Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include "source/common/quic/envoy_quic_proof_source_base.h"
       4             : #include "source/common/quic/quic_server_transport_socket_factory.h"
       5             : #include "source/server/listener_stats.h"
       6             : 
       7             : namespace Envoy {
       8             : namespace Quic {
       9             : 
      10             : // A ProofSource implementation which supplies a proof instance with certs from filter chain.
      11             : class EnvoyQuicProofSource : public EnvoyQuicProofSourceBase {
      12             : public:
      13             :   EnvoyQuicProofSource(Network::Socket& listen_socket,
      14             :                        Network::FilterChainManager& filter_chain_manager,
      15             :                        Server::ListenerStats& listener_stats, TimeSource& time_source)
      16             :       : listen_socket_(listen_socket), filter_chain_manager_(&filter_chain_manager),
      17           0 :         listener_stats_(listener_stats), time_source_(time_source) {}
      18             : 
      19           0 :   ~EnvoyQuicProofSource() override = default;
      20             : 
      21             :   // quic::ProofSource
      22             :   quiche::QuicheReferenceCountedPointer<quic::ProofSource::Chain>
      23             :   GetCertChain(const quic::QuicSocketAddress& server_address,
      24             :                const quic::QuicSocketAddress& client_address, const std::string& hostname,
      25             :                bool* cert_matched_sni) override;
      26             : 
      27             :   void updateFilterChainManager(Network::FilterChainManager& filter_chain_manager);
      28             : 
      29             : protected:
      30             :   // quic::ProofSource
      31             :   void signPayload(const quic::QuicSocketAddress& server_address,
      32             :                    const quic::QuicSocketAddress& client_address, const std::string& hostname,
      33             :                    uint16_t signature_algorithm, absl::string_view in,
      34             :                    std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
      35             : 
      36             : private:
      37             :   struct CertConfigWithFilterChain {
      38             :     absl::optional<std::reference_wrapper<const Envoy::Ssl::TlsCertificateConfig>> cert_config_;
      39             :     absl::optional<std::reference_wrapper<const Network::FilterChain>> filter_chain_;
      40             :   };
      41             : 
      42             :   CertConfigWithFilterChain
      43             :   getTlsCertConfigAndFilterChain(const quic::QuicSocketAddress& server_address,
      44             :                                  const quic::QuicSocketAddress& client_address,
      45             :                                  const std::string& hostname);
      46             : 
      47             :   Network::Socket& listen_socket_;
      48             :   Network::FilterChainManager* filter_chain_manager_{nullptr};
      49             :   Server::ListenerStats& listener_stats_;
      50             :   TimeSource& time_source_;
      51             : };
      52             : 
      53             : } // namespace Quic
      54             : } // namespace Envoy