src/ssl/ServerBump.h

   1 /*
   2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SSL_SERVERBUMP_H
  10 #define SQUID_SRC_SSL_SERVERBUMP_H
  11
  12 #include "base/AsyncJob.h"
  13 #include "base/CbcPointer.h"
  14 #include "comm/forward.h"
  15 #include "HttpRequest.h"
  16 #include "ip/Address.h"
  17 #include "security/forward.h"
  18 #include "Store.h"
  19 #include "XactionStep.h"
  20
  21 class ConnStateData;
  22 class store_client;
  23 class ClientHttpRequest;
  24
  25 namespace Ssl
  26 {
  27
  28 using BumpStep = XactionStep;
  29
  30 /**
  31  * Maintains bump-server-first related information.
  32  */
  33 class ServerBump
  34 {
  35     CBDATA_CLASS(ServerBump);
  36
  37 public:
  38     explicit ServerBump(ClientHttpRequest *http, StoreEntry *e = nullptr, Ssl::BumpMode mode = Ssl::bumpServerFirst);
  39     ~ServerBump();
  40     void attachServerSession(const Security::SessionPointer &); ///< Sets the server TLS session object
  41     Security::CertErrors *sslErrors() const; ///< SSL [certificate validation] errors
  42
  43     /// whether there was a successful connection to (and peeking at) the origin server
  44     bool connectedOk() const {return entry && entry->isEmpty();}
  45
  46     /// whether we are currently performing the given processing step
  47     bool at(const BumpStep stp) const { return step == stp; }
  48
  49     /// whether we are currently performing one of the given processing steps
  50     bool at(const BumpStep step1, const BumpStep step2) const { return at(step1) || at(step2); }
  51
  52     /// faked, minimal request; required by Client API
  53     HttpRequest::Pointer request;
  54     StoreEntry *entry; ///< for receiving Squid-generated error messages
  55     /// HTTPS server certificate. Maybe it is different than the one
  56     /// it is stored in serverSession object (error SQUID_X509_V_ERR_CERT_CHANGE)
  57     Security::CertPointer serverCert;
  58     struct {
  59         Ssl::BumpMode step1; ///< The SSL bump mode at step1
  60         Ssl::BumpMode step2; ///< The SSL bump mode at step2
  61         Ssl::BumpMode step3; ///< The SSL bump mode at step3
  62     } act; ///< bumping actions at various bumping steps
  63     Ssl::BumpStep step; ///< The SSL bumping step
  64
  65 private:
  66     Security::SessionPointer serverSession; ///< The TLS session object on server side.
  67     store_client *sc; ///< dummy client to prevent entry trimming
  68 };
  69
  70 } // namespace Ssl
  71
  72 #endif /* SQUID_SRC_SSL_SERVERBUMP_H */
  73