Skip to content

Commit

Permalink
Simplify just_tls
Browse files Browse the repository at this point in the history
  • Loading branch information
NelsonVides committed Jan 23, 2025
1 parent 84b412c commit e3dcc31
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 89 deletions.
3 changes: 1 addition & 2 deletions src/global_distrib/mod_global_distrib_connection.erl
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,7 @@ init([{Addr, Port}, Server]) ->
process_flag(trap_exit, true),
try
{ok, RawSocket} = gen_tcp:connect(Addr, Port, [binary, {active, false}]),
{ok, Socket} = mod_global_distrib_transport:wrap(RawSocket, opt(connections),
#{connect => true}),
{ok, Socket} = mod_global_distrib_transport:wrap(RawSocket, opt(connections), client),
GdStart = gd_start(Server, ConnID),
ok = mod_global_distrib_transport:send(Socket, <<(byte_size(GdStart)):32, GdStart/binary>>),
mod_global_distrib_transport:setopts(Socket, [{active, once}]),
Expand Down
2 changes: 1 addition & 1 deletion src/global_distrib/mod_global_distrib_receiver.erl
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ init({Ref, ranch_tcp, _Opts}) ->
process_flag(trap_exit, true),
{ok, RawSocket} = ranch:handshake(Ref),
ConnOpts = opt(connections),
{ok, Socket} = mod_global_distrib_transport:wrap(RawSocket, ConnOpts),
{ok, Socket} = mod_global_distrib_transport:wrap(RawSocket, ConnOpts, server),
ok = mod_global_distrib_transport:setopts(Socket, [{active, once}]),
mongoose_instrument:execute(?GLOBAL_DISTRIB_INCOMING_ESTABLISHED, #{},
#{count => 1, peer => mod_global_distrib_transport:peername(Socket)}),
Expand Down
40 changes: 18 additions & 22 deletions src/global_distrib/mod_global_distrib_transport.erl
Original file line number Diff line number Diff line change
Expand Up @@ -18,29 +18,25 @@
-author('[email protected]').

-record(?MODULE, {
transport :: just_tls | gen_tcp,
socket :: just_tls:tls_socket() | gen_tcp:socket()
transport :: ssl | gen_tcp,
socket :: ssl:sslsocket() | gen_tcp:socket()
}).

-type t() :: #?MODULE{}.

-export([wrap/2, wrap/3, setopts/2, recv_data/2, close/1, send/2, peername/1]).
-export([wrap/3, setopts/2, recv_data/2, close/1, send/2, peername/1]).
-export_type([t/0]).

%%--------------------------------------------------------------------
%% API
%%--------------------------------------------------------------------

-spec wrap(gen_tcp:socket(), #{tls := just_tls:options()}) -> {ok, t()} | {error, any()}.
wrap(Socket, ConnOpts) ->
wrap(Socket, ConnOpts, #{}).

-spec wrap(gen_tcp:socket(), #{tls := just_tls:options()}, ExtraOpts :: map()) ->
{ok, t()} | {error, any()}.
wrap(Socket, #{tls := Opts}, ExtraOpts) ->
PreparedOpts = maps:merge(Opts, ExtraOpts),
case just_tls:tcp_to_tls(Socket, PreparedOpts) of
{ok, TLSSocket} -> {ok, #?MODULE{transport = just_tls, socket = TLSSocket}};
-spec wrap(gen_tcp:socket(), #{tls := just_tls:options()}, client | server) ->
{ok, t()} | {error, any()}.
wrap(Socket, #{tls := Opts}, ClientOrServer) ->
inet:setopts(Socket, [{active, false}]),
case just_tls:tcp_to_tls(Socket, Opts, ClientOrServer) of
{ok, TLSSocket} -> {ok, #?MODULE{transport = ssl, socket = TLSSocket}};
Error -> Error
end;
wrap(Socket, #{}, _ExtraOpts) ->
Expand All @@ -49,32 +45,32 @@ wrap(Socket, #{}, _ExtraOpts) ->
-spec setopts(t(), Opts :: proplists:proplist()) -> ok | {error, term()}.
setopts(#?MODULE{transport = gen_tcp, socket = Socket}, Opts) ->
inet:setopts(Socket, Opts);
setopts(#?MODULE{transport = just_tls, socket = Socket}, Opts) ->
just_tls:setopts(Socket, Opts).
setopts(#?MODULE{transport = ssl, socket = Socket}, Opts) ->
ssl:setopts(Socket, Opts).

-spec recv_data(t(), Data :: binary()) -> {ok, binary()} | {error, any()}.
recv_data(#?MODULE{transport = gen_tcp}, Data) ->
{ok, Data};
recv_data(#?MODULE{transport = just_tls}, Data) ->
recv_data(#?MODULE{transport = ssl}, Data) ->
{ok, Data}.

-spec close(t()) -> ok | {error, any()}.
close(#?MODULE{transport = gen_tcp, socket = Socket}) ->
gen_tcp:close(Socket);
close(#?MODULE{transport = just_tls, socket = Socket}) ->
just_tls:close(Socket).
close(#?MODULE{transport = ssl, socket = Socket}) ->
ssl:close(Socket).

