Channel creation refactored

Author: fabianfett

Sources/AsyncHTTPClient/ConnectionPool.swift

@@ -86,7 +86,9 @@ final class ConnectionPool {
                 let provider = HTTP1ConnectionProvider(key: key,
                                                        eventLoop: taskEventLoop,
                                                        configuration: key.config(overriding: self.configuration),
+                                                       tlsConfiguration: request.tlsConfiguration,
                                                        pool: self,
+                                                       sslContextCache: self.sslContextCache,
                                                        backgroundActivityLogger: self.backgroundActivityLogger)
                 let enqueued = provider.enqueue()
                 assert(enqueued)
@@ -213,6 +215,8 @@ class HTTP1ConnectionProvider {
 
     private let backgroundActivityLogger: Logger
 
+    private let factory: HTTPConnectionPool.ConnectionFactory
+
     /// Creates a new `HTTP1ConnectionProvider`
     ///
     /// - parameters:
@@ -225,7 +229,9 @@ class HTTP1ConnectionProvider {
     init(key: ConnectionPool.Key,
          eventLoop: EventLoop,
          configuration: HTTPClient.Configuration,
+         tlsConfiguration: TLSConfiguration?,
          pool: ConnectionPool,
+         sslContextCache: SSLContextCache,
          backgroundActivityLogger: Logger) {
         self.eventLoop = eventLoop
         self.configuration = configuration
@@ -234,6 +240,13 @@ class HTTP1ConnectionProvider {
         self.closePromise = eventLoop.makePromise()
         self.state = .init(eventLoop: eventLoop)
         self.backgroundActivityLogger = backgroundActivityLogger
+
+        self.factory = HTTPConnectionPool.ConnectionFactory(
+            key: self.key,
+            tlsConfiguration: tlsConfiguration ?? configuration.tlsConfiguration ?? .forClient(),
+            clientConfiguration: self.configuration,
+            sslContextCache: sslContextCache
+        )
     }
 
     deinit {
@@ -440,12 +453,25 @@ class HTTP1ConnectionProvider {
 
     private func makeChannel(preference: HTTPClient.EventLoopPreference,
                              logger: Logger) -> EventLoopFuture<Channel> {
-        return NIOClientTCPBootstrap.makeHTTP1Channel(destination: self.key,
-                                                      eventLoop: self.eventLoop,
-                                                      configuration: self.configuration,
-                                                      sslContextCache: self.pool.sslContextCache,
-                                                      preference: preference,
-                                                      logger: logger)
+        let connectionID = HTTPConnectionPool.Connection.ID.globalGenerator.next()
+        let eventLoop = preference.bestEventLoop ?? self.eventLoop
+        return self.factory.makeBestChannel(connectionID: connectionID, eventLoop: eventLoop, logger: logger).flatMapThrowing {
+            (channel, _) -> Channel in
+
+            // add the http1.1 channel handlers
+            let syncOperations = channel.pipeline.syncOperations
+            try syncOperations.addHTTPClientHandlers(leftOverBytesStrategy: .forwardBytes)
+
+            switch self.configuration.decompression {
+            case .disabled:
+                ()
+            case .enabled(let limit):
+                let decompressHandler = NIOHTTPResponseDecompressor(limit: limit)
+                try syncOperations.addHandler(decompressHandler)
+            }
+
+            return channel
+        }
     }
 
     /// A `Waiter` represents a request that waits for a connection when none is

Sources/AsyncHTTPClient/ConnectionPool/HTTP1ProxyConnectHandler.swift

@@ -0,0 +1,143 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import NIO
+import NIOHTTP1
+
+final class HTTP1ProxyConnectHandler: ChannelDuplexHandler, RemovableChannelHandler {
+    typealias OutboundIn = Never
+    typealias OutboundOut = HTTPClientRequestPart
+    typealias InboundIn = HTTPClientResponsePart
+
+    enum State {
+        case initialized(EventLoopPromise<Void>)
+        case connectSent(EventLoopPromise<Void>)
+        case headReceived(EventLoopPromise<Void>)
+        case failed(Error)
+        case completed
+    }
+
+    private var state: State
+
+    let targetHost: String
+    let targetPort: Int
+    let proxyAuthorization: HTTPClient.Authorization?
+
+    init(targetHost: String,
+         targetPort: Int,
+         proxyAuthorization: HTTPClient.Authorization?,
+         connectPromise: EventLoopPromise<Void>) {
+        self.targetHost = targetHost
+        self.targetPort = targetPort
+        self.proxyAuthorization = proxyAuthorization
+
+        self.state = .initialized(connectPromise)
+    }
+
+    func handlerAdded(context: ChannelHandlerContext) {
+        precondition(context.channel.isActive, "Expected to be added to an active channel")
+
+        self.sendConnect(context: context)
+    }
+
+    func handlerRemoved(context: ChannelHandlerContext) {
+        switch self.state {
+        case .failed, .completed:
+            break
+        case .initialized, .connectSent, .headReceived:
+            preconditionFailure("Removing the handler, while connecting seems wrong")
+        }
+    }
+
+    func write(context: ChannelHandlerContext, data: NIOAny, promise: EventLoopPromise<Void>?) {
+        preconditionFailure("We don't support outgoing traffic during HTTP Proxy update.")
+    }
+
+    func channelRead(context: ChannelHandlerContext, data: NIOAny) {
+        switch self.unwrapInboundIn(data) {
+        case .head(let head):
+            guard case .connectSent(let promise) = self.state else {
+                preconditionFailure("HTTPDecoder should throw an error, if we have not send a request")
+            }
+
+            switch head.status.code {
+            case 200..<300:
+                // Any 2xx (Successful) response indicates that the sender (and all
+                // inbound proxies) will switch to tunnel mode immediately after the
+                // blank line that concludes the successful response's header section
+                self.state = .headReceived(promise)
+            case 407:
+                let error = HTTPClientError.proxyAuthenticationRequired
+                self.state = .failed(error)
+                context.close(promise: nil)
+                promise.fail(error)
+            default:
+                // Any response other than a successful response
+                // indicates that the tunnel has not yet been formed and that the
+                // connection remains governed by HTTP.
+                let error = HTTPClientError.invalidProxyResponse
+                self.state = .failed(error)
+                context.close(promise: nil)
+                promise.fail(error)
+            }
+        case .body:
+            switch self.state {
+            case .headReceived(let promise):
+                // we don't expect a body
+                let error = HTTPClientError.invalidProxyResponse
+                self.state = .failed(error)
+                context.close(promise: nil)
+                promise.fail(error)
+            case .failed:
+                // ran into an error before... ignore this one
+                break
+            case .completed, .connectSent, .initialized:
+                preconditionFailure("Invalid state")
+            }
+
+        case .end:
+            switch self.state {
+            case .headReceived(let promise):
+                self.state = .completed
+                promise.succeed(())
+            case .failed:
+                // ran into an error before... ignore this one
+                break
+            case .initialized, .connectSent, .completed:
+                preconditionFailure("Invalid state")
+            }
+        }
+    }
+
+    func sendConnect(context: ChannelHandlerContext) {
+        guard case .initialized(let promise) = self.state else {
+            preconditionFailure("Invalid state")
+        }
+
+        self.state = .connectSent(promise)
+
+        var head = HTTPRequestHead(
+            version: .init(major: 1, minor: 1),
+            method: .CONNECT,
+            uri: "\(self.targetHost):\(self.targetPort)"
+        )
+        head.headers.add(name: "proxy-connection", value: "keep-alive")
+        if let authorization = self.proxyAuthorization {
+            head.headers.add(name: "proxy-authorization", value: authorization.headerValue)
+        }
+        context.write(self.wrapOutboundOut(.head(head)), promise: nil)
+        context.write(self.wrapOutboundOut(.end(nil)), promise: nil)
+        context.flush()
+    }
+}

