feat: add event.client.tlsClientCertificate

Jake Champion · JakeChampion · commit cf93b6226b01 · 2023-07-08T00:58:48.000+01:00
diff --git a/runtime/js-compute-runtime/builtins/client-info.cpp b/runtime/js-compute-runtime/builtins/client-info.cpp
@@ -150,6 +150,30 @@ bool ClientInfo::tls_client_hello_get(JSContext *cx, unsigned argc, JS::Value *v
   return true;
 }
 
+bool ClientInfo::tls_client_certificate_get(JSContext *cx, unsigned argc, JS::Value *vp) {
+  METHOD_HEADER(0);
+
+  auto res = HttpReq::http_req_downstream_tls_raw_client_certificate();
+  if (auto *err = res.to_err()) {
+    HANDLE_ERROR(cx, *err);
+    return false;
+  }
+  HostBytes cert = std::move(res.unwrap());
+
+  JS::RootedObject buffer(cx, JS::NewArrayBufferWithContents(cx, cert.len, cert.ptr.get()));
+  if (!buffer) {
+    // We can be here if the array buffer was too large -- if that was the case then a
+    // JSMSG_BAD_ARRAY_LENGTH will have been created.
+    return false;
+  }
+
+  // `cert` is now owned by `buffer`
+  static_cast<void>(cert.ptr.release());
+
+  args.rval().setObject(*buffer);
+  return true;
+}
+
 bool ClientInfo::tls_protocol_get(JSContext *cx, unsigned argc, JS::Value *vp) {
   METHOD_HEADER(0);
 
@@ -183,6 +207,7 @@ const JSPropertySpec ClientInfo::properties[] = {
     JS_PSG("geo", geo_get, JSPROP_ENUMERATE),
     JS_PSG("tlsCipherOpensslName", tls_cipher_openssl_name_get, JSPROP_ENUMERATE),
     JS_PSG("tlsProtocol", tls_protocol_get, JSPROP_ENUMERATE),
+    JS_PSG("tlsClientCertificate", tls_client_certificate_get, JSPROP_ENUMERATE),
     JS_PSG("tlsClientHello", tls_client_hello_get, JSPROP_ENUMERATE),
     JS_PS_END,
 };
diff --git a/runtime/js-compute-runtime/builtins/client-info.h b/runtime/js-compute-runtime/builtins/client-info.h
@@ -11,6 +11,7 @@ class ClientInfo final : public BuiltinNoConstructor<ClientInfo> {
   static bool tls_cipher_openssl_name_get(JSContext *cx, unsigned argc, JS::Value *vp);
   static bool tls_protocol_get(JSContext *cx, unsigned argc, JS::Value *vp);
   static bool tls_client_hello_get(JSContext *cx, unsigned argc, JS::Value *vp);
+  static bool tls_client_certificate_get(JSContext *cx, unsigned argc, JS::Value *vp);
 
 public:
   static constexpr const char *class_name = "FetchEvent";
diff --git a/runtime/js-compute-runtime/fastly-world/fastly_world_adapter.cpp b/runtime/js-compute-runtime/fastly-world/fastly_world_adapter.cpp
@@ -200,6 +200,17 @@ bool fastly_http_req_downstream_tls_protocol(fastly_world_string_t *ret, fastly_
       fastly::req_downstream_tls_protocol(reinterpret_cast<char *>(ret->ptr), 32, &ret->len), err);
 }
 
+bool fastly_http_req_downstream_tls_raw_client_certificate(fastly_world_list_u8_t *ret,
+                                                           fastly_error_t *err) {
+  auto default_size = 4096;
+  ret->ptr = static_cast<uint8_t *>(cabi_malloc(default_size, 4));
+  auto status = fastly::req_downstream_tls_raw_client_certificate(reinterpret_cast<char *>(ret->ptr), default_size, &ret->len);
+  if (status == FASTLY_ERROR_BUFFER_LEN) {
+    cabi_realloc(ret->ptr, default_size, 4, ret->len);
+    status = fastly::req_downstream_tls_raw_client_certificate(reinterpret_cast<char *>(ret->ptr), ret->len, &ret->len);
+  }
+  return convert_result(status, err);
+}
 bool fastly_http_req_downstream_tls_client_hello(fastly_world_list_u8_t *ret, fastly_error_t *err) {
   auto default_size = 512;
   ret->ptr = static_cast<uint8_t *>(cabi_malloc(default_size, 4));
diff --git a/runtime/js-compute-runtime/host_interface/fastly.h b/runtime/js-compute-runtime/host_interface/fastly.h
@@ -158,6 +158,8 @@ int req_downstream_tls_protocol(char *ret, size_t ret_len, size_t *nwritten);
 WASM_IMPORT("fastly_http_req", "downstream_tls_client_hello")
 int req_downstream_tls_client_hello(char *ret, size_t ret_len, size_t *nwritten);
 
+WASM_IMPORT("fastly_http_req", "downstream_tls_raw_client_certificate")
+int req_downstream_tls_raw_client_certificate(char *ret, size_t ret_len, size_t *nwritten);
 WASM_IMPORT("fastly_http_req", "new")
 int req_new(fastly_request_handle_t *req_handle_out);
 
diff --git a/runtime/js-compute-runtime/host_interface/host_api.cpp b/runtime/js-compute-runtime/host_interface/host_api.cpp
@@ -546,6 +546,21 @@ Result<HostBytes> HttpReq::http_req_downstream_tls_client_hello() {
 
   return res;
 }
+
+// http-req-downstream-tls-raw-client-certificate: func() -> result<list<u8>, error>
+Result<HostBytes> HttpReq::http_req_downstream_tls_raw_client_certificate() {
+  Result<HostBytes> res;
+
+  fastly_world_list_u8_t ret;
+  fastly_error_t err;
+  if (!fastly_http_req_downstream_tls_raw_client_certificate(&ret, &err)) {
+    res.emplace_err(err);
+  } else {
+    res.emplace(ret);
+  }
+
+  return res;
+}
 bool HttpReq::is_valid() const { return this->handle != HttpReq::invalid; }
 
 Result<fastly_http_version_t> HttpReq::get_version() const {
diff --git a/runtime/js-compute-runtime/host_interface/host_api.h b/runtime/js-compute-runtime/host_interface/host_api.h
@@ -261,6 +261,8 @@ class HttpReq final : public HttpBase {
 
   static Result<HostBytes> http_req_downstream_tls_client_hello();
 
+  static Result<HostBytes> http_req_downstream_tls_raw_client_certificate();
+
   /// Send this request synchronously, and wait for the response.
   Result<Response> send(HttpBody body, std::string_view backend);
 
