Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helper to extract SSL session from the request #505

Merged
merged 4 commits into from May 14, 2019
Merged

Helper to extract SSL session from the request #505

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d89a750
Helper to get ssl session from the request
kachayev Apr 22, 2019
8afb58f
Move channel->session functionality to a separate helper
kachayev Apr 22, 2019
e00c08c
Update tcp ssl test to assert that ssl session is defined
kachayev Apr 22, 2019
23ddfce
IS instead of ASSERT
kachayev Apr 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions src/aleph/http/core.clj
View file
Open in desktop
Expand Up @@ -242,6 +242,9 @@
(defn netty-response->ring-response [rsp complete body]
(->NettyResponse rsp complete body))

(defn ring-request-ssl-session [^NettyRequest req]
(netty/channel-ssl-session (.ch req)))

;;;

(defn has-content-length? [^HttpMessage msg]
Expand Down
11 changes: 10 additions & 1 deletion src/aleph/netty.clj
View file
Open in desktop
Expand Up @@ -36,7 +36,10 @@
NioServerSocketChannel
NioSocketChannel
NioDatagramChannel]
[io.netty.handler.ssl SslContext SslContextBuilder]
[io.netty.handler.ssl
SslContext
SslContextBuilder
SslHandler]
[io.netty.handler.ssl.util
SelfSignedCertificate InsecureTrustManagerFactory]
[io.netty.resolver
Expand Down Expand Up @@ -767,6 +770,12 @@

(set! *warn-on-reflection* true)

(defn channel-ssl-session [^Channel ch]
(some-> ch
^ChannelPipeline (.pipeline)
^SslHandler (.get SslHandler)
.engine
.getSession))
;;;

(defprotocol AlephServer
Expand Down
6 changes: 2 additions & 4 deletions src/aleph/tcp.clj
View file
Open in desktop
Expand Up @@ -13,15 +13,13 @@
[io.netty.channel
Channel
ChannelHandler
ChannelPipeline]
[io.netty.handler.ssl
SslHandler]))
ChannelPipeline]))

(p/def-derived-map TcpConnection [^Channel ch]
:server-name (netty/channel-server-name ch)
:server-port (netty/channel-server-port ch)
:remote-addr (netty/channel-remote-address ch)
:ssl-session (some-> ch ^ChannelPipeline (.pipeline) ^SslHandler (.get "ssl-handler") .engine .getSession))
:ssl-session (netty/channel-ssl-session ch))

(alter-meta! #'->TcpConnection assoc :private true)

Expand Down
9 changes: 7 additions & 2 deletions test/aleph/tcp_ssl_test.clj
View file
Open in desktop
Expand Up @@ -68,6 +68,7 @@

(defn ssl-echo-handler
[s c]
(is (some? (:ssl-session c)) "SSL session should be defined")
(s/connect
; note we need to inspect the SSL session *after* we start reading
; data. Otherwise, the session might not be set up yet.
Expand All @@ -79,7 +80,11 @@
s))

(deftest test-ssl-echo
(with-server (tcp/start-server ssl-echo-handler {:port 10001 :ssl-context server-ssl-context})
(let [c @(tcp/client {:host "localhost" :port 10001 :ssl-context client-ssl-context})]
(with-server (tcp/start-server ssl-echo-handler
{:port 10001
:ssl-context server-ssl-context})
(let [c @(tcp/client {:host "localhost"
:port 10001
:ssl-context client-ssl-context})]
(s/put! c "foo")
(is (= "foo" (bs/to-string @(s/take! c)))))))