proxygen: fizz::server::FizzServerContext Class Reference

#include <FizzServerContext.h>

Public Member Functions
	FizzServerContext ()

virtual	~FizzServerContext ()=default

void	setSupportedVersions (std::vector< ProtocolVersion > versions)

const auto &	getSupportedVersions () const

void	setSupportedCiphers (std::vector< std::vector< CipherSuite >> ciphers)

const auto &	getSupportedCiphers () const

void	setSupportedSigSchemes (std::vector< SignatureScheme > schemes)

const auto &	getSupportedSigSchemes () const

void	setSupportedGroups (std::vector< NamedGroup > groups)

const auto &	getSupportedGroups () const

void	setSupportedPskModes (std::vector< PskKeyExchangeMode > modes)

const auto &	getSupportedPskModes () const

void	setClientAuthMode (ClientAuthMode authmode)

ClientAuthMode	getClientAuthMode () const

void	setVersionFallbackEnabled (bool enabled)

bool	getVersionFallbackEnabled () const

void	setSupportedAlpns (std::vector< std::string > protocols)

folly::Optional< std::string >	negotiateAlpn (const std::vector< std::string > &clientProtocols, const folly::Optional< std::string > &zeroRttAlpn) const

void	setTicketCipher (std::shared_ptr< TicketCipher > ticketCipher)

const TicketCipher *	getTicketCipher () const

void	setCookieCipher (std::shared_ptr< CookieCipher > cookieCipher)

const CookieCipher *	getCookieCipher () const

void	setCertManager (std::unique_ptr< CertManager > manager)

void	setClientCertVerifier (std::shared_ptr< const CertificateVerifier > verifier)

const std::shared_ptr< const CertificateVerifier > &	getClientCertVerifier () const

folly::Optional< std::pair< std::shared_ptr< SelfCert >, SignatureScheme > >	getCert (const folly::Optional< std::string > &sni, const std::vector< SignatureScheme > &peerSigSchemes) const

std::shared_ptr< SelfCert >	getCert (const std::string &identity) const

void	setEarlyDataSettings (bool acceptEarlyData, ClockSkewTolerance clockSkewTolerance, const std::shared_ptr< ReplayCache > &replayCache)

bool	getAcceptEarlyData (ProtocolVersion version) const

ClockSkewTolerance	getClockSkewTolerance () const

ReplayCache *	getReplayCache () const

void	setEarlyDataFbOnly (bool fbOnly)

void	setMaxEarlyDataSize (uint32_t maxEarlyDataSize)

uint32_t	getMaxEarlyDataSize () const

void	setFactory (std::unique_ptr< Factory > factory)

const Factory *	getFactory () const

void	setSendNewSessionTicket (bool sendNewSessionTicket)

bool	getSendNewSessionTicket () const

void	setSupportedCompressionAlgorithms (std::vector< CertificateCompressionAlgorithm > algos)

const auto &	getSupportedCompressionAlgorithms () const

Private Attributes
std::unique_ptr< Factory >	factory_

std::shared_ptr< TicketCipher >	ticketCipher_

std::shared_ptr< CookieCipher >	cookieCipher_

std::unique_ptr< CertManager >	certManager_

std::shared_ptr< const CertificateVerifier >	clientCertVerifier_

std::vector< ProtocolVersion >	supportedVersions_ = {ProtocolVersion::tls_1_3}

std::vector< std::vector< CipherSuite > >	supportedCiphers_

std::vector< SignatureScheme >	supportedSigSchemes_

std::vector< NamedGroup >	supportedGroups_

std::vector< PskKeyExchangeMode >	supportedPskModes_

std::vector< std::string >	supportedAlpns_

bool	versionFallbackEnabled_ {false}

ClientAuthMode	clientAuthMode_ {ClientAuthMode::None}

bool	acceptEarlyData_ {false}

uint32_t	maxEarlyDataSize_ {std::numeric_limits<uint32_t>::max()}

ClockSkewTolerance	clockSkewTolerance_

std::shared_ptr< ReplayCache >	replayCache_

std::vector< CertificateCompressionAlgorithm >	supportedCompressionAlgos_

bool	earlyDataFbOnly_ {false}

bool	sendNewSessionTicket_ {true}

Detailed Description

Definition at line 45 of file FizzServerContext.h.

