9 #include <gmock/gmock.h> 10 #include <gtest/gtest.h> 31 using namespace folly;
44 SignatureScheme::ecdsa_secp256r1_sha256};
62 serverContext_ = std::make_shared<FizzServerContext>();
64 auto pskCache = std::make_shared<BasicPskCache>();
67 auto certManager = std::make_unique<CertManager>();
68 std::vector<std::shared_ptr<CertificateCompressor>> compressors = {
69 std::make_shared<ZlibCertificateCompressor>(9)};
70 std::vector<ssl::X509UniquePtr> rsaCerts;
76 std::vector<ssl::X509UniquePtr> p256Certs;
77 std::vector<ssl::X509UniquePtr> p384Certs;
78 std::vector<ssl::X509UniquePtr> p521Certs;
88 serverContext_->setCertManager(
std::move(certManager));
89 serverContext_->setEarlyDataSettings(
91 {std::chrono::seconds(-60), std::chrono::seconds(60)},
92 std::make_shared<AllowAllReplayReplayCache>());
98 ASSERT_EQ(X509_STORE_add_cert(store.get(), caCert.get()), 1);
99 auto verifier = std::make_shared<const DefaultCertificateVerifier>(
100 VerificationContext::Server,
std::move(store));
101 serverContext_->setClientCertVerifier(verifier);
102 std::vector<folly::ssl::X509UniquePtr> certVec;
104 auto clientSelfCert = std::make_shared<SelfCertImpl<KeyType::RSA>>(
108 auto ticketCipher = std::make_shared<AES128TicketCipher>();
110 ticketCipher->setTicketSecrets({{
range(ticketSeed)}});
111 ticketCipher->setValidity(std::chrono::seconds(60));
112 serverContext_->setTicketCipher(
std::move(ticketCipher));
114 cookieCipher_ = std::make_shared<AES128CookieCipher>();
116 cookieCipher_->setCookieSecrets({{
range(cookieSeed)}});
117 cookieCipher_->setContext(serverContext_.get());
118 serverContext_->setCookieCipher(cookieCipher_);
120 ON_CALL(clientRead_, isBufferMovable_()).WillByDefault(
Return(
true));
121 ON_CALL(serverRead_, isBufferMovable_()).WillByDefault(
Return(
true));
131 client->attachEventBase(&
evb_);
132 server->attachEventBase(&
evb_);
133 client->setPeer(server.get());
134 server->setPeer(client.get());
139 std::move(server), serverContext_, serverExtensions_));
147 client->attachEventBase(&
evb_);
148 server->attachEventBase(&
evb_);
149 client->setPeer(server.get());
150 server->setPeer(client.get());
156 ON_CALL(serverRawRead, isBufferMovable_()).WillByDefault(
Return(
true));
160 server->setReadCB(
nullptr);
161 auto tokenOrRetry = cookieCipher_->getTokenOrRetry(
164 std::move(boost::get<StatelessHelloRetryRequest>(tokenOrRetry));
168 server->setReadCB(&serverRawRead);
170 EXPECT_EQ(server->getReadCallback(),
nullptr);
173 std::move(server), serverContext_, serverExtensions_));
177 resetTransportsAndStartCookieHandshake();
184 server_->accept(&serverCallback_);
195 server_->accept(&serverCallback_);
200 EXPECT_CALL(clientCallback_, _fizzHandshakeSuccess())
201 .WillOnce(
Invoke([
this]() {
202 client_->setReadCB(&clientRead_);
203 if (!client_->isReplaySafe()) {
204 client_->setReplaySafetyCallback(&replayCallback_);
207 ON_CALL(clientCallback_, _fizzHandshakeError(
_))
214 EXPECT_CALL(serverCallback_, _fizzHandshakeSuccess())
215 .WillOnce(
Invoke([
this]() { server_->setReadCB(&serverRead_); }));
216 ON_CALL(serverCallback_, _fizzHandshakeError(
_))
223 expectClientSuccess();
224 expectServerSuccess();
241 EXPECT_CALL(clientCallback_, _fizzHandshakeSuccess());
242 client_->setReadCB(&readCallback_);
262 EXPECT_CALL(clientRead_, readBufferAvailable_(BufMatches(read)));
266 EXPECT_CALL(serverRead_, readBufferAvailable_(BufMatches(read)));
281 expectClientRead(
"serverdata");
282 expectServerRead(
"clientdata");
