forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathcertificate_validation_context_config_impl.h
62 lines (55 loc) · 2.34 KB
/
certificate_validation_context_config_impl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#pragma once
#include <string>
#include "envoy/api/api.h"
#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h"
#include "envoy/ssl/certificate_validation_context_config.h"
#include "envoy/type/matcher/v3/string.pb.h"
namespace Envoy {
namespace Ssl {
class CertificateValidationContextConfigImpl : public CertificateValidationContextConfig {
public:
CertificateValidationContextConfigImpl(
const envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext& config,
Api::Api& api);
const std::string& caCert() const override { return ca_cert_; }
const std::string& caCertPath() const override { return ca_cert_path_; }
const std::string& certificateRevocationList() const override {
return certificate_revocation_list_;
}
const std::string& certificateRevocationListPath() const final {
return certificate_revocation_list_path_;
}
const std::vector<std::string>& verifySubjectAltNameList() const override {
return verify_subject_alt_name_list_;
}
const std::vector<envoy::type::matcher::v3::StringMatcher>&
subjectAltNameMatchers() const override {
return subject_alt_name_matchers_;
}
const std::vector<std::string>& verifyCertificateHashList() const override {
return verify_certificate_hash_list_;
}
const std::vector<std::string>& verifyCertificateSpkiList() const override {
return verify_certificate_spki_list_;
}
bool allowExpiredCertificate() const override { return allow_expired_certificate_; }
envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext::
TrustChainVerification
trustChainVerification() const override {
return trust_chain_verification_;
}
private:
const std::string ca_cert_;
const std::string ca_cert_path_;
const std::string certificate_revocation_list_;
const std::string certificate_revocation_list_path_;
const std::vector<std::string> verify_subject_alt_name_list_;
const std::vector<envoy::type::matcher::v3::StringMatcher> subject_alt_name_matchers_;
const std::vector<std::string> verify_certificate_hash_list_;
const std::vector<std::string> verify_certificate_spki_list_;
const bool allow_expired_certificate_;
const envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext::
TrustChainVerification trust_chain_verification_;
};
} // namespace Ssl
} // namespace Envoy