forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssl_utility.h
75 lines (60 loc) · 2.33 KB
/
ssl_utility.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#pragma once
#include "envoy/api/api.h"
#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h"
#include "envoy/network/address.h"
#include "envoy/network/transport_socket.h"
#include "envoy/secret/secret_manager.h"
#include "envoy/ssl/context_manager.h"
namespace Envoy {
namespace Ssl {
struct ClientSslTransportOptions {
ClientSslTransportOptions& setAlpn(bool alpn) {
alpn_ = alpn;
return *this;
}
ClientSslTransportOptions& setSan(bool san) {
san_ = san;
return *this;
}
ClientSslTransportOptions& setClientEcdsaCert(bool client_ecdsa_cert) {
client_ecdsa_cert_ = client_ecdsa_cert;
return *this;
}
ClientSslTransportOptions& setCipherSuites(const std::vector<std::string>& cipher_suites) {
cipher_suites_ = cipher_suites;
return *this;
}
ClientSslTransportOptions& setSigningAlgorithmsForTest(const std::string& sigalgs) {
sigalgs_ = sigalgs;
return *this;
}
ClientSslTransportOptions& setTlsVersion(
envoy::extensions::transport_sockets::tls::v3::TlsParameters::TlsProtocol tls_version) {
tls_version_ = tls_version;
return *this;
}
ClientSslTransportOptions& setSni(absl::string_view sni) {
sni_ = std::string(sni);
return *this;
}
bool alpn_{};
bool san_{};
bool client_ecdsa_cert_{};
std::vector<std::string> cipher_suites_{};
std::string sigalgs_;
std::string sni_;
envoy::extensions::transport_sockets::tls::v3::TlsParameters::TlsProtocol tls_version_{
envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLS_AUTO};
};
Network::TransportSocketFactoryPtr
createClientSslTransportSocketFactory(const ClientSslTransportOptions& options,
ContextManager& context_manager, Api::Api& api);
Network::TransportSocketFactoryPtr createUpstreamSslContext(ContextManager& context_manager,
Api::Api& api);
Network::TransportSocketFactoryPtr
createFakeUpstreamSslContext(const std::string& upstream_cert_name, ContextManager& context_manager,
Server::Configuration::TransportSocketFactoryContext& factory_context);
Network::Address::InstanceConstSharedPtr getSslAddress(const Network::Address::IpVersion& version,
int port);
} // namespace Ssl
} // namespace Envoy