/proc/self/cwd/test/integration/ssl_utility.h
Line | Count | Source (jump to first uncovered line) |
1 | | #pragma once |
2 | | |
3 | | #include "envoy/api/api.h" |
4 | | #include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h" |
5 | | #include "envoy/network/address.h" |
6 | | #include "envoy/network/transport_socket.h" |
7 | | #include "envoy/secret/secret_manager.h" |
8 | | #include "envoy/ssl/context_manager.h" |
9 | | |
10 | | #include "source/common/tls/context_impl.h" |
11 | | |
12 | | namespace Envoy { |
13 | | namespace Ssl { |
14 | | |
15 | | struct ClientSslTransportOptions { |
16 | 0 | ClientSslTransportOptions& setAlpn(bool alpn) { |
17 | 0 | alpn_ = alpn; |
18 | 0 | return *this; |
19 | 0 | } |
20 | | |
21 | 0 | ClientSslTransportOptions& setSan(absl::string_view san) { |
22 | 0 | san_ = std::string(san); |
23 | 0 | return *this; |
24 | 0 | } |
25 | | |
26 | 0 | ClientSslTransportOptions& setClientEcdsaCert(bool client_ecdsa_cert) { |
27 | 0 | client_ecdsa_cert_ = client_ecdsa_cert; |
28 | 0 | return *this; |
29 | 0 | } |
30 | | |
31 | 0 | ClientSslTransportOptions& setCipherSuites(const std::vector<std::string>& cipher_suites) { |
32 | 0 | cipher_suites_ = cipher_suites; |
33 | 0 | return *this; |
34 | 0 | } |
35 | | |
36 | 0 | ClientSslTransportOptions& setSigningAlgorithms(const std::vector<std::string>& sigalgs) { |
37 | 0 | sigalgs_ = sigalgs; |
38 | 0 | return *this; |
39 | 0 | } |
40 | | |
41 | 0 | ClientSslTransportOptions& setSni(absl::string_view sni) { |
42 | 0 | sni_ = std::string(sni); |
43 | 0 | return *this; |
44 | 0 | } |
45 | | |
46 | | ClientSslTransportOptions& setTlsVersion( |
47 | 0 | envoy::extensions::transport_sockets::tls::v3::TlsParameters::TlsProtocol tls_version) { |
48 | 0 | tls_version_ = tls_version; |
49 | 0 | return *this; |
50 | 0 | } |
51 | | |
52 | 0 | ClientSslTransportOptions& setUseExpiredSpiffeCer(bool use_expired) { |
53 | 0 | use_expired_spiffe_cert_ = use_expired; |
54 | 0 | return *this; |
55 | 0 | } |
56 | | |
57 | 0 | ClientSslTransportOptions& setClientWithIntermediateCert(bool intermediate_cert) { |
58 | 0 | client_with_intermediate_cert_ = intermediate_cert; |
59 | 0 | return *this; |
60 | 0 | } |
61 | | |
62 | | ClientSslTransportOptions& setCustomCertValidatorConfig( |
63 | 0 | envoy::config::core::v3::TypedExtensionConfig* custom_validator_config) { |
64 | 0 | custom_validator_config_ = custom_validator_config; |
65 | 0 | return *this; |
66 | 0 | } |
67 | | |
68 | | bool alpn_{}; |
69 | | bool client_ecdsa_cert_{false}; |
70 | | std::vector<std::string> cipher_suites_{}; |
71 | | std::string san_; |
72 | | std::vector<std::string> sigalgs_; |
73 | | std::string sni_; |
74 | | envoy::extensions::transport_sockets::tls::v3::TlsParameters::TlsProtocol tls_version_{ |
75 | | envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLS_AUTO}; |
76 | | bool use_expired_spiffe_cert_{false}; |
77 | | bool client_with_intermediate_cert_{false}; |
78 | | // It is owned by the caller that invokes `setCustomCertValidatorConfig()`. |
79 | | envoy::config::core::v3::TypedExtensionConfig* custom_validator_config_{nullptr}; |
80 | | }; |
81 | | |
82 | | void initializeUpstreamTlsContextConfig( |
83 | | const ClientSslTransportOptions& options, |
84 | | envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext& tls_context, |
85 | | // By default, clients connect to Envoy. Allow configuring to connect to upstreams. |
86 | | bool connect_to_upstream = false); |
87 | | |
88 | | Network::UpstreamTransportSocketFactoryPtr |
89 | | createClientSslTransportSocketFactory(const ClientSslTransportOptions& options, |
90 | | ContextManager& context_manager, Api::Api& api); |
91 | | |
92 | | Network::DownstreamTransportSocketFactoryPtr |
93 | | createUpstreamSslContext(ContextManager& context_manager, Api::Api& api, bool use_http3 = false); |
94 | | |
95 | | Network::DownstreamTransportSocketFactoryPtr |
96 | | createFakeUpstreamSslContext(const std::string& upstream_cert_name, ContextManager& context_manager, |
97 | | Server::Configuration::TransportSocketFactoryContext& factory_context); |
98 | | |
99 | | Network::Address::InstanceConstSharedPtr getSslAddress(const Network::Address::IpVersion& version, |
100 | | int port); |
101 | | |
102 | | } // namespace Ssl |
103 | | |
104 | | namespace Extensions { |
105 | | namespace TransportSockets { |
106 | | namespace Tls { |
107 | | |
108 | | class ContextImplPeer { |
109 | | public: |
110 | | static const Extensions::TransportSockets::Tls::CertValidator& |
111 | 0 | getCertValidator(const Extensions::TransportSockets::Tls::ContextImpl& context) { |
112 | 0 | return *context.cert_validator_; |
113 | 0 | } |
114 | | |
115 | | static Extensions::TransportSockets::Tls::CertValidator& |
116 | 0 | getMutableCertValidator(const Extensions::TransportSockets::Tls::ContextImpl& context) { |
117 | 0 | return *context.cert_validator_; |
118 | 0 | } |
119 | | }; |
120 | | |
121 | | } // namespace Tls |
122 | | } // namespace TransportSockets |
123 | | } // namespace Extensions |
124 | | |
125 | | } // namespace Envoy |