Make SSL infrastructure implementation agnostic

Author: sfackler

src/error.rs

@@ -1,7 +1,6 @@
 pub use ugh_privacy::DbError;
 
 use byteorder;
-use openssl::ssl::error::SslError;
 use phf;
 use std::error;
 use std::convert::From;
@@ -29,8 +28,8 @@ pub enum ConnectError {
     UnsupportedAuthentication,
     /// The Postgres server does not support SSL encryption.
     NoSslSupport,
-    /// There was an error initializing the SSL session.
-    SslError(SslError),
+    /// There was an error initializing the SSL session
+    SslError(Box<error::Error>),
     /// There was an error communicating with the server.
     IoError(io::Error),
     /// The server sent an unexpected response.
@@ -67,7 +66,7 @@ impl error::Error for ConnectError {
     fn cause(&self) -> Option<&error::Error> {
         match *self {
             ConnectError::DbError(ref err) => Some(err),
-            ConnectError::SslError(ref err) => Some(err),
+            ConnectError::SslError(ref err) => Some(&**err),
             ConnectError::IoError(ref err) => Some(err),
             _ => None
         }
@@ -86,12 +85,6 @@ impl From<DbError> for ConnectError {
     }
 }
 
-impl From<SslError> for ConnectError {
-    fn from(err: SslError) -> ConnectError {
-        ConnectError::SslError(err)
-    }
-}
-
 impl From<byteorder::Error> for ConnectError {
     fn from(err: byteorder::Error) -> ConnectError {
         ConnectError::IoError(From::from(err))

src/io_util.rs

@@ -1,24 +1,82 @@
-use openssl::ssl::{SslStream, MaybeSslStream};
+use openssl::ssl::{SslStream, SslContext};
+use std::error::Error;
 use std::io;
 use std::io::prelude::*;
 use std::net::TcpStream;
 #[cfg(feature = "unix_socket")]
 use unix_socket::UnixStream;
 use byteorder::ReadBytesExt;
 
-use {ConnectParams, SslMode, ConnectTarget, ConnectError};
+use {ConnectParams, ConnectTarget, ConnectError};
 use message;
 use message::WriteMessage;
 use message::FrontendMessage::SslRequest;
 
 const DEFAULT_PORT: u16 = 5432;
 
+pub trait StreamWrapper<S: Read+Write>: Read+Write+Send {
+    fn get_ref(&self) -> &S;
+    fn get_mut(&mut self) -> &mut S;
+}
+
+impl<S: Read+Write+Send> StreamWrapper<S> for SslStream<S> {
+    fn get_ref(&self) -> &S {
+        self.get_ref()
+    }
+
+    fn get_mut(&mut self) -> &mut S {
+        self.get_mut()
+    }
+}
+
+pub trait NegotiateSsl {
+    fn negotiate_ssl<S>(&mut self, stream: S) -> Result<Box<StreamWrapper<S>>, Box<Error>>
+            where S: Read+Write+Send+'static;
+}
+
+impl NegotiateSsl for SslContext {
+    fn negotiate_ssl<S>(&mut self, stream: S) -> Result<Box<StreamWrapper<S>>, Box<Error>>
+            where S: Read+Write+Send+'static {
+        let stream = try!(SslStream::new(self, stream));
+        Ok(Box::new(stream))
+    }
+}
+
+/// Specifies the SSL support requested for a new connection.
+pub enum SslMode<N = NoSsl> {
+    /// The connection will not use SSL.
+    None,
+    /// The connection will use SSL if the backend supports it.
+    Prefer(N),
+    /// The connection must use SSL.
+    Require(N),
+}
+
+pub enum NoSsl {}
+
+impl NegotiateSsl for NoSsl {
+    fn negotiate_ssl<S: Read+Write>(&mut self, stream: S)
+                                    -> Result<Box<StreamWrapper<S>>, Box<Error>> {
+        match *self {}
+    }
+}
+
 pub enum InternalStream {
     Tcp(TcpStream),
     #[cfg(feature = "unix_socket")]
     Unix(UnixStream),
 }
 
+impl StreamWrapper<InternalStream> for InternalStream {
+    fn get_ref(&self) -> &InternalStream {
+        self
+    }
+
+    fn get_mut(&mut self) -> &mut InternalStream {
+        self
+    }
+}
+
 impl Read for InternalStream {
     fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
         match *self {
@@ -62,14 +120,15 @@ fn open_socket(params: &ConnectParams) -> Result<InternalStream, ConnectError> {
     }
 }
 
-pub fn initialize_stream(params: &ConnectParams, ssl: &SslMode)
-                         -> Result<MaybeSslStream<InternalStream>, ConnectError> {
+pub fn initialize_stream<N>(params: &ConnectParams, ssl: &mut SslMode<N>)
+                            -> Result<Box<StreamWrapper<InternalStream>>, ConnectError>
+        where N: NegotiateSsl {
     let mut socket = try!(open_socket(params));
 
