Grcov report - client_context

1

#pragma once

2

3

#include <openssl/safestack.h>

4

5

#include <array>

6

#include <deque>

7

#include <functional>

8

#include <memory>

9

#include <string>

10

#include <vector>

11

12

#include "envoy/network/transport_socket.h"

13

#include "envoy/ssl/context.h"

14

#include "envoy/ssl/context_config.h"

15

#include "envoy/ssl/private_key/private_key.h"

16

#include "envoy/ssl/ssl_socket_extended_info.h"

17

#include "envoy/stats/scope.h"

18

#include "envoy/stats/stats_macros.h"

19

20

#include "source/common/common/matchers.h"

21

#include "source/common/stats/symbol_table.h"

22

#include "source/common/tls/cert_validator/cert_validator.h"

23

#include "source/common/tls/context_impl.h"

24

#include "source/common/tls/context_manager_impl.h"

25

#include "source/common/tls/stats.h"

26

27

#include "absl/synchronization/mutex.h"

28

#include "openssl/ssl.h"

29

#include "openssl/x509v3.h"

30

31

#ifdef ENVOY_ENABLE_QUIC

32

#include "quiche/quic/core/crypto/proof_source.h"

33

#endif

34

35

namespace Envoy {

36

namespace Extensions {

37

namespace TransportSockets {

38

namespace Tls {

39

40

class ClientContextImpl : public ContextImpl,

41

                          public Envoy::Ssl::ClientContext,

42

                          public Ssl::TlsCertificateSelectorContext {

43

public:

44

  static absl::StatusOr<std::unique_ptr<ClientContextImpl>>

45

  create(Stats::Scope& scope, const Envoy::Ssl::ClientContextConfig& config,

46

         Server::Configuration::CommonFactoryContext& factory_context);

47

48

  absl::StatusOr<bssl::UniquePtr<SSL>>

49

  newSsl(const Network::TransportSocketOptionsConstSharedPtr& options,

50

         Upstream::HostDescriptionConstSharedPtr host) override;

51

52

  // Ssl::TlsCertificateSelectorContext

53

2

  const std::vector<Ssl::TlsContext>& getTlsContexts() const override { return tls_contexts_; };

54

55

  int selectTlsContext(SSL*);

56

57

protected:

58

  ClientContextImpl(

59

      Stats::Scope& scope, const Envoy::Ssl::ClientContextConfig& config,

60

      const std::vector<std::reference_wrapper<const Ssl::TlsCertificateConfig>>& tls_certificates,

61

      bool add_selector, Server::Configuration::CommonFactoryContext& factory_context,

62

      absl::Status& creation_status);

63

64

private:

65

  int newSessionKey(SSL_SESSION* session);

66

67

  const std::string server_name_indication_;

68

  const bool auto_host_sni_;

69

  const bool allow_renegotiation_;

70

  const bool enforce_rsa_key_usage_;

71

  const size_t max_session_keys_;

72

  absl::Mutex session_keys_mu_;

73

  std::deque<bssl::UniquePtr<SSL_SESSION>> session_keys_ ABSL_GUARDED_BY(session_keys_mu_);

74

  bool session_keys_single_use_{false};

75

  Ssl::UpstreamTlsCertificateSelectorPtr tls_certificate_selector_;

76

};

77

78

} // namespace Tls

79

} // namespace TransportSockets

80

} // namespace Extensions

81

} // namespace Envoy