chore: code formatting and cleanup

next
Gabriel Souza Franco 2021-04-16 12:18:22 -03:00
parent e73de2317e
commit 7faa021ff5
2 changed files with 89 additions and 81 deletions

View File

@ -1,16 +1,16 @@
use crate::{database::Config, utils, Error, Result}; use crate::{database::Config, utils, Error, Result};
use log::error; use log::{error, info};
use ruma::{ use ruma::{
api::federation::discovery::{ServerSigningKeys, VerifyKey}, api::federation::discovery::{ServerSigningKeys, VerifyKey},
ServerName, ServerSigningKeyId, ServerName, ServerSigningKeyId,
}; };
use rustls::{ServerCertVerifier, WebPKIVerifier};
use std::{ use std::{
collections::{BTreeMap, HashMap}, collections::{BTreeMap, HashMap},
sync::{Arc, RwLock}, sync::{Arc, RwLock},
time::Duration, time::Duration,
}; };
use trust_dns_resolver::TokioAsyncResolver; use trust_dns_resolver::TokioAsyncResolver;
use rustls::{ServerCertVerifier, WebPKIVerifier};
pub const COUNTER: &str = "c"; pub const COUNTER: &str = "c";
@ -42,21 +42,20 @@ impl ServerCertVerifier for MatrixServerVerifier {
dns_name: webpki::DNSNameRef<'_>, dns_name: webpki::DNSNameRef<'_>,
ocsp_response: &[u8], ocsp_response: &[u8],
) -> std::result::Result<rustls::ServerCertVerified, rustls::TLSError> { ) -> std::result::Result<rustls::ServerCertVerified, rustls::TLSError> {
let cache = self.tls_name_override.read().unwrap(); if let Some(override_name) = self.tls_name_override.read().unwrap().get(dns_name.into()) {
log::debug!("Searching for override for {:?}", dns_name); let result = self.inner.verify_server_cert(
log::debug!("Cache: {:?}", cache); roots,
let override_name = match cache.get(dns_name.into()) { presented_certs,
Some(host) => { override_name.as_ref(),
log::debug!("Override found! {:?}", host); ocsp_response,
host.as_ref() );
}, if result.is_ok() {
None => dns_name return result;
}; }
info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name);
self.inner.verify_server_cert(roots, presented_certs, override_name, ocsp_response).or_else(|_| { }
log::warn!("Server is non-compliant, retrying with original name!"); self.inner
self.inner.verify_server_cert(roots, presented_certs, dns_name, ocsp_response) .verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
})
} }
} }
@ -101,10 +100,14 @@ impl Globals {
}; };
let tls_name_override = Arc::new(RwLock::new(TlsNameMap::new())); let tls_name_override = Arc::new(RwLock::new(TlsNameMap::new()));
let verifier = Arc::new(MatrixServerVerifier { inner: WebPKIVerifier::new(), tls_name_override: tls_name_override.clone() }); let verifier = Arc::new(MatrixServerVerifier {
inner: WebPKIVerifier::new(),
tls_name_override: tls_name_override.clone(),
});
let mut tlsconfig = rustls::ClientConfig::new(); let mut tlsconfig = rustls::ClientConfig::new();
tlsconfig.dangerous().set_certificate_verifier(verifier); tlsconfig.dangerous().set_certificate_verifier(verifier);
tlsconfig.root_store = rustls_native_certs::load_native_certs().expect("Error loading system certificates"); tlsconfig.root_store =
rustls_native_certs::load_native_certs().expect("Error loading system certificates");
let reqwest_client = reqwest::Client::builder() let reqwest_client = reqwest::Client::builder()
.connect_timeout(Duration::from_secs(30)) .connect_timeout(Duration::from_secs(30))