Sources/AsyncHTTPClient/ConnectionPool/HTTPConnectionPool+Factory.swift

@@ -0,0 +1,314 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Logging
+import NIO
+import NIOHTTP1
+import NIOSSL
+import NIOTLS
+#if canImport(Network)
+    import NIOTransportServices
+#endif
+
+extension HTTPConnectionPool {
+    enum NegotiatedProtocol {
+        case http1_1(Channel)
+        case http2_0(Channel)
+    }
+
+    final class ConnectionFactory {
+        let key: ConnectionPool.Key
+        let clientConfiguration: HTTPClient.Configuration
+        let tlsConfiguration: TLSConfiguration
+        let sslContextCache: SSLContextCache
+
+        init(key: ConnectionPool.Key,
+             tlsConfiguration: TLSConfiguration?,
+             clientConfiguration: HTTPClient.Configuration,
+             sslContextCache: SSLContextCache) {
+            self.key = key
+            self.clientConfiguration = clientConfiguration
+            self.sslContextCache = sslContextCache
+            self.tlsConfiguration = tlsConfiguration ?? clientConfiguration.tlsConfiguration ?? .forClient()
+        }
+    }
+}
+
+extension HTTPConnectionPool.ConnectionFactory {
+    func makeBestChannel(connectionID: HTTPConnectionPool.Connection.ID, eventLoop: EventLoop, logger: Logger) -> EventLoopFuture<(Channel, HTTPVersion)> {
+        if self.key.scheme.isProxyable, let proxy = self.clientConfiguration.proxy {
+            return self.makeHTTPProxyChannel(proxy, connectionID: connectionID, eventLoop: eventLoop, logger: logger)
+        } else {
+            return self.makeChannel(eventLoop: eventLoop, logger: logger)
+        }
+    }
+
+    private func makeChannel(eventLoop: EventLoop, logger: Logger) -> EventLoopFuture<(Channel, HTTPVersion)> {
+        switch self.key.scheme {
+        case .http, .http_unix, .unix:
+            return self.makePlainChannel(eventLoop: eventLoop).map { ($0, .http1_1) }
+        case .https, .https_unix:
+            return self.makeTLSChannel(eventLoop: eventLoop, logger: logger).map {
+                (channel, negotiated) -> (Channel, HTTPVersion) in
+                let version = negotiated == "h2" ? HTTPVersion.http2 : HTTPVersion.http1_1
+                return (channel, version)
+            }
+        }
+    }
+
+    private func makePlainChannel(eventLoop: EventLoop) -> EventLoopFuture<Channel> {
+        let bootstrap = self.makePlainBootstrap(eventLoop: eventLoop)
+
+        switch self.key.scheme {
+        case .http:
+            return bootstrap.connect(host: self.key.host, port: self.key.port)
+        case .http_unix, .unix:
+            return bootstrap.connect(unixDomainSocketPath: self.key.unixPath)
+        case .https, .https_unix:
+            preconditionFailure("Unexpected schema")
+        }
+    }
+
+    private func makeHTTPProxyChannel(
+        _ proxy: HTTPClient.Configuration.Proxy,
+        connectionID: HTTPConnectionPool.Connection.ID,
+        eventLoop: EventLoop,
+        logger: Logger
+    ) -> EventLoopFuture<(Channel, HTTPVersion)> {
+        // A proxy connection starts with a plain text connection to the proxy server. After
+        // the connection has been established with the proxy server, the connection might be
+        // upgraded to TLS before we send our first request.
+        let bootstrap = self.makePlainBootstrap(eventLoop: eventLoop)
+        return bootstrap.connect(host: proxy.host, port: proxy.port).flatMap { channel in
+            let connectPromise = channel.eventLoop.makePromise(of: Void.self)
+
+            let encoder = HTTPRequestEncoder()
+            let decoder = ByteToMessageHandler(HTTPResponseDecoder(leftOverBytesStrategy: .dropBytes))
+            let proxyHandler = HTTP1ProxyConnectHandler(
+                targetHost: self.key.host,
+                targetPort: self.key.port,
+                proxyAuthorization: proxy.authorization,
+                connectPromise: connectPromise
+            )
+
+            do {
+                try channel.pipeline.syncOperations.addHandler(encoder)
+                try channel.pipeline.syncOperations.addHandler(decoder)
+                try channel.pipeline.syncOperations.addHandler(proxyHandler)
+            } catch {
+                return channel.eventLoop.makeFailedFuture(error)
+            }
+
+            return connectPromise.futureResult.flatMap {
+                channel.pipeline.removeHandler(proxyHandler).flatMap {
+                    channel.pipeline.removeHandler(decoder).flatMap {
+                        channel.pipeline.removeHandler(encoder)
+                    }
+                }
+            }.flatMap { () -> EventLoopFuture<(Channel, HTTPVersion)> in
+                switch self.key.scheme {
+                case .unix, .http_unix, .https_unix:
+                    preconditionFailure("Unexpected scheme. Not supported for proxy!")
+                case .http:
+                    return channel.eventLoop.makeSucceededFuture((channel, .http1_1))
+                case .https:
+                    var tlsConfig = self.tlsConfiguration
+                    // since we can support h2, we need to advertise this in alpn
+                    tlsConfig.applicationProtocols = ["http/1.1" /* , "h2" */ ]
+                    let tlsEventHandler = TLSEventsHandler()
+
+                    let sslContextFuture = self.sslContextCache.sslContext(
+                        tlsConfiguration: tlsConfig,
+                        eventLoop: channel.eventLoop,
+                        logger: logger
+                    )
+
+                    return sslContextFuture.flatMap { sslContext -> EventLoopFuture<String?> in
+                        do {
+                            let sslHandler = try NIOSSLClientHandler(
+                                context: sslContext,
+                                serverHostname: self.key.host
+                            )
+                            try channel.pipeline.syncOperations.addHandler(sslHandler)
+                            try channel.pipeline.syncOperations.addHandler(tlsEventHandler)
+                            return tlsEventHandler.tlsEstablishedFuture
+                        } catch {
+                            return channel.eventLoop.makeFailedFuture(error)
+                        }
+                    }.flatMap { negotiated -> EventLoopFuture<(Channel, HTTPVersion)> in
+                        channel.pipeline.removeHandler(tlsEventHandler).map {
+                            switch negotiated {
+                            case "h2":
