fizz::SelfCertImpl< T > Class Template Reference

#include <Certificate.h>

Inheritance diagram for fizz::SelfCertImpl< T >:

Public Member Functions
	SelfCertImpl (folly::ssl::EvpPkeyUniquePtr pkey, std::vector< folly::ssl::X509UniquePtr > certs, const std::vector< std::shared_ptr< fizz::CertificateCompressor >> &compressors={})
	~SelfCertImpl () override=default
std::string	getIdentity () const override
std::vector< std::string >	getAltIdentities () const override
std::vector< SignatureScheme >	getSigSchemes () const override
CertificateMsg	getCertMessage (Buf certificateRequestContext=nullptr) const override
CompressedCertificate	getCompressedCert (CertificateCompressionAlgorithm algo) const override
Buf	sign (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const override
folly::ssl::X509UniquePtr	getX509 () const override
template<>
Buf	sign (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const
template<>
Buf	sign (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const
template<>
Buf	sign (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const
template<>
Buf	sign (SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const
Public Member Functions inherited from fizz::SelfCert
virtual	~SelfCert ()=default
Public Member Functions inherited from folly::AsyncTransportCertificate
virtual	~AsyncTransportCertificate ()=default

Private Attributes
OpenSSLSignature< T >	signature_
std::vector< folly::ssl::X509UniquePtr >	certs_
std::map< CertificateCompressionAlgorithm, CompressedCertificate >	compressedCerts_

Detailed Description

template<KeyType T>
class fizz::SelfCertImpl< T >

Definition at line 135 of file Certificate.h.

Constructor & Destructor Documentation

template<KeyType T>

fizz::SelfCertImpl< T >::SelfCertImpl	(	folly::ssl::EvpPkeyUniquePtr	pkey,
		std::vector< folly::ssl::X509UniquePtr >	certs,
		const std::vector< std::shared_ptr< fizz::CertificateCompressor >> &	compressors = {}
	)

Private key is the private key associated with the leaf cert. certs is a list of certs in the chain with the leaf first.

Definition at line 37 of file Certificate-inl.h.

References folly::gen::move.

                     {
  if (certs.size() == 0) {
    throw std::runtime_error("Must supply at least 1 cert");
  }
  if (X509_check_private_key(certs[0].get(), pkey.get()) != 1) {
    throw std::runtime_error("Cert does not match private key");
  }
  // TODO: more strict validation of chaining requirements.
  signature_.setKey(std::move(pkey));
  certs_ = std::move(certs);
  for (const auto& compressor : compressors) {
    compressedCerts_[compressor->getAlgorithm()] =
        compressor->compress(getCertMessage());
  }
}

template<KeyType T>

fizz::SelfCertImpl< T >::~SelfCertImpl ( )

overridedefault

Member Function Documentation

template<KeyType T>

std::vector< std::string > fizz::SelfCertImpl< T >::getAltIdentities ( ) const

overridevirtual

Returns additional identities this certificate can also represent (for example subject alternate names).

Implements fizz::SelfCert.

Definition at line 64 of file Certificate-inl.h.

References folly::ssl::OpenSSLCertUtils::getSubjectAltNames().

Referenced by fizz::test::TEST().

                                                             {
  return folly::ssl::OpenSSLCertUtils::getSubjectAltNames(*certs_.front());
}

template<KeyType T>

CertificateMsg fizz::SelfCertImpl< T >::getCertMessage ( Buf  certificateRequestContext = nullptr ) const

overridevirtual

Implements fizz::SelfCert.

Definition at line 69 of file Certificate-inl.h.

References fizz::CertUtils::getCertMessage(), and folly::gen::move.

Referenced by fizz::test::TEST().

                                         {
  return CertUtils::getCertMessage(
      certs_, std::move(certificateRequestContext));
}

template<KeyType T>

CompressedCertificate fizz::SelfCertImpl< T >::getCompressedCert ( CertificateCompressionAlgorithm  algo ) const

overridevirtual

Implements fizz::SelfCert.

Definition at line 76 of file Certificate-inl.h.

References fizz::CertUtils::cloneCompressedCert().

                                                {
  return CertUtils::cloneCompressedCert(compressedCerts_.at(algo));
}

template<KeyType T>

std::string fizz::SelfCertImpl< T >::getIdentity ( ) const

overridevirtual

Returns the identity this certificate conveys.

An identity is an opaque string that may be used by the application for authentication or authorization purposes. The exact structure and semantics of the identity string are determined by concrete implementations of AsyncTransport.

Implements folly::AsyncTransportCertificate.

Definition at line 58 of file Certificate-inl.h.

References folly::ssl::OpenSSLCertUtils::getCommonName().

Referenced by fizz::test::TEST().