View File

@ -46,13 +46,13 @@ use std::{
use rocket::{get, post, put}; use rocket::{get, post, put};
#[derive(Clone, Debug, PartialEq)] #[derive(Clone, Debug, PartialEq)]
enum FederationDestination { enum FedDest {
Literal(SocketAddr), Literal(SocketAddr),
Named(String, String), Named(String, String),
} }
impl FederationDestination { impl FedDest {
fn into_url(self) -> String { fn into_https_url(self) -> String {
match self { match self {
Self::Literal(addr) => format!("https://{}", addr), Self::Literal(addr) => format!("https://{}", addr),
Self::Named(host, port) => format!("https://{}{}", host, port), Self::Named(host, port) => format!("https://{}{}", host, port),
@ -69,7 +69,7 @@ impl FederationDestination {
fn host(&self) -> String { fn host(&self) -> String {
match &self { match &self {
Self::Literal(addr) => addr.ip().to_string(), Self::Literal(addr) => addr.ip().to_string(),
Self::Named(host, _) => host.clone() Self::Named(host, _) => host.clone(),
} }
} }
} }
@ -99,13 +99,13 @@ where
} else { } else {
let result = find_actual_destination(globals, &destination).await; let result = find_actual_destination(globals, &destination).await;
let (actual_destination, host) = result.clone(); let (actual_destination, host) = result.clone();
let result = (result.0.into_url(), result.1.into_uri()); let result = (result.0.into_https_url(), result.1.into_uri());
globals globals
.actual_destination_cache .actual_destination_cache
.write() .write()
.unwrap() .unwrap()
.insert(Box::<ServerName>::from(destination), result.clone()); .insert(Box::<ServerName>::from(destination), result.clone());
if actual_destination != host { if actual_destination.host() != host.host() {
globals.tls_name_override.write().unwrap().insert( globals.tls_name_override.write().unwrap().insert(
actual_destination.host(), actual_destination.host(),
webpki::DNSNameRef::try_from_ascii_str(&host.host()) webpki::DNSNameRef::try_from_ascii_str(&host.host())
@ -241,23 +241,23 @@ where
} }
#[tracing::instrument] #[tracing::instrument]
fn get_ip_with_port(destination_str: &str) -> Option<FederationDestination> { fn get_ip_with_port(destination_str: &str) -> Option<FedDest> {
if let Ok(destination) = destination_str.parse::<SocketAddr>() { if let Ok(destination) = destination_str.parse::<SocketAddr>() {
Some(FederationDestination::Literal(destination)) Some(FedDest::Literal(destination))
} else if let Ok(ip_addr) = destination_str.parse::<IpAddr>() { } else if let Ok(ip_addr) = destination_str.parse::<IpAddr>() {
Some(FederationDestination::Literal(SocketAddr::new(ip_addr, 8448))) Some(FedDest::Literal(SocketAddr::new(ip_addr, 8448)))
} else { } else {
None None
} }
} }
#[tracing::instrument] #[tracing::instrument]
fn add_port_to_hostname(destination_str: &str) -> FederationDestination { fn add_port_to_hostname(destination_str: &str) -> FedDest {
let (host, port) = match destination_str.find(':') { let (host, port) = match destination_str.find(':') {
None => (destination_str, ":8448"), None => (destination_str, ":8448"),
Some(pos) => destination_str.split_at(pos), Some(pos) => destination_str.split_at(pos),
}; };
FederationDestination::Named(host.to_string(), port.to_string()) FedDest::Named(host.to_string(), port.to_string())
} }
/// Returns: actual_destination, host header /// Returns: actual_destination, host header
@ -267,65 +267,66 @@ fn add_port_to_hostname(destination_str: &str) -> FederationDestination {
async fn find_actual_destination( async fn find_actual_destination(
globals: &crate::database::globals::Globals, globals: &crate::database::globals::Globals,
destination: &'_ ServerName, destination: &'_ ServerName,
) -> (FederationDestination, FederationDestination) { ) -> (FedDest, FedDest) {
let destination_str = destination.as_str().to_owned(); let destination_str = destination.as_str().to_owned();
let mut hostname = destination_str.clone(); let mut hostname = destination_str.clone();
let actual_destination = match get_ip_with_port(&destination_str) { let actual_destination = match get_ip_with_port(&destination_str) {
Some(host_port) => { Some(host_port) => {
