CoCalc -- lib.rs

GitHub Repository: bytecodealliance/wasmtime
Path: blob/main/crates/wasi-tls/src/lib.rs
³⁰⁵⁰ views
1
//! # Wasmtime's [wasi-tls] (Transport Layer Security) Implementation
2
//!
3
//! This crate provides the Wasmtime host implementation for the [wasi-tls] API.
4
//! The [wasi-tls] world allows WebAssembly modules to perform SSL/TLS operations,
5
//! such as establishing secure connections to servers. TLS often relies on other wasi networking systems
6
//! to provide the stream so it will be common to enable the [wasi:cli] world as well with the networking features enabled.
7
//!
8
//! # An example of how to configure [wasi-tls] is the following:
9
//!
10
//! ```rust
11
//! use wasmtime_wasi::{WasiCtx, WasiCtxView, WasiView};
12
//! use wasmtime::{
13
//!     component::{Linker, ResourceTable},
14
//!     Store, Engine, Result,
15
//! };
16
//! use wasmtime_wasi_tls::{LinkOptions, WasiTls, WasiTlsCtx, WasiTlsCtxBuilder};
17
//!
18
//! struct Ctx {
19
//!     table: ResourceTable,
20
//!     wasi_ctx: WasiCtx,
21
//!     wasi_tls_ctx: WasiTlsCtx,
22
//! }
23
//!
24
//! impl WasiView for Ctx {
25
//!     fn ctx(&mut self) -> WasiCtxView<'_> {
26
//!         WasiCtxView { ctx: &mut self.wasi_ctx, table: &mut self.table }
27
//!     }
28
//! }
29
//!
30
//! #[tokio::main]
31
//! async fn main() -> Result<()> {
32
//!     let ctx = Ctx {
33
//!         table: ResourceTable::new(),
34
//!         wasi_ctx: WasiCtx::builder()
35
//!             .inherit_stderr()
36
//!             .inherit_network()
37
//!             .allow_ip_name_lookup(true)
38
//!             .build(),
39
//!         wasi_tls_ctx: WasiTlsCtxBuilder::new()
40
//!             // Optionally, configure a different TLS provider:
41
//!             // .provider(Box::new(wasmtime_wasi_tls_nativetls::NativeTlsProvider::default()))
42
//!             .build(),
43
//!     };
44
//!
45
//!     let engine = Engine::default();
46
//!
47
//!     // Set up wasi-cli
48
//!     let mut store = Store::new(&engine, ctx);
49
//!     let mut linker = Linker::new(&engine);
50
//!     wasmtime_wasi::p2::add_to_linker_async(&mut linker)?;
51
//!
52
//!     // Add wasi-tls types and turn on the feature in linker
53
//!     let mut opts = LinkOptions::default();
54
//!     opts.tls(true);
55
//!     wasmtime_wasi_tls::add_to_linker(&mut linker, &mut opts, |h: &mut Ctx| {
56
//!         WasiTls::new(&h.wasi_tls_ctx, &mut h.table)
57
//!     })?;
58
//!
59
//!     // ... use `linker` to instantiate within `store` ...
60
//!     Ok(())
61
//! }
62
//!
63
//! ```
64
//! [wasi-tls]: https://github.com/WebAssembly/wasi-tls
65
//! [wasi:cli]: https://docs.rs/wasmtime-wasi/latest
66

67
#![deny(missing_docs)]
68
#![doc(test(attr(deny(warnings))))]
69
#![doc(test(attr(allow(dead_code, unused_variables, unused_mut))))]
70

71
use tokio::io::{AsyncRead, AsyncWrite};
72
use wasmtime::component::{HasData, ResourceTable};
73

74
pub mod bindings;
75
mod host;
76
mod io;
77
mod rustls;
78

79
pub use bindings::types::LinkOptions;
80
pub use host::{HostClientConnection, HostClientHandshake, HostFutureClientStreams};
81
pub use rustls::RustlsProvider;
82

83
/// Capture the state necessary for use in the `wasi-tls` API implementation.
84
pub struct WasiTls<'a> {
85
    ctx: &'a WasiTlsCtx,
86
    table: &'a mut ResourceTable,
87
}
88

89
impl<'a> WasiTls<'a> {
90
    /// Create a new Wasi TLS context
91
    pub fn new(ctx: &'a WasiTlsCtx, table: &'a mut ResourceTable) -> Self {
92
        Self { ctx, table }
93
    }
94
}
95

96
/// Add the `wasi-tls` world's types to a [`wasmtime::component::Linker`].
97
pub fn add_to_linker<T: Send + 'static>(
98
    l: &mut wasmtime::component::Linker<T>,
99
    opts: &mut LinkOptions,
100
    f: fn(&mut T) -> WasiTls<'_>,
101
) -> wasmtime::Result<()> {
102
    bindings::types::add_to_linker::<_, HasWasiTls>(l, &opts, f)?;
103
    Ok(())
104
}
105

106
struct HasWasiTls;
107
impl HasData for HasWasiTls {
108
    type Data<'a> = WasiTls<'a>;
109
}
110

111
/// Builder-style structure used to create a [`WasiTlsCtx`].
112
pub struct WasiTlsCtxBuilder {
113
    provider: Box<dyn TlsProvider>,
114
}
115

116
impl WasiTlsCtxBuilder {
117
    /// Creates a builder for a new context with default parameters set.
118
    pub fn new() -> Self {
119
        Default::default()
120
    }
121

122
    /// Configure the TLS provider to use for this context.
123
    ///
124
    /// By default, this is set to the [`RustlsProvider`].
125
    pub fn provider(mut self, provider: Box<dyn TlsProvider>) -> Self {
126
        self.provider = provider;
127
        self
128
    }
129

130
    /// Uses the configured context so far to construct the final [`WasiTlsCtx`].
131
    pub fn build(self) -> WasiTlsCtx {
132
        WasiTlsCtx {
133
            provider: self.provider,
134
        }
135
    }
136
}
137
impl Default for WasiTlsCtxBuilder {
138
    fn default() -> Self {
139
        Self {
140
            provider: Box::new(RustlsProvider::default()),
141
        }
142
    }
143
}
144

145
/// Wasi TLS context needed for internal `wasi-tls` state.
146
pub struct WasiTlsCtx {
147
    pub(crate) provider: Box<dyn TlsProvider>,
148
}
149

150
/// The data stream that carries the encrypted TLS data.
151
/// Typically this is a TCP stream.
152
pub trait TlsTransport: AsyncRead + AsyncWrite + Send + Unpin + 'static {}
153
impl<T: AsyncRead + AsyncWrite + Send + Unpin + ?Sized + 'static> TlsTransport for T {}
154

155
/// A TLS connection.
156
pub trait TlsStream: AsyncRead + AsyncWrite + Send + Unpin + 'static {}
157

158
/// A TLS implementation.
159
pub trait TlsProvider: Send + Sync + 'static {
160
    /// Set up a client TLS connection using the provided `server_name` and `transport`.
161
    fn connect(
162
        &self,
163
        server_name: String,
164
        transport: Box<dyn TlsTransport>,
165
    ) -> BoxFuture<std::io::Result<Box<dyn TlsStream>>>;
166
}
167

168
pub(crate) type BoxFuture<T> = std::pin::Pin<Box<dyn Future<Output = T> + Send>>;
169

170
Product

Resources

Company