Constructor & Destructor Documentation

fizz::server::FizzServerContext::FizzServerContext ( )

inline

Definition at line 47 of file FizzServerContext.h.

47 : factory_(std::make_unique<Factory>()) {}

fizz::server::FizzServerContext::factory_

std::unique_ptr< Factory > factory_

Definition: FizzServerContext.h:290

virtual fizz::server::FizzServerContext::~FizzServerContext ( )

virtualdefault

Member Function Documentation

bool fizz::server::FizzServerContext::getAcceptEarlyData ( ProtocolVersion version ) const

inline

Definition at line 218 of file FizzServerContext.h.

References fizz::tls_1_3_20_fb, fizz::tls_1_3_21_fb, fizz::tls_1_3_22_fb, fizz::tls_1_3_23_fb, and fizz::tls_1_3_26_fb.

Referenced by fizz::sm::getCertificateRequest(), and fizz::sm::writeNewSessionTicket().

                                                          {
     if (earlyDataFbOnly_ &&
         (version != ProtocolVersion::tls_1_3_20_fb &&
          version != ProtocolVersion::tls_1_3_21_fb &&
          version != ProtocolVersion::tls_1_3_22_fb &&
          version != ProtocolVersion::tls_1_3_23_fb &&
          version != ProtocolVersion::tls_1_3_26_fb)) {
       return false;
     }
     return acceptEarlyData_;
   }

folly::Optional<std::pair<std::shared_ptr<SelfCert>, SignatureScheme> > fizz::server::FizzServerContext::getCert	(	const folly::Optional< std::string > &	sni,
		const std::vector< SignatureScheme > &	peerSigSchemes
	)		const

inline

Chooses a certificate based on given sni and peer signature schemes.

Definition at line 192 of file FizzServerContext.h.

Referenced by fizz::sm::chooseCert(), and fizz::server::TicketCodec< Storage >::decode().

                                                               {
     return certManager_->getCert(sni, supportedSigSchemes_, peerSigSchemes);
   }

std::shared_ptr<SelfCert> fizz::server::FizzServerContext::getCert ( const std::string & identity ) const

inline

Return a certificate that matches identity. Will return nullptr if a matching certificate is not found.

Definition at line 202 of file FizzServerContext.h.

                                                                    {
     return certManager_->getCert(identity);
   }

ClientAuthMode fizz::server::FizzServerContext::getClientAuthMode ( ) const

inline

Definition at line 107 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket(), and fizz::sm::getCertificateRequest().

                                            {
     return clientAuthMode_;
   }

const std::shared_ptr<const CertificateVerifier>& fizz::server::FizzServerContext::getClientCertVerifier ( ) const

inline

Definition at line 183 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket(), and fizz::sm::getCertificateRequest().

             {
     return clientCertVerifier_;
   }

ClockSkewTolerance fizz::server::FizzServerContext::getClockSkewTolerance ( ) const

inline

Definition at line 229 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                                    {
     return clockSkewTolerance_;
   }

const CookieCipher* fizz::server::FizzServerContext::getCookieCipher ( ) const

inline

Definition at line 164 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                               {
     return cookieCipher_.get();
   }

const Factory* fizz::server::FizzServerContext::getFactory ( ) const

inline

Definition at line 258 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket(), and fizz::sm::getCertificateRequest().

                                     {
     return factory_.get();
   }

uint32_t fizz::server::FizzServerContext::getMaxEarlyDataSize ( ) const

inline

Definition at line 248 of file FizzServerContext.h.

Referenced by fizz::sm::writeNewSessionTicket().

                                        {
     return maxEarlyDataSize_;
   }

ReplayCache* fizz::server::FizzServerContext::getReplayCache ( ) const

inline

Definition at line 232 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                       {
     return replayCache_.get();
   }

bool fizz::server::FizzServerContext::getSendNewSessionTicket ( ) const

inline

Definition at line 272 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket().