+                                return (channel, .http2)
+                            default:
+                                return (channel, .http1_1)
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private func makePlainBootstrap(eventLoop: EventLoop) -> NIOClientTCPBootstrapProtocol {
+        #if canImport(Network)
+            if #available(OSX 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *), let tsBootstrap = NIOTSConnectionBootstrap(validatingGroup: eventLoop) {
+                return tsBootstrap
+                    .addTimeoutIfNeeded(self.clientConfiguration.timeout)
+                    .channelInitializer { channel in
+                        do {
+                            try channel.pipeline.syncOperations.addHandler(HTTPClient.NWErrorHandler())
+                            return channel.eventLoop.makeSucceededFuture(())
+                        } catch {
+                            return channel.eventLoop.makeFailedFuture(error)
+                        }
+                    }
+            }
+        #endif
+
+        if let nioBootstrap = ClientBootstrap(validatingGroup: eventLoop) {
+            return nioBootstrap
+                .addTimeoutIfNeeded(self.clientConfiguration.timeout)
+        }
+
+        preconditionFailure("No matching bootstrap found")
+    }
+
+    private func makeTLSChannel(eventLoop: EventLoop, logger: Logger) -> EventLoopFuture<(Channel, String?)> {
+        let bootstrapFuture = self.makeTLSBootstrap(
+            eventLoop: eventLoop,
+            logger: logger
+        )
+
+        var channelFuture = bootstrapFuture.flatMap { bootstrap -> EventLoopFuture<Channel> in
+            switch self.key.scheme {
+            case .https:
+                return bootstrap.connect(host: self.key.host, port: self.key.port)
+            case .https_unix:
+                return bootstrap.connect(unixDomainSocketPath: self.key.unixPath)
+            case .http, .http_unix, .unix:
+                preconditionFailure("Unexpected schema")
+            }
+        }.flatMap { channel -> EventLoopFuture<(Channel, String?)> in
+            let tlsEventHandler = try! channel.pipeline.syncOperations.handler(type: TLSEventsHandler.self)
+            return tlsEventHandler.tlsEstablishedFuture.flatMap { negotiated in
+                channel.pipeline.removeHandler(tlsEventHandler).map { (channel, negotiated) }
+            }
+        }
+
+        #if canImport(Network)
+            // If NIOTransportSecurity is used, we want to map NWErrors into NWPOsixErrors or NWTLSError.
+            channelFuture = channelFuture.flatMapErrorThrowing { error in
+                throw HTTPClient.NWErrorHandler.translateError(error)
+            }
+        #endif
+
+        return channelFuture
+    }
+
+    private func makeTLSBootstrap(eventLoop: EventLoop, logger: Logger)
+        -> EventLoopFuture<NIOClientTCPBootstrapProtocol> {
+        // since we can support h2, we need to advertise this in alpn
+        var tlsConfig = self.tlsConfiguration
+        tlsConfig.applicationProtocols = ["http/1.1" /* , "h2" */ ]
+
+        #if canImport(Network)
+            if #available(OSX 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *), let tsBootstrap = NIOTSConnectionBootstrap(validatingGroup: eventLoop) {
+                // create NIOClientTCPBootstrap with NIOTS TLS provider
+                let bootstrapFuture = tlsConfig.getNWProtocolTLSOptions(on: eventLoop).map {
+                    options -> NIOClientTCPBootstrapProtocol in
+
+                    tsBootstrap
+                        .addTimeoutIfNeeded(self.clientConfiguration.timeout)
+                        .tlsOptions(options)
+                        .channelInitializer { channel in
+                            do {
+                                try channel.pipeline.syncOperations.addHandler(HTTPClient.NWErrorHandler())
+                                try channel.pipeline.syncOperations.addHandler(TLSEventsHandler())
+                                return channel.eventLoop.makeSucceededFuture(())
+                            } catch {
+                                return channel.eventLoop.makeFailedFuture(error)
+                            }
+                        } as NIOClientTCPBootstrapProtocol
+                }
+                return bootstrapFuture
+            }
+        #endif
+
+        let host = self.key.host
+        let hostname = (host.isIPAddress || host.isEmpty) ? nil : host
+
+        let sslContextFuture = sslContextCache.sslContext(
+            tlsConfiguration: tlsConfig,
+            eventLoop: eventLoop,
+            logger: logger
+        )
+
+        let bootstrap = ClientBootstrap(group: eventLoop)
+            .addTimeoutIfNeeded(self.clientConfiguration.timeout)
+            .channelInitializer { channel in
+                sslContextFuture.flatMap { (sslContext) -> EventLoopFuture<Void> in
+                    let sync = channel.pipeline.syncOperations
+
+                    do {
+                        let sslHandler = try NIOSSLClientHandler(
+                            context: sslContext,
+                            serverHostname: hostname
+                        )
+                        let tlsEventHandler = TLSEventsHandler()
+
+                        try sync.addHandler(sslHandler)
+                        try sync.addHandler(tlsEventHandler)
+                        return channel.eventLoop.makeSucceededFuture(())
+                    } catch {
+                        return channel.eventLoop.makeFailedFuture(error)
+                    }
+                }
+            }
+
+        return eventLoop.makeSucceededFuture(bootstrap)
+    }
+}
+
+extension ConnectionPool.Key.Scheme {
+    var isProxyable: Bool {
+        switch self {
+        case .http, .https:
+            return true
+        case .unix, .http_unix, .https_unix:
+            return false
+        }
+    }
+}
+
+extension NIOClientTCPBootstrapProtocol {
+    func addTimeoutIfNeeded(_ config: HTTPClient.Configuration.Timeout?) -> Self {
+        guard let connectTimeamount = config?.connect else {
+            return self
+        }
+        return self.connectTimeout(connectTimeamount)
+    }
+}
+
+private extension String {
+    var isIPAddress: Bool {
+        var ipv4Addr = in_addr()
+        var ipv6Addr = in6_addr()
+
+        return self.withCString { ptr in
+            inet_pton(AF_INET, ptr, &ipv4Addr) == 1 ||
+                inet_pton(AF_INET6, ptr, &ipv6Addr) == 1
+        }
+    }
+}

