proxygen
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
wangle::SSLAcceptorHandshakeHelper Class Reference

#include <SSLAcceptorHandshakeHelper.h>

Inheritance diagram for wangle::SSLAcceptorHandshakeHelper:
wangle::AcceptorHandshakeHelper folly::AsyncSSLSocket::HandshakeCB folly::DelayedDestruction folly::DelayedDestructionBase

Public Member Functions

 SSLAcceptorHandshakeHelper (const folly::SocketAddress &clientAddr, std::chrono::steady_clock::time_point acceptTime, TransportInfo &tinfo)
 
void start (folly::AsyncSSLSocket::UniquePtr sock, AcceptorHandshakeHelper::Callback *callback) noexceptoverride
 
void dropConnection (SSLErrorEnum reason=SSLErrorEnum::NO_ERROR) override
 
- Public Member Functions inherited from folly::DelayedDestruction
virtual void destroy ()
 
bool getDestroyPending () const
 
- Public Member Functions inherited from folly::DelayedDestructionBase
virtual ~DelayedDestructionBase ()=default
 
- Public Member Functions inherited from folly::AsyncSSLSocket::HandshakeCB
virtual ~HandshakeCB ()=default
 
virtual bool handshakeVer (AsyncSSLSocket *, bool preverifyOk, X509_STORE_CTX *) noexcept
 

Static Public Member Functions

static void fillSSLTransportInfoFields (folly::AsyncSSLSocket *sock, TransportInfo &tinfo)
 

Protected Member Functions

void handshakeSuc (folly::AsyncSSLSocket *sock) noexceptoverride
 
void handshakeErr (folly::AsyncSSLSocket *sock, const folly::AsyncSocketException &ex) noexceptoverride
 
- Protected Member Functions inherited from folly::DelayedDestruction
 ~DelayedDestruction () override=default
 
 DelayedDestruction ()
 
- Protected Member Functions inherited from folly::DelayedDestructionBase
 DelayedDestructionBase ()
 
uint32_t getDestructorGuardCount () const
 

Protected Attributes

folly::AsyncSSLSocket::UniquePtr socket_
 
AcceptorHandshakeHelper::Callbackcallback_
 
const folly::SocketAddressclientAddr_
 
std::chrono::steady_clock::time_point acceptTime_
 
TransportInfotinfo_
 
SSLErrorEnum sslError_ {SSLErrorEnum::NO_ERROR}
 

Additional Inherited Members

- Public Types inherited from wangle::AcceptorHandshakeHelper
using UniquePtr = std::unique_ptr< AcceptorHandshakeHelper, folly::DelayedDestruction::Destructor >
 

Detailed Description

Definition at line 28 of file SSLAcceptorHandshakeHelper.h.

Constructor & Destructor Documentation

wangle::SSLAcceptorHandshakeHelper::SSLAcceptorHandshakeHelper ( const folly::SocketAddress clientAddr,
std::chrono::steady_clock::time_point  acceptTime,
TransportInfo tinfo 
)
inline

Definition at line 31 of file SSLAcceptorHandshakeHelper.h.

References folly::pushmi::__adl::noexcept(), and start().

Referenced by wangle::DefaultToSSLPeekingCallback::getHelper().

34  :
35  clientAddr_(clientAddr),
36  acceptTime_(acceptTime),
37  tinfo_(tinfo) {}
wangle::SSLAcceptorHandshakeHelper::clientAddr_
const folly::SocketAddress & clientAddr_
Definition: SSLAcceptorHandshakeHelper.h:61
wangle::SSLAcceptorHandshakeHelper::acceptTime_
std::chrono::steady_clock::time_point acceptTime_
Definition: SSLAcceptorHandshakeHelper.h:62

Member Function Documentation

void wangle::SSLAcceptorHandshakeHelper::dropConnection ( SSLErrorEnum  reason = SSLErrorEnum::NO_ERROR)
inlineoverridevirtual

Implements wangle::AcceptorHandshakeHelper.

Definition at line 43 of file SSLAcceptorHandshakeHelper.h.

References fillSSLTransportInfoFields(), handshakeErr(), handshakeSuc(), socket_, and sslError_.

43  {
44  sslError_ = reason;
45  if (socket_) {
46  socket_->closeNow();
47  }
48  }
wangle::SSLAcceptorHandshakeHelper::socket_
folly::AsyncSSLSocket::UniquePtr socket_
Definition: SSLAcceptorHandshakeHelper.h:59
void wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields ( folly::AsyncSSLSocket sock,
TransportInfo tinfo 
)
static

Definition at line 39 of file SSLAcceptorHandshakeHelper.cpp.