                                        {
     return sendNewSessionTicket_;
   }

const auto& fizz::server::FizzServerContext::getSupportedCiphers ( ) const

inline

Definition at line 66 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                           {
     return supportedCiphers_;
   }

const auto& fizz::server::FizzServerContext::getSupportedCompressionAlgorithms ( ) const

inline

Definition at line 285 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificate().

                                                         {
     return supportedCompressionAlgos_;
   }

const auto& fizz::server::FizzServerContext::getSupportedGroups ( ) const

inline

Definition at line 86 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                          {
     return supportedGroups_;
   }

const auto& fizz::server::FizzServerContext::getSupportedPskModes ( ) const

inline

Definition at line 96 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                            {
     return supportedPskModes_;
   }

const auto& fizz::server::FizzServerContext::getSupportedSigSchemes ( ) const

inline

Definition at line 76 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket(), fizz::sm::getCertificateRequest(), and fizz::server::AsyncFizzServerT< SM >::getSupportedSigSchemes().

                                              {
     return supportedSigSchemes_;
   }

const auto& fizz::server::FizzServerContext::getSupportedVersions ( ) const

inline

Definition at line 56 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                            {
     return supportedVersions_;
   }

const TicketCipher* fizz::server::FizzServerContext::getTicketCipher ( ) const

inline

Definition at line 153 of file FizzServerContext.h.

Referenced by fizz::sm::generateTicket(), and fizz::sm::getCertificateRequest().

                                               {
     return ticketCipher_.get();
   }

bool fizz::server::FizzServerContext::getVersionFallbackEnabled ( ) const

inline

Definition at line 119 of file FizzServerContext.h.

Referenced by fizz::sm::getCertificateRequest().

                                          {
     return versionFallbackEnabled_;
   }

folly::Optional<std::string> fizz::server::FizzServerContext::negotiateAlpn	(	const std::vector< std::string > &	clientProtocols,
		const folly::Optional< std::string > &	zeroRttAlpn
	)		const

inline

Negotaitate a ALPN protocol given a client's offer. zeroRttAlpn will be set to the protocol used for early data if sent by the client.

Definition at line 134 of file FizzServerContext.h.

References fizz::server::negotiate().

Referenced by fizz::sm::negotiateAlpn().

                                                          {
     // If we support the zero rtt protocol we select it.
     if (zeroRttAlpn &&
         std::find(
             supportedAlpns_.begin(), supportedAlpns_.end(), *zeroRttAlpn) !=
             supportedAlpns_.end()) {
       return zeroRttAlpn;
     }
     return negotiate(supportedAlpns_, clientProtocols);
   }

void fizz::server::FizzServerContext::setCertManager ( std::unique_ptr< CertManager > manager )

inline

Sets the CertManager to use.

Definition at line 171 of file FizzServerContext.h.

References folly::gen::move.

                                                           {
     certManager_ = std::move(manager);
   }

void fizz::server::FizzServerContext::setClientAuthMode ( ClientAuthMode authmode )

inline

Set whether to request client authentication.

Definition at line 103 of file FizzServerContext.h.

                                                   {
     clientAuthMode_ = authmode;
   }

void fizz::server::FizzServerContext::setClientCertVerifier ( std::shared_ptr< const CertificateVerifier > verifier )

inline

Sets the certificate verifier to use for client authentication

Definition at line 178 of file FizzServerContext.h.

References folly::gen::move.

                                                          {
     clientCertVerifier_ = std::move(verifier);
   }

void fizz::server::FizzServerContext::setCookieCipher ( std::shared_ptr< CookieCipher > cookieCipher )

inline

Sets the cookie cipher to use. Stateless client retries will be rejected if not set.

Definition at line 161 of file FizzServerContext.h.

References folly::gen::move.

                                                                  {
     cookieCipher_ = std::move(cookieCipher);
   }

void fizz::server::FizzServerContext::setEarlyDataFbOnly ( bool fbOnly )

inline

Definition at line 236 of file FizzServerContext.h.

                                        {
     earlyDataFbOnly_ = fbOnly;
   }

void fizz::server::FizzServerContext::setEarlyDataSettings	(	bool	acceptEarlyData,
		ClockSkewTolerance	clockSkewTolerance,
		const std::shared_ptr< ReplayCache > &	replayCache
	)

inline

Sets the early data settings.

