Start work on handling TLS for the RPC endpoint

Max Brunsfeld created 4 years ago

Change summary

Cargo.lock           | 76 +++++++++++++++++++++++++++++++++++++++++++--
Cargo.toml           |  1 
zed-rpc/src/peer.rs  | 30 ++++++++++++------
zed/Cargo.toml       |  1 
zed/src/rpc.rs       | 20 +++++++++---
zed/src/workspace.rs |  7 +++-
6 files changed, 114 insertions(+), 21 deletions(-)

Detailed changes

Cargo.lock 🔗

@@ -215,6 +215,18 @@ dependencies = [
  "event-listener",
 ]
 
+[[package]]
+name = "async-native-tls"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e9e7a929bd34c68a82d58a4de7f86fffdaf97fb2af850162a7bb19dd7269b33"
+dependencies = [
+ "async-std",
+ "native-tls",
+ "thiserror",
+ "url",
+]
+
 [[package]]
 name = "async-net"
 version = "1.5.0"
@@ -1931,9 +1943,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.86"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7282d924be3275cec7f6756ff4121987bc6481325397dde6ba3e7802b1a8b1c"
+checksum = "12b8adadd720df158f4d70dfe7ccc6adb0472d7c55ca83445f6a5ab3e36f8fb6"
 
 [[package]]
 name = "libflate"
@@ -2142,6 +2154,24 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"
 
+[[package]]
+name = "native-tls"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8d96b2e1c8da3957d58100b09f102c6d9cfdfced01b7ec5a8974044bb09dbd4"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "nb-connect"
 version = "1.0.3"
@@ -2288,6 +2318,20 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 
+[[package]]
+name = "openssl"
+version = "0.10.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "549430950c79ae24e6d02e0b7404534ecf311d94cc9f861e9e4020187d13d885"
+dependencies = [
+ "bitflags 1.2.1",
+ "cfg-if 1.0.0",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-sys",
+]
+
 [[package]]
 name = "openssl-probe"
 version = "0.1.4"
@@ -2296,9 +2340,9 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.63"
+version = "0.9.65"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6b0d6fb7d80f877617dfcb014e605e2b5ab2fb0afdf27935219bb6bd984cb98"
+checksum = "7a7907e3bfa08bb85105209cdfcb6c63d109f8f6c1ed6ca318fff5c1853fbc1d"
 dependencies = [
  "autocfg 1.0.1",
  "cc",
@@ -3194,6 +3238,29 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
 
+[[package]]
+name = "security-framework"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23a2ac85147a3a11d77ecf1bc7166ec0b92febfa4461c37944e180f319ece467"
+dependencies = [
+ "bitflags 1.2.1",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e4effb91b4b8b6fb7732e670b6cee160278ff8e6bf485c7805d9e319d76e284"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "semver"
 version = "0.9.0"
@@ -4312,6 +4379,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "arrayvec",
+ "async-native-tls",
  "cargo-bundle",
  "crossbeam-channel",
  "ctor",

Cargo.toml 🔗

@@ -9,6 +9,7 @@ tree-sitter = { git = "https://github.com/tree-sitter/tree-sitter", rev = "d7277
 cocoa = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 cocoa-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 core-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
+core-foundation-sys = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 core-graphics = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 
 [profile.dev]

zed-rpc/src/peer.rs 🔗

@@ -1,7 +1,11 @@
 use crate::proto::{self, EnvelopedMessage, MessageStream, RequestMessage};
 use anyhow::{anyhow, Context, Result};
 use async_lock::{Mutex, RwLock};
-use futures::{future::BoxFuture, AsyncRead, AsyncWrite, FutureExt};
+use futures::{
+    future::BoxFuture,
+    io::{ReadHalf, WriteHalf},
+    AsyncRead, AsyncReadExt, AsyncWrite, FutureExt,
+};
 use postage::{
     mpsc,
     prelude::{Sink, Stream},
@@ -72,13 +76,13 @@ struct Connection {
     response_channels: ResponseChannels,
 }
 
