Grcov report - server_context_config

1

#pragma once

2

3

#include <string>

4

#include <vector>

5

6

#include "source/common/tls/context_config_impl.h"

7

8

namespace Envoy {

9

namespace Extensions {

10

namespace TransportSockets {

11

namespace Tls {

12

13

class ServerContextConfigImpl : public ContextConfigImpl, public Envoy::Ssl::ServerContextConfig {

14

public:

15

  static absl::StatusOr<std::unique_ptr<ServerContextConfigImpl>>

16

  create(const envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext& config,

17

         Server::Configuration::TransportSocketFactoryContext& secret_provider_context,

18

         const std::vector<std::string>& server_names, bool for_quic);

19

20

  // Ssl::ServerContextConfig

21

5691

  bool requireClientCertificate() const override { return require_client_certificate_; }

22

6958

  OcspStaplePolicy ocspStaplePolicy() const override { return ocsp_staple_policy_; }

23

3508

  const std::vector<SessionTicketKey>& sessionTicketKeys() const override {

24

3508

    return session_ticket_keys_;

25

3508

26

3566

  absl::optional<std::chrono::seconds> sessionTimeout() const override { return session_timeout_; }

27

28

3533

  bool isReady() const override {

29

3533

    const bool parent_is_ready = ContextConfigImpl::isReady();

30

3533

    const bool session_ticket_keys_are_ready =

31

3533

        (session_ticket_keys_provider_ == nullptr || !session_ticket_keys_.empty());

32

3533

    return parent_is_ready && session_ticket_keys_are_ready;

33

3533

34

35

  void setSecretUpdateCallback(std::function<absl::Status()> callback) override;

36

3582

  bool disableStatelessSessionResumption() const override {

37

3582

    return disable_stateless_session_resumption_;

38

3582

39

3578

  bool disableStatefulSessionResumption() const override {

40

3578

    return disable_stateful_session_resumption_;

41

3578

42

43

3451

  bool fullScanCertsOnSNIMismatch() const override { return full_scan_certs_on_sni_mismatch_; }

44

3566

  bool preferClientCiphers() const override { return prefer_client_ciphers_; }

45

3474

  const std::vector<std::string>& serverNames() const override { return server_names_; }

46

47

  Ssl::TlsCertificateSelectorFactory& tlsCertificateSelectorFactory() const override;

48

49

private:

50

  ServerContextConfigImpl(

51

      const envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext& config,

52

      Server::Configuration::TransportSocketFactoryContext& secret_provider_context,

53

      absl::Status& creation_status, const std::vector<std::string>& server_names, bool for_quic);

54

55

  static const unsigned DEFAULT_MIN_VERSION;

56

  static const unsigned DEFAULT_MAX_VERSION;

57

  static const std::string DEFAULT_CIPHER_SUITES;

58

  static const std::string DEFAULT_CIPHER_SUITES_FIPS;

59

  static const std::string DEFAULT_CURVES;

60

  static const std::string DEFAULT_CURVES_FIPS;

61

62

  const std::vector<std::string> server_names_;

63

  const bool require_client_certificate_;

64

  const OcspStaplePolicy ocsp_staple_policy_;

65

  std::vector<SessionTicketKey> session_ticket_keys_;

66

  const Secret::TlsSessionTicketKeysConfigProviderSharedPtr session_ticket_keys_provider_;

67

  Envoy::Common::CallbackHandlePtr stk_update_callback_handle_;

68

  Envoy::Common::CallbackHandlePtr stk_validation_callback_handle_;

69

70

  absl::StatusOr<std::vector<ServerContextConfig::SessionTicketKey>> getSessionTicketKeys(

71

      const envoy::extensions::transport_sockets::tls::v3::TlsSessionTicketKeys& keys);

72

  absl::StatusOr<ServerContextConfig::SessionTicketKey>

73

  getSessionTicketKey(const std::string& key_data);

74

  static OcspStaplePolicy ocspStaplePolicyFromProto(

75

      const envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext::OcspStaplePolicy&

76

          policy);

77

78

  absl::optional<std::chrono::seconds> session_timeout_;

79

  const bool disable_stateless_session_resumption_;

80

  const bool disable_stateful_session_resumption_;

81

  bool full_scan_certs_on_sni_mismatch_;

82

  const bool prefer_client_ciphers_;

83

  // Certificate selector contains a reference to this context so should be destroyed first.

84

  Ssl::TlsCertificateSelectorFactoryPtr tls_certificate_selector_factory_;

85

};

86

87

} // namespace Tls

88

} // namespace TransportSockets

89

} // namespace Extensions

90

} // namespace Envoy