Definition at line 209 of file FizzServerContext.h.

                                                      {
     acceptEarlyData_ = acceptEarlyData;
     clockSkewTolerance_ = clockSkewTolerance;
     replayCache_ = replayCache;
   }

void fizz::server::FizzServerContext::setFactory ( std::unique_ptr< Factory > factory )

inline

Set the factory to use. Should generally only be changed for testing.

Definition at line 255 of file FizzServerContext.h.

References folly::gen::move.

                                                   {
     factory_ = std::move(factory);
   }

void fizz::server::FizzServerContext::setMaxEarlyDataSize ( uint32_t maxEarlyDataSize )

inline

Sets the max_early_data_size to advertise when sending early data compatible tickets. This limit is currently not enforced when accepting early data.

Definition at line 245 of file FizzServerContext.h.

                                                       {
     maxEarlyDataSize_ = maxEarlyDataSize;
   }

void fizz::server::FizzServerContext::setSendNewSessionTicket ( bool sendNewSessionTicket )

inline

Fizz will automatically send NewSessionTicket before reporting handshake success if this is true. Application can use the writeNewSessionTicket API alternatively if this is set to false. Default is true.

Definition at line 269 of file FizzServerContext.h.

                                                           {
     sendNewSessionTicket_ = sendNewSessionTicket;
   }

void fizz::server::FizzServerContext::setSupportedAlpns ( std::vector< std::string > protocols )

inline

Sets the supported ALPN supported protocols, in preference order.

Definition at line 126 of file FizzServerContext.h.

References folly::gen::move.

                                                          {
     supportedAlpns_ = std::move(protocols);
   }

void fizz::server::FizzServerContext::setSupportedCiphers ( std::vector< std::vector< CipherSuite >> ciphers )

inline

Set the supported ciphers, in preference order.

Definition at line 63 of file FizzServerContext.h.

References folly::gen::move.

                                                                       {
     supportedCiphers_ = std::move(ciphers);
   }

void fizz::server::FizzServerContext::setSupportedCompressionAlgorithms ( std::vector< CertificateCompressionAlgorithm > algos )

inline

Set supported cert compression algorithms. Note: It is expected that any certificate used has been initialized with compressors corresponding to the algorithms set here.

Definition at line 281 of file FizzServerContext.h.

                                                         {
     supportedCompressionAlgos_ = algos;
   }

void fizz::server::FizzServerContext::setSupportedGroups ( std::vector< NamedGroup > groups )

inline

Set the supported named groups, in preference order.

Definition at line 83 of file FizzServerContext.h.

References folly::gen::move.

                                                         {
     supportedGroups_ = std::move(groups);
   }

void fizz::server::FizzServerContext::setSupportedPskModes ( std::vector< PskKeyExchangeMode > modes )

inline

Set the supported psk modes, in preference order.

Definition at line 93 of file FizzServerContext.h.

References folly::gen::move.

                                                                  {
     supportedPskModes_ = std::move(modes);
   }

void fizz::server::FizzServerContext::setSupportedSigSchemes ( std::vector< SignatureScheme > schemes )

inline

Set the supported signature schemes, in preference order.

Definition at line 73 of file FizzServerContext.h.

References folly::gen::move.

                                                                   {
     supportedSigSchemes_ = std::move(schemes);
   }

void fizz::server::FizzServerContext::setSupportedVersions ( std::vector< ProtocolVersion > versions )

inline

Set the supported protocol versions, in preference order.

Definition at line 53 of file FizzServerContext.h.

References folly::gen::move.

                                                                  {
     supportedVersions_ = std::move(versions);
   }

void fizz::server::FizzServerContext::setTicketCipher ( std::shared_ptr< TicketCipher > ticketCipher )

inline

Sets the ticket cipher to use. Resumption will be disabled if not set.

Definition at line 150 of file FizzServerContext.h.

References folly::gen::move.

Referenced by wangle::Acceptor::updateFizzContext().

