patch: get tls ConnectionState directly from request

- `http.Server.ConnContext` is called before the tls connection is established, meaning themis' request builder `RequestBuilderFunc(setConnectionState)` will not find the context embedded tls ConnectionState. - Have have `RequestBuilderFunc(setConnectionState)`get the tls ConnectionState directly from the request's `TLS` field instead from the context, since request's `TLS` field is the connection's ConnectionState.
xmidt-org · Nov 18, 2024 · f0b0516 · f0b0516
1 parent d408d05
commit f0b0516
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,7 @@ report.json
 
 # for VSCode
 .vscode/
+.dev/
 
 # for releases
 .ignore/

diff --git a/token/transport.go b/token/transport.go
@@ -210,8 +210,8 @@ func (prb partnerIDRequestBuilder) Build(original *http.Request, tr *Request) er
 
 // setConnectionState sets the tls.ConnectionState for the given request.
 func setConnectionState(original *http.Request, tr *Request) error {
-	if cs, ok := xhttpserver.ConnectionState(original.Context()); ok {
-		tr.ConnectionState = cs
+	if original.TLS != nil {
+		tr.ConnectionState = *original.TLS
 	}
 
 	return nil

diff --git a/xhttp/xhttpserver/server.go b/xhttp/xhttpserver/server.go
@@ -4,7 +4,6 @@ package xhttpserver
 
 import (
 	"context"
-	"crypto/tls"
 	"net"
 	"net/http"
 	"time"
@@ -99,18 +98,6 @@ func New(o Options, l *zap.Logger, h http.Handler) Interface {
 			o.Address,
 			l,
 		),
-
-		ConnContext: func(ctx context.Context, c net.Conn) context.Context {
-			type connectionStater interface {
-				ConnectionState() tls.ConnectionState
-			}
-
-			if cs, ok := c.(connectionStater); ok {
-				ctx = SetConnectionState(ctx, cs.ConnectionState())
-			}
-
-			return ctx
-		},
 	}
 
 	if o.LogConnectionState {

diff --git a/xhttp/xhttpserver/server_test.go b/xhttp/xhttpserver/server_test.go
@@ -212,7 +212,6 @@ func testNewSimple(t *testing.T) {
 	assert.Greater(output.Len(), 0)
 
 	assert.Nil(s.(*http.Server).ConnState)
-	assert.NotNil(s.(*http.Server).ConnContext)
 }
 
 func testNewFull(t *testing.T) {

diff --git a/xhttp/xhttpserver/tls.go b/xhttp/xhttpserver/tls.go
@@ -3,7 +3,6 @@
 package xhttpserver
 
 import (
-	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -250,20 +249,3 @@ func NewTlsConfig(t *Tls, extra ...PeerVerifier) (*tls.Config, error) {
 	tc.BuildNameToCertificate() // nolint: staticcheck
 	return tc, nil
 }
-
-type connectionStateKey struct{}
-
-// ConnectionState returns the tls.ConnectionState from the given context.
-func ConnectionState(ctx context.Context) (cs tls.ConnectionState, present bool) {
-	cs, present = ctx.Value(connectionStateKey{}).(tls.ConnectionState)
-	return
-}
-
-// SetConnectionState associates a tls.ConnectionState with the given context.
-func SetConnectionState(ctx context.Context, cs tls.ConnectionState) context.Context {
-	return context.WithValue(
-		ctx,
-		connectionStateKey{},
-		cs,
-	)
-}