Line data    Source code

       1             : #pragma once
       2             : 
       3             : #include "source/common/common/empty_string.h"
       4             : #include "source/extensions/transport_sockets/tls/connection_info_impl_base.h"
       5             : 
       6             : #include "quiche/quic/core/quic_session.h"
       7             : 
       8             : namespace Envoy {
       9             : namespace Quic {
      10             : 
      11             : // A wrapper of a QUIC session to be passed around as an indicator of ssl support and to provide
      12             : // access to the SSL object in QUIC crypto stream.
      13             : class QuicSslConnectionInfo : public Extensions::TransportSockets::Tls::ConnectionInfoImplBase {
      14             : public:
      15         515 :   QuicSslConnectionInfo(quic::QuicSession& session) : session_(session) {}
      16             : 
      17             :   // Ssl::ConnectionInfo
      18           0 :   bool peerCertificateValidated() const override { return cert_validated_; };
      19             :   // Extensions::TransportSockets::Tls::ConnectionInfoImplBase
      20           0 :   SSL* ssl() const override {
      21           0 :     ASSERT(session_.GetCryptoStream() != nullptr);
      22           0 :     ASSERT(session_.GetCryptoStream()->GetSsl() != nullptr);
      23           0 :     return session_.GetCryptoStream()->GetSsl();
      24           0 :   }
      25             : 
      26             :   // Extensions::TransportSockets::Tls::ConnectionInfoImplBase
      27             :   // TODO(#23809) populate those field once we support mutual TLS.
      28           0 :   bool peerCertificatePresented() const override { return false; }
      29           0 :   const std::string& sha256PeerCertificateDigest() const override { return EMPTY_STRING; }
      30           0 :   const std::string& sha1PeerCertificateDigest() const override { return EMPTY_STRING; }
      31           0 :   absl::Span<const std::string> uriSanPeerCertificate() const override { return {}; }
      32           0 :   const std::string& serialNumberPeerCertificate() const override { return EMPTY_STRING; }
      33           0 :   const std::string& issuerPeerCertificate() const override { return EMPTY_STRING; }
      34           0 :   const std::string& subjectPeerCertificate() const override { return EMPTY_STRING; }
      35           0 :   const std::string& urlEncodedPemEncodedPeerCertificate() const override { return EMPTY_STRING; }
      36           0 :   const std::string& urlEncodedPemEncodedPeerCertificateChain() const override {
      37           0 :     return EMPTY_STRING;
      38           0 :   }
      39           0 :   absl::Span<const std::string> dnsSansPeerCertificate() const override { return {}; }
      40           0 :   absl::optional<SystemTime> validFromPeerCertificate() const override { return absl::nullopt; }
      41           0 :   absl::optional<SystemTime> expirationPeerCertificate() const override { return absl::nullopt; }
      42             :   // QUIC SSL object doesn't cache local certs after the handshake.
      43             :   // TODO(danzh) cache these fields during cert chain retrieval.
      44           0 :   const std::string& subjectLocalCertificate() const override { return EMPTY_STRING; }
      45           0 :   absl::Span<const std::string> uriSanLocalCertificate() const override { return {}; }
      46           0 :   absl::Span<const std::string> dnsSansLocalCertificate() const override { return {}; }
      47             : 
      48           0 :   void onCertValidated() { cert_validated_ = true; };
      49             : 
      50             : private:
      51             :   quic::QuicSession& session_;
      52             :   bool cert_validated_{false};
      53             : };
      54             : 
      55             : } // namespace Quic
      56             : } // namespace Envoy