| /** @file |
| |
| A brief file description |
| |
| @section license License |
| |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| /*************************** -*- Mod: C++ -*- ****************************** |
| P_SSLSNI.h |
| Created On : 05/02/2017 |
| |
| Description: |
| SNI based Configuration in ATS |
| ****************************************************************************/ |
| #pragma once |
| |
| #include <vector> |
| #include <strings.h> |
| |
| #include "ProxyConfig.h" |
| #include "P_SNIActionPerformer.h" |
| #include "tscore/MatcherUtils.h" |
| #include "YamlSNIConfig.h" |
| |
| // Properties for the next hop server |
| struct NextHopProperty { |
| std::string name; // name of the server |
| std::string client_cert_file; // full path to client cert file for lookup |
| std::string client_key_file; // full path to client key file for lookup |
| YamlSNIConfig::Policy verifyServerPolicy = YamlSNIConfig::Policy::UNSET; // whether to verify the next hop |
| YamlSNIConfig::Property verifyServerProperties = YamlSNIConfig::Property::UNSET; // what to verify on the next hop |
| bool tls_upstream = false; // whether the upstream connection should be TLS |
| |
| SSL_CTX *ctx = nullptr; // ctx generated off the certificate to present to this server |
| NextHopProperty() {} |
| }; |
| |
| using actionVector = std::vector<std::unique_ptr<ActionItem>>; |
| |
| struct namedElement { |
| public: |
| namedElement() {} |
| |
| void |
| setGlobName(std::string name) |
| { |
| std::string::size_type pos = 0; |
| while ((pos = name.find('.', pos)) != std::string::npos) { |
| name.replace(pos, 1, "\\."); |
| pos += 2; |
| } |
| pos = 0; |
| while ((pos = name.find('*', pos)) != std::string::npos) { |
| name.replace(pos, 1, "(.{0,})"); |
| } |
| Debug("ssl_sni", "Regexed fqdn=%s", name.c_str()); |
| setRegexName(name); |
| } |
| |
| void |
| setRegexName(const std::string ®exName) |
| { |
| const char *err_ptr; |
| int err_offset = 0; |
| if (!regexName.empty()) { |
| match = pcre_compile(regexName.c_str(), PCRE_ANCHORED, &err_ptr, &err_offset, nullptr); |
| } else { |
| match = nullptr; |
| } |
| } |
| |
| pcre *match = nullptr; |
| }; |
| |
| struct actionElement : public namedElement { |
| public: |
| actionVector actions; |
| }; |
| |
| struct NextHopItem : public namedElement { |
| public: |
| NextHopProperty prop; |
| }; |
| |
| typedef std::vector<actionElement> SNIList; |
| typedef std::vector<NextHopItem> NextHopPropertyList; |
| |
| struct SNIConfigParams : public ConfigInfo { |
| char *sni_filename = nullptr; |
| SNIList sni_action_list; |
| NextHopPropertyList next_hop_list; |
| YamlSNIConfig Y_sni; |
| const NextHopProperty *getPropertyConfig(const std::string &servername) const; |
| SNIConfigParams(); |
| ~SNIConfigParams() override; |
| void cleanup(); |
| int Initialize(); |
| void loadSNIConfig(); |
| std::pair<const actionVector *, ActionItem::Context> get(const std::string &servername) const; |
| }; |
| |
| struct SNIConfig { |
| static void startup(); |
| static void reconfigure(); |
| static SNIConfigParams *acquire(); |
| static void release(SNIConfigParams *params); |
| |
| typedef ConfigProcessor::scoped_config<SNIConfig, SNIConfigParams> scoped_config; |
| |
| static bool TestClientAction(const char *servername, const IpEndpoint &ep, int &enforcement_policy); |
| |
| private: |
| static int configid; |
| }; |