1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;
use std::task::{Context, Poll};
use std::{fmt, io};

use hyper::{client::connect::Connection, service::Service, Uri};
use tokio::io::{AsyncRead, AsyncWrite};
use tokio_rustls::TlsConnector;

use crate::stream::MaybeHttpsStream;

pub(crate) mod builder;

type BoxError = Box<dyn std::error::Error + Send + Sync>;

/// A Connector for the `https` scheme.
#[derive(Clone)]
pub struct HttpsConnector<T> {
    force_https: bool,
    http: T,
    tls_config: Arc<rustls::ClientConfig>,
    override_server_name: Option<String>,
}

impl<T> HttpsConnector<T> {
    /// Force the use of HTTPS when connecting.
    ///
    /// If a URL is not `https` when connecting, an error is returned.
    pub fn enforce_https(&mut self) {
        self.force_https = true;
    }
}

impl<T> fmt::Debug for HttpsConnector<T> {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        f.debug_struct("HttpsConnector")
            .field("force_https", &self.force_https)
            .finish()
    }
}

impl<H, C> From<(H, C)> for HttpsConnector<H>
where
    C: Into<Arc<rustls::ClientConfig>>,
{
    fn from((http, cfg): (H, C)) -> Self {
        Self {
            force_https: false,
            http,
            tls_config: cfg.into(),
            override_server_name: None,
        }
    }
}

impl<T> Service<Uri> for HttpsConnector<T>
where
    T: Service<Uri>,
    T::Response: Connection + AsyncRead + AsyncWrite + Send + Unpin + 'static,
    T::Future: Send + 'static,
    T::Error: Into<BoxError>,
{
    type Response = MaybeHttpsStream<T::Response>;
    type Error = BoxError;

    #[allow(clippy::type_complexity)]
    type Future =
        Pin<Box<dyn Future<Output = Result<MaybeHttpsStream<T::Response>, BoxError>> + Send>>;

    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
        match self.http.poll_ready(cx) {
            Poll::Ready(Ok(())) => Poll::Ready(Ok(())),
            Poll::Ready(Err(e)) => Poll::Ready(Err(e.into())),
            Poll::Pending => Poll::Pending,
        }
    }

    fn call(&mut self, dst: Uri) -> Self::Future {
        // dst.scheme() would need to derive Eq to be matchable;
        // use an if cascade instead
        if let Some(sch) = dst.scheme() {
            if sch == &http::uri::Scheme::HTTP && !self.force_https {
                let connecting_future = self.http.call(dst);

                let f = async move {
                    let tcp = connecting_future
                        .await
                        .map_err(Into::into)?;

                    Ok(MaybeHttpsStream::Http(tcp))
                };
                Box::pin(f)
            } else if sch == &http::uri::Scheme::HTTPS {
                let cfg = self.tls_config.clone();
                let mut hostname = match self.override_server_name.as_deref() {
                    Some(h) => h,
                    None => dst.host().unwrap_or_default(),
                };

                // Remove square brackets around IPv6 address.
                if let Some(trimmed) = hostname
                    .strip_prefix('[')
                    .and_then(|h| h.strip_suffix(']'))
                {
                    hostname = trimmed;
                }

                let hostname = match rustls::ServerName::try_from(hostname) {
                    Ok(dnsname) => dnsname,
                    Err(_) => {
                        let err = io::Error::new(io::ErrorKind::Other, "invalid dnsname");
                        return Box::pin(async move { Err(Box::new(err).into()) });
                    }
                };
                let connecting_future = self.http.call(dst);

                let f = async move {
                    let tcp = connecting_future
                        .await
                        .map_err(Into::into)?;
                    let connector = TlsConnector::from(cfg);
                    let tls = connector
                        .connect(hostname, tcp)
                        .await
                        .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;
                    Ok(MaybeHttpsStream::Https(tls))
                };
                Box::pin(f)
            } else {
                let err =
                    io::Error::new(io::ErrorKind::Other, format!("Unsupported scheme {}", sch));
                Box::pin(async move { Err(err.into()) })
            }
        } else {
            let err = io::Error::new(io::ErrorKind::Other, "Missing scheme");
            Box::pin(async move { Err(err.into()) })
        }
    }
}