-pub struct ConnectionHandler<Conn> {
+pub struct ConnectionHandler<ReadConn, WriteConn> {
     peer: Arc<Peer>,
     connection_id: ConnectionId,
     response_channels: ResponseChannels,
     outgoing_rx: mpsc::Receiver<proto::Envelope>,
-    reader: MessageStream<Conn>,
-    writer: MessageStream<Conn>,
+    reader: MessageStream<ReadConn>,
+    writer: MessageStream<WriteConn>,
 }
 
 type ResponseChannels = Arc<Mutex<HashMap<u32, mpsc::Sender<proto::Envelope>>>>;
@@ -131,9 +135,12 @@ impl Peer {
     pub async fn add_connection<Conn>(
         self: &Arc<Self>,
         conn: Conn,
-    ) -> (ConnectionId, ConnectionHandler<Conn>)
+    ) -> (
+        ConnectionId,
+        ConnectionHandler<ReadHalf<Conn>, WriteHalf<Conn>>,
+    )
     where
-        Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static,
+        Conn: AsyncRead + AsyncWrite + Unpin + Send + 'static,
     {
         let connection_id = ConnectionId(
             self.next_connection_id
@@ -145,13 +152,15 @@ impl Peer {
             next_message_id: Default::default(),
             response_channels: Default::default(),
         };
+
+        let (read_conn, write_conn) = conn.split();
         let handler = ConnectionHandler {
             peer: self.clone(),
             connection_id,
             response_channels: connection.response_channels.clone(),
             outgoing_rx,
-            reader: MessageStream::new(conn.clone()),
-            writer: MessageStream::new(conn),
+            reader: MessageStream::new(read_conn),
+            writer: MessageStream::new(write_conn),
         };
         self.connections
             .write()
@@ -291,9 +300,10 @@ impl Peer {
     }
 }
 
-impl<Conn> ConnectionHandler<Conn>
+impl<ReadConn, WriteConn> ConnectionHandler<ReadConn, WriteConn>
 where
-    Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static,
+    ReadConn: AsyncRead + Unpin + Send + 'static,
+    WriteConn: AsyncWrite + Unpin + Send + 'static,
 {
     pub async fn run(mut self) -> Result<()> {
         loop {

zed/Cargo.toml 🔗

@@ -31,6 +31,7 @@ ignore = "0.4"
 lazy_static = "1.4.0"
 libc = "0.2"
 log = "0.4"
+async-native-tls = "0.3"
 num_cpus = "1.13.0"
 parking_lot = "0.11.1"
 postage = { version="0.4.1", features=["futures-traits"] }

zed/src/rpc.rs 🔗

@@ -115,13 +115,22 @@ impl Client {
         access_token: String,
         executor: &Arc<Background>,
     ) -> surf::Result<()> {
-        // TODO - If the `ZED_SERVER_URL` uses https, then wrap this stream in
-        // a TLS stream using `native-tls`.
         let stream = smol::net::TcpStream::connect(&address).await?;
-        log::info!("connected to rpc address {}", address);
 
-        let (connection_id, handler) = self.peer.add_connection(stream).await;
-        executor.spawn(handler.run()).detach();
+        let connection_id = if ZED_SERVER_URL.starts_with("https") {
+            let host = address.split(':').next().unwrap();
+            let stream = async_native_tls::connect(host, stream)
+                .await
+                .context("failed to establish TLS connection")?;
+            let (conn_id, handler) = self.peer.add_connection(stream).await;
+            executor.spawn(handler.run()).detach();
+            conn_id
+        } else {
+            let (conn_id, handler) = self.peer.add_connection(stream).await;
+            executor.spawn(handler.run()).detach();
+            conn_id
+        };
+        log::info!("connected to rpc address {}", address);
 
         let auth_response = self
             .peer
@@ -138,6 +147,7 @@ impl Client {
             Err(anyhow!("failed to authenticate with RPC server"))?;
         }
 
+        log::info!("authenticated rpc connection as user {}", user_id);
         self.state.write().await.connection_id = Some(connection_id);
         Ok(())
     }

zed/src/workspace.rs 🔗

@@ -6,6 +6,7 @@ use crate::{
     language::LanguageRegistry,
     rpc,
     settings::Settings,
+    util::SurfResultExt as _,
     worktree::{File, Worktree},
     AppState,
 };
@@ -684,7 +685,9 @@ impl Workspace {
         let platform = cx.platform();
 
         let task = cx.spawn(|this, mut cx| async move {
-            rpc.log_in_and_connect(&cx).await?;
+            rpc.log_in_and_connect(&cx)
+                .await
+                .context("failed to establish rpc connection")?;
 
             let share_task = this.update(&mut cx, |this, cx| {
                 let worktree = this.worktrees.iter().next()?;
@@ -705,7 +708,7 @@ impl Workspace {
 
         cx.spawn(|_, _| async move {
             if let Err(e) = task.await {
-                log::error!("sharing failed: {}", e);
+                log::error!("sharing failed: {:?}", e);
             }
         })
         .detach();