1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include <ts/ts.h>
#include <ts/remap.h>
#include <cstring>
#include <vector>
#include <string>
extern "C" {
typedef struct x509_st X509;
typedef struct bio_st BIO;
}
#define PLUGIN_NAME "sslheaders"
#define SslHdrDebug(fmt, ...) TSDebug(PLUGIN_NAME, "%s: " fmt, __func__, ##__VA_ARGS__)
#define SslHdrError(fmt, ...) \
TSError("[" PLUGIN_NAME "] " \
": %s: " fmt, \
__func__, ##__VA_ARGS__)
enum AttachOptions {
SSL_HEADERS_ATTACH_CLIENT,
SSL_HEADERS_ATTACH_SERVER,
SSL_HEADERS_ATTACH_BOTH,
};
enum ExpansionScope {
SSL_HEADERS_SCOPE_NONE = 0,
SSL_HEADERS_SCOPE_CLIENT, // Client certificate
SSL_HEADERS_SCOPE_SERVER, // Server certificate
SSL_HEADERS_SCOPE_SSL // SSL connection
};
enum ExpansionField {
SSL_HEADERS_FIELD_NONE = 0,
SSL_HEADERS_FIELD_CERTIFICATE, // Attach whole PEM certificate
SSL_HEADERS_FIELD_SUBJECT, // Attach certificate subject
SSL_HEADERS_FIELD_ISSUER, // Attach certificate issuer
SSL_HEADERS_FIELD_SERIAL, // Attach certificate serial number
SSL_HEADERS_FIELD_SIGNATURE, // Attach certificate signature
SSL_HEADERS_FIELD_NOTBEFORE, // Attach certificate notBefore date
SSL_HEADERS_FIELD_NOTAFTER, // Attach certificate notAfter date
SSL_HEADERS_FIELD_MAX
};
struct SslHdrExpansion {
SslHdrExpansion() : name() {}
std::string name; // HTTP header name
ExpansionScope scope = SSL_HEADERS_SCOPE_NONE;
ExpansionField field = SSL_HEADERS_FIELD_NONE;
// noncopyable but movable
SslHdrExpansion(const SslHdrExpansion &) = delete;
SslHdrExpansion &operator=(const SslHdrExpansion &) = delete;
SslHdrExpansion(SslHdrExpansion &&) = default;
SslHdrExpansion &operator=(SslHdrExpansion &&) = default;
};
struct SslHdrInstance {
typedef std::vector<SslHdrExpansion> expansion_list;
SslHdrInstance();
~SslHdrInstance();
expansion_list expansions;
AttachOptions attach = SSL_HEADERS_ATTACH_SERVER;
TSCont cont;
// noncopyable
SslHdrInstance(const SslHdrInstance &) = delete;
SslHdrInstance &operator=(const SslHdrInstance &) = delete;
};
bool SslHdrParseExpansion(const char *spec, SslHdrExpansion &exp);
bool SslHdrExpandX509Field(BIO *bio, X509 *ptr, ExpansionField field);
|
