proxygen
SecondaryAuthManager.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree. An additional grant
7  * of patent rights can be found in the PATENTS file in the same directory.
8  *
9  */
10 #pragma once
11 
12 #include <proxygen/lib/http/session/SecondaryAuthManagerBase.h>
13 
14 namespace proxygen {
15 
16 class SecondaryAuthManager : public SecondaryAuthManagerBase {
17  public:
18  explicit SecondaryAuthManager(std::unique_ptr<fizz::SelfCert> cert);
19 
20  SecondaryAuthManager() = default;
21 
22  ~SecondaryAuthManager() override;
23 
24  std::pair<uint16_t, std::unique_ptr<folly::IOBuf>> createAuthRequest(
25  std::unique_ptr<folly::IOBuf> certRequestContext,
26  std::vector<fizz::Extension> extensions) override;
27 
28  std::pair<uint16_t, std::unique_ptr<folly::IOBuf>> getAuthenticator(
29  const fizz::AsyncFizzBase& transport,
30  TransportDirection dir,
31  uint16_t requestId,
32  std::unique_ptr<folly::IOBuf> authRequest) override;
33 
34  bool validateAuthenticator(
35  const fizz::AsyncFizzBase& transport,
36  TransportDirection dir,
37  uint16_t certId,
38  std::unique_ptr<folly::IOBuf> authenticator) override;
39 
43  folly::Optional<uint16_t> getCertId(uint16_t requestId);
44 
48  folly::Optional<std::vector<fizz::CertificateEntry>> getPeerCert(
49  uint16_t certId);
50 
51  private:
52  uint16_t requestIdCounter_{0};
53  uint16_t certIdCounter_{0};
54 
61  folly::Optional<std::unique_ptr<folly::IOBuf>> verifyContext(
62  std::unique_ptr<folly::IOBuf> authenticator);
63 
64  // Locally cached authenticator requests, used for authenticator validation
65  // and the CERTIFICATE_NEEDED frame.
66  std::map<uint16_t, std::unique_ptr<folly::IOBuf>> outstandingRequests_;
67 
68  // Secondary certificate possessed by the local endpoint.
69  std::unique_ptr<fizz::SelfCert> cert_;
70 
71  // Caching the Request-ID:Cert-ID mapping which guides the use of
72  // USE_CERTIFICATE frame.
73  std::map<uint16_t, uint16_t> requestCertMap_;
74 
75  // Locally cached certificates which authenticates the secondary identity of
76  // the peer.
77  std::map<uint16_t, std::vector<fizz::CertificateEntry>> receivedCerts_;
78 };
79 
80 } // namespace proxygen
proxygen::SecondaryAuthManager::cert_
std::unique_ptr< fizz::SelfCert > cert_
Definition: SecondaryAuthManager.h:69
proxygen::SecondaryAuthManager::outstandingRequests_
std::map< uint16_t, std::unique_ptr< folly::IOBuf > > outstandingRequests_
Definition: SecondaryAuthManager.h:66
proxygen::SecondaryAuthManager::verifyContext
folly::Optional< std::unique_ptr< folly::IOBuf > > verifyContext(std::unique_ptr< folly::IOBuf > authenticator)
Definition: SecondaryAuthManager.cpp:105
proxygen::SecondaryAuthManager::getPeerCert
folly::Optional< std::vector< fizz::CertificateEntry > > getPeerCert(uint16_t certId)
Definition: SecondaryAuthManager.cpp:132
proxygen::SecondaryAuthManager::receivedCerts_
std::map< uint16_t, std::vector< fizz::CertificateEntry > > receivedCerts_
Definition: SecondaryAuthManager.h:77
proxygen::SecondaryAuthManager::requestCertMap_
std::map< uint16_t, uint16_t > requestCertMap_
Definition: SecondaryAuthManager.h:73
proxygen::SecondaryAuthManager::getCertId
folly::Optional< uint16_t > getCertId(uint16_t requestId)
Definition: SecondaryAuthManager.cpp:122
proxygen::SecondaryAuthManager::validateAuthenticator
bool validateAuthenticator(const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t certId, std::unique_ptr< folly::IOBuf > authenticator) override
Definition: SecondaryAuthManager.cpp:66
proxygen::SecondaryAuthManager::createAuthRequest
std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > createAuthRequest(std::unique_ptr< folly::IOBuf > certRequestContext, std::vector< fizz::Extension > extensions) override
Definition: SecondaryAuthManager.cpp:27
proxygen::SecondaryAuthManager::getAuthenticator
std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > getAuthenticator(const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t requestId, std::unique_ptr< folly::IOBuf > authRequest) override
Definition: SecondaryAuthManager.cpp:48