-spec send(t(), Data :: binary()) -> ok | {error, any()}.
send(#?MODULE{transport = gen_tcp, socket = Socket}, Data) ->
gen_tcp:send(Socket, Data);
send(#?MODULE{transport = just_tls, socket = Socket}, Data) ->
just_tls:send(Socket, Data).
send(#?MODULE{transport = ssl, socket = Socket}, Data) ->
ssl:send(Socket, Data).

-spec peername(t()) -> mongoose_transport:peer() | unknown.
peername(#?MODULE{transport = gen_tcp, socket = Socket}) ->
normalize_peername(inet:peername(Socket));
peername(#?MODULE{transport = just_tls, socket = Socket}) ->
normalize_peername(just_tls:peername(Socket)).
peername(#?MODULE{transport = ssl, socket = Socket}) ->
normalize_peername(ssl:peername(Socket)).

-spec normalize_peername({ok, mongoose_transport:peer()} | any()) ->
mongoose_transport:peer() | unknown.
Expand Down
62 changes: 12 additions & 50 deletions src/just_tls.erl
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,12 @@
%% All modules implementing this behaviour have to support the mandatory 'verify_mode' option.
%% Other options should be supported if the implementing module supports it.
-type options() :: #{module => module(),
connect => boolean(), % set to 'true' for a client-side call to tcp_to_tls/2
verify_mode := peer | selfsigned_peer | none,
mode => tls | starttls | starttls_required, % only ejabberd_s2s_out doesn't use it (yet)
certfile => string(),
cacertfile => string(),
ciphers => string(),
dhfile => string(), % server-only

%% only for just_tls
disconnect_on_failure => boolean(),
keyfile => string(),
password => string(),
Expand All @@ -36,18 +33,9 @@
protocol := default | https,
host => string()}.

-record(tls_socket, {verify_results = [],
ssl_socket
}).

-type tls_socket() :: #tls_socket{}.
-export_type([options/0, tls_socket/0, cert/0]).
-export_type([options/0, cert/0]).

-export([tcp_to_tls/2,
send/2,
peername/1,
setopts/2,
close/1]).
-export([tcp_to_tls/3]).

% API
-export([receive_verify_results/0, error_to_list/1,
Expand All @@ -57,42 +45,16 @@
%% APIs
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

-spec tcp_to_tls(inet:socket(), options()) ->
{ok, tls_socket()} | {error, any()}.
tcp_to_tls(TCPSocket, Options) ->
inet:setopts(TCPSocket, [{active, false}]),
Ret = case Options of
#{connect := true} ->
% Currently unused as ejabberd_s2s_out uses fast_tls,
% and outgoing pools use Erlang SSL directly
SSLOpts = format_opts(Options, client),
ssl:connect(TCPSocket, SSLOpts, 5000);
#{} ->
SSLOpts = format_opts(Options, server),
ssl:handshake(TCPSocket, SSLOpts, 5000)
end,
VerifyResults = receive_verify_results(),
case Ret of
{ok, SSLSocket} ->
{ok, #tls_socket{ssl_socket = SSLSocket, verify_results = VerifyResults}};
_ -> Ret
end.

-spec send(tls_socket(), binary()) -> ok | {error, any()}.
send(#tls_socket{ssl_socket = SSLSocket}, Packet) ->
ssl:send(SSLSocket, Packet).

-spec peername(tls_socket()) -> {ok, mongoose_transport:peer()} | {error, any()}.
peername(#tls_socket{ssl_socket = SSLSocket}) ->
ssl:peername(SSLSocket).

-spec setopts(tls_socket(), Opts :: list()) -> ok | {error, any()}.
setopts(#tls_socket{ssl_socket = SSLSocket}, Opts) ->
ssl:setopts(SSLSocket, Opts).

-spec close(tls_socket()) -> ok | {error, _}.
close(#tls_socket{ssl_socket = SSLSocket}) ->
ssl:close(SSLSocket).
-spec tcp_to_tls(inet:socket(), options(), client | server) ->
{ok, ssl:sslsocket()} | {error, any()}.
tcp_to_tls(Socket, Opts, client) ->
TlsOpts = format_opts(Opts, client),
inet:setopts(Socket, [{active, false}]),
ssl:connect(Socket, TlsOpts, 5000);
tcp_to_tls(Socket, Opts, server) ->
TlsOpts = format_opts(Opts, server),
inet:setopts(Socket, [{active, false}]),
ssl:handshake(Socket, TlsOpts, 5000).

%% @doc Prepare SSL options for direct use of ssl:connect/2 (client side)
-spec make_client_opts(options()) -> [ssl:tls_option()].
Expand Down
28 changes: 14 additions & 14 deletions src/s2s/mongoose_s2s_socket_out.erl
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@

-export_type([socket_data/0]).

-type socket_module() :: gen_tcp | just_tls.
-type socket() :: gen_tcp:socket() | just_tls:tls_socket().
-type socket_module() :: gen_tcp | ssl.
-type socket() :: gen_tcp:socket() | ssl:sslsocket().

