LCOV - code coverage report
Current view: top level - envoy/ssl - connection.h (source / functions) Hit Total Coverage
Test: coverage.dat Lines: 1 1 100.0 %
Date: 2024-01-05 06:35:25 Functions: 1 1 100.0 % 

          Line data    Source code
       1             : #pragma once
       2             : 
       3             : #include <memory>
       4             : #include <string>
       5             : 
       6             : #include "envoy/common/pure.h"
       7             : #include "envoy/common/time.h"
       8             : 
       9             : #include "absl/strings/string_view.h"
      10             : #include "absl/types/optional.h"
      11             : #include "absl/types/span.h"
      12             : 
      13             : namespace Envoy {
      14             : namespace Ssl {
      15             : 
      16             : /**
      17             :  * Base connection interface for all SSL connections.
      18             :  */
      19             : class ConnectionInfo {
      20             : public:
      21         717 :   virtual ~ConnectionInfo() = default;
      22             : 
      23             :   /**
      24             :    * @return bool whether the peer certificate is presented.
      25             :    **/
      26             :   virtual bool peerCertificatePresented() const PURE;
      27             : 
      28             :   /**
      29             :    * @return bool whether the peer certificate was validated.
      30             :    **/
      31             :   virtual bool peerCertificateValidated() const PURE;
      32             : 
      33             :   /**
      34             :    * @return absl::Span<const std::string>the URIs in the SAN field of the local certificate.
      35             :    *         Returns {} if there is no local certificate, or no SAN field, or no URI.
      36             :    **/
      37             :   virtual absl::Span<const std::string> uriSanLocalCertificate() const PURE;
      38             : 
      39             :   /**
      40             :    * @return std::string the subject field of the local certificate in RFC 2253 format. Returns ""
      41             :    *         if there is no local certificate, or no subject.
      42             :    **/
      43             :   virtual const std::string& subjectLocalCertificate() const PURE;
      44             : 
      45             :   /**
      46             :    * @return std::string the SHA256 digest of the peer certificate. Returns "" if there is no peer
      47             :    *         certificate which can happen in TLS (non mTLS) connections.
      48             :    */
      49             :   virtual const std::string& sha256PeerCertificateDigest() const PURE;
      50             : 
      51             :   /**
      52             :    * @return std::string the SHA1 digest of the peer certificate. Returns "" if there is no peer
      53             :    *         certificate which can happen in TLS (non mTLS) connections.
      54             :    */
      55             :   virtual const std::string& sha1PeerCertificateDigest() const PURE;
      56             : 
      57             :   /**
      58             :    * @return std::string the serial number field of the peer certificate. Returns "" if
      59             :    *         there is no peer certificate, or no serial number.
      60             :    **/
      61             :   virtual const std::string& serialNumberPeerCertificate() const PURE;
      62             : 
      63             :   /**
      64             :    * @return std::string the issuer field of the peer certificate in RFC 2253 format. Returns "" if
      65             :    *         there is no peer certificate, or no issuer.
      66             :    **/
      67             :   virtual const std::string& issuerPeerCertificate() const PURE;
      68             : 
      69             :   /**
      70             :    * @return std::string the subject field of the peer certificate in RFC 2253 format. Returns "" if
      71             :    *         there is no peer certificate, or no subject.
      72             :    **/
      73             :   virtual const std::string& subjectPeerCertificate() const PURE;
      74             : 
      75             :   /**
      76             :    * @return absl::Span<const std::string> the URIs in the SAN field of the peer certificate.
      77             :    *         Returns {} if there is no peer certificate, or no SAN field, or no URI.
      78             :    **/
      79             :   virtual absl::Span<const std::string> uriSanPeerCertificate() const PURE;
      80             : 
      81             :   /**
      82             :    * @return std::string the URL-encoded PEM-encoded representation of the peer certificate. Returns
      83             :    *         "" if there is no peer certificate or encoding fails.
