Grcov report - private

1

#pragma once

2

3

#include <functional>

4

#include <string>

5

6

#include "envoy/common/pure.h"

7

#include "envoy/event/dispatcher.h"

8

#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h"

9

#include "envoy/ssl/private_key/private_key_callbacks.h"

10

11

#include "openssl/ssl.h"

12

13

namespace Envoy {

14

namespace Server {

15

namespace Configuration {

16

// Prevent a dependency loop with the forward declaration.

17

class GenericFactoryContext;

18

using TransportSocketFactoryContext = GenericFactoryContext;

19

} // namespace Configuration

20

} // namespace Server

21

22

namespace Ssl {

23

24

#if defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC

25

using BoringSslPrivateKeyMethodSharedPtr = std::shared_ptr<SSL_PRIVATE_KEY_METHOD>;

26

#endif

27

28

class PrivateKeyMethodProvider {

29

public:

30

29

  virtual ~PrivateKeyMethodProvider() = default;

31

32

/**

33

   * Register an SSL connection to private key operations by the provider.

34

   * @param ssl a SSL connection object.

35

   * @param cb a callbacks object, whose "complete" method will be invoked

36

   * when the asynchronous processing is complete.

37

   * @param dispatcher supplies the owning thread's dispatcher.

38

*/

39

  virtual void registerPrivateKeyMethod(SSL* ssl, PrivateKeyConnectionCallbacks& cb,

40

                                        Event::Dispatcher& dispatcher) PURE;

41

42

/**

43

   * Unregister an SSL connection from private key operations by the provider.

44

   * @param ssl a SSL connection object.

45

   * @throw EnvoyException if registration fails.

46

*/

47

  virtual void unregisterPrivateKeyMethod(SSL* ssl) PURE;

48

49

/**

50

   * Check whether the private key method satisfies FIPS requirements.

51

   * @return true if FIPS key requirements are satisfied, false if not.

52

*/

53

  virtual bool checkFips() PURE;

54

55

/**

56

   * Check whether the private key method is available.

57

   * @return true if the private key method is available, false if not.

58

*/

59

  virtual bool isAvailable() PURE;

60

61

#if defined OPENSSL_IS_BORINGSSL || defined OPENSSL_IS_AWSLC

62

/**

63

   * Get the private key methods from the provider.

64

   * @return the private key methods associated with this provider and

65

   * configuration.

66

*/

67

  virtual BoringSslPrivateKeyMethodSharedPtr getBoringSslPrivateKeyMethod() PURE;

68

#endif

69

};

70

71

using PrivateKeyMethodProviderSharedPtr = std::shared_ptr<PrivateKeyMethodProvider>;

72

73

/**

74

 * A manager for finding correct user-provided functions for handling BoringSSL private key

75

 * operations.

76

*/

77

class PrivateKeyMethodManager {

78

public:

79

24116

  virtual ~PrivateKeyMethodManager() = default;

80

81

/**

82

   * Finds and returns a private key operations provider for BoringSSL.

83

84

   * @param config a protobuf message object containing a PrivateKeyProvider message.

85

   * @param factory_context context that provides components for creating and

86

   * initializing connections using asynchronous private key operations.

87

   * @return PrivateKeyMethodProvider the private key operations provider, or nullptr if

88

   * no provider can be used with the context configuration.

89

*/

90

  virtual PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProvider(

91

      const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config,

92

      Envoy::Server::Configuration::TransportSocketFactoryContext& factory_context) PURE;

93

};

94

95

} // namespace Ssl

96

} // namespace Envoy