From 76113ca71084ef4308c70af22a8a25a621ab5e69 Mon Sep 17 00:00:00 2001
From: zhangjingqiang <zhangjingqiang@bytedance.com>
Date: Wed, 12 Jun 2024 18:35:10 +0800
Subject: [PATCH] s2n-tls: expose selected application protocol

---
 bindings/rust/s2n-tls/src/connection.rs      |  8 ++++++
 bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 27 ++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/bindings/rust/s2n-tls/src/connection.rs b/bindings/rust/s2n-tls/src/connection.rs
index f8c4ccb008a..c1a7e07fe21 100644
--- a/bindings/rust/s2n-tls/src/connection.rs
+++ b/bindings/rust/s2n-tls/src/connection.rs
@@ -926,6 +926,14 @@ impl Connection {
         })
     }
 
+    pub fn application_protocol(&self) -> Option<&[u8]> {
+        let protocol = unsafe { s2n_get_application_protocol(self.connection.as_ptr()) };
+        if protocol.is_null() {
+            return None;
+        }
+        Some(unsafe { CStr::from_ptr(protocol).to_bytes() })
+    }
+
     /// Provides access to the TLS-Exporter functionality.
     ///
     /// See https://datatracker.ietf.org/doc/html/rfc5705 and https://www.rfc-editor.org/rfc/rfc8446.
diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs
index eb18e7d16bd..6bc8a4720b8 100644
--- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs
+++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs
@@ -1030,4 +1030,31 @@ mod tests {
             .unwrap();
         assert_eq!(context.invoked_count, 1);
     }
+
+    #[test]
+    fn no_application_protocol() -> Result<(), Error> {
+        let config = config_builder(&security::DEFAULT)?.build()?;
+        let mut pair = tls_pair(config);
+        assert!(poll_tls_pair_result(&mut pair).is_ok());
+        assert!(pair.server.0.connection.application_protocol().is_none());
+        Ok(())
+    }
+
+    #[test]
+    fn application_protocol() -> Result<(), Error> {
+        let config = config_builder(&security::DEFAULT)?.build()?;
+        let mut pair = tls_pair(config);
+        pair.server
+            .0
+            .connection
+            .set_application_protocol_preference(["http/1.1", "h2"])?;
+        pair.client
+            .0
+            .connection
+            .append_application_protocol_preference(b"h2")?;
+        assert!(poll_tls_pair_result(&mut pair).is_ok());
+        let protocol = pair.server.0.connection.application_protocol().unwrap();
+        assert_eq!(protocol, b"h2");
+        Ok(())
+    }
 }