Userland: Convert TLS::TLSv12 to a Core::Stream::Socket

This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2025-07-25 19:17:44 +00:00 · 2022-02-02 19:21:55 +03:30 · 2022-02-02 19:21:55 +03:30 · aafc451016
commit aafc451016
parent 7a95c451a3
47 changed files with 841 additions and 1157 deletions
--- a/Userland/Libraries/LibHTTP/HttpsJob.cpp
+++ b/Userland/Libraries/LibHTTP/HttpsJob.cpp
@ -1,143 +1,17 @@
 /*
- * Copyright (c) 2020, the SerenityOS developers.
+ * Copyright (c) 2020-2022, the SerenityOS developers.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

 #include <AK/Debug.h>
-#include <LibCore/EventLoop.h>
-#include <LibHTTP/HttpResponse.h>
 #include <LibHTTP/HttpsJob.h>
-#include <LibTLS/TLSv12.h>
-#include <stdio.h>
-#include <unistd.h>

 namespace HTTP {

-void HttpsJob::start(NonnullRefPtr<Core::Socket> socket)
+void HttpsJob::set_certificate(String certificate, String key)
 {
-    VERIFY(!m_socket);
-    VERIFY(is<TLS::TLSv12>(*socket));
-
-    m_socket = static_ptr_cast<TLS::TLSv12>(socket);
-    m_socket->on_tls_error = [&](TLS::AlertDescription error) {
-        if (error == TLS::AlertDescription::HandshakeFailure) {
-            deferred_invoke([this] {
-                return did_fail(Core::NetworkJob::Error::ProtocolFailed);
-            });
-        } else if (error == TLS::AlertDescription::DecryptError) {
-            deferred_invoke([this] {
-                return did_fail(Core::NetworkJob::Error::ConnectionFailed);
-            });
-        } else {
-            deferred_invoke([this] {
-                return did_fail(Core::NetworkJob::Error::TransmissionFailed);
-            });
-        }
-    };
-    m_socket->on_tls_finished = [this] {
-        if (!m_has_scheduled_finish)
-            finish_up();
-    };
-    m_socket->on_tls_certificate_request = [this](auto&) {
-        if (on_certificate_requested)
-            on_certificate_requested(*this);
-    };
-    m_socket->set_idle(false);
-    if (m_socket->is_established()) {
-        dbgln_if(HTTPSJOB_DEBUG, "Reusing previous connection for {}", url());
-        deferred_invoke([this] { on_socket_connected(); });
-    } else {
-        dbgln_if(HTTPSJOB_DEBUG, "Creating a new connection for {}", url());
-        m_socket->set_root_certificates(m_override_ca_certificates ? *m_override_ca_certificates : DefaultRootCACertificates::the().certificates());
-        m_socket->on_tls_connected = [this] {
-            dbgln_if(HTTPSJOB_DEBUG, "HttpsJob: on_connected callback");
-            on_socket_connected();
-        };
-        bool success = ((TLS::TLSv12&)*m_socket).connect(m_request.url().host(), m_request.url().port_or_default());
-        if (!success) {
-            deferred_invoke([this] {
-                return did_fail(Core::NetworkJob::Error::ConnectionFailed);
-            });
-        }
-    }
-}
-
-void HttpsJob::shutdown(ShutdownMode mode)
-{
-    if (!m_socket)
-        return;
-    if (mode == ShutdownMode::CloseSocket) {
-        m_socket->close();
-    } else {
-        m_socket->on_tls_ready_to_read = nullptr;
-        m_socket->on_tls_connected = nullptr;
-        m_socket->set_on_tls_ready_to_write(nullptr);
-        m_socket->set_idle(true);
-        m_socket = nullptr;
-    }
-}
-
-void HttpsJob::set_certificate(String certificate, String private_key)
-{
-    if (!m_socket->add_client_key(certificate.bytes(), private_key.bytes())) {
-        dbgln("LibHTTP: Failed to set a client certificate");
-        // FIXME: Do something about this failure
-        VERIFY_NOT_REACHED();
-    }
-}
-
-void HttpsJob::read_while_data_available(Function<IterationDecision()> read)
-{
-    while (m_socket->can_read()) {
-        if (read() == IterationDecision::Break)
-            break;
-    }
-}
-
-void HttpsJob::register_on_ready_to_read(Function<void()> callback)
-{
-    m_socket->on_tls_ready_to_read = [callback = move(callback)](auto&) {
-        callback();
-    };
-}
-
-void HttpsJob::register_on_ready_to_write(Function<void()> callback)
-{
-    m_socket->set_on_tls_ready_to_write([callback = move(callback)](auto& tls) {
-        Core::deferred_invoke([&tls] { tls.set_on_tls_ready_to_write(nullptr); });
-        callback();
-    });
-}
-
-bool HttpsJob::can_read_line() const
-{
-    return m_socket->can_read_line();
-}
-
-String HttpsJob::read_line(size_t size)
-{
-    return m_socket->read_line(size);
-}
-
-ByteBuffer HttpsJob::receive(size_t size)
-{
-    return m_socket->read(size);
-}
-
-bool HttpsJob::can_read() const
-{
-    return m_socket->can_read();
-}
-
-bool HttpsJob::eof() const
-{
-    return m_socket->eof();
-}
-
-bool HttpsJob::write(ReadonlyBytes data)
-{
-    return m_socket->write(data);
+    m_received_client_certificates = TLS::TLSv12::parse_pem_certificate(certificate.bytes(), key.bytes());
 }

 }