References folly::AsyncSSLSocket::getNegotiatedCipherName(), folly::AsyncSSLSocket::getRawBytesReceived(), folly::AsyncSSLSocket::getRawBytesWritten(), wangle::SSLUtil::getResumeState(), folly::AsyncSSLSocket::getSecurityProtocol(), folly::AsyncSSLSocket::getSSLCertSigAlgName(), folly::AsyncSSLSocket::getSSLCertSize(), folly::AsyncSSLSocket::getSSLClientCiphers(), folly::AsyncSSLSocket::getSSLClientComprMethods(), folly::AsyncSSLSocket::getSSLClientExts(), folly::AsyncSSLSocket::getSSLClientSigAlgs(), folly::AsyncSSLSocket::getSSLClientSupportedVersions(), folly::AsyncSSLSocket::getSSLServerCiphers(), folly::AsyncSSLSocket::getSSLServerName(), folly::AsyncSSLSocket::getSSLVersion(), wangle::TransportInfo::secure, wangle::TransportInfo::securityType, wangle::TransportInfo::sslCertSigAlgName, wangle::TransportInfo::sslCertSize, wangle::TransportInfo::sslCipher, wangle::TransportInfo::sslClientCiphers, wangle::TransportInfo::sslClientCiphersHex, wangle::TransportInfo::sslClientComprMethods, wangle::TransportInfo::sslClientExts, wangle::TransportInfo::sslClientSigAlgs, wangle::TransportInfo::sslClientSupportedVersions, wangle::TransportInfo::sslResume, wangle::TransportInfo::sslServerCiphers, wangle::TransportInfo::sslServerName, wangle::TransportInfo::sslSetupBytesRead, wangle::TransportInfo::sslSetupBytesWritten, and wangle::TransportInfo::sslVersion.

Referenced by dropConnection(), and wangle::FizzAcceptorHandshakeHelper::handshakeSuc().

40  {
41  tinfo.secure = true;
42  tinfo.securityType = sock->getSecurityProtocol();
43  tinfo.sslSetupBytesRead = sock->getRawBytesReceived();
44  tinfo.sslSetupBytesWritten = sock->getRawBytesWritten();
45  tinfo.sslServerName = sock->getSSLServerName() ?
46  std::make_shared<std::string>(sock->getSSLServerName()) : nullptr;
47  tinfo.sslCipher = sock->getNegotiatedCipherName() ?
48  std::make_shared<std::string>(sock->getNegotiatedCipherName()) : nullptr;
49  tinfo.sslVersion = sock->getSSLVersion();
50  const char* sigAlgName = sock->getSSLCertSigAlgName();
51  tinfo.sslCertSigAlgName =
52  std::make_shared<std::string>(sigAlgName ? sigAlgName : "");
53  tinfo.sslCertSize = sock->getSSLCertSize();
54  tinfo.sslResume = SSLUtil::getResumeState(sock);
55  tinfo.sslClientCiphers = std::make_shared<std::string>();
56  sock->getSSLClientCiphers(*tinfo.sslClientCiphers);
57  tinfo.sslClientCiphersHex = std::make_shared<std::string>();
58  sock->getSSLClientCiphers(
59  *tinfo.sslClientCiphersHex, /* convertToString = */ false);
60  tinfo.sslServerCiphers = std::make_shared<std::string>();
61  sock->getSSLServerCiphers(*tinfo.sslServerCiphers);
62  tinfo.sslClientComprMethods =
63  std::make_shared<std::string>(sock->getSSLClientComprMethods());
64  tinfo.sslClientExts =
65  std::make_shared<std::string>(sock->getSSLClientExts());
66  tinfo.sslClientSigAlgs =
67  std::make_shared<std::string>(sock->getSSLClientSigAlgs());
68  tinfo.sslClientSupportedVersions =
69  std::make_shared<std::string>(sock->getSSLClientSupportedVersions());
70 }
folly::AsyncSSLSocket::getRawBytesReceived
size_t getRawBytesReceived() const override
Definition: AsyncSSLSocket.cpp:429
folly::AsyncSSLSocket::getSSLCertSigAlgName
const char * getSSLCertSigAlgName() const
Definition: AsyncSSLSocket.cpp:915
folly::AsyncSSLSocket::getRawBytesWritten
size_t getRawBytesWritten() const override
Definition: AsyncSSLSocket.cpp:411
folly::AsyncSSLSocket::getSSLClientComprMethods
std::string getSSLClientComprMethods() const
Definition: AsyncSSLSocket.cpp:1962
folly::AsyncSSLSocket::getSSLClientSupportedVersions
std::string getSSLClientSupportedVersions() const
Definition: AsyncSSLSocket.cpp:1997
folly::AsyncSSLSocket::getSecurityProtocol
std::string getSecurityProtocol() const override
Definition: AsyncSSLSocket.h:330
folly::AsyncSSLSocket::getSSLServerName
const char * getSSLServerName() const
Definition: AsyncSSLSocket.cpp:898
wangle::SSLUtil::getResumeState
static SSLResumeEnum getResumeState(folly::AsyncSSLSocket *sslSocket)
Definition: SSLUtil.cpp:46
folly::AsyncSSLSocket::getSSLClientCiphers
void getSSLClientCiphers(std::string &clientCiphers, bool convertToString=true) const
Definition: AsyncSSLSocket.cpp:1919
folly::AsyncSSLSocket::getSSLClientExts
std::string getSSLClientExts() const
Definition: AsyncSSLSocket.cpp:1969
folly::AsyncSSLSocket::getSSLServerCiphers
void getSSLServerCiphers(std::string &serverCiphers) const
Definition: AsyncSSLSocket.cpp:2032
folly::AsyncSSLSocket::getSSLClientSigAlgs
std::string getSSLClientSigAlgs() const
Definition: AsyncSSLSocket.cpp:1976
folly::AsyncSSLSocket::getNegotiatedCipherName
virtual const char * getNegotiatedCipherName() const
Definition: AsyncSSLSocket.cpp:882
void wangle::SSLAcceptorHandshakeHelper::handshakeErr ( folly::AsyncSSLSocket sock,
const folly::AsyncSocketException ex 
)
overrideprotectedvirtualnoexcept

