swift-server
diff --git a/‎Sources/AsyncHTTPClient/ConnectionPool.swift
Lines changed: 18 additions & 6 deletions b/‎Sources/AsyncHTTPClient/ConnectionPool.swift
Lines changed: 18 additions & 6 deletions
diff --git a/‎Sources/AsyncHTTPClient/HTTPClient.swift
Lines changed: 5 additions & 4 deletions b/‎Sources/AsyncHTTPClient/HTTPClient.swift
Lines changed: 5 additions & 4 deletions
diff --git a/‎Sources/AsyncHTTPClient/LRUCache.swift
Lines changed: 101 additions & 0 deletions b/‎Sources/AsyncHTTPClient/LRUCache.swift
Lines changed: 101 additions & 0 deletions
diff --git a/‎Sources/AsyncHTTPClient/NIOTransportServices/NWErrorHandler.swift
Lines changed: 48 additions & 43 deletions b/‎Sources/AsyncHTTPClient/NIOTransportServices/NWErrorHandler.swift
Lines changed: 48 additions & 43 deletions
diff --git a/‎Sources/AsyncHTTPClient/SSLContextCache.swift
Lines changed: 76 additions & 0 deletions b/‎Sources/AsyncHTTPClient/SSLContextCache.swift
Lines changed: 76 additions & 0 deletions
@@ -20,6 +20,7 @@ import NIOHTTP1
 import NIOHTTPCompression
 import NIOTLS
 import NIOTransportServices
+import NIOSSL
 
 /// A connection pool that manages and creates new connections to hosts respecting the specified preferences
 ///
@@ -41,6 +42,8 @@ final class ConnectionPool {
 
     private let backgroundActivityLogger: Logger
 
+    let sslContextCache = SSLContextCache()
+
     init(configuration: HTTPClient.Configuration, backgroundActivityLogger: Logger) {
         self.configuration = configuration
         self.backgroundActivityLogger = backgroundActivityLogger
@@ -106,6 +109,8 @@ final class ConnectionPool {
             self.providers.values
         }
 
+        self.sslContextCache.shutdown()
+
         return EventLoopFuture.reduce(true, providers.map { $0.close() }, on: eventLoop) { $0 && $1 }
     }
 
@@ -148,7 +153,7 @@ final class ConnectionPool {
         var host: String
         var port: Int
         var unixPath: String
-        var tlsConfiguration: BestEffortHashableTLSConfiguration?
+        private var tlsConfiguration: BestEffortHashableTLSConfiguration?
 
         enum Scheme: Hashable {
             case http
@@ -249,14 +254,15 @@ class HTTP1ConnectionProvider {
                 } else {
                     logger.trace("opening fresh connection (found matching but inactive connection)",
                                  metadata: ["ahc-dead-connection": "\(connection)"])
-                    self.makeChannel(preference: waiter.preference).whenComplete { result in
+                    self.makeChannel(preference: waiter.preference,
+                                     logger: logger).whenComplete { result in
                         self.connect(result, waiter: waiter, logger: logger)
                     }
                 }
             }
         case .create(let waiter):
             logger.trace("opening fresh connection (no connections to reuse available)")
-            self.makeChannel(preference: waiter.preference).whenComplete { result in
+            self.makeChannel(preference: waiter.preference, logger: logger).whenComplete { result in
                 self.connect(result, waiter: waiter, logger: logger)
             }
         case .replace(let connection, let waiter):
@@ -266,7 +272,7 @@ class HTTP1ConnectionProvider {
                 logger.trace("opening fresh connection (replacing exising connection)",
                              metadata: ["ahc-old-connection": "\(connection)",
                                         "ahc-waiter": "\(waiter)"])
-                self.makeChannel(preference: waiter.preference).whenComplete { result in
+                self.makeChannel(preference: waiter.preference, logger: logger).whenComplete { result in
                     self.connect(result, waiter: waiter, logger: logger)
                 }
             }
@@ -434,8 +440,14 @@ class HTTP1ConnectionProvider {
         return self.closePromise.futureResult.map { true }
     }
 
-    private func makeChannel(preference: HTTPClient.EventLoopPreference) -> EventLoopFuture<Channel> {
-        return NIOClientTCPBootstrap.makeHTTP1Channel(destination: self.key, eventLoop: self.eventLoop, configuration: self.configuration, preference: preference)
+    private func makeChannel(preference: HTTPClient.EventLoopPreference,
+                             logger: Logger) -> EventLoopFuture<Channel> {
+        return NIOClientTCPBootstrap.makeHTTP1Channel(destination: self.key,
+                                                      eventLoop: self.eventLoop,
+                                                      configuration: self.configuration,
+                                                      sslContextCache: self.pool.sslContextCache,
+                                                      preference: preference,
+                                                      logger: logger)
     }
 