283 clientWrite(
"clientdata");
284 serverWrite(
"serverdata");
288 const std::shared_ptr<const Cert>&
a,
289 const std::shared_ptr<const Cert>&
b) {
293 return a->getIdentity() == b->getIdentity();
299 client_->getState().earlyDataParams()->version, expected_.version);
300 EXPECT_EQ(client_->getState().earlyDataParams()->cipher, expected_.cipher);
301 EXPECT_EQ(client_->getState().earlyDataParams()->alpn, expected_.alpn);
303 client_->getState().earlyDataParams()->clientCert,
304 expected_.clientCert));
308 EXPECT_EQ(*client_->getState().version(), expected_.version);
309 EXPECT_EQ(*client_->getState().cipher(), expected_.cipher);
310 EXPECT_EQ(client_->getState().sigScheme(), expected_.scheme);
311 EXPECT_EQ(client_->getState().group(), expected_.group);
312 EXPECT_EQ(*server_->getState().pskType(), expected_.pskType);
313 EXPECT_EQ(client_->getState().pskMode(), expected_.pskMode);
314 EXPECT_EQ(client_->getState().keyExchangeType(), expected_.clientKexType);
315 EXPECT_EQ(client_->getState().earlyDataType(), expected_.earlyDataType);
316 EXPECT_EQ(client_->getState().alpn(), expected_.alpn);
318 certsMatch(client_->getState().clientCert(), expected_.clientCert));
320 EXPECT_EQ(*server_->getState().version(), expected_.version);
321 EXPECT_EQ(*server_->getState().cipher(), expected_.cipher);
322 EXPECT_EQ(server_->getState().sigScheme(), expected_.scheme);
323 EXPECT_EQ(server_->getState().group(), expected_.group);
324 EXPECT_EQ(*server_->getState().pskType(), expected_.pskType);
325 EXPECT_EQ(server_->getState().pskMode(), expected_.pskMode);
326 EXPECT_EQ(server_->getState().keyExchangeType(), expected_.serverKexType);
327 EXPECT_EQ(server_->getState().earlyDataType(), expected_.earlyDataType);
328 EXPECT_EQ(server_->getState().alpn(), expected_.alpn);
330 certsMatch(server_->getState().clientCert(), expected_.clientCert));
332 client_->getState().serverCertCompAlgo(), expected_.serverCertCompAlgo);
334 server_->getState().serverCertCompAlgo(), expected_.serverCertCompAlgo);
342 expected_.scheme =
none;
343 expected_.pskType = PskType::Resumption;
344 expected_.pskMode = PskKeyExchangeMode::psk_dhe_ke;
348 serverContext_->setSupportedGroups({NamedGroup::secp256r1});
349 expected_.group = NamedGroup::secp256r1;
355 serverContext_->setSupportedGroups({NamedGroup::x25519});
356 expected_.group = NamedGroup::x25519;
358 expected_.scheme =
none;
359 expected_.pskType = PskType::Resumption;
360 expected_.pskMode = PskKeyExchangeMode::psk_dhe_ke;
392 public ::testing::WithParamInterface<SignatureScheme> {};
402 clientTransport_->setTrickle(
true);
403 serverTransport_->setTrickle(
true);
412 {NamedGroup::x25519, NamedGroup::secp256r1});
413 clientContext_->setDefaultShares({NamedGroup::x25519, NamedGroup::secp256r1});
414 serverContext_->setSupportedGroups({NamedGroup::secp256r1});
415 expected_.group = NamedGroup::secp256r1;
425 {NamedGroup::x25519, NamedGroup::secp384r1});
426 clientContext_->setDefaultShares({NamedGroup::x25519, NamedGroup::secp384r1});
427 serverContext_->setSupportedGroups({NamedGroup::secp384r1});
428 expected_.group = NamedGroup::secp384r1;
438 {NamedGroup::x25519, NamedGroup::secp521r1});
439 clientContext_->setDefaultShares({NamedGroup::x25519, NamedGroup::secp521r1});
440 serverContext_->setSupportedGroups({NamedGroup::secp521r1});
441 expected_.group = NamedGroup::secp521r1;
451 {NamedGroup::secp256r1, NamedGroup::x25519});
452 clientContext_->setDefaultShares({NamedGroup::secp256r1, NamedGroup::x25519});
