refactor(ext/tls): Implement required functionality for later SNI support (#23686)

Precursor to #23236 This implements the SNI features, but uses private symbols to avoid exposing the functionality at this time. Note that to properly test this feature, we need to add a way for `connectTls` to specify a hostname. This is something that should be pushed into that API at a later time as well. ```ts Deno.test( { permissions: { net: true, read: true } }, async function listenResolver() { let sniRequests = []; const listener = Deno.listenTls({ hostname: "localhost", port: 0, [resolverSymbol]: (sni: string) => { sniRequests.push(sni); return { cert, key, }; }, }); { const conn = await Deno.connectTls({ hostname: "localhost", [serverNameSymbol]: "server-1", port: listener.addr.port, }); const [_handshake, serverConn] = await Promise.all([ conn.handshake(), listener.accept(), ]); conn.close(); serverConn.close(); } { const conn = await Deno.connectTls({ hostname: "localhost", [serverNameSymbol]: "server-2", port: listener.addr.port, }); const [_handshake, serverConn] = await Promise.all([ conn.handshake(), listener.accept(), ]); conn.close(); serverConn.close(); } assertEquals(sniRequests, ["server-1", "server-2"]); listener.close(); }, ); ``` --------- Signed-off-by: Matt Mastracci <matthew@mastracci.com>
author: Matt Mastracci <matthew@mastracci.com> 2024-05-09 10:54:47 -0600
committer: GitHub <noreply@github.com> 2024-05-09 10:54:47 -0600
commit: 684377c92c88877d97c522bcc4cd6a4175277dfb (patch)
tree: 192e84a3f3daceb5bd47d787eedba32416dcba3c /ext/fetch/lib.rs
parent: dc29986ae591425f4a653a7155d41d75fbf7931a (diff)
1 files changed, 11 insertions, 11 deletions
diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs
index 3e43370d3..21ca04027 100644
--- a/ext/fetch/lib.rs
+++ b/ext/fetch/lib.rs
@@ -46,6 +46,7 @@ use deno_tls::RootCertStoreProvider;
 use data_url::DataUrl;
 use deno_tls::TlsKey;
 use deno_tls::TlsKeys;
+use deno_tls::TlsKeysHolder;
 use http_v02::header::CONTENT_LENGTH;
 use http_v02::Uri;
 use reqwest::header::HeaderMap;
@@ -80,7 +81,7 @@ pub struct Options {
   pub request_builder_hook:
     Option<fn(RequestBuilder) -> Result<RequestBuilder, AnyError>>,
   pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
-  pub client_cert_chain_and_key: Option<TlsKey>,
+  pub client_cert_chain_and_key: TlsKeys,
   pub file_fetch_handler: Rc<dyn FetchHandler>,
 }
 
@@ -101,7 +102,7 @@ impl Default for Options {
       proxy: None,
       request_builder_hook: None,
       unsafely_ignore_certificate_errors: None,
-      client_cert_chain_and_key: None,
+      client_cert_chain_and_key: TlsKeys::Null,
       file_fetch_handler: Rc::new(DefaultFileFetchHandler),
     }
   }
@@ -205,7 +206,11 @@ pub fn create_client_from_options(
       unsafely_ignore_certificate_errors: options
         .unsafely_ignore_certificate_errors
         .clone(),
-      client_cert_chain_and_key: options.client_cert_chain_and_key.clone(),
+      client_cert_chain_and_key: options
+        .client_cert_chain_and_key
+        .clone()
+        .try_into()
+        .unwrap_or_default(),
       pool_max_idle_per_host: None,
       pool_idle_timeout: None,
       http1: true,
@@ -821,7 +826,7 @@ fn default_true() -> bool {
 pub fn op_fetch_custom_client<FP>(
   state: &mut OpState,
   #[serde] args: CreateHttpClientArgs,
-  #[cppgc] tls_keys: &deno_tls::TlsKeys,
+  #[cppgc] tls_keys: &TlsKeysHolder,
 ) -> Result<ResourceId, AnyError>
 where
   FP: FetchPermissions + 'static,
@@ -832,11 +837,6 @@ where
     permissions.check_net_url(&url, "Deno.createHttpClient()")?;
   }
 
-  let client_cert_chain_and_key = match tls_keys {
-    TlsKeys::Null => None,
-    TlsKeys::Static(key) => Some(key.clone()),
-  };
-
   let options = state.borrow::<Options>();
   let ca_certs = args
     .ca_certs
@@ -853,7 +853,7 @@ where
       unsafely_ignore_certificate_errors: options
         .unsafely_ignore_certificate_errors
         .clone(),
-      client_cert_chain_and_key,
+      client_cert_chain_and_key: tls_keys.take().try_into().unwrap(),
       pool_max_idle_per_host: args.pool_max_idle_per_host,
       pool_idle_timeout: args.pool_idle_timeout.and_then(
         |timeout| match timeout {
@@ -915,7 +915,7 @@ pub fn create_http_client(
     options.root_cert_store,
     options.ca_certs,
     options.unsafely_ignore_certificate_errors,
-    options.client_cert_chain_and_key,
+    options.client_cert_chain_and_key.into(),
     deno_tls::SocketUse::Http,
   )?;
author	Matt Mastracci <matthew@mastracci.com>	2024-05-09 10:54:47 -0600
committer	GitHub <noreply@github.com>	2024-05-09 10:54:47 -0600
commit	684377c92c88877d97c522bcc4cd6a4175277dfb (patch)
tree	192e84a3f3daceb5bd47d787eedba32416dcba3c /ext/fetch/lib.rs
parent	dc29986ae591425f4a653a7155d41d75fbf7931a (diff)