| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #pragma once |
| |
| #include <ts/ts.h> |
| #include <ts/remap.h> |
| #include <cstring> |
| #include <vector> |
| #include <string> |
| |
| extern "C" { |
| typedef struct x509_st X509; |
| typedef struct bio_st BIO; |
| } |
| |
| #define PLUGIN_NAME "sslheaders" |
| |
| #define SslHdrDebug(fmt, ...) TSDebug(PLUGIN_NAME, "%s: " fmt, __func__, ##__VA_ARGS__) |
| #define SslHdrError(fmt, ...) \ |
| TSError("[" PLUGIN_NAME "] " \ |
| ": %s: " fmt, \ |
| __func__, ##__VA_ARGS__) |
| |
| enum AttachOptions { |
| SSL_HEADERS_ATTACH_CLIENT, |
| SSL_HEADERS_ATTACH_SERVER, |
| SSL_HEADERS_ATTACH_BOTH, |
| }; |
| |
| enum ExpansionScope { |
| SSL_HEADERS_SCOPE_NONE = 0, |
| SSL_HEADERS_SCOPE_CLIENT, // Client certificate |
| SSL_HEADERS_SCOPE_SERVER, // Server certificate |
| SSL_HEADERS_SCOPE_SSL // SSL connection |
| }; |
| |
| enum ExpansionField { |
| SSL_HEADERS_FIELD_NONE = 0, |
| SSL_HEADERS_FIELD_CERTIFICATE, // Attach whole PEM certificate |
| SSL_HEADERS_FIELD_SUBJECT, // Attach certificate subject |
| SSL_HEADERS_FIELD_ISSUER, // Attach certificate issuer |
| SSL_HEADERS_FIELD_SERIAL, // Attach certificate serial number |
| SSL_HEADERS_FIELD_SIGNATURE, // Attach certificate signature |
| SSL_HEADERS_FIELD_NOTBEFORE, // Attach certificate notBefore date |
| SSL_HEADERS_FIELD_NOTAFTER, // Attach certificate notAfter date |
| |
| SSL_HEADERS_FIELD_MAX |
| }; |
| |
| struct SslHdrExpansion { |
| SslHdrExpansion() : name() {} |
| std::string name; // HTTP header name |
| ExpansionScope scope = SSL_HEADERS_SCOPE_NONE; |
| ExpansionField field = SSL_HEADERS_FIELD_NONE; |
| |
| // noncopyable but movable |
| SslHdrExpansion(const SslHdrExpansion &) = delete; |
| SslHdrExpansion &operator=(const SslHdrExpansion &) = delete; |
| SslHdrExpansion(SslHdrExpansion &&) = default; |
| SslHdrExpansion &operator=(SslHdrExpansion &&) = default; |
| }; |
| |
| struct SslHdrInstance { |
| typedef std::vector<SslHdrExpansion> expansion_list; |
| |
| SslHdrInstance(); |
| ~SslHdrInstance(); |
| |
| expansion_list expansions; |
| AttachOptions attach = SSL_HEADERS_ATTACH_SERVER; |
| TSCont cont; |
| |
| // noncopyable |
| SslHdrInstance(const SslHdrInstance &) = delete; |
| SslHdrInstance &operator=(const SslHdrInstance &) = delete; |
| }; |
| |
| bool SslHdrParseExpansion(const char *spec, SslHdrExpansion &exp); |
| bool SslHdrExpandX509Field(BIO *bio, X509 *ptr, ExpansionField field); |
