Now we can override domain certificate for TLS endpoint

MyJetTools · Jul 11, 2024 · 6a50c67 · 6a50c67
1 parent 3bf5c2a
commit 6a50c67
Show file tree

Hide file tree

Showing 13 changed files with 62 additions and 34 deletions.
diff --git a/src/app_configuration/proxy_pass_location_config.rs b/src/app_configuration/proxy_pass_location_config.rs
@@ -17,6 +17,7 @@ pub struct ProxyPassLocationConfig {
     pub modify_headers: Option<ModifyHttpHeadersSettings>,
     pub whitelisted_ip: WhiteListedIpList,
     pub remote_type: HttpType,
+    pub domain_name: Option<String>,
     proxy_pass_to: ProxyPassTo,
 }
 
@@ -27,6 +28,7 @@ impl ProxyPassLocationConfig {
         modify_headers: Option<ModifyHttpHeadersSettings>,
         whitelisted_ip: WhiteListedIpList,
         proxy_pass_to: ProxyPassTo,
+        domain_name: Option<String>,
         remote_type: HttpType,
     ) -> Self {
         Self {
@@ -36,6 +38,7 @@ impl ProxyPassLocationConfig {
             whitelisted_ip,
             proxy_pass_to,
             remote_type,
+            domain_name,
         }
     }
     pub fn get_proxy_pass_to_as_string(&self) -> String {

diff --git a/src/http_client/connect_to_tls_endpoint.rs b/src/http_client/connect_to_tls_endpoint.rs
@@ -13,22 +13,36 @@ use super::HttpClientError;
 
 pub async fn connect_to_tls_endpoint(
     remote_host: &RemoteHost,
+    domain_name: &Option<String>,
 ) -> Result<SendRequest<Full<Bytes>>, HttpClientError> {
     use tokio_rustls::rustls::pki_types::ServerName;
 
     let connect_result = TcpStream::connect(remote_host.get_host_port()).await;
 
+    println!(
+        "Connecting to TLS remote host: {}",
+        remote_host.get_host_port(),
+    );
     match connect_result {
         Ok(tcp_stream) => {
             let config = tokio_rustls::rustls::ClientConfig::builder()
                 .with_root_certificates(ROOT_CERT_STORE.clone())
                 .with_no_client_auth();
 
             let connector = tokio_rustls::TlsConnector::from(Arc::new(config));
+            let domain = if let Some(domain_name) = domain_name {
+                ServerName::try_from(domain_name.to_string()).unwrap()
+            } else {
+                ServerName::try_from(remote_host.get_host().to_string()).unwrap()
+            };
 
-            let domain = ServerName::try_from(remote_host.get_host().to_string()).unwrap();
+            println!("TLS Domain Name: {:?}", domain);
 
-            let tls_stream = connector.connect(domain, tcp_stream).await?;
+            let tls_stream = connector
+                .connect_with(domain, tcp_stream, |itm| {
+                    println!("Debugging: {:?}", itm.alpn_protocol());
+                })
+                .await?;
 
             let io = TokioIo::new(tls_stream);
 
@@ -38,6 +52,7 @@ pub async fn connect_to_tls_endpoint(
                 Ok((mut sender, conn)) => {
                     let host_port = remote_host.to_string();
                     tokio::task::spawn(async move {
+                        println!("Connected to TLS remote host: {}", host_port,);
                         if let Err(err) = conn.await {
                             println!(
                                 "Https Connection to https://{} is failed: {:?}",
@@ -51,6 +66,11 @@ pub async fn connect_to_tls_endpoint(
                     return Ok(sender);
                 }
                 Err(err) => {
+                    println!(
+                        "Can not connect to TLS remote host: {}. Err: {}",
+                        remote_host.get_host_port(),
+                        err
+                    );
                     return Err(HttpClientError::InvalidHttp1HandShake(format!("{}", err)));
                 }
             }

diff --git a/src/http_client/http1_client.rs b/src/http_client/http1_client.rs
@@ -15,8 +15,11 @@ pub struct Http1Client {
 }
 
 impl Http1Client {
-    pub async fn connect(remote_host: &RemoteHost) -> Result<Self, HttpClientError> {
-        let send_request = Self::connect_to_http(remote_host).await?;
+    pub async fn connect(
+        remote_host: &RemoteHost,
+        domain_name: &Option<String>,
+    ) -> Result<Self, HttpClientError> {
+        let send_request = Self::connect_to_http(remote_host, domain_name).await?;
 
         let result = Self {
             send_request,
@@ -44,9 +47,10 @@ impl Http1Client {
 
     async fn connect_to_http(
         remote_host: &RemoteHost,
+        domain_name: &Option<String>,
     ) -> Result<SendRequest<Full<Bytes>>, HttpClientError> {
         if remote_host.is_https() {
-            let future = super::connect_to_tls_endpoint(remote_host);
+            let future = super::connect_to_tls_endpoint(remote_host, domain_name);
 
             let result = tokio::time::timeout(HTTP_CLIENT_TIMEOUT, future).await;
 

