forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssl_utility.cc
76 lines (66 loc) · 2.81 KB
/
ssl_utility.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#include "test/integration/ssl_utility.h"
#include "common/json/json_loader.h"
#include "common/network/utility.h"
#include "common/ssl/context_config_impl.h"
#include "common/ssl/context_manager_impl.h"
#include "common/ssl/ssl_socket.h"
#include "test/integration/server.h"
#include "test/test_common/environment.h"
#include "test/test_common/network_utility.h"
namespace Envoy {
namespace Ssl {
Network::TransportSocketFactoryPtr
createClientSslTransportSocketFactory(bool alpn, bool san, ContextManager& context_manager,
Secret::SecretManager& secret_manager) {
const std::string json_plain = R"EOF(
{
"ca_cert_file": "{{ test_rundir }}/test/config/integration/certs/cacert.pem",
"cert_chain_file": "{{ test_rundir }}/test/config/integration/certs/clientcert.pem",
"private_key_file": "{{ test_rundir }}/test/config/integration/certs/clientkey.pem"
}
)EOF";
const std::string json_alpn = R"EOF(
{
"ca_cert_file": "{{ test_rundir }}/test/config/integration/certs/cacert.pem",
"cert_chain_file": "{{ test_rundir }}/test/config/integration/certs/clientcert.pem",
"private_key_file": "{{ test_rundir }}/test/config/integration/certs/clientkey.pem",
"alpn_protocols": "h2,http/1.1"
}
)EOF";
const std::string json_san = R"EOF(
{
"ca_cert_file": "{{ test_rundir }}/test/config/integration/certs/cacert.pem",
"cert_chain_file": "{{ test_rundir }}/test/config/integration/certs/clientcert.pem",
"private_key_file": "{{ test_rundir }}/test/config/integration/certs/clientkey.pem",
"verify_subject_alt_name": [ "spiffe://lyft.com/backend-team" ]
}
)EOF";
const std::string json_alpn_san = R"EOF(
{
"ca_cert_file": "{{ test_rundir }}/test/config/integration/certs/cacert.pem",
"cert_chain_file": "{{ test_rundir }}/test/config/integration/certs/clientcert.pem",
"private_key_file": "{{ test_rundir }}/test/config/integration/certs/clientkey.pem",
"alpn_protocols": "h2,http/1.1",
"verify_subject_alt_name": [ "spiffe://lyft.com/backend-team" ]
}
)EOF";
std::string target;
if (alpn) {
target = san ? json_alpn_san : json_alpn;
} else {
target = san ? json_san : json_plain;
}
Json::ObjectSharedPtr loader = TestEnvironment::jsonLoadFromString(target);
ClientContextConfigImpl cfg(*loader, secret_manager);
static auto* client_stats_store = new Stats::TestIsolatedStoreImpl();
return Network::TransportSocketFactoryPtr{
new Ssl::ClientSslSocketFactory(cfg, context_manager, *client_stats_store)};
}
Network::Address::InstanceConstSharedPtr getSslAddress(const Network::Address::IpVersion& version,
int port) {
std::string url =
"tcp://" + Network::Test::getLoopbackAddressUrlString(version) + ":" + std::to_string(port);
return Network::Utility::resolveUrl(url);
}
} // namespace Ssl
} // namespace Envoy