                                             {
  return folly::ssl::OpenSSLCertUtils::getCommonName(*certs_.front())
      .value_or("");
}

template<KeyType T>

std::vector< SignatureScheme > fizz::SelfCertImpl< T >::getSigSchemes ( ) const

overridevirtual

Returns the signature schemes this certificate can be used with.

Implements fizz::SelfCert.

Definition at line 82 of file Certificate-inl.h.

Referenced by fizz::test::TYPED_TEST().

                                                                {
  return CertUtils::getSigSchemes<T>();
}

template<KeyType T>

folly::ssl::X509UniquePtr fizz::SelfCertImpl< T >::getX509 ( ) const

overridevirtual

Returns an X509 structure associated with this Certificate. This may be null.

Implements folly::AsyncTransportCertificate.

Definition at line 232 of file Certificate-inl.h.

                                                     {
  X509_up_ref(certs_.front().get());
  return folly::ssl::X509UniquePtr(certs_.front().get());
}

template<>

Buf fizz::SelfCertImpl< KeyType::P256 >::sign ( SignatureScheme  scheme, CertificateVerifyContext  context, folly::ByteRange  toBeSigned  ) const

inlinevirtual

Implements fizz::SelfCert.

Definition at line 87 of file Certificate-inl.h.

                                     {
  auto signData = CertUtils::prepareSignData(context, toBeSigned);
  switch (scheme) {
    case SignatureScheme::ecdsa_secp256r1_sha256:
      return signature_.sign<SignatureScheme::ecdsa_secp256r1_sha256>(
          signData->coalesce());
    default:
      throw std::runtime_error("Unsupported signature scheme");
  }
}

template<>

Buf fizz::SelfCertImpl< KeyType::P384 >::sign ( SignatureScheme  scheme, CertificateVerifyContext  context, folly::ByteRange  toBeSigned  ) const

inlinevirtual

Implements fizz::SelfCert.

Definition at line 102 of file Certificate-inl.h.

                                     {
  auto signData = CertUtils::prepareSignData(context, toBeSigned);
  switch (scheme) {
    case SignatureScheme::ecdsa_secp384r1_sha384:
      return signature_.sign<SignatureScheme::ecdsa_secp384r1_sha384>(
          signData->coalesce());
    default:
      throw std::runtime_error("Unsupported signature scheme");
  }
}

template<>

Buf fizz::SelfCertImpl< KeyType::P521 >::sign ( SignatureScheme  scheme, CertificateVerifyContext  context, folly::ByteRange  toBeSigned  ) const

inlinevirtual

Implements fizz::SelfCert.

Definition at line 117 of file Certificate-inl.h.

                                     {
  auto signData = CertUtils::prepareSignData(context, toBeSigned);
  switch (scheme) {
    case SignatureScheme::ecdsa_secp521r1_sha512:
      return signature_.sign<SignatureScheme::ecdsa_secp521r1_sha512>(
          signData->coalesce());
    default:
      throw std::runtime_error("Unsupported signature scheme");
  }
}

template<>

Buf fizz::SelfCertImpl< KeyType::RSA >::sign ( SignatureScheme  scheme, CertificateVerifyContext  context, folly::ByteRange  toBeSigned  ) const

inlinevirtual

Implements fizz::SelfCert.

Definition at line 132 of file Certificate-inl.h.

                                     {
  auto signData = CertUtils::prepareSignData(context, toBeSigned);
  switch (scheme) {
    case SignatureScheme::rsa_pss_sha256:
      return signature_.sign<SignatureScheme::rsa_pss_sha256>(
          signData->coalesce());
    default:
      throw std::runtime_error("Unsupported signature scheme");
  }
}

template<KeyType T>

Buf fizz::SelfCertImpl< T >::sign ( SignatureScheme  scheme, CertificateVerifyContext  context, folly::ByteRange  toBeSigned  ) const

overridevirtual

Implements fizz::SelfCert.

Referenced by fizz::test::TYPED_TEST().

Member Data Documentation

template<KeyType T>

std::vector<folly::ssl::X509UniquePtr> fizz::SelfCertImpl< T >::certs_

private

Definition at line 170 of file Certificate.h.

template<KeyType T>

std::map<CertificateCompressionAlgorithm, CompressedCertificate> fizz::SelfCertImpl< T >::compressedCerts_

private

Definition at line 172 of file Certificate.h.

template<KeyType T>

OpenSSLSignature<T> fizz::SelfCertImpl< T >::signature_

private

Definition at line 169 of file Certificate.h.

---

The documentation for this class was generated from the following files:

• proxygen/fizz/fizz/protocol/Certificate.h
• proxygen/fizz/fizz/protocol/Certificate-inl.h