     /// A `Waiter` represents a request that waits for a connection when none is
 
@@ -900,7 +900,9 @@ extension ChannelPipeline {
         try sync.addHandler(handler)
     }
 
-    func syncAddLateSSLHandlerIfNeeded(for key: ConnectionPool.Key, tlsConfiguration: TLSConfiguration?, handshakePromise: EventLoopPromise<Void>) {
+    func syncAddLateSSLHandlerIfNeeded(for key: ConnectionPool.Key,
+                                       sslContext: NIOSSLContext,
+                                       handshakePromise: EventLoopPromise<Void>) {
         precondition(key.scheme.requiresTLS)
 
         do {
@@ -913,10 +915,9 @@ extension ChannelPipeline {
             try synchronousPipelineView.addHandler(eventsHandler, name: TLSEventsHandler.handlerName)
 
             // Then we add the SSL handler.
-            let tlsConfiguration = tlsConfiguration ?? TLSConfiguration.forClient()
-            let context = try NIOSSLContext(configuration: tlsConfiguration)
             try synchronousPipelineView.addHandler(
-                try NIOSSLClientHandler(context: context, serverHostname: (key.host.isIPAddress || key.host.isEmpty) ? nil : key.host),
+                try NIOSSLClientHandler(context: sslContext,
+                                        serverHostname: (key.host.isIPAddress || key.host.isEmpty) ? nil : key.host),
                 position: .before(eventsHandler)
             )
         } catch {
 
@@ -0,0 +1,101 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+struct LRUCache<Key: Equatable & Hashable,
+                Value> {
+    private typealias Generation = UInt64
+    private struct Element {
+        var generation: Generation
+        var key: Key
+        var value: Value
+    }
+
+    private var generation: Generation = 0
+    private var elements: [Element]
+
+    init(capacity: Int = 8) {
+        self.elements = []
+        self.elements.reserveCapacity(capacity)
+    }
+
+    private mutating func findIndex(key: Key) -> Int? {
+        self.generation += 1
+
+        let found = self.elements.firstIndex { element in
+            element.key == key
+        }
+
+        return found
+    }
+
+    mutating func find(key: Key) -> Value? {
+        if let found = self.findIndex(key: key) {
+            self.elements[found].generation = self.generation
+            return self.elements[found].value
+        } else {
+            return nil
+        }
+    }
+
+    @discardableResult
+    mutating func append(key: Key, value: Value) -> Value {
+        let newElement = Element(generation: self.generation,
+                                 key: key,
+                                 value: value)
+        if let found = self.findIndex(key: key) {
+            self.elements[found] = newElement
+            return value
+        }
+
+        if self.elements.count < self.elements.capacity {
+            self.elements.append(newElement)
+            return value
+        }
+        assert(self.elements.count == self.elements.capacity)
+
+        let minIndex = self.elements.minIndex { l, r in
+            l.generation < r.generation
+        }!
+
+        self.elements.swapAt(minIndex, self.elements.endIndex - 1)
+        self.elements.removeLast()
+        self.elements.append(newElement)
+
+        return value
+    }
+
+    mutating func findOrAppend(key: Key, _ valueGenerator: (Key) -> Value) -> Value {
+        if let found = self.find(key: key) {
+            return found
+        }
+
+        return self.append(key: key, value: valueGenerator(key))
+    }
+}
+
+extension Array {
+    func minIndex(by areInIncreasingOrder: (Element, Element) throws -> Bool) rethrows -> Index? {
+        var minSoFar: (Index, Element)? = nil
+
+        for indexElement in self.enumerated() {
+            if let min = minSoFar {
+                if try areInIncreasingOrder(indexElement.1, min.1) {
+                    minSoFar = indexElement
+                }
+            }
+        }
+
+        return minSoFar.map { $0.0 }
+    }
+}
@@ -12,61 +12,61 @@
 //
 //===----------------------------------------------------------------------===//
 
-#if canImport(Network)
 
-    import Network
-    import NIO
-    import NIOHTTP1
-    import NIOTransportServices
+import Network
+import NIO
+import NIOHTTP1
+import NIOTransportServices
 
-    extension HTTPClient {
-        public struct NWPOSIXError: Error, CustomStringConvertible {
-            /// POSIX error code (enum)
-            public let errorCode: POSIXErrorCode
+extension HTTPClient {
+    public struct NWPOSIXError: Error, CustomStringConvertible {
+        /// POSIX error code (enum)
+        public let errorCode: POSIXErrorCode
 
-            /// actual reason, in human readable form
-            private let reason: String
+        /// actual reason, in human readable form
+        private let reason: String
 
