proxygen: proxygen/fizz/fizz/server/FizzServerContext.h Source File

Go to the documentation of this file.
 /*
  *  Copyright (c) 2018-present, Facebook, Inc.
  *  All rights reserved.
  *
  *  This source code is licensed under the BSD-style license found in the
  *  LICENSE file in the root directory of this source tree.
  */
 
 #pragma once
 
 #include <fizz/protocol/Certificate.h>
 #include <fizz/protocol/Factory.h>
 #include <fizz/record/Types.h>
 #include <fizz/server/CertManager.h>
 #include <fizz/server/CookieCipher.h>
 #include <fizz/server/Negotiator.h>
 #include <fizz/server/ReplayCache.h>
 #include <fizz/server/TicketCipher.h>
 
 namespace fizz {
 namespace server {
 
 struct ClockSkewTolerance {
   std::chrono::milliseconds before;
   std::chrono::milliseconds after;
 };
 
 enum class ClientAuthMode { None, Optional, Required };
 
 class FizzServerContext {
  public:
   FizzServerContext() : factory_(std::make_unique<Factory>()) {}
   virtual ~FizzServerContext() = default;
 
   void setSupportedVersions(std::vector<ProtocolVersion> versions) {
     supportedVersions_ = std::move(versions);
   }
   const auto& getSupportedVersions() const {
     return supportedVersions_;
   }
 
   void setSupportedCiphers(std::vector<std::vector<CipherSuite>> ciphers) {
     supportedCiphers_ = std::move(ciphers);
   }
   const auto& getSupportedCiphers() const {
     return supportedCiphers_;
   }
 
   void setSupportedSigSchemes(std::vector<SignatureScheme> schemes) {
     supportedSigSchemes_ = std::move(schemes);
   }
   const auto& getSupportedSigSchemes() const {
     return supportedSigSchemes_;
   }
 
   void setSupportedGroups(std::vector<NamedGroup> groups) {
     supportedGroups_ = std::move(groups);
   }
   const auto& getSupportedGroups() const {
     return supportedGroups_;
   }
 
   void setSupportedPskModes(std::vector<PskKeyExchangeMode> modes) {
     supportedPskModes_ = std::move(modes);
   }
   const auto& getSupportedPskModes() const {
     return supportedPskModes_;
   }
 
   void setClientAuthMode(ClientAuthMode authmode) {
     clientAuthMode_ = authmode;
   }
 
   ClientAuthMode getClientAuthMode() const {
     return clientAuthMode_;
   }
 
   void setVersionFallbackEnabled(bool enabled) {
     versionFallbackEnabled_ = enabled;
   }
   bool getVersionFallbackEnabled() const {
     return versionFallbackEnabled_;
   }
 
   void setSupportedAlpns(std::vector<std::string> protocols) {
     supportedAlpns_ = std::move(protocols);
   }
 
   folly::Optional<std::string> negotiateAlpn(
       const std::vector<std::string>& clientProtocols,
       const folly::Optional<std::string>& zeroRttAlpn) const {
     // If we support the zero rtt protocol we select it.
     if (zeroRttAlpn &&
         std::find(
             supportedAlpns_.begin(), supportedAlpns_.end(), *zeroRttAlpn) !=
             supportedAlpns_.end()) {
       return zeroRttAlpn;
     }
     return negotiate(supportedAlpns_, clientProtocols);
   }
 
   void setTicketCipher(std::shared_ptr<TicketCipher> ticketCipher) {
     ticketCipher_ = std::move(ticketCipher);
   }
   const TicketCipher* getTicketCipher() const {
     return ticketCipher_.get();
   }
 
   void setCookieCipher(std::shared_ptr<CookieCipher> cookieCipher) {
     cookieCipher_ = std::move(cookieCipher);
   }
   const CookieCipher* getCookieCipher() const {
     return cookieCipher_.get();
   }
 
   void setCertManager(std::unique_ptr<CertManager> manager) {
     certManager_ = std::move(manager);
   }
 
   void setClientCertVerifier(
       std::shared_ptr<const CertificateVerifier> verifier) {
     clientCertVerifier_ = std::move(verifier);
   }
 
   const std::shared_ptr<const CertificateVerifier>& getClientCertVerifier()
       const {
     return clientCertVerifier_;
   }
 
   folly::Optional<std::pair<std::shared_ptr<SelfCert>, SignatureScheme>>
   getCert(
       const folly::Optional<std::string>& sni,
       const std::vector<SignatureScheme>& peerSigSchemes) const {
     return certManager_->getCert(sni, supportedSigSchemes_, peerSigSchemes);
   }
 
   std::shared_ptr<SelfCert> getCert(const std::string& identity) const {
     return certManager_->getCert(identity);
   }
 
   void setEarlyDataSettings(
       bool acceptEarlyData,
       ClockSkewTolerance clockSkewTolerance,
       const std::shared_ptr<ReplayCache>& replayCache) {
     acceptEarlyData_ = acceptEarlyData;
     clockSkewTolerance_ = clockSkewTolerance;
     replayCache_ = replayCache;
   }
 
   bool getAcceptEarlyData(ProtocolVersion version) const {
     if (earlyDataFbOnly_ &&
         (version != ProtocolVersion::tls_1_3_20_fb &&
          version != ProtocolVersion::tls_1_3_21_fb &&
          version != ProtocolVersion::tls_1_3_22_fb &&
          version != ProtocolVersion::tls_1_3_23_fb &&
          version != ProtocolVersion::tls_1_3_26_fb)) {
       return false;
     }
     return acceptEarlyData_;
   }
   ClockSkewTolerance getClockSkewTolerance() const {
     return clockSkewTolerance_;
   }
   ReplayCache* getReplayCache() const {
     return replayCache_.get();
   }
 
   void setEarlyDataFbOnly(bool fbOnly) {
     earlyDataFbOnly_ = fbOnly;
   }
 
   void setMaxEarlyDataSize(uint32_t maxEarlyDataSize) {
     maxEarlyDataSize_ = maxEarlyDataSize;
   }
   uint32_t getMaxEarlyDataSize() const {
     return maxEarlyDataSize_;
   }
 
   void setFactory(std::unique_ptr<Factory> factory) {
     factory_ = std::move(factory);
   }
   const Factory* getFactory() const {
     return factory_.get();
   }
 
   void setSendNewSessionTicket(bool sendNewSessionTicket) {
     sendNewSessionTicket_ = sendNewSessionTicket;
   }
   bool getSendNewSessionTicket() const {
     return sendNewSessionTicket_;
   }
 
   void setSupportedCompressionAlgorithms(
       std::vector<CertificateCompressionAlgorithm> algos) {
     supportedCompressionAlgos_ = algos;
   }
   const auto& getSupportedCompressionAlgorithms() const {
     return supportedCompressionAlgos_;
   }
 
  private:
   std::unique_ptr<Factory> factory_;
 
   std::shared_ptr<TicketCipher> ticketCipher_;
   std::shared_ptr<CookieCipher> cookieCipher_;
 
   std::unique_ptr<CertManager> certManager_;
   std::shared_ptr<const CertificateVerifier> clientCertVerifier_;
 
   std::vector<ProtocolVersion> supportedVersions_ = {ProtocolVersion::tls_1_3};
   std::vector<std::vector<CipherSuite>> supportedCiphers_ = {
       {
           CipherSuite::TLS_AES_128_GCM_SHA256,
 #if FOLLY_OPENSSL_IS_110
           CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
 #endif // FOLLY_OPENSSL_IS_110
       },
       {CipherSuite::TLS_AES_256_GCM_SHA384},
   };
   std::vector<SignatureScheme> supportedSigSchemes_ = {
       SignatureScheme::ecdsa_secp256r1_sha256,
       SignatureScheme::rsa_pss_sha256};
   std::vector<NamedGroup> supportedGroups_ = {NamedGroup::x25519,
                                               NamedGroup::secp256r1};
   std::vector<PskKeyExchangeMode> supportedPskModes_ = {
       PskKeyExchangeMode::psk_dhe_ke,
       PskKeyExchangeMode::psk_ke};
   std::vector<std::string> supportedAlpns_;
 
   bool versionFallbackEnabled_{false};
   ClientAuthMode clientAuthMode_{ClientAuthMode::None};
 
   bool acceptEarlyData_{false};
   uint32_t maxEarlyDataSize_{std::numeric_limits<uint32_t>::max()};
   ClockSkewTolerance clockSkewTolerance_;
   std::shared_ptr<ReplayCache> replayCache_;
 
   std::vector<CertificateCompressionAlgorithm> supportedCompressionAlgos_;
 
   bool earlyDataFbOnly_{false};
 
   bool sendNewSessionTicket_{true};
 };
 } // namespace server
 } // namespace fizz