453 serverContext_->setSupportedGroups(
454 {NamedGroup::x25519, NamedGroup::secp256r1});
455 expected_.group = NamedGroup::x25519;
466 serverContext_->setSupportedGroups({NamedGroup::x25519});
468 expectError(
"alert: handshake_failure",
"no group match");
474 {SignatureScheme::ecdsa_secp256r1_sha256,
475 SignatureScheme::rsa_pss_sha256});
476 serverContext_->setSupportedSigSchemes(
477 {SignatureScheme::rsa_pss_sha256,
478 SignatureScheme::ecdsa_secp256r1_sha256});
479 expected_.scheme = SignatureScheme::rsa_pss_sha256;
489 {SignatureScheme::ecdsa_secp256r1_sha256});
490 serverContext_->setSupportedSigSchemes({SignatureScheme::rsa_pss_sha256});
494 expectError(
"unsupported sig scheme",
"alert: illegal_parameter");
500 expected_.clientKexType = expected_.serverKexType =
501 KeyExchangeType::HelloRetryRequest;
520 expected_.clientKexType = expected_.serverKexType =
521 KeyExchangeType::HelloRetryRequest;
522 setupResumeWithHRR();
531 expected_.clientKexType = expected_.serverKexType =
532 KeyExchangeType::HelloRetryRequest;
536 expected_.clientKexType = expected_.serverKexType = KeyExchangeType::OneRtt;
549 serverContext_->setSupportedGroups({NamedGroup::secp256r1});
550 serverContext_->setSupportedCiphers({{CipherSuite::TLS_AES_256_GCM_SHA384}});
551 expected_.group = NamedGroup::secp256r1;
552 expected_.cipher = CipherSuite::TLS_AES_256_GCM_SHA384;
553 expected_.clientKexType = expected_.serverKexType =
554 KeyExchangeType::HelloRetryRequest;
563 serverContext_->setSupportedPskModes({PskKeyExchangeMode::psk_ke});
566 expected_.group =
none;
567 expected_.pskMode = PskKeyExchangeMode::psk_ke;
568 expected_.clientKexType = expected_.serverKexType = KeyExchangeType::None;
578 #if FOLLY_OPENSSL_IS_110 582 {CipherSuite::TLS_AES_128_GCM_SHA256,
583 CipherSuite::TLS_CHACHA20_POLY1305_SHA256});
584 serverContext_->setSupportedCiphers(
585 {{CipherSuite::TLS_CHACHA20_POLY1305_SHA256},
586 {CipherSuite::TLS_AES_128_GCM_SHA256}});
588 expected_.cipher = CipherSuite::TLS_CHACHA20_POLY1305_SHA256;
595 #endif // FOLLY_OPENSSL_IS_110 600 auto clientEkm = client_->getEkm(
"EXPORTER-Some-Label",
nullptr, 32);
601 auto serverEkm = server_->getEkm(
"EXPORTER-Some-Label",
nullptr, 32);
604 client_->getEarlyEkm(
"EXPORTER-Some-Label",
nullptr, 32), std::exception);
606 server_->getEarlyEkm(
"EXPORTER-Some-Label",
nullptr, 32), std::exception);
615 auto clientEkm = client_->getEarlyEkm(
"EXPORTER-Some-Label",
nullptr, 32);
616 auto serverEkm = server_->getEarlyEkm(
"EXPORTER-Some-Label",
nullptr, 32);
621 auto context = std::make_shared<TokenBindingContext>();
622 auto clientTokBind = std::make_shared<TokenBindingClientExtension>(
context);
623 auto serverTokBind = std::make_shared<TokenBindingServerExtension>(
context);
624 clientExtensions_ = clientTokBind;
625 serverExtensions_ = serverTokBind;
628 EXPECT_TRUE(clientTokBind->getNegotiatedKeyParam().hasValue());
629 EXPECT_TRUE(clientTokBind->getVersion().hasValue());
630 EXPECT_TRUE(serverTokBind->getNegotiatedKeyParam().hasValue());
632 *clientTokBind->getNegotiatedKeyParam(),
633 TokenBindingKeyParameters::ecdsap256);
635 *clientTokBind->getVersion(),
636 TokenBindingProtocolVersion::token_binding_0_14);
638 *serverTokBind->getNegotiatedKeyParam(),
639 TokenBindingKeyParameters::ecdsap256);
644 serverContext_->setClientAuthMode(ClientAuthMode::Required);
645 expected_.clientCert = std::make_shared<PeerCertImpl<KeyType::RSA>>(
655 serverContext_->setSupportedSigSchemes({scheme});
