proxygen
Certificate.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #pragma once
10 
11 #include <fizz/crypto/signature/Signature.h>
12 #include <fizz/protocol/CertificateCompressor.h>
13 #include <fizz/record/Types.h>
14 #include <folly/io/async/AsyncTransportCertificate.h>
15 
16 #include <map>
17 
18 namespace fizz {
19 
20 enum class CertificateVerifyContext { Server, Client, Authenticator };
21 
22 using Cert = folly::AsyncTransportCertificate;
23 
24 class IdentityCert : public Cert {
25  public:
26  explicit IdentityCert(std::string identity);
27  ~IdentityCert() override = default;
28 
29  std::string getIdentity() const override;
30 
31  folly::ssl::X509UniquePtr getX509() const override;
32 
33  private:
34  std::string identity_;
35 };
36 
37 class SelfCert : public Cert {
38  public:
39  virtual ~SelfCert() = default;
40 
45  virtual std::vector<std::string> getAltIdentities() const = 0;
46 
50  virtual std::vector<SignatureScheme> getSigSchemes() const = 0;
51 
52  virtual CertificateMsg getCertMessage(
53  Buf certificateRequestContext = nullptr) const = 0;
54 
55  virtual CompressedCertificate getCompressedCert(
56  CertificateCompressionAlgorithm algo) const = 0;
57 
58  virtual Buf sign(
59  SignatureScheme scheme,
60  CertificateVerifyContext context,
61  folly::ByteRange toBeSigned) const = 0;
62 };
63 
64 class PeerCert : public Cert {
65  public:
66  virtual ~PeerCert() = default;
67 
72  virtual void verify(
73  SignatureScheme scheme,
74  CertificateVerifyContext context,
75  folly::ByteRange toBeSigned,
76  folly::ByteRange signature) const = 0;
77 };
78 
79 class CertUtils {
80  public:
85  static Buf prepareSignData(
86  CertificateVerifyContext context,
87  folly::ByteRange toBeSigned);
88 
89  static CertificateMsg getCertMessage(
90  const std::vector<folly::ssl::X509UniquePtr>& certs,
91  Buf certificateRequestContext);
92 
93  template <KeyType T>
94  static std::vector<SignatureScheme> getSigSchemes();
95 
99  static std::unique_ptr<PeerCert> makePeerCert(Buf certData);
100 
106  static std::unique_ptr<SelfCert> makeSelfCert(
107  std::string certData,
108  std::string keyData,
109  const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = {});
110 
115  static std::unique_ptr<SelfCert> makeSelfCert(
116  std::string certData,
117  std::string encryptedKeyData,
118  std::string password,
119  const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = {});
120 
121  static std::unique_ptr<SelfCert> makeSelfCert(
122  std::vector<folly::ssl::X509UniquePtr> certs,
123  folly::ssl::EvpPkeyUniquePtr key,
124  const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = {});
125 
130  static CompressedCertificate cloneCompressedCert(
131  const CompressedCertificate& src);
132 };
133 
134 template <KeyType T>
135 class SelfCertImpl : public SelfCert {
136  public:
141  SelfCertImpl(
142  folly::ssl::EvpPkeyUniquePtr pkey,
143  std::vector<folly::ssl::X509UniquePtr> certs,
144  const std::vector<std::shared_ptr<fizz::CertificateCompressor>>&
145  compressors = {});
146 
147  ~SelfCertImpl() override = default;
148 
149  std::string getIdentity() const override;
150 
151  std::vector<std::string> getAltIdentities() const override;
152 
153  std::vector<SignatureScheme> getSigSchemes() const override;
154 
155  CertificateMsg getCertMessage(
156  Buf certificateRequestContext = nullptr) const override;
157 
158  CompressedCertificate getCompressedCert(
159  CertificateCompressionAlgorithm algo) const override;
160 
161  Buf sign(
162  SignatureScheme scheme,
163  CertificateVerifyContext context,
164  folly::ByteRange toBeSigned) const override;
165 
166  folly::ssl::X509UniquePtr getX509() const override;
167 
168  private:
169  OpenSSLSignature<T> signature_;
170  std::vector<folly::ssl::X509UniquePtr> certs_;
171  std::map<CertificateCompressionAlgorithm, CompressedCertificate>
172  compressedCerts_;
173 };
174 
175 template <KeyType T>
176 class PeerCertImpl : public PeerCert {
177  public:
178  explicit PeerCertImpl(folly::ssl::X509UniquePtr cert);
179 
180  ~PeerCertImpl() override = default;
181 
182  std::string getIdentity() const override;
183 
184  void verify(
185  SignatureScheme scheme,
186  CertificateVerifyContext context,
187  folly::ByteRange toBeSigned,
188  folly::ByteRange signature) const override;
189 
190  folly::ssl::X509UniquePtr getX509() const override;
191 
192  private:
193  OpenSSLSignature<T> signature_;
194  folly::ssl::X509UniquePtr cert_;
195 };
196 
197 } // namespace fizz
198 
199 #include <fizz/protocol/Certificate-inl.h>
verify
void verify(int extras)
Definition: StlVectorTest.cpp:1475
fizz::SelfCertImpl::certs_
std::vector< folly::ssl::X509UniquePtr > certs_
Definition: Certificate.h:170
fizz::CertificateCompressionAlgorithm
CertificateCompressionAlgorithm
Definition: Types.h:167
folly::ssl::X509UniquePtr
std::unique_ptr< X509, X509Deleter > X509UniquePtr
Definition: OpenSSLPtrTypes.h:44
fizz::SelfCertImpl::signature_
OpenSSLSignature< T > signature_
Definition: Certificate.h:169
fizz::IdentityCert::identity_
std::string identity_
Definition: Certificate.h:34
fizz::PeerCertImpl::cert_
folly::ssl::X509UniquePtr cert_
Definition: Certificate.h:194
context
context
Definition: CMakeCache.txt:563
fizz::SelfCertImpl::compressedCerts_
std::map< CertificateCompressionAlgorithm, CompressedCertificate > compressedCerts_
Definition: Certificate.h:172
fizz::SignatureScheme
SignatureScheme
Definition: Types.h:257
folly::ssl::EvpPkeyUniquePtr
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkeyUniquePtr
Definition: OpenSSLPtrTypes.h:72
fizz
Definition: Actions.h:16
fizz::CertificateVerifyContext
CertificateVerifyContext
Definition: Certificate.h:20
string
const char * string
Definition: Conv.cpp:212
fizz::Buf
std::unique_ptr< folly::IOBuf > Buf
Definition: Types.h:22
fizz::PeerCertImpl::signature_
OpenSSLSignature< T > signature_
Definition: Certificate.h:193