-    let (ssl_required, ctx) = match *ssl {
-        SslMode::None => return Ok(MaybeSslStream::Normal(socket)),
-        SslMode::Prefer(ref ctx) => (false, ctx),
-        SslMode::Require(ref ctx) => (true, ctx)
+    let (ssl_required, negotiator) = match *ssl {
+        SslMode::None => return Ok(Box::new(socket)),
+        SslMode::Prefer(ref mut negotiator) => (false, negotiator),
+        SslMode::Require(ref mut negotiator) => (true, negotiator),
     };
 
     try!(socket.write_message(&SslRequest { code: message::SSL_CODE }));
@@ -79,12 +138,12 @@ pub fn initialize_stream(params: &ConnectParams, ssl: &SslMode)
         if ssl_required {
             return Err(ConnectError::NoSslSupport);
         } else {
-            return Ok(MaybeSslStream::Normal(socket));
+            return Ok(Box::new(socket));
         }
     }
 
-    match SslStream::new(ctx, socket) {
-        Ok(stream) => Ok(MaybeSslStream::Ssl(stream)),
+    match negotiator.negotiate_ssl(socket) {
+        Ok(stream) => Ok(stream),
         Err(err) => Err(ConnectError::SslError(err))
     }
 }

src/lib.rs

@@ -59,7 +59,6 @@ extern crate debug_builders;
 use bufstream::BufStream;
 use debug_builders::DebugStruct;
 use openssl::crypto::hash::{self, Hasher};
-use openssl::ssl::{SslContext, MaybeSslStream};
 use serialize::hex::ToHex;
 use std::ascii::AsciiExt;
 use std::borrow::{ToOwned, Cow};
@@ -80,6 +79,7 @@ use std::path::PathBuf;
 pub use error::{Error, ConnectError, SqlState, DbError, ErrorPosition};
 #[doc(inline)]
 pub use types::{Oid, Type, Kind, ToSql, FromSql};
+pub use io_util::{SslMode, NegotiateSsl, StreamWrapper, NoSsl};
 use types::IsNull;
 #[doc(inline)]
 pub use types::Slice;
@@ -387,8 +387,9 @@ pub struct CancelData {
 /// # let _ =
 /// postgres::cancel_query(url, &SslMode::None, cancel_data);
 /// ```
-pub fn cancel_query<T>(params: T, ssl: &SslMode, data: CancelData)
-                       -> result::Result<(), ConnectError> where T: IntoConnectParams {
+pub fn cancel_query<T, N>(params: T, ssl: &mut SslMode<N>, data: CancelData)
+                          -> result::Result<(), ConnectError>
+        where T: IntoConnectParams, N: NegotiateSsl {
     let params = try!(params.into_connect_params());
     let mut socket = try!(io_util::initialize_stream(&params, ssl));
 
@@ -464,7 +465,7 @@ struct CachedStatement {
 }
 
 struct InnerConnection {
-    stream: BufStream<MaybeSslStream<InternalStream>>,
+    stream: BufStream<Box<StreamWrapper<InternalStream>>>,
     notice_handler: Box<HandleNotice>,
     notifications: VecDeque<Notification>,
     cancel_data: CancelData,
@@ -486,8 +487,9 @@ impl Drop for InnerConnection {
 }
 
 impl InnerConnection {
-    fn connect<T>(params: T, ssl: &SslMode) -> result::Result<InnerConnection, ConnectError>
-            where T: IntoConnectParams {
+    fn connect<T, N>(params: T, ssl: &mut SslMode<N>)
+                     -> result::Result<InnerConnection, ConnectError>
+            where T: IntoConnectParams, N: NegotiateSsl {
         let params = try!(params.into_connect_params());
         let stream = try!(io_util::initialize_stream(&params, ssl));
 
@@ -1005,8 +1007,9 @@ impl Connection {
     /// let conn = try!(Connection::connect(params, &SslMode::None));
     /// # Ok(()) };
     /// ```
-    pub fn connect<T>(params: T, ssl: &SslMode) -> result::Result<Connection, ConnectError>
-            where T: IntoConnectParams {
+    pub fn connect<T, N>(params: T, ssl: &mut SslMode<N>)
+                         -> result::Result<Connection, ConnectError>
+            where T: IntoConnectParams, N: NegotiateSsl {
         InnerConnection::connect(params, ssl).map(|conn| {
             Connection { conn: RefCell::new(conn) }
         })
@@ -1244,17 +1247,6 @@ impl Connection {
     }
 }
 
-/// Specifies the SSL support requested for a new connection.
-#[derive(Debug)]
-pub enum SslMode {
-    /// The connection will not use SSL.
-    None,
-    /// The connection will use SSL if the backend supports it.
-    Prefer(SslContext),
-    /// The connection must use SSL.
-    Require(SslContext)
-}
-
 /// Represents a transaction on a database connection.
 ///
 /// The transaction will roll back by default.