656 expected_.scheme = scheme;
665 serverContext_->setClientAuthMode(ClientAuthMode::Required);
666 expected_.clientCert = std::make_shared<PeerCertImpl<KeyType::RSA>>(
677 serverContext_->setClientAuthMode(ClientAuthMode::Required);
680 "alert: certificate_required",
"certificate requested but none received");
685 serverContext_->setClientAuthMode(ClientAuthMode::Optional);
694 serverContext_->setClientAuthMode(ClientAuthMode::Required);
695 auto badCert =
createCert(
"foo",
false,
nullptr);
696 std::vector<folly::ssl::X509UniquePtr> certVec;
697 certVec.emplace_back(
std::move(badCert.cert));
701 expectServerError(
"alert: bad_certificate",
"client certificate failure");
707 auto decompressor = std::make_shared<ZlibCertificateDecompressor>();
708 auto decompressionMgr = std::make_shared<CertDecompressionManager>();
709 decompressionMgr->setDecompressors(
712 serverContext_->setSupportedCompressionAlgorithms(
713 {CertificateCompressionAlgorithm::zlib});
714 expected_.serverCertCompAlgo = CertificateCompressionAlgorithm::zlib;
724 expected_.pskType = PskType::Resumption;
725 expected_.earlyDataType = EarlyDataType::Accepted;
727 expectClientSuccess();
729 verifyEarlyParameters();
730 clientWrite(
"early");
732 expectReplaySafety();
733 expectServerSuccess();
734 expectServerRead(
"early");
744 serverContext_->setEarlyDataSettings(
false, {},
nullptr);
745 expected_.pskType = PskType::Resumption;
746 expected_.earlyDataType = EarlyDataType::Rejected;
748 expectClientSuccess();
750 verifyEarlyParameters();
751 clientWrite(
"early");
753 expectEarlyDataRejectError();
754 expectServerSuccess();
763 serverContext_->setSupportedGroups({NamedGroup::secp256r1});
764 expected_.pskType = PskType::Resumption;
765 expected_.earlyDataType = EarlyDataType::Rejected;
766 expected_.clientKexType = expected_.serverKexType =
767 KeyExchangeType::HelloRetryRequest;
768 expected_.group = NamedGroup::secp256r1;
770 expectClientSuccess();
772 verifyEarlyParameters();
773 clientWrite(
"early");
775 expectEarlyDataRejectError();
776 expectServerSuccess();
785 serverContext_->setEarlyDataSettings(
false, {},
nullptr);
786 client_->setEarlyDataRejectionPolicy(
787 EarlyDataRejectionPolicy::AutomaticResend);
788 expected_.pskType = PskType::Resumption;
789 expected_.earlyDataType = EarlyDataType::Rejected;
791 expectClientSuccess();
793 verifyEarlyParameters();
794 clientWrite(
"early");
796 expectReplaySafety();
797 expectServerRead(
"early");
798 expectServerSuccess();
807 serverContext_->setSupportedAlpns({
"h2"});
808 expected_.alpn =
"h2";
811 serverContext_->setSupportedAlpns({});
812 client_->setEarlyDataRejectionPolicy(
813 EarlyDataRejectionPolicy::AutomaticResend);
815 expectClientSuccess();
817 verifyEarlyParameters();
818 clientWrite(
"early");
820 expected_.earlyDataType = EarlyDataType::Rejected;
821 expected_.alpn =
none;
823 expectEarlyDataRejectError();
824 expectServerSuccess();
828 expected_.pskType = PskType::NotAttempted;
829 expected_.pskMode =
none;
830 expected_.scheme = SignatureScheme::ecdsa_secp256r1_sha256;
831 expected_.earlyDataType = EarlyDataType::NotAttempted;
844 clientTransport_->setTrickle(
true, [
this]() { clientWrite(
"e"); });
845 expected_.pskType = PskType::Resumption;
846 expected_.earlyDataType = EarlyDataType::Accepted;
848 expectClientSuccess();
850 verifyEarlyParameters();
852 expectReplaySafety();
853 expectServerSuccess();
862 clientTransport_->setTrickle(
true, [
this]() { clientWrite(
"e"); });