-            /// Initialise a NWPOSIXError
-            /// - Parameters:
-            ///   - errorType: posix error type
-            ///   - reason: String describing reason for error
-            public init(_ errorCode: POSIXErrorCode, reason: String) {
-                self.errorCode = errorCode
-                self.reason = reason
-            }
-
-            public var description: String { return self.reason }
+        /// Initialise a NWPOSIXError
+        /// - Parameters:
+        ///   - errorType: posix error type
+        ///   - reason: String describing reason for error
+        public init(_ errorCode: POSIXErrorCode, reason: String) {
+            self.errorCode = errorCode
+            self.reason = reason
         }
 
-        public struct NWTLSError: Error, CustomStringConvertible {
-            /// TLS error status. List of TLS errors can be found in <Security/SecureTransport.h>
-            public let status: OSStatus
+        public var description: String { return self.reason }
+    }
 
-            /// actual reason, in human readable form
-            private let reason: String
+    public struct NWTLSError: Error, CustomStringConvertible {
+        /// TLS error status. List of TLS errors can be found in <Security/SecureTransport.h>
+        public let status: OSStatus
 
-            /// initialise a NWTLSError
-            /// - Parameters:
-            ///   - status: TLS status
-            ///   - reason: String describing reason for error
-            public init(_ status: OSStatus, reason: String) {
-                self.status = status
-                self.reason = reason
-            }
+        /// actual reason, in human readable form
+        private let reason: String
 
-            public var description: String { return self.reason }
+        /// initialise a NWTLSError
+        /// - Parameters:
+        ///   - status: TLS status
+        ///   - reason: String describing reason for error
+        public init(_ status: OSStatus, reason: String) {
+            self.status = status
+            self.reason = reason
         }
 
-        @available(macOS 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *)
-        class NWErrorHandler: ChannelInboundHandler {
-            typealias InboundIn = HTTPClientResponsePart
+        public var description: String { return self.reason }
+    }
 
-            func errorCaught(context: ChannelHandlerContext, error: Error) {
-                context.fireErrorCaught(NWErrorHandler.translateError(error))
-            }
+    class NWErrorHandler: ChannelInboundHandler {
+        typealias InboundIn = HTTPClientResponsePart
+
+        func errorCaught(context: ChannelHandlerContext, error: Error) {
+            context.fireErrorCaught(NWErrorHandler.translateError(error))
+        }
 
-            static func translateError(_ error: Error) -> Error {
+        static func translateError(_ error: Error) -> Error {
+            #if canImport(Network)
+            if #available(OSX 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *) {
                 if let error = error as? NWError {
                     switch error {
                     case .tls(let status):
@@ -78,7 +78,12 @@
                     }
                 }
                 return error
+            } else {
+                preconditionFailure("\(self) used on a non-NIOTS Channel")
             }
+            #else
+            preconditionFailure("\(self) used on a non-NIOTS Channel")
+            #endif
         }
     }
-#endif
+}
@@ -0,0 +1,76 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2018-2019 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Logging
+import NIO
+import NIOSSL
+import NIOConcurrencyHelpers
+
+class SSLContextCache {
+    private var running = true
+    private let lock = Lock()
+    private var sslContextCache = LRUCache<BestEffortHashableTLSConfiguration, NIOSSLContext>()
+    private let threadPool = NIOThreadPool(numberOfThreads: 1)
+
+    init() {
+        self.threadPool.start()
+    }
+
+    func shutdown() {
+        self.lock.withLock {
+            precondition(self.running == true)
+            self.running = false
+            self.threadPool.shutdownGracefully { maybeError in
+                precondition(maybeError == nil, "\(maybeError!)")
+            }
+        }
+    }
+
+    deinit {
+        assert(!self.running)
+    }
+}
+
+extension SSLContextCache {
+    func sslContext(tlsConfiguration: TLSConfiguration,
+                    eventLoop: EventLoop,
+                    logger: Logger) -> EventLoopFuture<NIOSSLContext> {
+        let eqTLSConfiguration = BestEffortHashableTLSConfiguration(wrapping: tlsConfiguration)
+        let sslContext = self.lock.withLock {
+            self.sslContextCache.find(key: eqTLSConfiguration)
+        }
+
+        if let sslContext = sslContext {
+            logger.debug("found SSL context in cache",
+                         metadata: ["ahc-tls-config": "\(tlsConfiguration)"])
+            return eventLoop.makeSucceededFuture(sslContext)
+        }
+
+        logger.debug("creating new SSL context",
+                     metadata: ["ahc-tls-config": "\(tlsConfiguration)"])
+        let newSSLContext = self.threadPool.runIfActive(eventLoop: eventLoop) {
+            return try NIOSSLContext(configuration: tlsConfiguration)
+        }
+
+        newSSLContext.whenSuccess { (newSSLContext: NIOSSLContext) -> Void in
+            self.lock.withLock { () -> Void in
+                self.sslContextCache.append(key: eqTLSConfiguration,
+                                            value: newSSLContext)
+            }
+        }
+
+        return newSSLContext
+    }
+}
+