-record(socket_data, {sockmod = gen_tcp :: socket_module(),
socket :: term(),
Expand Down Expand Up @@ -102,7 +102,7 @@ close(#socket_data{receiver = Receiver}) ->

-spec connect_tls(socket_data(), just_tls:options()) -> socket_data().
connect_tls(#socket_data{receiver = Receiver} = SocketData, TLSOpts) ->
tcp_to_tls(Receiver, TLSOpts#{connect => true}),
tcp_to_tls(Receiver, TLSOpts),
update_socket(SocketData).

-spec send_text(socket_data(), binary()) -> ok.
Expand Down Expand Up @@ -163,10 +163,10 @@ init({Socket, Shaper, Opts}) ->
hibernate_after = HibernateAfter}}.

handle_call({tcp_to_tls, TLSOpts}, _From, #state{socket = TCPSocket} = State0) ->
case just_tls:tcp_to_tls(TCPSocket, TLSOpts) of
case just_tls:tcp_to_tls(TCPSocket, TLSOpts, client) of
{ok, TLSSocket} ->
State1 = reset_parser(State0),
State2 = State1#state{socket = TLSSocket, sockmod = just_tls},
State2 = State1#state{socket = TLSSocket, sockmod = ssl},
activate_socket(State2),
{reply, ok, State2, hibernate_or_timeout(State2)};
{error, Reason} ->
Expand All @@ -192,7 +192,7 @@ handle_cast(_Msg, State) ->
handle_info({tcp, _TCPSocket, Data}, #state{sockmod = gen_tcp} = State) ->
NewState = process_data(Data, State),
{noreply, NewState, hibernate_or_timeout(NewState)};
handle_info({ssl, _TCPSocket, Data}, #state{sockmod = just_tls} = State) ->
handle_info({ssl, _TCPSocket, Data}, #state{sockmod = ssl} = State) ->
NewState = process_data(Data, State),
{noreply, NewState, hibernate_or_timeout(NewState)};
handle_info({Tag, _Socket}, State) when Tag == tcp_closed; Tag == ssl_closed ->
Expand Down Expand Up @@ -241,7 +241,7 @@ tcp_to_tls(Receiver, TLSOpts) ->
update_socket(#socket_data{receiver = Receiver} = SocketData) ->
case gen_server_call_or_noproc(Receiver, get_socket) of
{ok, TLSSocket} ->
SocketData#socket_data{socket = TLSSocket, sockmod = just_tls};
SocketData#socket_data{socket = TLSSocket, sockmod = ssl};
{error, E} ->
exit({invalid_socket_after_upgrade_to_tls, E})
end.
Expand Down Expand Up @@ -272,9 +272,9 @@ activate_socket(#state{socket = Socket, sockmod = gen_tcp}) ->
inet:setopts(Socket, [{active, once}]),
PeerName = inet:peername(Socket),
resolve_peername(PeerName, Socket);
activate_socket(#state{socket = Socket, sockmod = just_tls}) ->
just_tls:setopts(Socket, [{active, once}]),
PeerName = just_tls:peername(Socket),
activate_socket(#state{socket = Socket, sockmod = ssl}) ->
ssl:setopts(Socket, [{active, once}]),
PeerName = ssl:peername(Socket),
resolve_peername(PeerName, Socket).

resolve_peername({ok, _}, _Socket) ->
Expand Down Expand Up @@ -319,11 +319,11 @@ wrap_xml(E) ->
sockmod := socket_module()}) -> ok.
update_transport_metrics(Data, #{direction := in, sockmod := gen_tcp}) ->
mongoose_instrument:execute(tcp_data_in, #{connection_type => s2s}, #{byte_size => byte_size(Data)});
update_transport_metrics(Data, #{direction := in, sockmod := just_tls}) ->
update_transport_metrics(Data, #{direction := in, sockmod := ssl}) ->
mongoose_instrument:execute(tls_data_in, #{connection_type => s2s}, #{byte_size => byte_size(Data)});
update_transport_metrics(Data, #{direction := out, sockmod := gen_tcp}) ->
mongoose_instrument:execute(tcp_data_out, #{connection_type => s2s}, #{byte_size => byte_size(Data)});
update_transport_metrics(Data, #{direction := out, sockmod := just_tls}) ->
update_transport_metrics(Data, #{direction := out, sockmod := ssl}) ->
mongoose_instrument:execute(tls_data_out, #{connection_type => s2s}, #{byte_size => byte_size(Data)}).

-spec maybe_pause(Delay :: non_neg_integer(), state()) -> any().
Expand Down Expand Up @@ -382,5 +382,5 @@ shutdown_socket_and_wait_for_peer_to_close(Socket, gen_tcp) ->
%% with the network but we want to maximise the odds that
%% peer application gets all data sent on the tcp connection.
gen_tcp:recv(Socket, 0, 30000);
shutdown_socket_and_wait_for_peer_to_close(Socket, just_tls) ->
just_tls:close(Socket).
shutdown_socket_and_wait_for_peer_to_close(Socket, ssl) ->
ssl:close(Socket).

0 comments on commit e3dcc31

Please sign in to comment.