proxygen: fizz::PeerCertImpl< T > Class Template Reference

#include <Certificate.h>

Inheritance diagram for fizz::PeerCertImpl< T >:

Public Member Functions
	PeerCertImpl (folly::ssl::X509UniquePtr cert)

	~PeerCertImpl () override=default

std::string	getIdentity () const override

void	verify (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned, folly::ByteRange signature) const override

folly::ssl::X509UniquePtr	getX509 () const override

template<>
void	verify (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned, folly::ByteRange signature) const

template<>
void	verify (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned, folly::ByteRange signature) const

template<>
void	verify (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned, folly::ByteRange signature) const

template<>
void	verify (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned, folly::ByteRange signature) const

Public Member Functions inherited from fizz::PeerCert
virtual	~PeerCert ()=default

Public Member Functions inherited from folly::AsyncTransportCertificate
virtual	~AsyncTransportCertificate ()=default

Private Attributes
OpenSSLSignature< T >	signature_

folly::ssl::X509UniquePtr	cert_

Detailed Description

template<KeyType T>
class fizz::PeerCertImpl< T >

Definition at line 176 of file Certificate.h.

Constructor & Destructor Documentation

template<KeyType T>

fizz::PeerCertImpl< T >::PeerCertImpl ( folly::ssl::X509UniquePtr cert )

explicit

Definition at line 147 of file Certificate-inl.h.

References folly::gen::move.

                                                         {
   folly::ssl::EvpPkeyUniquePtr key(X509_get_pubkey(cert.get()));
   if (!key) {
     throw std::runtime_error("could not get key from cert");
   }
   signature_.setKey(std::move(key));
   cert_ = std::move(cert);
 }

template<KeyType T>

fizz::PeerCertImpl< T >::~PeerCertImpl ( )

overridedefault

Member Function Documentation

template<KeyType T>

std::string fizz::PeerCertImpl< T >::getIdentity ( ) const

overridevirtual

Returns the identity this certificate conveys.

An identity is an opaque string that may be used by the application for authentication or authorization purposes. The exact structure and semantics of the identity string are determined by concrete implementations of AsyncTransport.

Implements folly::AsyncTransportCertificate.

Definition at line 157 of file Certificate-inl.h.

References folly::ssl::OpenSSLCertUtils::getCommonName(), and folly::Optional< Value >::value_or().

                                              {
   return folly::ssl::OpenSSLCertUtils::getCommonName(*cert_).value_or("");
 }

template<KeyType T>

folly::ssl::X509UniquePtr fizz::PeerCertImpl< T >::getX509 ( ) const

overridevirtual

Returns an X509 structure associated with this Certificate. This may be null.

Implements folly::AsyncTransportCertificate.

Definition at line 226 of file Certificate-inl.h.

Referenced by fizz::test::TEST().

                                                      {
   X509_up_ref(cert_.get());
   return folly::ssl::X509UniquePtr(cert_.get());
 }

template<>

void fizz::PeerCertImpl< KeyType::P256 >::verify	(	SignatureScheme	scheme,
		CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned,
		folly::ByteRange	signature
	)		const

inlinevirtual

Verifies that signature is a valid signature of toBeSigned. Throws if it's not.

Implements fizz::PeerCert.

Definition at line 162 of file Certificate-inl.h.

                                     {
   auto signData = CertUtils::prepareSignData(context, toBeSigned);
   switch (scheme) {
     case SignatureScheme::ecdsa_secp256r1_sha256:
       return signature_.verify<SignatureScheme::ecdsa_secp256r1_sha256>(
           signData->coalesce(), signature);
     default:
       throw std::runtime_error("Unsupported signature scheme");
   }
 }

template<>

void fizz::PeerCertImpl< KeyType::P384 >::verify	(	SignatureScheme	scheme,
		CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned,
		folly::ByteRange	signature
	)		const

inlinevirtual

Verifies that signature is a valid signature of toBeSigned. Throws if it's not.

Implements fizz::PeerCert.

Definition at line 178 of file Certificate-inl.h.

                                     {
   auto signData = CertUtils::prepareSignData(context, toBeSigned);
   switch (scheme) {
     case SignatureScheme::ecdsa_secp384r1_sha384:
       return signature_.verify<SignatureScheme::ecdsa_secp384r1_sha384>(
           signData->coalesce(), signature);
     default:
       throw std::runtime_error("Unsupported signature scheme");
   }
 }

template<KeyType T>

void fizz::PeerCertImpl< T >::verify	(	SignatureScheme	scheme,
		CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned,
		folly::ByteRange	signature
	)		const

overridevirtual

Verifies that signature is a valid signature of toBeSigned. Throws if it's not.

Implements fizz::PeerCert.

Referenced by fizz::test::TYPED_TEST().

template<>

void fizz::PeerCertImpl< KeyType::P521 >::verify	(	SignatureScheme	scheme,
		CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned,
		folly::ByteRange	signature
	)		const

inlinevirtual

Verifies that signature is a valid signature of toBeSigned. Throws if it's not.

Implements fizz::PeerCert.

Definition at line 194 of file Certificate-inl.h.

                                     {
   auto signData = CertUtils::prepareSignData(context, toBeSigned);
   switch (scheme) {
     case SignatureScheme::ecdsa_secp521r1_sha512:
       return signature_.verify<SignatureScheme::ecdsa_secp521r1_sha512>(
           signData->coalesce(), signature);
     default:
       throw std::runtime_error("Unsupported signature scheme");
   }
 }

template<>

void fizz::PeerCertImpl< KeyType::RSA >::verify	(	SignatureScheme	scheme,
		CertificateVerifyContext	context,
		folly::ByteRange	toBeSigned,
		folly::ByteRange	signature
	)		const

inlinevirtual

Verifies that signature is a valid signature of toBeSigned. Throws if it's not.

Implements fizz::PeerCert.

Definition at line 210 of file Certificate-inl.h.

                                     {
   auto signData = CertUtils::prepareSignData(context, toBeSigned);
   switch (scheme) {
     case SignatureScheme::rsa_pss_sha256:
       return signature_.verify<SignatureScheme::rsa_pss_sha256>(
           signData->coalesce(), signature);
     default:
       throw std::runtime_error("Unsupported signature scheme");
   }
 }

Member Data Documentation

template<KeyType T>

folly::ssl::X509UniquePtr fizz::PeerCertImpl< T >::cert_

private

Definition at line 194 of file Certificate.h.

template<KeyType T>

OpenSSLSignature<T> fizz::PeerCertImpl< T >::signature_

private

Definition at line 193 of file Certificate.h.

The documentation for this class was generated from the following files:

proxygen/fizz/fizz/protocol/Certificate.h
proxygen/fizz/fizz/protocol/Certificate-inl.h

Public Member Functions

Private Attributes

Detailed Description

template<KeyType T> class fizz::PeerCertImpl< T >

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation

template<KeyType T>
class fizz::PeerCertImpl< T >