::map<std::string, PendingLookup> PendingLookupMap;
 
 class SSLSessionCacheManager : private boost::noncopyable {
  public:
   SSLSessionCacheManager(
     uint32_t maxCacheSize,
     uint32_t cacheCullSize,
     folly::SSLContext* ctx,
     const std::string& context,
     SSLStats* stats,
     const std::shared_ptr<SSLCacheProvider>& externalCache);
 
   virtual ~SSLSessionCacheManager();
 
   static void shutdown();
 
   void onGetSuccess(SSLCacheProvider::CacheContext* cacheCtx,
                     const std::string& value);
 
   void onGetSuccess(SSLCacheProvider::CacheContext* cacheCtx,
                     std::unique_ptr<folly::IOBuf> valueBuf);
 
   void onGetFailure(SSLCacheProvider::CacheContext* cacheCtx);
 
  private:
 
   folly::SSLContext* ctx_;
   std::shared_ptr<ShardedLocalSSLSessionCache> localCache_;
   PendingLookupMap pendingLookups_;
   SSLStats* stats_{nullptr};
   std::shared_ptr<SSLCacheProvider> externalCache_;
 
   int newSession(SSL* ssl, SSL_SESSION* session);
 
   void removeSession(SSL_CTX* ctx, SSL_SESSION* session);
 
   SSL_SESSION* getSession(SSL* ssl, unsigned char* session_id,
                           int id_len, int* copyflag);
 
   void restoreSession(SSLCacheProvider::CacheContext* cacheCtx,
                       const uint8_t* data,
                       size_t length);
 
   bool storeCacheRecord(const std::string& sessionId, SSL_SESSION* session);
 
   bool lookupCacheRecord(const std::string& sessionId,
                          folly::AsyncSSLSocket* sslSock);
 
   void restartSSLAccept(const SSLCacheProvider::CacheContext* cacheCtx);
 
   static std::shared_ptr<ShardedLocalSSLSessionCache> getLocalCache(
     uint32_t maxCacheSize, uint32_t cacheCullSize);
 
   static int newSessionCallback(SSL* ssl, SSL_SESSION* session);
   static void removeSessionCallback(SSL_CTX* ctx, SSL_SESSION* session);
 
 #if FOLLY_OPENSSL_IS_110
   using session_callback_arg_session_id_t = const unsigned char*;
 #else
   using session_callback_arg_session_id_t = unsigned char*;
 #endif
 
   static SSL_SESSION* getSessionCallback(
       SSL* ssl,
       session_callback_arg_session_id_t session_id,
       int id_len,
       int* copyflag);
 
   static int32_t sExDataIndex_;
   static std::shared_ptr<ShardedLocalSSLSessionCache> sCache_;
   static std::mutex sCacheLock_;
 };
 
 } // namespace wangle