/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include <ts/ts.h> #include <ts/remap.h> #include <cstring> #include <vector> #include <string> using X509 = struct x509_st; using BIO = struct bio_st; #define PLUGIN_NAME "sslheaders" namespace sslheaders_ns { extern DbgCtl dbg_ctl; } using namespace sslheaders_ns; #define SslHdrDebug(fmt, ...) Dbg(sslheaders_ns::dbg_ctl, "%s: " fmt, __func__, ##__VA_ARGS__) #define SslHdrError(fmt, ...) \ TSError("[" PLUGIN_NAME "] " \ ": %s: " fmt, \ __func__, ##__VA_ARGS__) enum AttachOptions { SSL_HEADERS_ATTACH_CLIENT, SSL_HEADERS_ATTACH_SERVER, SSL_HEADERS_ATTACH_BOTH, }; enum ExpansionScope { SSL_HEADERS_SCOPE_NONE = 0, SSL_HEADERS_SCOPE_CLIENT, // Client certificate SSL_HEADERS_SCOPE_SERVER, // Server certificate SSL_HEADERS_SCOPE_SSL // SSL connection }; enum ExpansionField { SSL_HEADERS_FIELD_NONE = 0, SSL_HEADERS_FIELD_CERTIFICATE, // Attach whole PEM certificate SSL_HEADERS_FIELD_SUBJECT, // Attach certificate subject SSL_HEADERS_FIELD_ISSUER, // Attach certificate issuer SSL_HEADERS_FIELD_SERIAL, // Attach certificate serial number SSL_HEADERS_FIELD_SIGNATURE, // Attach certificate signature SSL_HEADERS_FIELD_NOTBEFORE, // Attach certificate notBefore date SSL_HEADERS_FIELD_NOTAFTER, // Attach certificate notAfter date SSL_HEADERS_FIELD_MAX }; struct SslHdrExpansion { SslHdrExpansion() : name() {} std::string name; // HTTP header name ExpansionScope scope = SSL_HEADERS_SCOPE_NONE; ExpansionField field = SSL_HEADERS_FIELD_NONE; // noncopyable but movable SslHdrExpansion(const SslHdrExpansion &) = delete; SslHdrExpansion &operator=(const SslHdrExpansion &) = delete; SslHdrExpansion(SslHdrExpansion &&) = default; SslHdrExpansion &operator=(SslHdrExpansion &&) = default; }; struct SslHdrInstance { using expansion_list = std::vector<SslHdrExpansion>; SslHdrInstance(); ~SslHdrInstance(); expansion_list expansions; AttachOptions attach = SSL_HEADERS_ATTACH_SERVER; TSCont cont; // noncopyable SslHdrInstance(const SslHdrInstance &) = delete; SslHdrInstance &operator=(const SslHdrInstance &) = delete; }; bool SslHdrParseExpansion(const char *spec, SslHdrExpansion &exp); bool SslHdrExpandX509Field(BIO *bio, X509 *ptr, ExpansionField field);