Skip to content

Commit

Permalink
Add outbound certificate extractors.
Browse files Browse the repository at this point in the history
  • Loading branch information
SolidWallOfCode committed Jul 15, 2022
1 parent f974253 commit c42a8b6
Show file tree
Hide file tree
Showing 4 changed files with 323 additions and 31 deletions.
36 changes: 34 additions & 2 deletions doc/user/ExtractorReference.en.rst
Original file line number Diff line number Diff line change
Expand Up @@ -587,14 +587,14 @@ Session
:result: string
:arg: Entry name.

Extract the value for an entry in the local (server) certificate issuer for an inbound session.
Extract the value for an entry in the local (ATS) certificate issuer for an inbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

.. extractor:: inbound-cert-local-subject-field
:result: string
:arg: Entry name.

Extract the value for an entry in the local (server) certificate subject for an inbound session.
Extract the value for an entry in the local (ATS) certificate subject for an inbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

.. extractor:: inbound-cert-remote-issuer-field
Expand All @@ -615,6 +615,38 @@ Session

If a client certificate wasn't provided or failed validation, this will yield an empty string.

.. extractor:: outbound-cert-local-issuer-field
:result: string
:arg: Entry name.

Extract the value for an entry in the local (ATS) certificate issuer for an outbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

.. extractor:: outbound-cert-local-subject-field
:result: string
:arg: Entry name.

Extract the value for an entry in the local (ATS) certificate subject for an outbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

.. extractor:: outbound-cert-remote-issuer-field
:result: string
:arg: Entry name.

Extract the value for an entry in the remote (server) certificate issuer for an outbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

If the destination didn't provide a certificate or failed validation, this will yield an empty string.

.. extractor:: outbound-cert-remote-subject-field
:result: string
:arg: Entry name.

Extract the value for an entry in the remote (server) certificate subject for an outbound session.
This will accept a short or long name as the argument. Note these names are case sensitive.

If the destination didn't provide a certificate or failed validation, this will yield an empty string.

.. extractor:: outbound-txn-count
:result: integer

Expand Down
33 changes: 30 additions & 3 deletions plugin/include/txn_box/ts_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -482,7 +482,7 @@ class HttpSsn
*
* This is more efficient then obtaining the stack and then searching for @a tag.
*/
swoc::TextView proto_contains(swoc::TextView const &tag) const;
swoc::TextView inbound_protocol_contains(swoc::TextView tag) const;

/** Retrieve the protocol stack for @a this session in to @a tags.
*
Expand All @@ -501,11 +501,17 @@ class HttpSsn
/// @return The local address of the session.
sockaddr const *addr_local() const;

/** The SSL context for the session.
/** SSL context for the inbound (UA) connection.
*
* @return An SSL context instance, which is valid iff the session is TLS.
*/
SSLContext ssl_context() const;
SSLContext ssl_inbound_context() const;

/** SSL context for the outbound connection.
*
* @return An SSL context instance, which is valid iff the session is TLS.
*/
SSLContext ssl_outbound_context() const;

protected:
TSHttpSsn _ssn = nullptr; ///< Session handle.
Expand Down Expand Up @@ -725,6 +731,26 @@ class HttpTxn
/// @return The address of the origin server for a transaction.
sockaddr const *outbound_remote_addr() const;

/** Check for a specific tag in the protocol stack.
*
* @param tag Protocol tag.
* @return @c true if @a tag is present in the protocol stack.
*
* This is more efficient then obtaining the stack and then searching for @a tag.
*/
swoc::TextView outbound_protocol_contains(swoc::TextView tag) const;

/** Retrieve the protocol stack for @a this session in to @a tags.
*
* @param tags [out] Protocol tags.
* @return The actual number of protocol tags, or -1 on error.
*
* The number of tags retrieved will be the minimum of the actual number of tags and the
* size of @a tags. The return value will be the number of actual tags. It is the caller's
* responsibility to handle the case where this is larger than @a tags.
*/
int outbound_protocol_stack(swoc::MemSpan<char const *> tags) const;

protected:
using TxnConfigVarTable = std::unordered_map<swoc::TextView, std::unique_ptr<TxnConfigVar>, std::hash<std::string_view>>;

Expand All @@ -747,6 +773,7 @@ class HttpTxn
static void config_integer_record(swoc::Errata &errata, swoc::TextView name, int min, int max);

static void config_string_record(swoc::Errata &errata, swoc::TextView name);

};

/// An SSL context for a session.
Expand Down
Loading

0 comments on commit c42a8b6

Please sign in to comment.