Sources/AsyncHTTPClient/ConnectionPool/HTTPConnectionPool+Manager.swift

@@ -0,0 +1,31 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import NIOConcurrencyHelpers
+
+extension HTTPConnectionPool.Connection.ID {
+    static var globalGenerator = Generator()
+
+    struct Generator {
+        private let atomic: NIOAtomic<Int>
+
+        init() {
+            self.atomic = .makeAtomic(value: 0)
+        }
+
+        func next() -> Int {
+            return self.atomic.add(1)
+        }
+    }
+}

Sources/AsyncHTTPClient/ConnectionPool/HTTPConnectionPool.swift

@@ -0,0 +1,19 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+enum HTTPConnectionPool {
+    struct Connection {
+        typealias ID = Int
+    }
+}

Sources/AsyncHTTPClient/ConnectionPool/TLSEventsHandler.swift

@@ -0,0 +1,53 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import NIO
+import NIOTLS
+
+final class TLSEventsHandler: ChannelInboundHandler, RemovableChannelHandler {
+    typealias InboundIn = NIOAny
+
+    private var tlsEstablishedPromise: EventLoopPromise<String?>?
+    var tlsEstablishedFuture: EventLoopFuture<String?>! {
+        return self.tlsEstablishedPromise?.futureResult
+    }
+
+    init() {}
+
+    func handlerAdded(context: ChannelHandlerContext) {
+        self.tlsEstablishedPromise = context.eventLoop.makePromise(of: String?.self)
+    }
+
+    func userInboundEventTriggered(context: ChannelHandlerContext, event: Any) {
+        if let tlsEvent = event as? TLSUserEvent {
+            switch tlsEvent {
+            case .handshakeCompleted(negotiatedProtocol: let negotiated):
+                self.tlsEstablishedPromise!.succeed(negotiated)
+            case .shutdownCompleted:
+                break
+            }
+        }
+        context.fireUserInboundEventTriggered(event)
+    }
+
+    func errorCaught(context: ChannelHandlerContext, error: Error) {
+        self.tlsEstablishedPromise!.fail(error)
+        context.fireErrorCaught(error)
+    }
+
+    func handlerRemoved(context: ChannelHandlerContext) {
+        struct NoResult: Error {}
+        self.tlsEstablishedPromise!.fail(NoResult())
+    }
+}

Sources/AsyncHTTPClient/HTTPClient+Proxy.swift

@@ -0,0 +1,56 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2018-2019 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import NIO
+import NIOHTTP1
+
+public extension HTTPClient.Configuration {
+    /// Proxy server configuration
+    /// Specifies the remote address of an HTTP proxy.
+    ///
+    /// Adding an `Proxy` to your client's `HTTPClient.Configuration`
+    /// will cause requests to be passed through the specified proxy using the
+    /// HTTP `CONNECT` method.
+    ///
+    /// If a `TLSConfiguration` is used in conjunction with `HTTPClient.Configuration.Proxy`,
+    /// TLS will be established _after_ successful proxy, between your client
+    /// and the destination server.
+    struct Proxy {
+        /// Specifies Proxy server host.
+        public var host: String
+        /// Specifies Proxy server port.
+        public var port: Int
+        /// Specifies Proxy server authorization.
+        public var authorization: HTTPClient.Authorization?
+
+        /// Create proxy.
+        ///
+        /// - parameters:
+        ///     - host: proxy server host.
+        ///     - port: proxy server port.
+        public static func server(host: String, port: Int) -> Proxy {
+            return .init(host: host, port: port, authorization: nil)
+        }
+
+        /// Create proxy.
+        ///
+        /// - parameters:
+        ///     - host: proxy server host.
+        ///     - port: proxy server port.
+        ///     - authorization: proxy server authorization.
+        public static func server(host: String, port: Int, authorization: HTTPClient.Authorization? = nil) -> Proxy {
+            return .init(host: host, port: port, authorization: authorization)
+        }
+    }
+}

Sources/AsyncHTTPClient/HTTPClient.swift

@@ -882,84 +882,6 @@ extension HTTPClient.Configuration {
     }
 }
 
-extension ChannelPipeline {
-    func syncAddProxyHandler(host: String, port: Int, authorization: HTTPClient.Authorization?) throws {
-        let encoder = HTTPRequestEncoder()
-        let decoder = ByteToMessageHandler(HTTPResponseDecoder(leftOverBytesStrategy: .forwardBytes))
-        let handler = HTTPClientProxyHandler(host: host, port: port, authorization: authorization) { channel in
-            let encoderRemovePromise = self.eventLoop.next().makePromise(of: Void.self)
-            channel.pipeline.removeHandler(encoder, promise: encoderRemovePromise)
-            return encoderRemovePromise.futureResult.flatMap {
-                channel.pipeline.removeHandler(decoder)
-            }
-        }
-
-        let sync = self.syncOperations
-        try sync.addHandler(encoder)
-        try sync.addHandler(decoder)
-        try sync.addHandler(handler)
-    }
-
-    func syncAddLateSSLHandlerIfNeeded(for key: ConnectionPool.Key,
-                                       sslContext: NIOSSLContext,
-                                       handshakePromise: EventLoopPromise<Void>) {
-        precondition(key.scheme.requiresTLS)
-
-        do {
-            let synchronousPipelineView = self.syncOperations
-
-            // We add the TLSEventsHandler first so that it's always in the pipeline before any other TLS handler we add.
-            // If we're here, we must not have one in the channel already.
-            assert((try? synchronousPipelineView.context(name: TLSEventsHandler.handlerName)) == nil)
-            let eventsHandler = TLSEventsHandler(completionPromise: handshakePromise)
-            try synchronousPipelineView.addHandler(eventsHandler, name: TLSEventsHandler.handlerName)
-
-            // Then we add the SSL handler.
-            try synchronousPipelineView.addHandler(
-                try NIOSSLClientHandler(context: sslContext,
-                                        serverHostname: (key.host.isIPAddress || key.host.isEmpty) ? nil : key.host),
-                position: .before(eventsHandler)
-            )
-        } catch {
-            handshakePromise.fail(error)
-        }
-    }
-}
-
-class TLSEventsHandler: ChannelInboundHandler, RemovableChannelHandler {
-    typealias InboundIn = NIOAny
-
-    static let handlerName: String = "AsyncHTTPClient.HTTPClient.TLSEventsHandler"
-
-    var completionPromise: EventLoopPromise<Void>
-
-    init(completionPromise: EventLoopPromise<Void>) {
-        self.completionPromise = completionPromise
-    }
-
-    func userInboundEventTriggered(context: ChannelHandlerContext, event: Any) {
-        if let tlsEvent = event as? TLSUserEvent {
-            switch tlsEvent {
-            case .handshakeCompleted:
-                self.completionPromise.succeed(())
-            case .shutdownCompleted:
-                break
-            }
-        }
-        context.fireUserInboundEventTriggered(event)
-    }
-
-    func errorCaught(context: ChannelHandlerContext, error: Error) {
-        self.completionPromise.fail(error)
-        context.fireErrorCaught(error)
-    }
-
-    func handlerRemoved(context: ChannelHandlerContext) {
-        struct NoResult: Error {}
-        self.completionPromise.fail(NoResult())
-    }
-}
-
 /// Possible client errors.
 public struct HTTPClientError: Error, Equatable, CustomStringConvertible {
     private enum Code: Equatable {

