tls: removing exceptions from context config (envoyproxy#34779)

Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
alyssawilk · Jun 26, 2024 · 3e8270b · 3e8270b
1 parent 3aafd6d
commit 3e8270b
Show file tree

Hide file tree

Showing 23 changed files with 443 additions and 382 deletions.
diff --git a/contrib/postgres_proxy/filters/network/test/postgres_integration_test.cc b/contrib/postgres_proxy/filters/network/test/postgres_integration_test.cc
@@ -317,7 +317,7 @@ class UpstreamSSLBaseIntegrationTest : public PostgresBaseIntegrationTest {
 
     NiceMock<Server::Configuration::MockTransportSocketFactoryContext> mock_factory_ctx;
     ON_CALL(mock_factory_ctx.server_context_, api()).WillByDefault(testing::ReturnRef(*api_));
-    auto cfg = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
+    auto cfg = *Extensions::TransportSockets::Tls::ServerContextConfigImpl::create(
         downstream_tls_context, mock_factory_ctx);
     static auto* client_stats_store = new Stats::TestIsolatedStoreImpl();
     Network::DownstreamTransportSocketFactoryPtr tls_context =
@@ -536,7 +536,7 @@ class UpstreamAndDownstreamSSLIntegrationTest : public UpstreamSSLBaseIntegratio
 
     NiceMock<Server::Configuration::MockTransportSocketFactoryContext> mock_factory_ctx;
     ON_CALL(mock_factory_ctx.server_context_, api()).WillByDefault(testing::ReturnRef(*api_));
-    auto cfg = std::make_unique<Extensions::TransportSockets::Tls::ClientContextConfigImpl>(
+    auto cfg = *Extensions::TransportSockets::Tls::ClientContextConfigImpl::create(
         upstream_tls_context, mock_factory_ctx);
     static auto* client_stats_store = new Stats::TestIsolatedStoreImpl();
     Network::UpstreamTransportSocketFactoryPtr tls_context =

diff --git a/mobile/test/common/integration/test_server.cc b/mobile/test/common/integration/test_server.cc
@@ -551,8 +551,8 @@ Network::DownstreamTransportSocketFactoryPtr TestServer::createUpstreamTlsContex
   ctx->mutable_trusted_ca()->set_filename(
       TestEnvironment::runfilesPath("test/config/integration/certs/upstreamcacert.pem"));
   tls_context.mutable_common_tls_context()->add_alpn_protocols("h2");
-  auto cfg = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
-      tls_context, factory_context);
+  auto cfg = *Extensions::TransportSockets::Tls::ServerContextConfigImpl::create(tls_context,
+                                                                                 factory_context);
   static auto* upstream_stats_store = new Stats::TestIsolatedStoreImpl();
   return *Extensions::TransportSockets::Tls::ServerSslSocketFactory::create(
       std::move(cfg), context_manager_, *upstream_stats_store->rootScope(),

diff --git a/mobile/test/common/integration/xds_test_server.cc b/mobile/test/common/integration/xds_test_server.cc
@@ -70,8 +70,8 @@ XdsTestServer::XdsTestServer()
       TestEnvironment::runfilesPath("test/config/integration/certs/upstreamcert.pem"));
   tls_cert->mutable_private_key()->set_filename(
       TestEnvironment::runfilesPath("test/config/integration/certs/upstreamkey.pem"));
-  auto cfg = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
-      tls_context, factory_context_);
+  auto cfg = *Extensions::TransportSockets::Tls::ServerContextConfigImpl::create(tls_context,
+                                                                                 factory_context_);
   auto context = *Extensions::TransportSockets::Tls::ServerSslSocketFactory::create(
       std::move(cfg), context_manager_, *stats_store_.rootScope(), std::vector<std::string>{});
   xds_upstream_ = std::make_unique<FakeUpstream>(std::move(context), 0, version_, upstream_config_);

diff --git a/source/common/quic/quic_client_transport_socket_factory.cc b/source/common/quic/quic_client_transport_socket_factory.cc
@@ -32,9 +32,11 @@ QuicClientTransportSocketConfigFactory::createTransportSocketFactory(
   auto quic_transport = MessageUtil::downcastAndValidate<
       const envoy::extensions::transport_sockets::quic::v3::QuicUpstreamTransport&>(
       config, context.messageValidationVisitor());
-  auto client_config = std::make_unique<Extensions::TransportSockets::Tls::ClientContextConfigImpl>(
-      quic_transport.upstream_tls_context(), context);
-  return QuicClientTransportSocketFactory::create(std::move(client_config), context);
+  absl::StatusOr<std::unique_ptr<Extensions::TransportSockets::Tls::ClientContextConfigImpl>>
+      client_config_or_error = Extensions::TransportSockets::Tls::ClientContextConfigImpl::create(
+          quic_transport.upstream_tls_context(), context);
+  RETURN_IF_NOT_OK(client_config_or_error.status());
+  return QuicClientTransportSocketFactory::create(std::move(*client_config_or_error), context);
 }
 
 QuicClientTransportSocketFactory::QuicClientTransportSocketFactory(

diff --git a/source/common/quic/quic_server_transport_socket_factory.cc b/source/common/quic/quic_server_transport_socket_factory.cc
@@ -19,11 +19,14 @@ QuicServerTransportSocketConfigFactory::createTransportSocketFactory(
   auto quic_transport = MessageUtil::downcastAndValidate<
       const envoy::extensions::transport_sockets::quic::v3::QuicDownstreamTransport&>(
       config, context.messageValidationVisitor());
-  auto server_config = std::make_unique<Extensions::TransportSockets::Tls::ServerContextConfigImpl>(
-      quic_transport.downstream_tls_context(), context);
+  absl::StatusOr<std::unique_ptr<Extensions::TransportSockets::Tls::ServerContextConfigImpl>>
+      server_config_or_error = Extensions::TransportSockets::Tls::ServerContextConfigImpl::create(
+          quic_transport.downstream_tls_context(), context);
+  RETURN_IF_NOT_OK(server_config_or_error.status());
+  auto server_config = std::move(server_config_or_error.value());
   // TODO(RyanTheOptimist): support TLS client authentication.
   if (server_config->requireClientCertificate()) {
-    throw EnvoyException("TLS Client Authentication is not supported over QUIC");
+    return absl::InvalidArgumentError("TLS Client Authentication is not supported over QUIC");
   }
 
   auto factory_or_error = QuicServerTransportSocketFactory::create(