863 serverContext_->setClientAuthMode(ClientAuthMode::Required);
864 serverContext_->setTicketCipher(
nullptr);
866 expectClientSuccess();
868 verifyEarlyParameters();
870 expected_.pskType = PskType::Rejected;
871 expected_.pskMode =
none;
872 expected_.earlyDataType = EarlyDataType::Rejected;
873 expected_.scheme = SignatureScheme::ecdsa_secp256r1_sha256;
874 expected_.clientCert = std::make_shared<PeerCertImpl<KeyType::RSA>>(
877 expectEarlyDataRejectError();
878 expectServerSuccess();
894 expected_.clientKexType = expected_.serverKexType =
895 KeyExchangeType::HelloRetryRequest;
908 expected_.pskType = PskType::Resumption;
909 expected_.earlyDataType = EarlyDataType::Accepted;
911 expectClientSuccess();
913 verifyEarlyParameters();
915 expectReplaySafety();
916 expectServerSuccess();
927 serverContext_->setEarlyDataSettings(
false, {},
nullptr);
928 expected_.pskType = PskType::Resumption;
929 expected_.earlyDataType = EarlyDataType::Rejected;
931 expectClientSuccess();
933 verifyEarlyParameters();
934 clientWrite(
"early");
936 expectEarlyDataRejectError();
937 expectServerSuccess();
947 serverContext_->setSupportedGroups({NamedGroup::secp256r1});
948 expected_.pskType = PskType::Resumption;
949 expected_.earlyDataType = EarlyDataType::Rejected;
950 expected_.clientKexType = expected_.serverKexType =
951 KeyExchangeType::HelloRetryRequest;
952 expected_.group = NamedGroup::secp256r1;
954 expectClientSuccess();
956 verifyEarlyParameters();
957 clientWrite(
"early");
959 expectEarlyDataRejectError();
960 expectServerSuccess();
966 expected_.clientKexType = KeyExchangeType::HelloRetryRequest;
969 resetTransportsAndDoCookieHandshake();
976 expected_.clientKexType = KeyExchangeType::HelloRetryRequest;
979 resetTransportsAndDoCookieHandshake();
987 expected_.clientKexType = KeyExchangeType::HelloRetryRequest;
990 resetTransportsAndDoCookieHandshake();
1000 serverContext_->setSupportedCiphers({{CipherSuite::TLS_AES_256_GCM_SHA384}});
1001 expected_.cipher = CipherSuite::TLS_AES_256_GCM_SHA384;
1002 expected_.clientKexType = KeyExchangeType::HelloRetryRequest;
1005 resetTransportsAndDoCookieHandshake();
1011 serverContext_->setSupportedPskModes({PskKeyExchangeMode::psk_ke});
1014 expected_.group =
none;
1015 expected_.pskMode = PskKeyExchangeMode::psk_ke;
1016 expected_.clientKexType = KeyExchangeType::None;
1017 expected_.serverKexType = KeyExchangeType::None;
1020 resetTransportsAndDoCookieHandshake();
1026 expectError(
"decrypt_error",
"could not decrypt cookie");
1027 resetTransportsAndStartCookieHandshake();
1030 cookieCipher_->setCookieSecrets({{
range(cookieSeed)}});
1032 doServerHandshake();
1038 SignatureScheme::rsa_pss_sha256,
1039 SignatureScheme::ecdsa_secp256r1_sha256,
1040 SignatureScheme::ecdsa_secp384r1_sha384,
1041 SignatureScheme::ecdsa_secp521r1_sha512));
folly::fbstring what() const
std::shared_ptr< AES128CookieCipher > cookieCipher_
AsyncFizzServer::UniquePtr server_
fizz::client::test::MockHandshakeCallback clientCallback_
size_t readBuf(Buf &buf, folly::io::Cursor &cursor)
static constexpr StringPiece retry
void write(const T &in, folly::io::Appender &appender)
void resetTransportsAndStartCookieHandshake()
#define EXPECT_THROW(statement, expected_exception)
constexpr folly::StringPiece kP256Key
#define ASSERT_EQ(val1, val2)
folly::Optional< PskKeyExchangeMode > pskMode
void expectError(const std::string &clientStr, const std::string &serverStr)
folly::Optional< CertificateCompressionAlgorithm > serverCertCompAlgo