diff --git a/src/http_client/http2_client_connection.rs b/src/http_client/http2_client_connection.rs
diff --git a/src/http_client/http_client.rs b/src/http_client/http_client.rs
@@ -60,10 +60,24 @@ impl HttpClient {
     pub async fn connect_to_http1(
         &mut self,
         remote_host: &RemoteHost,
+        domain_name: &Option<String>,
     ) -> Result<(), HttpClientError> {
-        let client = Http1Client::connect(remote_host).await?;
-        *self = Self::Http(client);
-        Ok(())
+        let connect_result = Http1Client::connect(remote_host, domain_name).await;
+
+        match connect_result {
+            Ok(client) => {
+                *self = Self::Http(client);
+                Ok(())
+            }
+            Err(err) => {
+                println!(
+                    "Can not connect to remote port: {}. Err:{:?}",
+                    remote_host.get_host_port(),
+                    err
+                );
+                Err(err)
+            }
+        }
     }
 
     pub async fn connect_to_http1_over_ssh(

diff --git a/src/http_client/mod.rs b/src/http_client/mod.rs
@@ -6,15 +6,11 @@ mod error;
 pub use error::*;
 mod connect_to_tls_endpoint;
 pub use connect_to_tls_endpoint::*;
-//mod http1_client_connection;
 
-//pub use http1_client_connection::*;
 mod connect_to_http_over_ssh;
 pub use connect_to_http_over_ssh::*;
 mod connect_to_http2_endpoint;
 pub use connect_to_http2_endpoint::*;
-//mod http2_client_connection;
-//pub use http2_client_connection::*;
 mod http2_client;
 pub use http2_client::*;
 mod http_client;

diff --git a/src/http_content_source/remote_http_content_src.rs b/src/http_content_source/remote_http_content_src.rs
@@ -40,6 +40,7 @@ impl RemoteHttpContentSource {
     pub async fn connect_if_require(
         &mut self,
         app: &AppContext,
+        domain_name: &Option<String>,
         debug: bool,
     ) -> Result<(), ProxyPassError> {
         if self.http_client.has_connection() {
@@ -51,7 +52,7 @@ impl RemoteHttpContentSource {
                 if debug {
                     println!("Connecting to Http remote endpoint: {:?}", uri);
                 }
-                self.http_client.connect_to_http1(uri).await?;
+                self.http_client.connect_to_http1(uri, domain_name).await?;
             }
 
             HttpProxyPassRemoteEndpoint::Http2(uri) => {

diff --git a/src/http_proxy_pass/http_proxy_pass.rs b/src/http_proxy_pass/http_proxy_pass.rs
@@ -351,7 +351,7 @@ impl HttpProxyPass {
                         if dispose_connection {
                             remote_http_content_source.dispose();
                             remote_http_content_source
-                                .connect_if_require(app, debug)
+                                .connect_if_require(app, &location.config.domain_name, debug)
                                 .await?;
                         }
                     }

diff --git a/src/http_proxy_pass/http_proxy_pass_content_source.rs b/src/http_proxy_pass/http_proxy_pass_content_source.rs
@@ -29,11 +29,14 @@ impl HttpProxyPassContentSource {
     pub async fn connect_if_require(
         &mut self,
         app: &AppContext,
+        domain_name: &Option<String>,
         debug: bool,
     ) -> Result<(), ProxyPassError> {
         match self {
             Self::Http(remote_http_location) => {
-                return remote_http_location.connect_if_require(app, debug).await;
+                return remote_http_location
+                    .connect_if_require(app, domain_name, debug)
+                    .await;
             }
 
             Self::LocalPath(_) => return Ok(()),

diff --git a/src/http_proxy_pass/proxy_pass_location.rs b/src/http_proxy_pass/proxy_pass_location.rs
@@ -48,6 +48,8 @@ impl ProxyPassLocation {
         app: &AppContext,
         debug: bool,
     ) -> Result<(), ProxyPassError> {
-        self.content_source.connect_if_require(app, debug).await
+        self.content_source
+            .connect_if_require(app, &self.config.domain_name, debug)
+            .await
     }
 }
diff --git a/src/settings/end_point_settings.rs b/src/settings/end_point_settings.rs
@@ -423,6 +423,7 @@ fn convert_to_http_locations(
                 location_settings.modify_http_headers.clone(),
                 whitelisted_ip,
                 location_settings.get_proxy_pass(host.as_str(), variables, ssh_configs)?,
+                location_settings.domain_name.clone(),
                 location_settings.get_type(),
             )
             .into(),

diff --git a/src/settings/location_settings.rs b/src/settings/location_settings.rs
@@ -15,6 +15,7 @@ pub struct LocationSettings {
     pub proxy_pass_to: String,
     #[serde(rename = "type")]
     pub location_type: Option<String>,
+    pub domain_name: Option<String>,
     pub modify_http_headers: Option<ModifyHttpHeadersSettings>,
     pub default_file: Option<String>,
     pub status_code: Option<u16>,

diff --git a/src/settings/settings.rs b/src/settings/settings.rs
@@ -265,6 +265,7 @@ mod tests {
                     body: None,
                     content_type: None,
                     whitelisted_ip: None,
+                    domain_name: None,
                 }],
             },
         );