handshakeErr() is called if an error occurs while establishing the SSL connection.

The HandshakeCB will be uninstalled before handshakeErr() is called.

Parameters
sockSSL socket on which the handshake was initiated
exAn exception representing the error.

Implements folly::AsyncSSLSocket::HandshakeCB.

Definition at line 104 of file SSLAcceptorHandshakeHelper.cpp.

References callback_, now(), and socket_.

Referenced by dropConnection().

106  {
107  auto elapsedTime =
108  std::chrono::duration_cast<std::chrono::milliseconds>(
109  std::chrono::steady_clock::now() - acceptTime_);
110  VLOG(3) << "SSL handshake error after " << elapsedTime.count() <<
111  " ms; " << sock->getRawBytesReceived() << " bytes received & " <<
112  sock->getRawBytesWritten() << " bytes sent: " <<
113  ex.what();
114 
115  auto sslEx = folly::make_exception_wrapper<SSLException>(
116  sslError_, elapsedTime, sock->getRawBytesReceived());
117 
118  // The callback will delete this.
119  callback_->connectionError(socket_.get(), sslEx, sslError_);
120 }
folly::AsyncSSLSocket::getRawBytesReceived
size_t getRawBytesReceived() const override
Definition: AsyncSSLSocket.cpp:429
folly::AsyncSSLSocket::getRawBytesWritten
size_t getRawBytesWritten() const override
Definition: AsyncSSLSocket.cpp:411
now
std::chrono::steady_clock::time_point now()
Definition: TimekeeperTest.cpp:31
wangle::SSLAcceptorHandshakeHelper::socket_
folly::AsyncSSLSocket::UniquePtr socket_
Definition: SSLAcceptorHandshakeHelper.h:59
wangle::AcceptorHandshakeHelper::Callback::connectionError
virtual void connectionError(folly::AsyncTransportWrapper *transport, folly::exception_wrapper ex, folly::Optional< SSLErrorEnum > sslErr) noexcept=0
wangle::SSLAcceptorHandshakeHelper::acceptTime_
std::chrono::steady_clock::time_point acceptTime_
Definition: SSLAcceptorHandshakeHelper.h:62
wangle::SSLAcceptorHandshakeHelper::callback_
AcceptorHandshakeHelper::Callback * callback_
Definition: SSLAcceptorHandshakeHelper.h:60
void wangle::SSLAcceptorHandshakeHelper::handshakeSuc ( folly::AsyncSSLSocket sock)
overrideprotectedvirtualnoexcept

handshakeSuc() is called when a new SSL connection is established, i.e., after SSL_accept/connect() returns successfully.

The HandshakeCB will be uninstalled before handshakeSuc() is called.

Parameters
sockSSL socket on which the handshake was initiated

Implements folly::AsyncSSLSocket::HandshakeCB.

Definition at line 72 of file SSLAcceptorHandshakeHelper.cpp.

References callback_, wangle::empty_string, folly::gen::move, wangle::NO_ERROR, now(), socket_, string, and wangle::TLS.

Referenced by dropConnection().

