ExportedAuthenticator.h

Go to the documentation of this file.

/*
 *  Copyright (c) 2018-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree.
 */

#pragma once

#include <fizz/protocol/AsyncFizzBase.h>
#include <fizz/protocol/Certificate.h>
#include <fizz/protocol/Exporter.h>
#include <fizz/protocol/Protocol.h>
#include <fizz/record/Extensions.h>
#include <fizz/record/RecordLayer.h>
#include <fizz/record/Types.h>

namespace fizz {

enum class Direction : uint8_t {
  UPSTREAM, // toward the server
  DOWNSTREAM // toward the client
};

class ExportedAuthenticator {
 public:
  static Buf getAuthenticatorRequest(
      Buf certificateRequestContext,
      std::vector<fizz::Extension> extensions);

  static Buf getAuthenticator(
      const fizz::AsyncFizzBase& transport,
      Direction dir,
      const SelfCert& cert,
      Buf authenticatorRequest);

  static Buf makeAuthenticator(
      std::unique_ptr<KeyDerivation>& kderiver,
      std::vector<SignatureScheme> supportedSchemes,
      const SelfCert& cert,
      Buf authenticatorRequest,
      Buf handshakeContext,
      Buf finishedMacKey,
      CertificateVerifyContext context);

  static Buf getAuthenticatorContext(Buf authenticator);

  static folly::Optional<std::vector<CertificateEntry>> validateAuthenticator(
      const fizz::AsyncFizzBase& transport,
      Direction dir,
      Buf authenticatorRequest,
      Buf authenticator);

  static folly::Optional<std::vector<CertificateEntry>> validate(
      std::unique_ptr<KeyDerivation>& kderiver,
      Buf authenticatorRequest,
      Buf authenticator,
      Buf handshakeContext,
      Buf finishedMacKey,
      CertificateVerifyContext context);
};

} // namespace fizz