Grcov report - envoy_quic_proof

1

#pragma once

2

3

#include <memory>

4

5

#include "source/common/quic/envoy_quic_proof_verifier_base.h"

6

#include "source/common/quic/quic_ssl_connection_info.h"

7

#include "source/common/tls/context_impl.h"

8

9

namespace Envoy {

10

namespace Quic {

11

12

class CertVerifyResult : public quic::ProofVerifyDetails {

13

public:

14

2955

  explicit CertVerifyResult(bool is_valid) : is_valid_(is_valid) {}

15

16

3

  ProofVerifyDetails* Clone() const override { return new CertVerifyResult(is_valid_); }

17

18

2939

  bool isValid() const { return is_valid_; }

19

20

private:

21

  bool is_valid_{false};

22

};

23

24

using CertVerifyResultPtr = std::unique_ptr<CertVerifyResult>();

25

26

// An interface for the Envoy specific QUIC verify context.

27

class EnvoyQuicProofVerifyContext : public quic::ProofVerifyContext {

28

public:

29

  virtual Event::Dispatcher& dispatcher() const PURE;

30

  virtual bool isServer() const PURE;

31

  virtual const Network::TransportSocketOptionsConstSharedPtr& transportSocketOptions() const PURE;

32

  virtual Extensions::TransportSockets::Tls::CertValidator::ExtraValidationContext

33

  extraValidationContext() const PURE;

34

};

35

36

using EnvoyQuicProofVerifyContextPtr = std::unique_ptr<EnvoyQuicProofVerifyContext>;

37

38

// A quic::ProofVerifier implementation which verifies cert chain using SSL

39

// client context config.

40

class EnvoyQuicProofVerifier : public EnvoyQuicProofVerifierBase {

41

public:

42

  explicit EnvoyQuicProofVerifier(Envoy::Ssl::ClientContextSharedPtr&& context,

43

                                  bool accept_untrusted = false)

44

1783

      : context_(std::move(context)), accept_untrusted_(accept_untrusted) {

45

1783

    ASSERT(context_.get());

46

1783

47

48

  // EnvoyQuicProofVerifierBase

49

  quic::QuicAsyncStatus

50

  VerifyCertChain(const std::string& hostname, const uint16_t port,

51

                  const std::vector<std::string>& certs, const std::string& ocsp_response,

52

                  const std::string& cert_sct, const quic::ProofVerifyContext* context,

53

                  std::string* error_details, std::unique_ptr<quic::ProofVerifyDetails>* details,

54

                  uint8_t* out_alert,

55

                  std::unique_ptr<quic::ProofVerifierCallback> callback) override;

56

57

private:

58

  Envoy::Ssl::ClientContextSharedPtr context_;

59

  // True if the verifier should accept untrusted certs (see documentation for

60

  // envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext::ACCEPT_UNTRUSTED)

61

  bool accept_untrusted_;

62

};

63

64

} // namespace Quic

65

} // namespace Envoy