proxygen: fizz::CertUtils Class Reference

#include <Certificate.h>

Static Public Member Functions
static Buf	prepareSignData (CertificateVerifyContext context, folly::ByteRange toBeSigned)

static CertificateMsg	getCertMessage (const std::vector< folly::ssl::X509UniquePtr > &certs, Buf certificateRequestContext)

template<KeyType T>
static std::vector< SignatureScheme >	getSigSchemes ()

static std::unique_ptr< PeerCert >	makePeerCert (Buf certData)

static std::unique_ptr< SelfCert >	makeSelfCert (std::string certData, std::string keyData, const std::vector< std::shared_ptr< CertificateCompressor >> &compressors={})

static std::unique_ptr< SelfCert >	makeSelfCert (std::string certData, std::string encryptedKeyData, std::string password, const std::vector< std::shared_ptr< CertificateCompressor >> &compressors={})

static std::unique_ptr< SelfCert >	makeSelfCert (std::vector< folly::ssl::X509UniquePtr > certs, folly::ssl::EvpPkeyUniquePtr key, const std::vector< std::shared_ptr< CertificateCompressor >> &compressors={})

static CompressedCertificate	cloneCompressedCert (const CompressedCertificate &src)

Detailed Description

Definition at line 79 of file Certificate.h.

Member Function Documentation

CompressedCertificate fizz::CertUtils::cloneCompressedCert ( const CompressedCertificate & src )

static

Clones a compressed cert by copying the relevant fields and cloning the underlying data IOBuf.

Definition at line 201 of file Certificate.cpp.

References fizz::CompressedCertificate::algorithm, fizz::CompressedCertificate::compressed_certificate_message, and fizz::CompressedCertificate::uncompressed_length.

Referenced by fizz::SelfCertImpl< T >::getCompressedCert().

                                       {
   CompressedCertificate ret;
   ret.algorithm = src.algorithm;
   ret.compressed_certificate_message =
       src.compressed_certificate_message->clone();
   ret.uncompressed_length = src.uncompressed_length;
   return ret;
 }

CertificateMsg fizz::CertUtils::getCertMessage	(	const std::vector< folly::ssl::X509UniquePtr > &	certs,
		Buf	certificateRequestContext
	)

static

Definition at line 59 of file Certificate.cpp.

References fizz::CertificateEntry::cert_data, fizz::CertificateMsg::certificate_list, fizz::CertificateMsg::certificate_request_context, folly::IOBuf::create(), dataPtr(), and folly::gen::move.

Referenced by fizz::SelfCertImpl< T >::getCertMessage().

                                    {
   // compose the cert entry list
   std::vector<CertificateEntry> entries;
   for (const auto& cert : certs) {
     CertificateEntry entry;
     int len = i2d_X509(cert.get(), nullptr);
     if (len < 0) {
       throw std::runtime_error("Error computing length");
     }
     entry.cert_data = folly::IOBuf::create(len);
     auto dataPtr = entry.cert_data->writableData();
     len = i2d_X509(cert.get(), &dataPtr);
     if (len < 0) {
       throw std::runtime_error("Error converting cert to DER");
     }
     entry.cert_data->append(len);
     // TODO: add any extensions.
     entries.push_back(std::move(entry));
   }
 
   CertificateMsg msg;
   msg.certificate_request_context = std::move(certificateRequestContext);
   msg.certificate_list = std::move(entries);
   return msg;
 }

template<KeyType T>

static std::vector<SignatureScheme> fizz::CertUtils::getSigSchemes ( )

static

std::unique_ptr< PeerCert > fizz::CertUtils::makePeerCert ( Buf certData )

static

Create a PeerCert from the ASN1 encoded certData.

Definition at line 87 of file Certificate.cpp.

References b, folly::test::begin(), makeSelfCert(), folly::gen::move, folly::gen::range(), folly::ssl::OpenSSLCertUtils::readCertsFromBuffer(), and string.

Referenced by fizz::Factory::makePeerCert(), and fizz::server::readClientCertificate().

                                                             {
   if (certData->empty()) {
     throw std::runtime_error("empty peer cert");
   }
 
   auto range = certData->coalesce();
   const unsigned char* begin = range.data();
   folly::ssl::X509UniquePtr cert(d2i_X509(nullptr, &begin, range.size()));
   if (!cert) {
     throw std::runtime_error("could not read cert");
   }
   if (begin != range.data() + range.size()) {
     VLOG(1) << "Did not read to end of certificate";
   }
 
   folly::ssl::EvpPkeyUniquePtr pubKey(X509_get_pubkey(cert.get()));
   if (!pubKey) {
     throw std::runtime_error("couldn't get pubkey from peer cert");
   }
   if (EVP_PKEY_id(pubKey.get()) == EVP_PKEY_RSA) {
     return std::make_unique<PeerCertImpl<KeyType::RSA>>(std::move(cert));
   } else if (EVP_PKEY_id(pubKey.get()) == EVP_PKEY_EC) {
     switch (getCurveName(pubKey.get())) {
       case NID_X9_62_prime256v1:
         return std::make_unique<PeerCertImpl<KeyType::P256>>(std::move(cert));
       case NID_secp384r1:
         return std::make_unique<PeerCertImpl<KeyType::P384>>(std::move(cert));
       case NID_secp521r1:
         return std::make_unique<PeerCertImpl<KeyType::P521>>(std::move(cert));
       default:
         break;
     }
   }
   throw std::runtime_error("unknown peer cert type");
 }

std::unique_ptr< SelfCert > fizz::CertUtils::makeSelfCert	(	std::string	certData,
		std::string	keyData,
		const std::vector< std::shared_ptr< CertificateCompressor >> &	compressors = `{}`
	)

static

Creates a SelfCert using the supplied certificate/key file data and compressors. Throws std::runtime_error on error.