Sources/AsyncHTTPClient/HTTPClientProxyHandler.swift

@@ -23,18 +23,6 @@ import NIOHTTPCompression
 import NIOSSL
 import NIOTransportServices
 
-internal extension String {
-    var isIPAddress: Bool {
-        var ipv4Addr = in_addr()
-        var ipv6Addr = in6_addr()
-
-        return self.withCString { ptr in
-            inet_pton(AF_INET, ptr, &ipv4Addr) == 1 ||
-                inet_pton(AF_INET6, ptr, &ipv6Addr) == 1
-        }
-    }
-}
-
 public final class HTTPClientCopyingDelegate: HTTPClientResponseDelegate {
     public typealias Response = Void
 
@@ -53,230 +41,10 @@ public final class HTTPClientCopyingDelegate: HTTPClientResponseDelegate {
     }
 }
 
-extension NIOClientTCPBootstrap {
-    static func makeHTTP1Channel(destination: ConnectionPool.Key,
-                                 eventLoop: EventLoop,
-                                 configuration: HTTPClient.Configuration,
-                                 sslContextCache: SSLContextCache,
-                                 preference: HTTPClient.EventLoopPreference,
-                                 logger: Logger) -> EventLoopFuture<Channel> {
-        let channelEventLoop = preference.bestEventLoop ?? eventLoop
-
-        let key = destination
-        let requiresTLS = key.scheme.requiresTLS
-        let sslContext: EventLoopFuture<NIOSSLContext?>
-        if key.scheme.requiresTLS, configuration.proxy != nil {
-            // If we use a proxy & also require TLS, then we always use NIOSSL (and not Network.framework TLS because
-            // it can't be added later) and therefore require a `NIOSSLContext`.
-            // In this case, `makeAndConfigureBootstrap` will not create another `NIOSSLContext`.
-            //
-            // Note that TLS proxies are not supported at the moment. This means that we will always speak
-            // plaintext to the proxy but we do support sending HTTPS traffic through the proxy.
-            sslContext = sslContextCache.sslContext(tlsConfiguration: configuration.tlsConfiguration ?? .forClient(),
-                                                    eventLoop: eventLoop,
-                                                    logger: logger).map { $0 }
-        } else {
-            sslContext = eventLoop.makeSucceededFuture(nil)
-        }
-
-        let bootstrap = NIOClientTCPBootstrap.makeAndConfigureBootstrap(on: channelEventLoop,
-                                                                        host: key.host,
-                                                                        port: key.port,
-                                                                        requiresTLS: requiresTLS,
-                                                                        configuration: configuration,
-                                                                        sslContextCache: sslContextCache,
-                                                                        logger: logger)
-        return bootstrap.flatMap { bootstrap -> EventLoopFuture<Channel> in
-            let channel: EventLoopFuture<Channel>
-            switch key.scheme {
-            case .http, .https:
-                let address = HTTPClient.resolveAddress(host: key.host, port: key.port, proxy: configuration.proxy)
-                channel = bootstrap.connect(host: address.host, port: address.port)
-            case .unix, .http_unix, .https_unix:
-                channel = bootstrap.connect(unixDomainSocketPath: key.unixPath)
-            }
-
-            return channel.flatMap { channel -> EventLoopFuture<(Channel, NIOSSLContext?)> in
-                sslContext.map { sslContext -> (Channel, NIOSSLContext?) in
-                    (channel, sslContext)
-                }
-            }.flatMap { channel, sslContext in
-                configureChannelPipeline(channel,
-                                         isNIOTS: bootstrap.isNIOTS,
-                                         sslContext: sslContext,
-                                         configuration: configuration,
-                                         key: key)
-            }.flatMapErrorThrowing { error in
-                if bootstrap.isNIOTS {
-                    throw HTTPClient.NWErrorHandler.translateError(error)
-                } else {
-                    throw error
-                }
-            }
-        }
-    }
-
-    /// Creates and configures a bootstrap given the `eventLoop`, if TLS/a proxy is being used.
-    private static func makeAndConfigureBootstrap(
-        on eventLoop: EventLoop,
-        host: String,
-        port: Int,
-        requiresTLS: Bool,
-        configuration: HTTPClient.Configuration,
-        sslContextCache: SSLContextCache,
-        logger: Logger
-    ) -> EventLoopFuture<NIOClientTCPBootstrap> {
-        return self.makeBestBootstrap(host: host,
-                                      eventLoop: eventLoop,
-                                      requiresTLS: requiresTLS,
-                                      sslContextCache: sslContextCache,
-                                      tlsConfiguration: configuration.tlsConfiguration ?? .forClient(),
-                                      useProxy: configuration.proxy != nil,
-                                      logger: logger)
-            .map { bootstrap -> NIOClientTCPBootstrap in
-                var bootstrap = bootstrap
-
-                if let timeout = configuration.timeout.connect {
-                    bootstrap = bootstrap.connectTimeout(timeout)
-                }
-
-                // Don't enable TLS if we have a proxy, this will be enabled later on (outside of this method).
-                if requiresTLS, configuration.proxy == nil {
-                    bootstrap = bootstrap.enableTLS()
-                }
-
-                return bootstrap.channelInitializer { channel in
-                    do {
-                        if let proxy = configuration.proxy {
-                            try channel.pipeline.syncAddProxyHandler(host: host,
-                                                                     port: port,
-                                                                     authorization: proxy.authorization)
-                        } else if requiresTLS {
-                            // We only add the handshake verifier if we need TLS and we're not going through a proxy.
-                            // If we're going through a proxy we add it later (outside of this method).
-                            let completionPromise = channel.eventLoop.makePromise(of: Void.self)
-                            try channel.pipeline.syncOperations.addHandler(TLSEventsHandler(completionPromise: completionPromise),
-                                                                           name: TLSEventsHandler.handlerName)
-                        }
-                        return channel.eventLoop.makeSucceededVoidFuture()
-                    } catch {
-                        return channel.eventLoop.makeFailedFuture(error)
-                    }
-                }
-            }
-    }
-
-    /// Creates the best-suited bootstrap given an `EventLoop` and pairs it with an appropriate TLS provider.
-    private static func makeBestBootstrap(
-        host: String,
-        eventLoop: EventLoop,
-        requiresTLS: Bool,
-        sslContextCache: SSLContextCache,
-        tlsConfiguration: TLSConfiguration,
-        useProxy: Bool,
-        logger: Logger
-    ) -> EventLoopFuture<NIOClientTCPBootstrap> {
-        #if canImport(Network)
-            // if eventLoop is compatible with NIOTransportServices create a NIOTSConnectionBootstrap
-            if #available(OSX 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *), let tsBootstrap = NIOTSConnectionBootstrap(validatingGroup: eventLoop) {
-                // create NIOClientTCPBootstrap with NIOTS TLS provider
-                return tlsConfiguration.getNWProtocolTLSOptions(on: eventLoop)
-                    .map { parameters in
-                        let tlsProvider = NIOTSClientTLSProvider(tlsOptions: parameters)
-                        return NIOClientTCPBootstrap(tsBootstrap, tls: tlsProvider)
-                    }
-            }
-        #endif
-
-        if let clientBootstrap = ClientBootstrap(validatingGroup: eventLoop) {
-            // If there is a proxy don't create TLS provider as it will be added at a later point.
-            if !requiresTLS || useProxy {
-                return eventLoop.makeSucceededFuture(NIOClientTCPBootstrap(clientBootstrap,
-                                                                           tls: NIOInsecureNoTLS()))
-            } else {
-                return sslContextCache.sslContext(tlsConfiguration: tlsConfiguration,
-                                                  eventLoop: eventLoop,
-                                                  logger: logger)
-                    .flatMapThrowing { sslContext in
-                        let hostname = (host.isIPAddress || host.isEmpty) ? nil : host
-                        let tlsProvider = try NIOSSLClientTLSProvider<ClientBootstrap>(context: sslContext, serverHostname: hostname)
-                        return NIOClientTCPBootstrap(clientBootstrap, tls: tlsProvider)
-                    }
-            }
-        }
-
-        preconditionFailure("Cannot create bootstrap for event loop \(eventLoop)")
-    }
-}
-
-private func configureChannelPipeline(_ channel: Channel,
-                                      isNIOTS: Bool,
-                                      sslContext: NIOSSLContext?,
-                                      configuration: HTTPClient.Configuration,
-                                      key: ConnectionPool.Key) -> EventLoopFuture<Channel> {
-    let requiresTLS = key.scheme.requiresTLS
-    let handshakeFuture: EventLoopFuture<Void>
-
-    if requiresTLS, configuration.proxy != nil {
-        let handshakePromise = channel.eventLoop.makePromise(of: Void.self)
-        channel.pipeline.syncAddLateSSLHandlerIfNeeded(for: key,
-                                                       sslContext: sslContext!,
-                                                       handshakePromise: handshakePromise)
-        handshakeFuture = handshakePromise.futureResult
-    } else if requiresTLS {
-        do {
-            handshakeFuture = try channel.pipeline.syncOperations.handler(type: TLSEventsHandler.self).completionPromise.futureResult
-        } catch {
-            return channel.eventLoop.makeFailedFuture(error)
-        }
-    } else {
-        handshakeFuture = channel.eventLoop.makeSucceededVoidFuture()
-    }
-
-    return handshakeFuture.flatMapThrowing {
-        let syncOperations = channel.pipeline.syncOperations
-
-        // If we got here and we had a TLSEventsHandler in the pipeline, we can remove it ow.
-        if requiresTLS {
-            channel.pipeline.removeHandler(name: TLSEventsHandler.handlerName, promise: nil)
-        }
-
-        try syncOperations.addHTTPClientHandlers(leftOverBytesStrategy: .forwardBytes)
-
-        if isNIOTS {
-            try syncOperations.addHandler(HTTPClient.NWErrorHandler(), position: .first)
-        }
-
-        switch configuration.decompression {
-        case .disabled:
-            ()
-        case .enabled(let limit):
-            let decompressHandler = NIOHTTPResponseDecompressor(limit: limit)
-            try syncOperations.addHandler(decompressHandler)
-        }
-
-        return channel
-    }
-}
-
 extension Connection {
     func removeHandler<Handler: RemovableChannelHandler>(_ type: Handler.Type) -> EventLoopFuture<Void> {
         return self.channel.pipeline.handler(type: type).flatMap { handler in
             self.channel.pipeline.removeHandler(handler)
         }.recover { _ in }
     }
 }
-
-extension NIOClientTCPBootstrap {
-    var isNIOTS: Bool {
-        #if canImport(Network)
-            if #available(OSX 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *) {
-                return self.underlyingBootstrap is NIOTSConnectionBootstrap
-            } else {
-                return false
-            }
-        #else
-            return false
-        #endif
-    }
-}