LocalTransport * clientTransport_
constexpr folly::StringPiece kRSACertificate
#define EXPECT_EQ(val1, val2)
constexpr folly::StringPiece kP384Certificate
void clientWrite(StringPiece write)
constexpr detail::Map< Move > move
void verifyEarlyParameters()
MockReadCallback clientRead_
TEST_P(SigSchemeTest, Schemes)
AsyncFizzClient::UniquePtr client_
LocalTransport * serverTransport_
EvpPkeyUniquePtr getPrivateKey(StringPiece key)
—— Concurrent Priority Queue Implementation ——
folly::Optional< std::string > alpn
std::unique_ptr< AsyncFizzClientT, folly::DelayedDestruction::Destructor > UniquePtr
folly::ssl::X509UniquePtr getCert(folly::StringPiece cert)
folly::test::MockReadCallback readCallback_
std::shared_ptr< FizzClientContext > clientContext_
static bool certsMatch(const std::shared_ptr< const Cert > &a, const std::shared_ptr< const Cert > &b)
AsyncFizzClientT< ClientStateMachine > AsyncFizzClient
ExpectedParameters expected_
void serverWrite(StringPiece write)
constexpr folly::StringPiece kClientAuthClientCert
void expectClientSuccess()
constexpr folly::StringPiece kClientAuthClientKey
void expectEarlyDataRejectError()
PolymorphicMatcher< internal::HasSubstrMatcher< internal::string > > HasSubstr(const internal::string &substring)
PolymorphicAction< internal::InvokeAction< FunctionImpl > > Invoke(FunctionImpl function_impl)
size_t read(T &out, folly::io::Cursor &cursor)
constexpr Iter data() const
std::basic_string< E, T, A > toStdString() const
fizz::server::test::MockHandshakeCallback serverCallback_
std::unique_ptr< X509_STORE, X509StoreDeleter > X509StoreUniquePtr
constexpr Range< Iter > range(Iter first, Iter last)
INSTANTIATE_TEST_CASE_P(SignatureSchemes, SigSchemeTest,::testing::Values(SignatureScheme::rsa_pss_sha256, SignatureScheme::ecdsa_secp256r1_sha256, SignatureScheme::ecdsa_secp384r1_sha384, SignatureScheme::ecdsa_secp521r1_sha512))
void expectServerSuccess()
std::shared_ptr< const Cert > clientCert
void resetTransportsAndDoCookieHandshake()
std::shared_ptr< FizzServerContext > serverContext_
std::shared_ptr< fizz::ClientExtensions > clientExtensions_
MockReplaySafetyCallback replayCallback_
std::shared_ptr< FizzClientContext > clientContext_
Optional< NamedGroup > group
#define EXPECT_TRUE(condition)
std::shared_ptr< fizz::ServerExtensions > serverExtensions_
#define EXPECT_THAT(value, matcher)
#define ON_CALL(obj, call)
void expectServerError(const std::string &clientError, const std::string &serverError)
void expectClientRead(StringPiece read)
std::unique_ptr< LocalTransport, Destructor > UniquePtr
std::unique_ptr< AsyncFizzServerT, folly::DelayedDestruction::Destructor > UniquePtr
CertAndKey createCert(std::string cn, bool ca, CertAndKey *issuer)
constexpr folly::StringPiece kRSAKey
std::shared_ptr< const Cert > clientCert
#define EXPECT_CALL(obj, call)
const internal::AnythingMatcher _
void setupResumeWithHRR()
TEST_F(FileUtilTest, read)
AsyncFizzServerT< ServerStateMachine > AsyncFizzServer
constexpr folly::StringPiece kP521Key
AsyncSocketExceptionType getType() const noexcept
static std::unique_ptr< IOBuf > copyBuffer(const void *buf, std::size_t size, std::size_t headroom=0, std::size_t minTailroom=0)
constexpr folly::StringPiece kP521Certificate
void expectServerRead(StringPiece read)
constexpr folly::StringPiece kP384Key
MockReadCallback serverRead_
constexpr folly::StringPiece kClientAuthCACert
internal::ReturnAction< R > Return(R value)
constexpr folly::StringPiece kP256Certificate
void expectReplaySafety()