72  {
73  const unsigned char* nextProto = nullptr;
74  unsigned nextProtoLength = 0;
75  sock->getSelectedNextProtocolNoThrow(&nextProto, &nextProtoLength);
76  if (VLOG_IS_ON(3)) {
77  if (nextProto) {
78  VLOG(3) << "Client selected next protocol " <<
79  std::string((const char*)nextProto, nextProtoLength);
80  } else {
81  VLOG(3) << "Client did not select a next protocol";
82  }
83  }
84 
85  // fill in SSL-related fields from TransportInfo
86  // the other fields like RTT are filled in the Acceptor
87  tinfo_.acceptTime = acceptTime_;
88  tinfo_.sslSetupTime = std::chrono::duration_cast<std::chrono::milliseconds>(
89  std::chrono::steady_clock::now() - acceptTime_
90  );
91  fillSSLTransportInfoFields(sock, tinfo_);
92 
93  auto nextProtocol = nextProto ?
94  std::string((const char*)nextProto, nextProtoLength) : empty_string;
95 
96  // The callback will delete this.
97  callback_->connectionReady(
98  std::move(socket_),
99  std::move(nextProtocol),
100  SecureTransportType::TLS,
101  SSLErrorEnum::NO_ERROR);
102 }
wangle::empty_string
static const std::string empty_string
Definition: Acceptor.cpp:51
wangle::TransportInfo::acceptTime
std::chrono::steady_clock::time_point acceptTime
Definition: TransportInfo.h:65
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
now
std::chrono::steady_clock::time_point now()
Definition: TimekeeperTest.cpp:31
wangle::SSLAcceptorHandshakeHelper::socket_
folly::AsyncSSLSocket::UniquePtr socket_
Definition: SSLAcceptorHandshakeHelper.h:59
wangle::AcceptorHandshakeHelper::Callback::connectionReady
virtual void connectionReady(folly::AsyncTransportWrapper::UniquePtr transport, std::string nextProtocol, SecureTransportType secureTransportType, folly::Optional< SSLErrorEnum > sslErr) noexcept=0
wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields
static void fillSSLTransportInfoFields(folly::AsyncSSLSocket *sock, TransportInfo &tinfo)
Definition: SSLAcceptorHandshakeHelper.cpp:39
folly::AsyncSSLSocket::getSelectedNextProtocolNoThrow
virtual bool getSelectedNextProtocolNoThrow(const unsigned char **protoName, unsigned *protoLen) const
Definition: AsyncSSLSocket.cpp:862
string
const char * string
Definition: Conv.cpp:212
wangle::SSLAcceptorHandshakeHelper::acceptTime_
std::chrono::steady_clock::time_point acceptTime_
Definition: SSLAcceptorHandshakeHelper.h:62
wangle::TransportInfo::sslSetupTime
std::chrono::milliseconds sslSetupTime
Definition: TransportInfo.h:137
wangle::SSLAcceptorHandshakeHelper::callback_
AcceptorHandshakeHelper::Callback * callback_
Definition: SSLAcceptorHandshakeHelper.h:60
void wangle::SSLAcceptorHandshakeHelper::start ( folly::AsyncSSLSocket::UniquePtr  sock,
AcceptorHandshakeHelper::Callback callback 
)
overridevirtualnoexcept

Implements wangle::AcceptorHandshakeHelper.

Definition at line 28 of file SSLAcceptorHandshakeHelper.cpp.

References callback_, folly::gen::move, and socket_.

Referenced by SSLAcceptorHandshakeHelper().

30  {
31  socket_ = std::move(sock);
32  callback_ = callback;
33 
34  socket_->enableClientHelloParsing();
35  socket_->forceCacheAddrOnFailure(true);
36  socket_->sslAccept(this);
37 }
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
wangle::SSLAcceptorHandshakeHelper::socket_
folly::AsyncSSLSocket::UniquePtr socket_
Definition: SSLAcceptorHandshakeHelper.h:59
wangle::SSLAcceptorHandshakeHelper::callback_
AcceptorHandshakeHelper::Callback * callback_
Definition: SSLAcceptorHandshakeHelper.h:60

Member Data Documentation

std::chrono::steady_clock::time_point wangle::SSLAcceptorHandshakeHelper::acceptTime_
protected

Definition at line 62 of file SSLAcceptorHandshakeHelper.h.

AcceptorHandshakeHelper::Callback* wangle::SSLAcceptorHandshakeHelper::callback_
protected

Definition at line 60 of file SSLAcceptorHandshakeHelper.h.

const folly::SocketAddress& wangle::SSLAcceptorHandshakeHelper::clientAddr_
protected

Definition at line 61 of file SSLAcceptorHandshakeHelper.h.

folly::AsyncSSLSocket::UniquePtr wangle::SSLAcceptorHandshakeHelper::socket_
protected

Definition at line 59 of file SSLAcceptorHandshakeHelper.h.

Referenced by dropConnection().

SSLErrorEnum wangle::SSLAcceptorHandshakeHelper::sslError_ {SSLErrorEnum::NO_ERROR}
protected

Definition at line 64 of file SSLAcceptorHandshakeHelper.h.

Referenced by dropConnection().

TransportInfo& wangle::SSLAcceptorHandshakeHelper::tinfo_
protected

Definition at line 63 of file SSLAcceptorHandshakeHelper.h.

The documentation for this class was generated from the following files: