feat: add event.client.tlsClientHello

Author: Jake Champion

runtime/js-compute-runtime/builtins/client-info.cpp

@@ -126,6 +126,29 @@ bool ClientInfo::tls_cipher_openssl_name_get(JSContext *cx, unsigned argc, JS::V
   return true;
 }
 
+bool ClientInfo::tls_client_hello_get(JSContext *cx, unsigned argc, JS::Value *vp) {
+  METHOD_HEADER(0);
+
+  auto res = HttpReq::http_req_downstream_tls_client_hello();
+  if (auto *err = res.to_err()) {
+    HANDLE_ERROR(cx, *err);
+    return false;
+  }
+
+  HostBytes hello = std::move(res.unwrap());
+  JS::RootedObject buffer(cx, JS::NewArrayBufferWithContents(cx, hello.len, hello.ptr.get()));
+  if (!buffer) {
+    // We can be here if the array buffer was too large -- if that was the case then a
+    // JSMSG_BAD_ARRAY_LENGTH will have been created.
+    return false;
+  }
+
+  // `hello` is now owned by `buffer`
+  static_cast<void>(hello.ptr.release());
+
+  args.rval().setObject(*buffer);
+  return true;
+}
 
 bool ClientInfo::tls_protocol_get(JSContext *cx, unsigned argc, JS::Value *vp) {
   METHOD_HEADER(0);
@@ -160,6 +183,7 @@ const JSPropertySpec ClientInfo::properties[] = {
     JS_PSG("geo", geo_get, JSPROP_ENUMERATE),
     JS_PSG("tlsCipherOpensslName", tls_cipher_openssl_name_get, JSPROP_ENUMERATE),
     JS_PSG("tlsProtocol", tls_protocol_get, JSPROP_ENUMERATE),
+    JS_PSG("tlsClientHello", tls_client_hello_get, JSPROP_ENUMERATE),
     JS_PS_END,
 };
 

runtime/js-compute-runtime/builtins/client-info.h

@@ -10,6 +10,7 @@ class ClientInfo final : public BuiltinNoConstructor<ClientInfo> {
   static bool geo_get(JSContext *cx, unsigned argc, JS::Value *vp);
   static bool tls_cipher_openssl_name_get(JSContext *cx, unsigned argc, JS::Value *vp);
   static bool tls_protocol_get(JSContext *cx, unsigned argc, JS::Value *vp);
+  static bool tls_client_hello_get(JSContext *cx, unsigned argc, JS::Value *vp);
 
 public:
   static constexpr const char *class_name = "FetchEvent";

runtime/js-compute-runtime/fastly-world/fastly_world_adapter.cpp

@@ -200,6 +200,17 @@ bool fastly_http_req_downstream_tls_protocol(fastly_world_string_t *ret, fastly_
       fastly::req_downstream_tls_protocol(reinterpret_cast<char *>(ret->ptr), 32, &ret->len), err);
 }
 
+bool fastly_http_req_downstream_tls_client_hello(fastly_world_list_u8_t *ret, fastly_error_t *err) {
+  auto default_size = 512;
+  ret->ptr = static_cast<uint8_t *>(cabi_malloc(default_size, 4));
+  auto status = fastly::req_downstream_tls_client_hello(reinterpret_cast<char *>(ret->ptr), default_size, &ret->len);
+  if (status == FASTLY_ERROR_BUFFER_LEN) {
+    cabi_realloc(ret->ptr, default_size, 4, ret->len);
+    status = fastly::req_downstream_tls_client_hello(reinterpret_cast<char *>(ret->ptr), ret->len, &ret->len);
+  }
+  return convert_result(status, err);
+}
+
 bool fastly_http_req_new(fastly_request_handle_t *ret, fastly_error_t *err) {
   return convert_result(fastly::req_new(ret), err);
 }

runtime/js-compute-runtime/host_interface/fastly.h

@@ -155,19 +155,8 @@ int req_downstream_tls_cipher_openssl_name(char *ret, size_t ret_len, size_t *nw
 WASM_IMPORT("fastly_http_req", "downstream_tls_protocol")
 int req_downstream_tls_protocol(char *ret, size_t ret_len, size_t *nwritten);
 
-// (@interface func (export "downstream_tls_protocol")
-//    (param $protocol_out (@witx pointer char8))
-//    (param $protocol_max_len (@witx usize))
-//    (param $nwritten_out (@witx pointer (@witx usize)))
-//    (result $err $fastly_status)
-// )
-
-// (@interface func (export "downstream_tls_client_hello")
-//    (param $chello_out (@witx pointer char8))
-//    (param $chello_max_len (@witx usize))
-//    (param $nwritten_out (@witx pointer (@witx usize)))
-//    (result $err $fastly_status)
-// )
+WASM_IMPORT("fastly_http_req", "downstream_tls_client_hello")
+int req_downstream_tls_client_hello(char *ret, size_t ret_len, size_t *nwritten);
 
 WASM_IMPORT("fastly_http_req", "new")
 int req_new(fastly_request_handle_t *req_handle_out);

runtime/js-compute-runtime/host_interface/host_api.cpp

@@ -531,6 +531,21 @@ Result<HostString> HttpReq::http_req_downstream_tls_protocol() {
 
   return res;
 }
+
+// http-req-downstream-tls-client-hello: func() -> result<list<u8>, error>
+Result<HostBytes> HttpReq::http_req_downstream_tls_client_hello() {
+  Result<HostBytes> res;
+
+  fastly_world_list_u8_t ret;
+  fastly_error_t err;
+  if (!fastly_http_req_downstream_tls_client_hello(&ret, &err)) {
+    res.emplace_err(err);
+  } else {
+    res.emplace(ret);
+  }
+
+  return res;
+}
 bool HttpReq::is_valid() const { return this->handle != HttpReq::invalid; }
 
 Result<fastly_http_version_t> HttpReq::get_version() const {

runtime/js-compute-runtime/host_interface/host_api.h

@@ -259,6 +259,8 @@ class HttpReq final : public HttpBase {
 
   static Result<HostString> http_req_downstream_tls_protocol();
 
+  static Result<HostBytes> http_req_downstream_tls_client_hello();
+
   /// Send this request synchronously, and wait for the response.
   Result<Response> send(HttpBody body, std::string_view backend);