// 1: IP literal with provided or default port // 1: IP literal with provided or default port
host_port host_port
} }
None => { None => {
if let Some(pos) = destination_str.find(':') { if let Some(pos) = destination_str.find(':') {
// 2: Hostname with included port // 2: Hostname with included port
let (host, port) = destination_str.split_at(pos); let (host, port) = destination_str.split_at(pos);
FederationDestination::Named(host.to_string(), port.to_string()) FedDest::Named(host.to_string(), port.to_string())
} else { } else {
match request_well_known(globals, &destination.as_str()).await { match request_well_known(globals, &destination.as_str()).await {
// 3: A .well-known file is available // 3: A .well-known file is available
Some(delegated_hostname) => { Some(delegated_hostname) => {
hostname = delegated_hostname.clone(); hostname = delegated_hostname.clone();
match get_ip_with_port(&delegated_hostname) { match get_ip_with_port(&delegated_hostname) {
Some(host_and_port) => host_and_port, // 3.1: IP literal in .well-known file Some(host_and_port) => host_and_port, // 3.1: IP literal in .well-known file
None => { None => {
if let Some(pos) = destination_str.find(':') { if let Some(pos) = destination_str.find(':') {
// 3.2: Hostname with port in .well-known file // 3.2: Hostname with port in .well-known file
let (host, port) = destination_str.split_at(pos); let (host, port) = destination_str.split_at(pos);
FederationDestination::Named(host.to_string(), port.to_string()) FedDest::Named(host.to_string(), port.to_string())
} else { } else {
match query_srv_record(globals, &delegated_hostname).await { match query_srv_record(globals, &delegated_hostname).await {
// 3.3: SRV lookup successful // 3.3: SRV lookup successful
Some(hostname) => hostname, Some(hostname) => hostname,
// 3.4: No SRV records, just use the hostname from .well-known // 3.4: No SRV records, just use the hostname from .well-known
None => add_port_to_hostname(&delegated_hostname), None => add_port_to_hostname(&delegated_hostname),
}
} }
} }
} }
} }
// 4: No .well-known or an error occured }
None => { // 4: No .well-known or an error occured
match query_srv_record(globals, &destination_str).await { None => {
// 4: SRV record found match query_srv_record(globals, &destination_str).await {
Some(hostname) => hostname, // 4: SRV record found
// 5: No SRV record found Some(hostname) => hostname,
None => add_port_to_hostname(&destination_str), // 5: No SRV record found
} None => add_port_to_hostname(&destination_str),
} }
} }
} }
} }
};
let hostname = get_ip_with_port(&hostname).unwrap_or_else(|| {
match hostname.find(':') {
Some(pos) => {
let (host, port) = hostname.split_at(pos);
FederationDestination::Named(host.to_string(), port.to_string())
}
None => FederationDestination::Named(hostname, "".to_string())
} }
}); };
let hostname = if let Ok(addr) = hostname.parse::<SocketAddr>() {
FedDest::Literal(addr)
} else if let Ok(addr) = hostname.parse::<IpAddr>() {
FedDest::Named(addr.to_string(), "".to_string())
} else if let Some(pos) = hostname.find(':') {
let (host, port) = hostname.split_at(pos);
FedDest::Named(host.to_string(), port.to_string())
} else {
FedDest::Named(hostname, "".to_string())
};
(actual_destination, hostname) (actual_destination, hostname)
} }
@ -333,16 +334,20 @@ async fn find_actual_destination(
async fn query_srv_record( async fn query_srv_record(
globals: &crate::database::globals::Globals, globals: &crate::database::globals::Globals,
hostname: &'_ str, hostname: &'_ str,
) -> Option<FederationDestination> { ) -> Option<FedDest> {
if let Ok(Some(host_port)) = globals if let Ok(Some(host_port)) = globals
.dns_resolver() .dns_resolver()
.srv_lookup(format!("_matrix._tcp.{}", hostname)) .srv_lookup(format!("_matrix._tcp.{}", hostname))
.await .await
.map(|srv| { .map(|srv| {
srv.iter().next().map(|result| { srv.iter().next().map(|result| {
FederationDestination::Named( FedDest::Named(
result.target().to_string().trim_end_matches('.').to_string(), result
format!(":{}", result.port()) .target()
.to_string()
.trim_end_matches('.')
.to_string(),
format!(":{}", result.port()),
) )
}) })
}) })