Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include <string>
       4             : 
       5             : #include "envoy/network/filter.h"
       6             : 
       7             : #include "source/common/common/assert.h"
       8             : #include "source/common/common/logger.h"
       9             : 
      10             : #include "absl/strings/str_cat.h"
      11             : #include "openssl/ssl.h"
      12             : #include "quiche/quic/core/crypto/crypto_protocol.h"
      13             : #include "quiche/quic/core/crypto/proof_source.h"
      14             : #include "quiche/quic/core/quic_versions.h"
      15             : #include "quiche/quic/platform/api/quic_socket_address.h"
      16             : 
      17             : namespace Envoy {
      18             : namespace Quic {
      19             : 
      20             : // A ProofSource::Detail implementation which retains filter chain.
      21             : class EnvoyQuicProofSourceDetails : public quic::ProofSource::Details {
      22             : public:
      23             :   explicit EnvoyQuicProofSourceDetails(const Network::FilterChain& filter_chain)
      24           0 :       : filter_chain_(filter_chain) {}
      25             : 
      26           0 :   const Network::FilterChain& filterChain() const { return filter_chain_; }
      27             : 
      28             : private:
      29             :   const Network::FilterChain& filter_chain_;
      30             : };
      31             : 
      32             : // A partial implementation of quic::ProofSource which chooses a cipher suite according to the leaf
      33             : // cert to sign in GetProof().
      34             : class EnvoyQuicProofSourceBase : public quic::ProofSource,
      35             :                                  protected Logger::Loggable<Logger::Id::quic> {
      36             : public:
      37           1 :   ~EnvoyQuicProofSourceBase() override = default;
      38             : 
      39             :   // quic::ProofSource
      40             :   void GetProof(const quic::QuicSocketAddress& server_address,
      41             :                 const quic::QuicSocketAddress& client_address, const std::string& hostname,
      42             :                 const std::string& server_config, quic::QuicTransportVersion /*transport_version*/,
      43             :                 absl::string_view chlo_hash,
      44             :                 std::unique_ptr<quic::ProofSource::Callback> callback) override;
      45             : 
      46           1 :   TicketCrypter* GetTicketCrypter() override { return nullptr; }
      47             : 
      48             :   void ComputeTlsSignature(const quic::QuicSocketAddress& server_address,
      49             :                            const quic::QuicSocketAddress& client_address,
      50             :                            const std::string& hostname, uint16_t signature_algorithm,
      51             :                            absl::string_view in,
      52             :                            std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
      53             :   absl::InlinedVector<uint16_t, 8> SupportedTlsSignatureAlgorithms() const override;
      54             : 
      55             : protected:
      56             :   virtual void signPayload(const quic::QuicSocketAddress& server_address,
      57             :                            const quic::QuicSocketAddress& client_address,
      58             :                            const std::string& hostname, uint16_t signature_algorithm,
      59             :                            absl::string_view in,
      60             :                            std::unique_ptr<quic::ProofSource::SignatureCallback> callback) PURE;
      61             : };
      62             : 
      63             : } // namespace Quic
      64             : } // namespace Envoy