Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include <functional>
       4             : 
       5             : #include "envoy/common/time.h"
       6             : #include "envoy/config/typed_config.h"
       7             : #include "envoy/ssl/context.h"
       8             : #include "envoy/ssl/context_config.h"
       9             : #include "envoy/ssl/private_key/private_key.h"
      10             : #include "envoy/stats/scope.h"
      11             : 
      12             : namespace Envoy {
      13             : namespace Ssl {
      14             : 
      15             : /**
      16             :  * Manages all of the SSL contexts in the process
      17             :  */
      18             : class ContextManager {
      19             : public:
      20         352 :   virtual ~ContextManager() = default;
      21             : 
      22             :   /**
      23             :    * Builds a ClientContext from a ClientContextConfig.
      24             :    */
      25             :   virtual ClientContextSharedPtr createSslClientContext(Stats::Scope& scope,
      26             :                                                         const ClientContextConfig& config) PURE;
      27             : 
      28             :   /**
      29             :    * Builds a ServerContext from a ServerContextConfig.
      30             :    */
      31             :   virtual ServerContextSharedPtr
      32             :   createSslServerContext(Stats::Scope& scope, const ServerContextConfig& config,
      33             :                          const std::vector<std::string>& server_names) PURE;
      34             : 
      35             :   /**
      36             :    * @return the number of days until the next certificate being managed will expire, the value is
      37             :    * set when not expired.
      38             :    */
      39             :   virtual absl::optional<uint32_t> daysUntilFirstCertExpires() const PURE;
      40             : 
      41             :   /**
      42             :    * Iterates through the contexts currently attached to a listener.
      43             :    */
      44             :   virtual void iterateContexts(std::function<void(const Context&)> callback) PURE;
      45             : 
      46             :   /**
      47             :    * Access the private key operations manager, which is part of SSL
      48             :    * context manager.
      49             :    */
      50             :   virtual PrivateKeyMethodManager& privateKeyMethodManager() PURE;
      51             : 
      52             :   /**
      53             :    * @return the number of seconds until the next OCSP response being managed will
      54             :    * expire, or `absl::nullopt` if no OCSP responses exist.
      55             :    */
      56             :   virtual absl::optional<uint64_t> secondsUntilFirstOcspResponseExpires() const PURE;
      57             : 
      58             :   /**
      59             :    * Remove an existing ssl context.
      60             :    */
      61             :   virtual void removeContext(const Envoy::Ssl::ContextSharedPtr& old_context) PURE;
      62             : };
      63             : 
      64             : using ContextManagerPtr = std::unique_ptr<ContextManager>;
      65             : 
      66             : class ContextManagerFactory : public Config::UntypedFactory {
      67             : public:
      68           0 :   ~ContextManagerFactory() override = default;
      69             :   virtual ContextManagerPtr createContextManager(TimeSource& time_source) PURE;
      70             : 
      71             :   // There could be only one factory thus the name is static.
      72          13 :   std::string name() const override { return "ssl_context_manager"; }
      73           0 :   std::string category() const override { return "envoy.ssl_context_manager"; }
      74             : };
      75             : 
      76             : } // namespace Ssl
      77             : } // namespace Envoy