Definition at line 154 of file Certificate.cpp.

References folly::gen::move.

Referenced by fizz::tool::fizzClientCommand(), fizz::tool::fizzServerCommand(), and makePeerCert().

                                                                         {
   return selfCertFromDataInternal(
       std::move(certData), std::move(keyData), nullptr, compressors);
 }

std::unique_ptr< SelfCert > fizz::CertUtils::makeSelfCert	(	std::string	certData,
		std::string	encryptedKeyData,
		std::string	password,
		const std::vector< std::shared_ptr< CertificateCompressor >> &	compressors = `{}`
	)

static

Creates a SelfCert using the supplied certificate, encrypted key data, and password. Throws std::runtime_error on error.

Definition at line 162 of file Certificate.cpp.

References folly::gen::move.

                                                                         {
   return selfCertFromDataInternal(
       std::move(certData), std::move(encryptedKeyData), &password[0], compressors);
 }

std::unique_ptr< SelfCert > fizz::CertUtils::makeSelfCert	(	std::vector< folly::ssl::X509UniquePtr >	certs,
		folly::ssl::EvpPkeyUniquePtr	key,
		const std::vector< std::shared_ptr< CertificateCompressor >> &	compressors = `{}`
	)

static

Definition at line 171 of file Certificate.cpp.

References folly::gen::move.

                                                                         {
   folly::ssl::EvpPkeyUniquePtr pubKey(X509_get_pubkey(certs.front().get()));
   if (!pubKey) {
     throw std::runtime_error("Failed to read public key");
   }
 
   if (EVP_PKEY_id(pubKey.get()) == EVP_PKEY_RSA) {
     return std::make_unique<SelfCertImpl<KeyType::RSA>>(
         std::move(key), std::move(certs), compressors);
   } else if (EVP_PKEY_id(pubKey.get()) == EVP_PKEY_EC) {
     switch (getCurveName(pubKey.get())) {
       case NID_X9_62_prime256v1:
         return std::make_unique<SelfCertImpl<KeyType::P256>>(
             std::move(key), std::move(certs), compressors);
       case NID_secp384r1:
         return std::make_unique<SelfCertImpl<KeyType::P384>>(
             std::move(key), std::move(certs), compressors);
       case NID_secp521r1:
         return std::make_unique<SelfCertImpl<KeyType::P521>>(
             std::move(key), std::move(certs), compressors);
       default:
         break;
     }
   }
   throw std::runtime_error("unknown self cert type");
 }

Buf fizz::CertUtils::prepareSignData	(	CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned
	)

static

Adds the appropriate context data to prepare toBeSigned for a signature scheme's signing function.

Definition at line 23 of file Certificate.cpp.

References fizz::Client, folly::IOBuf::create(), folly::Range< Iter >::data(), fizz::test::label, fizz::Server, folly::Range< Iter >::size(), and uint8_t.

Referenced by fizz::JavaCryptoPeerCert::verify().

                                {
   static constexpr folly::StringPiece kServerLabel =
       "TLS 1.3, server CertificateVerify";
   static constexpr folly::StringPiece kClientLabel =
       "TLS 1.3, client CertificateVerify";
   static constexpr folly::StringPiece kAuthLabel = "Exported Authenticator";
   static constexpr size_t kSigPrefixLen = 64;
   static constexpr uint8_t kSigPrefix = 32;
 
   folly::StringPiece label;
   if (context == CertificateVerifyContext::Server) {
     label = kServerLabel;
   } else if (context == CertificateVerifyContext::Client) {
     label = kClientLabel;
   } else {
     label = kAuthLabel;
   }
 
   size_t sigDataLen = kSigPrefixLen + label.size() + 1 + toBeSigned.size();
   auto buf = folly::IOBuf::create(sigDataLen);
   buf->append(sigDataLen);
 
   // Place bytes in the right order.
   size_t offset = 0;
   memset(buf->writableData(), kSigPrefix, kSigPrefixLen);
   offset += kSigPrefixLen;
   memcpy(buf->writableData() + offset, label.data(), label.size());
   offset += label.size();
   memset(buf->writableData() + offset, 0, 1);
   offset += 1;
   memcpy(buf->writableData() + offset, toBeSigned.data(), toBeSigned.size());
   return buf;
 }

The documentation for this class was generated from the following files:

proxygen/fizz/fizz/protocol/Certificate.h
proxygen/fizz/fizz/protocol/Certificate.cpp

Static Public Member Functions

Detailed Description

Member Function Documentation