From 7faa021ff5656570aae815739dd3bc44ce18b5b8 Mon Sep 17 00:00:00 2001 From: Gabriel Souza Franco Date: Fri, 16 Apr 2021 12:18:22 -0300 Subject: [PATCH] chore: code formatting and cleanup --- src/database/globals.rs | 41 +++++++------ src/server_server.rs | 129 +++++++++++++++++++++------------------- 2 files changed, 89 insertions(+), 81 deletions(-) diff --git a/src/database/globals.rs b/src/database/globals.rs index fd51e355..acecf02a 100644 --- a/src/database/globals.rs +++ b/src/database/globals.rs @@ -1,16 +1,16 @@ use crate::{database::Config, utils, Error, Result}; -use log::error; +use log::{error, info}; use ruma::{ api::federation::discovery::{ServerSigningKeys, VerifyKey}, ServerName, ServerSigningKeyId, }; +use rustls::{ServerCertVerifier, WebPKIVerifier}; use std::{ collections::{BTreeMap, HashMap}, sync::{Arc, RwLock}, time::Duration, }; use trust_dns_resolver::TokioAsyncResolver; -use rustls::{ServerCertVerifier, WebPKIVerifier}; pub const COUNTER: &str = "c"; @@ -42,21 +42,20 @@ impl ServerCertVerifier for MatrixServerVerifier { dns_name: webpki::DNSNameRef<'_>, ocsp_response: &[u8], ) -> std::result::Result { - let cache = self.tls_name_override.read().unwrap(); - log::debug!("Searching for override for {:?}", dns_name); - log::debug!("Cache: {:?}", cache); - let override_name = match cache.get(dns_name.into()) { - Some(host) => { - log::debug!("Override found! {:?}", host); - host.as_ref() - }, - None => dns_name - }; - - self.inner.verify_server_cert(roots, presented_certs, override_name, ocsp_response).or_else(|_| { - log::warn!("Server is non-compliant, retrying with original name!"); - self.inner.verify_server_cert(roots, presented_certs, dns_name, ocsp_response) - }) + if let Some(override_name) = self.tls_name_override.read().unwrap().get(dns_name.into()) { + let result = self.inner.verify_server_cert( + roots, + presented_certs, + override_name.as_ref(), + ocsp_response, + ); + if result.is_ok() { + return result; + } + info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name); + } + self.inner + .verify_server_cert(roots, presented_certs, dns_name, ocsp_response) } } @@ -101,10 +100,14 @@ impl Globals { }; let tls_name_override = Arc::new(RwLock::new(TlsNameMap::new())); - let verifier = Arc::new(MatrixServerVerifier { inner: WebPKIVerifier::new(), tls_name_override: tls_name_override.clone() }); + let verifier = Arc::new(MatrixServerVerifier { + inner: WebPKIVerifier::new(), + tls_name_override: tls_name_override.clone(), + }); let mut tlsconfig = rustls::ClientConfig::new(); tlsconfig.dangerous().set_certificate_verifier(verifier); - tlsconfig.root_store = rustls_native_certs::load_native_certs().expect("Error loading system certificates"); + tlsconfig.root_store = + rustls_native_certs::load_native_certs().expect("Error loading system certificates"); let reqwest_client = reqwest::Client::builder() .connect_timeout(Duration::from_secs(30)) diff --git a/src/server_server.rs b/src/server_server.rs index e85532e7..ac38f4d6 100644 --- a/src/server_server.rs +++ b/src/server_server.rs @@ -46,13 +46,13 @@ use std::{ use rocket::{get, post, put}; #[derive(Clone, Debug, PartialEq)] -enum FederationDestination { +enum FedDest { Literal(SocketAddr), Named(String, String), } -impl FederationDestination { - fn into_url(self) -> String { +impl FedDest { + fn into_https_url(self) -> String { match self { Self::Literal(addr) => format!("https://{}", addr), Self::Named(host, port) => format!("https://{}{}", host, port), @@ -69,7 +69,7 @@ impl FederationDestination { fn host(&self) -> String { match &self { Self::Literal(addr) => addr.ip().to_string(), - Self::Named(host, _) => host.clone() + Self::Named(host, _) => host.clone(), } } } @@ -99,13 +99,13 @@ where } else { let result = find_actual_destination(globals, &destination).await; let (actual_destination, host) = result.clone(); - let result = (result.0.into_url(), result.1.into_uri()); + let result = (result.0.into_https_url(), result.1.into_uri()); globals .actual_destination_cache .write() .unwrap() .insert(Box::::from(destination), result.clone()); - if actual_destination != host { + if actual_destination.host() != host.host() { globals.tls_name_override.write().unwrap().insert( actual_destination.host(), webpki::DNSNameRef::try_from_ascii_str(&host.host()) @@ -241,23 +241,23 @@ where } #[tracing::instrument] -fn get_ip_with_port(destination_str: &str) -> Option { +fn get_ip_with_port(destination_str: &str) -> Option { if let Ok(destination) = destination_str.parse::() { - Some(FederationDestination::Literal(destination)) + Some(FedDest::Literal(destination)) } else if let Ok(ip_addr) = destination_str.parse::() { - Some(FederationDestination::Literal(SocketAddr::new(ip_addr, 8448))) + Some(FedDest::Literal(SocketAddr::new(ip_addr, 8448))) } else { None } } #[tracing::instrument] -fn add_port_to_hostname(destination_str: &str) -> FederationDestination { +fn add_port_to_hostname(destination_str: &str) -> FedDest { let (host, port) = match destination_str.find(':') { None => (destination_str, ":8448"), Some(pos) => destination_str.split_at(pos), }; - FederationDestination::Named(host.to_string(), port.to_string()) + FedDest::Named(host.to_string(), port.to_string()) } /// Returns: actual_destination, host header @@ -267,65 +267,66 @@ fn add_port_to_hostname(destination_str: &str) -> FederationDestination { async fn find_actual_destination( globals: &crate::database::globals::Globals, destination: &'_ ServerName, -) -> (FederationDestination, FederationDestination) { +) -> (FedDest, FedDest) { let destination_str = destination.as_str().to_owned(); let mut hostname = destination_str.clone(); let actual_destination = match get_ip_with_port(&destination_str) { - Some(host_port) => { - // 1: IP literal with provided or default port - host_port - } - None => { - if let Some(pos) = destination_str.find(':') { - // 2: Hostname with included port - let (host, port) = destination_str.split_at(pos); - FederationDestination::Named(host.to_string(), port.to_string()) - } else { - match request_well_known(globals, &destination.as_str()).await { - // 3: A .well-known file is available - Some(delegated_hostname) => { - hostname = delegated_hostname.clone(); - match get_ip_with_port(&delegated_hostname) { - Some(host_and_port) => host_and_port, // 3.1: IP literal in .well-known file - None => { - if let Some(pos) = destination_str.find(':') { - // 3.2: Hostname with port in .well-known file - let (host, port) = destination_str.split_at(pos); - FederationDestination::Named(host.to_string(), port.to_string()) - } else { - match query_srv_record(globals, &delegated_hostname).await { - // 3.3: SRV lookup successful - Some(hostname) => hostname, - // 3.4: No SRV records, just use the hostname from .well-known - None => add_port_to_hostname(&delegated_hostname), - } + Some(host_port) => { + // 1: IP literal with provided or default port + host_port + } + None => { + if let Some(pos) = destination_str.find(':') { + // 2: Hostname with included port + let (host, port) = destination_str.split_at(pos); + FedDest::Named(host.to_string(), port.to_string()) + } else { + match request_well_known(globals, &destination.as_str()).await { + // 3: A .well-known file is available + Some(delegated_hostname) => { + hostname = delegated_hostname.clone(); + match get_ip_with_port(&delegated_hostname) { + Some(host_and_port) => host_and_port, // 3.1: IP literal in .well-known file + None => { + if let Some(pos) = destination_str.find(':') { + // 3.2: Hostname with port in .well-known file + let (host, port) = destination_str.split_at(pos); + FedDest::Named(host.to_string(), port.to_string()) + } else { + match query_srv_record(globals, &delegated_hostname).await { + // 3.3: SRV lookup successful + Some(hostname) => hostname, + // 3.4: No SRV records, just use the hostname from .well-known + None => add_port_to_hostname(&delegated_hostname), } } } } - // 4: No .well-known or an error occured - None => { - match query_srv_record(globals, &destination_str).await { - // 4: SRV record found - Some(hostname) => hostname, - // 5: No SRV record found - None => add_port_to_hostname(&destination_str), - } + } + // 4: No .well-known or an error occured + None => { + match query_srv_record(globals, &destination_str).await { + // 4: SRV record found + Some(hostname) => hostname, + // 5: No SRV record found + None => add_port_to_hostname(&destination_str), } } } } - }; - - let hostname = get_ip_with_port(&hostname).unwrap_or_else(|| { - match hostname.find(':') { - Some(pos) => { - let (host, port) = hostname.split_at(pos); - FederationDestination::Named(host.to_string(), port.to_string()) - } - None => FederationDestination::Named(hostname, "".to_string()) } - }); + }; + + let hostname = if let Ok(addr) = hostname.parse::() { + FedDest::Literal(addr) + } else if let Ok(addr) = hostname.parse::() { + FedDest::Named(addr.to_string(), "".to_string()) + } else if let Some(pos) = hostname.find(':') { + let (host, port) = hostname.split_at(pos); + FedDest::Named(host.to_string(), port.to_string()) + } else { + FedDest::Named(hostname, "".to_string()) + }; (actual_destination, hostname) } @@ -333,16 +334,20 @@ async fn find_actual_destination( async fn query_srv_record( globals: &crate::database::globals::Globals, hostname: &'_ str, -) -> Option { +) -> Option { if let Ok(Some(host_port)) = globals .dns_resolver() .srv_lookup(format!("_matrix._tcp.{}", hostname)) .await .map(|srv| { srv.iter().next().map(|result| { - FederationDestination::Named( - result.target().to_string().trim_end_matches('.').to_string(), - format!(":{}", result.port()) + FedDest::Named( + result + .target() + .to_string() + .trim_end_matches('.') + .to_string(), + format!(":{}", result.port()), ) }) })