Sources/AsyncHTTPClient/Utils.swift

@@ -142,7 +142,9 @@ class ConnectionTests: XCTestCase {
             try HTTP1ConnectionProvider(key: .init(.init(url: "http://some.test")),
                                         eventLoop: self.eventLoop,
                                         configuration: .init(),
+                                        tlsConfiguration: nil,
                                         pool: self.pool,
+                                        sslContextCache: .init(),
                                         backgroundActivityLogger: HTTPClient.loggingDisabled))
     }
 

Tests/AsyncHTTPClientTests/ConnectionTests.swift

@@ -0,0 +1,35 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2018-2019 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+//
+// HTTP1ProxyConnectHandlerTests+XCTest.swift
+//
+import XCTest
+
+///
+/// NOTE: This file was generated by generate_linux_tests.rb
+///
+/// Do NOT edit this file directly as it will be regenerated automatically when needed.
+///
+
+extension HTTP1ProxyConnectHandlerTests {
+    static var allTests: [(String, (HTTP1ProxyConnectHandlerTests) -> () throws -> Void)] {
+        return [
+            ("testProxyConnectWithoutAuthorizationSuccess", testProxyConnectWithoutAuthorizationSuccess),
+            ("testProxyConnectWithAuthorization", testProxyConnectWithAuthorization),
+            ("testProxyConnectWithoutAuthorizationFailure500", testProxyConnectWithoutAuthorizationFailure500),
+            ("testProxyConnectWithoutAuthorizationButAuthorizationNeeded", testProxyConnectWithoutAuthorizationButAuthorizationNeeded),
+            ("testProxyConnectReceivesBody", testProxyConnectReceivesBody),
+        ]
+    }
+}

