mongodb/Database/MongoDB/Transport/Tls.hs

{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}

{-|
Module      : MongoDB TLS
Description : TLS transport to mongodb
Copyright   : (c)	Yuras Shumovich, 2016
License     : Apache 2.0
Maintainer  : Victor Denisov denisovenator@gmail.com
Stability   : experimental
Portability : POSIX

This module is for connecting to TLS enabled mongodb servers.
Be aware that this module is highly experimental and is barely tested.
-}
module Database.MongoDB.Transport.Tls
(connect)
where

import Data.IORef
import Data.Monoid
import qualified Data.ByteString as ByteString
import qualified Data.ByteString.Lazy as Lazy.ByteString
import Data.Default.Class (def)
import Control.Applicative ((<$>))
import Control.Exception (bracketOnError)
import Control.Monad (when, unless)
import System.IO
import Database.MongoDB (Pipe)
import Database.MongoDB.Internal.Protocol (newPipeWith)
import Database.MongoDB.Transport (Transport(Transport))
import qualified Database.MongoDB.Transport as T
import System.IO.Error (mkIOError, eofErrorType)
import Network (connectTo, HostName, PortID)
import qualified Network.TLS as TLS
import qualified Network.TLS.Extra.Cipher as TLS

-- | Connect to mongodb using TLS
connect :: HostName -> PortID -> IO Pipe
connect host port = bracketOnError (connectTo host port) hClose $ \handle -> do

  let params = (TLS.defaultParamsClient host "")
        { TLS.clientSupported = def
            { TLS.supportedCiphers = TLS.ciphersuite_all}
        , TLS.clientHooks = def
            { TLS.onServerCertificate = \_ _ _ _ -> return []}
        }
  context <- TLS.contextNew handle params
  TLS.handshake context

  conn <- tlsConnection context
  newPipeWith conn

tlsConnection :: TLS.Context -> IO Transport
tlsConnection ctx = do
  restRef <- newIORef mempty
  return Transport
    { T.read = \count -> let
          readSome = do
            rest <- readIORef restRef
            writeIORef restRef mempty
            if ByteString.null rest
              then TLS.recvData ctx
              else return rest
          unread = \rest ->
            modifyIORef restRef (rest <>)
          go acc n = do
            -- read until get enough bytes
            chunk <- readSome
            when (ByteString.null chunk) $
              ioError eof
            let len = ByteString.length chunk
            if len >= n
              then do
                let (res, rest) = ByteString.splitAt n chunk
                unless (ByteString.null rest) $
                  unread rest
                return (acc <> Lazy.ByteString.fromStrict res)
              else go (acc <> Lazy.ByteString.fromStrict chunk) (n - len)
          eof = mkIOError eofErrorType "Database.MongoDB.Transport"
                Nothing Nothing
       in Lazy.ByteString.toStrict <$> go mempty count
    , T.write = TLS.sendData ctx . Lazy.ByteString.fromStrict
    , T.flush = TLS.contextFlush ctx
    , T.close = TLS.contextClose ctx
    }
Add tls implementation 2016-04-27 06:19:30 +00:00			`{-# LANGUAGE OverloadedStrings #-}`
			`{-# LANGUAGE RecordWildCards #-}`

Drop io-region dependency 2016-05-04 06:02:54 +00:00			`{-\|`
			`Module : MongoDB TLS`
			`Description : TLS transport to mongodb`
			`Copyright : (c) Yuras Shumovich, 2016`
			`License : Apache 2.0`
			`Maintainer : Victor Denisov denisovenator@gmail.com`
			`Stability : experimental`
			`Portability : POSIX`
Add tls implementation 2016-04-27 06:19:30 +00:00
Drop io-region dependency 2016-05-04 06:02:54 +00:00			`This module is for connecting to TLS enabled mongodb servers.`
			`Be aware that this module is highly experimental and is barely tested.`
			`-}`
Move Tls module to Transport 2016-05-03 05:05:02 +00:00			`module Database.MongoDB.Transport.Tls`
Drop io-region dependency 2016-05-04 06:02:54 +00:00			`(connect)`
Add tls implementation 2016-04-27 06:19:30 +00:00			`where`

			`import Data.IORef`
			`import Data.Monoid`
			`import qualified Data.ByteString as ByteString`
			`import qualified Data.ByteString.Lazy as Lazy.ByteString`
			`import Data.Default.Class (def)`
Incorporate Tls implementation 2016-05-01 03:11:44 +00:00			`import Control.Applicative ((<$>))`
Add tls implementation 2016-04-27 06:19:30 +00:00			`import Control.Exception (bracketOnError)`
Incorporate Tls implementation 2016-05-01 03:11:44 +00:00			`import Control.Monad (when, unless)`
Add tls implementation 2016-04-27 06:19:30 +00:00			`import System.IO`
			`import Database.MongoDB (Pipe)`
			`import Database.MongoDB.Internal.Protocol (newPipeWith)`
Rename Internal.Connection module to Transport 2016-05-03 04:30:00 +00:00			`import Database.MongoDB.Transport (Transport(Transport))`
			`import qualified Database.MongoDB.Transport as T`
Incorporate Tls implementation 2016-05-01 03:11:44 +00:00			`import System.IO.Error (mkIOError, eofErrorType)`
Use conventional types for Tls.Connect 2016-05-02 02:23:30 +00:00			`import Network (connectTo, HostName, PortID)`
Add tls implementation 2016-04-27 06:19:30 +00:00			`import qualified Network.TLS as TLS`
			`import qualified Network.TLS.Extra.Cipher as TLS`

			`-- \| Connect to mongodb using TLS`
Use conventional types for Tls.Connect 2016-05-02 02:23:30 +00:00			`connect :: HostName -> PortID -> IO Pipe`
Drop io-region dependency 2016-05-04 06:02:54 +00:00			`connect host port = bracketOnError (connectTo host port) hClose $ \handle -> do`
Add tls implementation 2016-04-27 06:19:30 +00:00
Use conventional types for Tls.Connect 2016-05-02 02:23:30 +00:00			`let params = (TLS.defaultParamsClient host "")`
Add tls implementation 2016-04-27 06:19:30 +00:00			`{ TLS.clientSupported = def`
			`{ TLS.supportedCiphers = TLS.ciphersuite_all}`
			`, TLS.clientHooks = def`
			`{ TLS.onServerCertificate = \_ _ _ _ -> return []}`
			`}`
Drop io-region dependency 2016-05-04 06:02:54 +00:00			`context <- TLS.contextNew handle params`
Add tls implementation 2016-04-27 06:19:30 +00:00			`TLS.handshake context`

Drop io-region dependency 2016-05-04 06:02:54 +00:00			`conn <- tlsConnection context`
Add tls implementation 2016-04-27 06:19:30 +00:00			`newPipeWith conn`

Drop io-region dependency 2016-05-04 06:02:54 +00:00			`tlsConnection :: TLS.Context -> IO Transport`
			`tlsConnection ctx = do`
Add tls implementation 2016-04-27 06:19:30 +00:00			`restRef <- newIORef mempty`
Rename Internal.Connection module to Transport 2016-05-03 04:30:00 +00:00			`return Transport`
			`{ T.read = \count -> let`
Incorporate Tls implementation 2016-05-01 03:11:44 +00:00			`readSome = do`
			`rest <- readIORef restRef`
			`writeIORef restRef mempty`
			`if ByteString.null rest`
			`then TLS.recvData ctx`
			`else return rest`
			`unread = \rest ->`
			`modifyIORef restRef (rest <>)`
			`go acc n = do`
			`-- read until get enough bytes`
			`chunk <- readSome`
			`when (ByteString.null chunk) $`
			`ioError eof`
			`let len = ByteString.length chunk`
			`if len >= n`
			`then do`
			`let (res, rest) = ByteString.splitAt n chunk`
			`unless (ByteString.null rest) $`
			`unread rest`
			`return (acc <> Lazy.ByteString.fromStrict res)`
			`else go (acc <> Lazy.ByteString.fromStrict chunk) (n - len)`
Rename Internal.Connection module to Transport 2016-05-03 04:30:00 +00:00			`eof = mkIOError eofErrorType "Database.MongoDB.Transport"`
Incorporate Tls implementation 2016-05-01 03:11:44 +00:00			`Nothing Nothing`
			`in Lazy.ByteString.toStrict <$> go mempty count`
Rename Internal.Connection module to Transport 2016-05-03 04:30:00 +00:00			`, T.write = TLS.sendData ctx . Lazy.ByteString.fromStrict`
			`, T.flush = TLS.contextFlush ctx`
Drop io-region dependency 2016-05-04 06:02:54 +00:00			`, T.close = TLS.contextClose ctx`
Add tls implementation 2016-04-27 06:19:30 +00:00			`}`