Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include <memory>
       4             : 
       5             : #include "source/common/quic/envoy_quic_proof_verifier_base.h"
       6             : #include "source/common/quic/quic_ssl_connection_info.h"
       7             : #include "source/extensions/transport_sockets/tls/context_impl.h"
       8             : 
       9             : namespace Envoy {
      10             : namespace Quic {
      11             : 
      12             : class CertVerifyResult : public quic::ProofVerifyDetails {
      13             : public:
      14           0 :   explicit CertVerifyResult(bool is_valid) : is_valid_(is_valid) {}
      15             : 
      16           0 :   ProofVerifyDetails* Clone() const override { return new CertVerifyResult(is_valid_); }
      17             : 
      18           0 :   bool isValid() const { return is_valid_; }
      19             : 
      20             : private:
      21             :   bool is_valid_{false};
      22             : };
      23             : 
      24             : using CertVerifyResultPtr = std::unique_ptr<CertVerifyResult>();
      25             : 
      26             : // An interface for the Envoy specific QUIC verify context.
      27             : class EnvoyQuicProofVerifyContext : public quic::ProofVerifyContext {
      28             : public:
      29             :   virtual Event::Dispatcher& dispatcher() const PURE;
      30             :   virtual bool isServer() const PURE;
      31             :   virtual const Network::TransportSocketOptionsConstSharedPtr& transportSocketOptions() const PURE;
      32             :   virtual Extensions::TransportSockets::Tls::CertValidator::ExtraValidationContext
      33             :   extraValidationContext() const PURE;
      34             : };
      35             : 
      36             : using EnvoyQuicProofVerifyContextPtr = std::unique_ptr<EnvoyQuicProofVerifyContext>;
      37             : 
      38             : // A quic::ProofVerifier implementation which verifies cert chain using SSL
      39             : // client context config.
      40             : class EnvoyQuicProofVerifier : public EnvoyQuicProofVerifierBase {
      41             : public:
      42             :   explicit EnvoyQuicProofVerifier(Envoy::Ssl::ClientContextSharedPtr&& context)
      43           0 :       : context_(std::move(context)) {
      44           0 :     ASSERT(context_.get());
      45           0 :   }
      46             : 
      47             :   // EnvoyQuicProofVerifierBase
      48             :   quic::QuicAsyncStatus
      49             :   VerifyCertChain(const std::string& hostname, const uint16_t port,
      50             :                   const std::vector<std::string>& certs, const std::string& ocsp_response,
      51             :                   const std::string& cert_sct, const quic::ProofVerifyContext* context,
      52             :                   std::string* error_details, std::unique_ptr<quic::ProofVerifyDetails>* details,
      53             :                   uint8_t* out_alert,
      54             :                   std::unique_ptr<quic::ProofVerifierCallback> callback) override;
      55             : 
      56             : private:
      57             :   Envoy::Ssl::ClientContextSharedPtr context_;
      58             : };
      59             : 
      60             : } // namespace Quic
      61             : } // namespace Envoy