Tests/AsyncHTTPClientTests/HTTP1ProxyConnectHandlerTests+XCTest.swift

@@ -0,0 +1,205 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@testable import AsyncHTTPClient
+import NIO
+import NIOHTTP1
+import XCTest
+
+class HTTP1ProxyConnectHandlerTests: XCTestCase {
+    func testProxyConnectWithoutAuthorizationSuccess() {
+        let embedded = EmbeddedChannel()
+        defer { XCTAssertNoThrow(try embedded.finish(acceptAlreadyClosed: false)) }
+
+        let socketAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: 3000)
+        XCTAssertNoThrow(try embedded.connect(to: socketAddress).wait())
+
+        let connectPromise = embedded.eventLoop.makePromise(of: Void.self)
+        let proxyConnectHandler = HTTP1ProxyConnectHandler(
+            targetHost: "swift.org",
+            targetPort: 443,
+            proxyAuthorization: .none,
+            connectPromise: connectPromise
+        )
+
+        XCTAssertNoThrow(try embedded.pipeline.syncOperations.addHandler(proxyConnectHandler))
+
+        var maybeHead: HTTPClientRequestPart?
+        XCTAssertNoThrow(maybeHead = try embedded.readOutbound(as: HTTPClientRequestPart.self))
+        guard case .head(let head) = maybeHead else {
+            return XCTFail("Expected the proxy connect handler to first send a http head part")
+        }
+
+        XCTAssertEqual(head.method, .CONNECT)
+        XCTAssertEqual(head.uri, "swift.org:443")
+        XCTAssertEqual(head.headers["proxy-connection"].first, "keep-alive")
+        XCTAssertNil(head.headers["proxy-authorization"].first)
+        XCTAssertEqual(try embedded.readOutbound(as: HTTPClientRequestPart.self), .end(nil))
+
+        let responseHead = HTTPResponseHead(version: .http1_1, status: .ok)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.head(responseHead)))
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.end(nil)))
+
+        XCTAssertNoThrow(try connectPromise.futureResult.wait())
+    }
+
+    func testProxyConnectWithAuthorization() {
+        let embedded = EmbeddedChannel()
+
+        let socketAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: 3000)
+        XCTAssertNoThrow(try embedded.connect(to: socketAddress).wait())
+
+        let connectPromise = embedded.eventLoop.makePromise(of: Void.self)
+        let proxyConnectHandler = HTTP1ProxyConnectHandler(
+            targetHost: "swift.org",
+            targetPort: 443,
+            proxyAuthorization: .basic(credentials: "abc123"),
+            connectPromise: connectPromise
+        )
+
+        XCTAssertNoThrow(try embedded.pipeline.syncOperations.addHandler(proxyConnectHandler))
+
+        var maybeHead: HTTPClientRequestPart?
+        XCTAssertNoThrow(maybeHead = try embedded.readOutbound(as: HTTPClientRequestPart.self))
+        guard case .head(let head) = maybeHead else {
+            return XCTFail("Expected the proxy connect handler to first send a http head part")
+        }
+
+        XCTAssertEqual(head.method, .CONNECT)
+        XCTAssertEqual(head.uri, "swift.org:443")
+        XCTAssertEqual(head.headers["proxy-connection"].first, "keep-alive")
+        XCTAssertEqual(head.headers["proxy-authorization"].first, "Basic abc123")
+        XCTAssertEqual(try embedded.readOutbound(as: HTTPClientRequestPart.self), .end(nil))
+
+        let responseHead = HTTPResponseHead(version: .http1_1, status: .ok)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.head(responseHead)))
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.end(nil)))
+
+        connectPromise.succeed(())
+    }
+
+    func testProxyConnectWithoutAuthorizationFailure500() {
+        let embedded = EmbeddedChannel()
+
+        let socketAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: 3000)
+        XCTAssertNoThrow(try embedded.connect(to: socketAddress).wait())
+
+        let connectPromise = embedded.eventLoop.makePromise(of: Void.self)
+        let proxyConnectHandler = HTTP1ProxyConnectHandler(
+            targetHost: "swift.org",
+            targetPort: 443,
+            proxyAuthorization: .none,
+            connectPromise: connectPromise
+        )
+
+        XCTAssertNoThrow(try embedded.pipeline.syncOperations.addHandler(proxyConnectHandler))
+
+        var maybeHead: HTTPClientRequestPart?
+        XCTAssertNoThrow(maybeHead = try embedded.readOutbound(as: HTTPClientRequestPart.self))
+        guard case .head(let head) = maybeHead else {
+            return XCTFail("Expected the proxy connect handler to first send a http head part")
+        }
+
+        XCTAssertEqual(head.method, .CONNECT)
+        XCTAssertEqual(head.uri, "swift.org:443")
+        XCTAssertEqual(head.headers["proxy-connection"].first, "keep-alive")
+        XCTAssertNil(head.headers["proxy-authorization"].first)
+        XCTAssertEqual(try embedded.readOutbound(as: HTTPClientRequestPart.self), .end(nil))
+
+        let responseHead = HTTPResponseHead(version: .http1_1, status: .internalServerError)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.head(responseHead)))
+        XCTAssertEqual(embedded.isActive, false)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.end(nil)))
+
+        XCTAssertThrowsError(try connectPromise.futureResult.wait()) { error in
+            XCTAssertEqual(error as? HTTPClientError, .invalidProxyResponse)
+        }
+    }
+
+    func testProxyConnectWithoutAuthorizationButAuthorizationNeeded() {
+        let embedded = EmbeddedChannel()
+
+        let socketAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: 3000)
+        XCTAssertNoThrow(try embedded.connect(to: socketAddress).wait())
+
+        let connectPromise = embedded.eventLoop.makePromise(of: Void.self)
+        let proxyConnectHandler = HTTP1ProxyConnectHandler(
+            targetHost: "swift.org",
+            targetPort: 443,
+            proxyAuthorization: .none,
+            connectPromise: connectPromise
+        )
+
+        XCTAssertNoThrow(try embedded.pipeline.syncOperations.addHandler(proxyConnectHandler))
+
+        var maybeHead: HTTPClientRequestPart?
+        XCTAssertNoThrow(maybeHead = try embedded.readOutbound(as: HTTPClientRequestPart.self))
+        guard case .head(let head) = maybeHead else {
+            return XCTFail("Expected the proxy connect handler to first send a http head part")
+        }
+
+        XCTAssertEqual(head.method, .CONNECT)
+        XCTAssertEqual(head.uri, "swift.org:443")
+        XCTAssertEqual(head.headers["proxy-connection"].first, "keep-alive")
+        XCTAssertNil(head.headers["proxy-authorization"].first)
+        XCTAssertEqual(try embedded.readOutbound(as: HTTPClientRequestPart.self), .end(nil))
+
+        let responseHead = HTTPResponseHead(version: .http1_1, status: .proxyAuthenticationRequired)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.head(responseHead)))
+        XCTAssertEqual(embedded.isActive, false)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.end(nil)))
+
+        XCTAssertThrowsError(try connectPromise.futureResult.wait()) { error in
+            XCTAssertEqual(error as? HTTPClientError, .proxyAuthenticationRequired)
+        }
+    }
+
+    func testProxyConnectReceivesBody() {
+        let embedded = EmbeddedChannel()
+
+        let socketAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: 3000)
+        XCTAssertNoThrow(try embedded.connect(to: socketAddress).wait())
+
+        let connectPromise = embedded.eventLoop.makePromise(of: Void.self)
+        let proxyConnectHandler = HTTP1ProxyConnectHandler(
+            targetHost: "swift.org",
+            targetPort: 443,
+            proxyAuthorization: .none,
+            connectPromise: connectPromise
+        )
+
+        XCTAssertNoThrow(try embedded.pipeline.syncOperations.addHandler(proxyConnectHandler))
+
+        var maybeHead: HTTPClientRequestPart?
+        XCTAssertNoThrow(maybeHead = try embedded.readOutbound(as: HTTPClientRequestPart.self))
+        guard case .head(let head) = maybeHead else {
+            return XCTFail("Expected the proxy connect handler to first send a http head part")
+        }
+
+        XCTAssertEqual(head.method, .CONNECT)
+        XCTAssertEqual(head.uri, "swift.org:443")
+        XCTAssertEqual(head.headers["proxy-connection"].first, "keep-alive")
+        XCTAssertEqual(try embedded.readOutbound(as: HTTPClientRequestPart.self), .end(nil))
+
+        let responseHead = HTTPResponseHead(version: .http1_1, status: .ok)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.head(responseHead)))
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.body(ByteBuffer(bytes: [0, 1, 2, 3]))))
+        XCTAssertEqual(embedded.isActive, false)
+        XCTAssertNoThrow(try embedded.writeInbound(HTTPClientResponsePart.end(nil)))
+
+        XCTAssertThrowsError(try connectPromise.futureResult.wait()) { error in
+            XCTAssertEqual(error as? HTTPClientError, .invalidProxyResponse)
+        }
+    }
+}

Tests/AsyncHTTPClientTests/HTTP1ProxyConnectHandlerTests.swift

@@ -0,0 +1,34 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2018-2019 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+//
+// TLSEventsHandlerTests+XCTest.swift
+//
+import XCTest
+
+///
+/// NOTE: This file was generated by generate_linux_tests.rb
+///
+/// Do NOT edit this file directly as it will be regenerated automatically when needed.
+///
+
+extension TLSEventsHandlerTests {
+    static var allTests: [(String, (TLSEventsHandlerTests) -> () throws -> Void)] {
+        return [
+            ("testHandlerHappyPath", testHandlerHappyPath),
+            ("testHandlerFailsFutureWhenRemovedWithoutEvent", testHandlerFailsFutureWhenRemovedWithoutEvent),
+            ("testHandlerFailsFutureWhenHandshakeFails", testHandlerFailsFutureWhenHandshakeFails),
+            ("testHandlerIgnoresShutdownCompletedEvent", testHandlerIgnoresShutdownCompletedEvent),
+        ]
+    }
+}

Tests/AsyncHTTPClientTests/TLSEventsHandlerTests+XCTest.swift

@@ -0,0 +1,66 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the AsyncHTTPClient open source project
+//
+// Copyright (c) 2021 Apple Inc. and the AsyncHTTPClient project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@testable import AsyncHTTPClient
+import NIO
+import NIOSSL
+import NIOTLS
+import XCTest
+
+class TLSEventsHandlerTests: XCTestCase {
+    func testHandlerHappyPath() {
+        let tlsEventsHandler = TLSEventsHandler()
+        XCTAssertNil(tlsEventsHandler.tlsEstablishedFuture)
+        let embedded = EmbeddedChannel(handlers: [tlsEventsHandler])
+        XCTAssertNotNil(tlsEventsHandler.tlsEstablishedFuture)
+
+        embedded.pipeline.fireUserInboundEventTriggered(TLSUserEvent.handshakeCompleted(negotiatedProtocol: "abcd1234"))
+        XCTAssertEqual(try tlsEventsHandler.tlsEstablishedFuture.wait(), "abcd1234")
+    }
+
+    func testHandlerFailsFutureWhenRemovedWithoutEvent() {
+        let tlsEventsHandler = TLSEventsHandler()
+        XCTAssertNil(tlsEventsHandler.tlsEstablishedFuture)
+        let embedded = EmbeddedChannel(handlers: [tlsEventsHandler])
+        XCTAssertNotNil(tlsEventsHandler.tlsEstablishedFuture)
+
+        XCTAssertNoThrow(try embedded.pipeline.removeHandler(tlsEventsHandler).wait())
+        XCTAssertThrowsError(try tlsEventsHandler.tlsEstablishedFuture.wait())
+    }
+
+    func testHandlerFailsFutureWhenHandshakeFails() {
+        let tlsEventsHandler = TLSEventsHandler()
+        XCTAssertNil(tlsEventsHandler.tlsEstablishedFuture)
+        let embedded = EmbeddedChannel(handlers: [tlsEventsHandler])
+        XCTAssertNotNil(tlsEventsHandler.tlsEstablishedFuture)
+
+        embedded.pipeline.fireErrorCaught(NIOSSLError.handshakeFailed(BoringSSLError.wantConnect))
+        XCTAssertThrowsError(try tlsEventsHandler.tlsEstablishedFuture.wait()) {
+            XCTAssertEqual($0 as? NIOSSLError, .handshakeFailed(BoringSSLError.wantConnect))
+        }
+    }
+
+    func testHandlerIgnoresShutdownCompletedEvent() {
+        let tlsEventsHandler = TLSEventsHandler()
+        XCTAssertNil(tlsEventsHandler.tlsEstablishedFuture)
+        let embedded = EmbeddedChannel(handlers: [tlsEventsHandler])
+        XCTAssertNotNil(tlsEventsHandler.tlsEstablishedFuture)
+
+        // ignore event
+        embedded.pipeline.fireUserInboundEventTriggered(TLSUserEvent.shutdownCompleted)
+
+        embedded.pipeline.fireUserInboundEventTriggered(TLSUserEvent.handshakeCompleted(negotiatedProtocol: "alpn"))
+        XCTAssertEqual(try tlsEventsHandler.tlsEstablishedFuture.wait(), "alpn")
+    }
+}

Tests/AsyncHTTPClientTests/TLSEventsHandlerTests.swift

@@ -28,12 +28,14 @@ import XCTest
     XCTMain([
         testCase(ConnectionPoolTests.allTests),
         testCase(ConnectionTests.allTests),
+        testCase(HTTP1ProxyConnectHandlerTests.allTests),
         testCase(HTTPClientCookieTests.allTests),
         testCase(HTTPClientInternalTests.allTests),
         testCase(HTTPClientNIOTSTests.allTests),
         testCase(HTTPClientTests.allTests),
         testCase(LRUCacheTests.allTests),
         testCase(RequestValidationTests.allTests),
         testCase(SSLContextCacheTests.allTests),
+        testCase(TLSEventsHandlerTests.allTests),
     ])
 #endif