      84             :    **/
      85             :   virtual const std::string& urlEncodedPemEncodedPeerCertificate() const PURE;
      86             : 
      87             :   /**
      88             :    * @return std::string the URL-encoded PEM-encoded representation of the full peer certificate
      89             :    *         chain including the leaf certificate. Returns "" if there is no peer certificate or
      90             :    *         encoding fails.
      91             :    **/
      92             :   virtual const std::string& urlEncodedPemEncodedPeerCertificateChain() const PURE;
      93             : 
      94             :   /**
      95             :    * @return absl::Span<const std::string> the DNS entries in the SAN field of the peer certificate.
      96             :    *         Returns {} if there is no peer certificate, or no SAN field, or no DNS.
      97             :    **/
      98             :   virtual absl::Span<const std::string> dnsSansPeerCertificate() const PURE;
      99             : 
     100             :   /**
     101             :    * @return absl::Span<const std::string> the DNS entries in the SAN field of the local
     102             :    *certificate. Returns {} if there is no local certificate, or no SAN field, or no DNS.
     103             :    **/
     104             :   virtual absl::Span<const std::string> dnsSansLocalCertificate() const PURE;
     105             : 
     106             :   /**
     107             :    * @return absl::Span<const std::string> the IP entries in the SAN field of the peer certificate.
     108             :    *         Returns {} if there is no peer certificate, or no SAN field, or no IPs.
     109             :    **/
     110             :   virtual absl::Span<const std::string> ipSansPeerCertificate() const PURE;
     111             : 
     112             :   /**
     113             :    * @return absl::Span<const std::string> the IP entries in the SAN field of the local
     114             :    *certificate. Returns {} if there is no local certificate, or no SAN field, or no IPs.
     115             :    **/
     116             :   virtual absl::Span<const std::string> ipSansLocalCertificate() const PURE;
     117             : 
     118             :   /**
     119             :    * @return absl::optional<SystemTime> the time that the peer certificate was issued and should be
     120             :    *         considered valid from. Returns empty absl::optional if there is no peer certificate.
     121             :    **/
     122             :   virtual absl::optional<SystemTime> validFromPeerCertificate() const PURE;
     123             : 
     124             :   /**
     125             :    * @return absl::optional<SystemTime> the time that the peer certificate expires and should not be
     126             :    *         considered valid after. Returns empty absl::optional if there is no peer certificate.
     127             :    **/
     128             :   virtual absl::optional<SystemTime> expirationPeerCertificate() const PURE;
     129             : 
     130             :   /**
     131             :    * @return std::string the hex-encoded TLS session ID as defined in rfc5246.
     132             :    **/
     133             :   virtual const std::string& sessionId() const PURE;
     134             : 
     135             :   /**
     136             :    * @return uint16_t the standard ID for the ciphers used in the established TLS connection.
     137             :    *         Returns 0xffff if there is no current negotiated ciphersuite.
     138             :    **/
     139             :   virtual uint16_t ciphersuiteId() const PURE;
     140             : 
     141             :   /**
     142             :    * @return std::string the OpenSSL name for the set of ciphers used in the established TLS
     143             :    *         connection. Returns "" if there is no current negotiated ciphersuite.
     144             :    **/
     145             :   virtual std::string ciphersuiteString() const PURE;
     146             : 
     147             :   /**
     148             :    * @return std::string the TLS version (e.g., TLSv1.2, TLSv1.3) used in the established TLS
     149             :    *         connection.
     150             :    **/
     151             :   virtual const std::string& tlsVersion() const PURE;
     152             : 
     153             :   /**
     154             :    * @return std::string the protocol negotiated via ALPN.
     155             :    **/
     156             :   virtual const std::string& alpn() const PURE;
     157             : 
     158             :   /**
     159             :    * @return std::string the SNI used to establish the connection.
     160             :    **/
     161             :   virtual const std::string& sni() const PURE;
     162             : };
     163             : 
     164             : using ConnectionInfoConstSharedPtr = std::shared_ptr<const ConnectionInfo>;
     165             : 
     166             : } // namespace Ssl
     167             : } // namespace Envoy

Generated by: LCOV version 1.15