                                                                  {
     ticketCipher_ = std::move(ticketCipher);
   }

void fizz::server::FizzServerContext::setVersionFallbackEnabled ( bool enabled )

inline

Set whether to attempt fallback to another implementation if no supported version match is found. If enabled connect callbacks should implement fizzHandshakeAttemptFallback.

Definition at line 116 of file FizzServerContext.h.

                                                {
     versionFallbackEnabled_ = enabled;
   }

Member Data Documentation

bool fizz::server::FizzServerContext::acceptEarlyData_ {false}

private

Definition at line 321 of file FizzServerContext.h.

std::unique_ptr<CertManager> fizz::server::FizzServerContext::certManager_

private

Definition at line 295 of file FizzServerContext.h.

ClientAuthMode fizz::server::FizzServerContext::clientAuthMode_ {ClientAuthMode::None}

private

Definition at line 319 of file FizzServerContext.h.

std::shared_ptr<const CertificateVerifier> fizz::server::FizzServerContext::clientCertVerifier_

private

Definition at line 296 of file FizzServerContext.h.

ClockSkewTolerance fizz::server::FizzServerContext::clockSkewTolerance_

private

Definition at line 323 of file FizzServerContext.h.

std::shared_ptr<CookieCipher> fizz::server::FizzServerContext::cookieCipher_

private

Definition at line 293 of file FizzServerContext.h.

bool fizz::server::FizzServerContext::earlyDataFbOnly_ {false}

private

Definition at line 328 of file FizzServerContext.h.

std::unique_ptr<Factory> fizz::server::FizzServerContext::factory_

private

Definition at line 290 of file FizzServerContext.h.

uint32_t fizz::server::FizzServerContext::maxEarlyDataSize_ {std::numeric_limits<uint32_t>::max()}

private

Definition at line 322 of file FizzServerContext.h.

std::shared_ptr<ReplayCache> fizz::server::FizzServerContext::replayCache_

private

Definition at line 324 of file FizzServerContext.h.

bool fizz::server::FizzServerContext::sendNewSessionTicket_ {true}

private

Definition at line 330 of file FizzServerContext.h.

std::vector<std::string> fizz::server::FizzServerContext::supportedAlpns_

private

Definition at line 316 of file FizzServerContext.h.

std::vector<std::vector<CipherSuite> > fizz::server::FizzServerContext::supportedCiphers_

private

Initial value:

= {
      {
          CipherSuite::TLS_AES_128_GCM_SHA256,
 
      },
      {CipherSuite::TLS_AES_256_GCM_SHA384},
  }

Definition at line 299 of file FizzServerContext.h.

std::vector<CertificateCompressionAlgorithm> fizz::server::FizzServerContext::supportedCompressionAlgos_

private

Definition at line 326 of file FizzServerContext.h.

std::vector<NamedGroup> fizz::server::FizzServerContext::supportedGroups_

private

Initial value:

= {NamedGroup::x25519,

NamedGroup::secp256r1}

Definition at line 311 of file FizzServerContext.h.

std::vector<PskKeyExchangeMode> fizz::server::FizzServerContext::supportedPskModes_

private

Initial value:

= {
      PskKeyExchangeMode::psk_dhe_ke,
      PskKeyExchangeMode::psk_ke}

Definition at line 313 of file FizzServerContext.h.

std::vector<SignatureScheme> fizz::server::FizzServerContext::supportedSigSchemes_

private

Initial value:

= {
      SignatureScheme::ecdsa_secp256r1_sha256,
      SignatureScheme::rsa_pss_sha256}

Definition at line 308 of file FizzServerContext.h.

std::vector<ProtocolVersion> fizz::server::FizzServerContext::supportedVersions_ = {ProtocolVersion::tls_1_3}

private

Definition at line 298 of file FizzServerContext.h.

std::shared_ptr<TicketCipher> fizz::server::FizzServerContext::ticketCipher_

private

Definition at line 292 of file FizzServerContext.h.

bool fizz::server::FizzServerContext::versionFallbackEnabled_ {false}

private

Definition at line 318 of file FizzServerContext.h.

The documentation for this class was generated from the following file:

proxygen/fizz/fizz/server/FizzServerContext.h

Public Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation