proxygen: proxygen::SecondaryAuthManager Class Reference

#include <SecondaryAuthManager.h>

Inheritance diagram for proxygen::SecondaryAuthManager:

Public Member Functions
	SecondaryAuthManager (std::unique_ptr< fizz::SelfCert > cert)

	SecondaryAuthManager ()=default

	~SecondaryAuthManager () override

std::pair< uint16_t, std::unique_ptr< folly::IOBuf > >	createAuthRequest (std::unique_ptr< folly::IOBuf > certRequestContext, std::vector< fizz::Extension > extensions) override

std::pair< uint16_t, std::unique_ptr< folly::IOBuf > >	getAuthenticator (const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t requestId, std::unique_ptr< folly::IOBuf > authRequest) override

bool	validateAuthenticator (const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t certId, std::unique_ptr< folly::IOBuf > authenticator) override

folly::Optional< uint16_t >	getCertId (uint16_t requestId)

folly::Optional< std::vector< fizz::CertificateEntry > >	getPeerCert (uint16_t certId)

Public Member Functions inherited from proxygen::SecondaryAuthManagerBase
virtual	~SecondaryAuthManagerBase ()=default

Private Member Functions
folly::Optional< std::unique_ptr< folly::IOBuf > >	verifyContext (std::unique_ptr< folly::IOBuf > authenticator)

Private Attributes
uint16_t	requestIdCounter_ {0}

uint16_t	certIdCounter_ {0}

std::map< uint16_t, std::unique_ptr< folly::IOBuf > >	outstandingRequests_

std::unique_ptr< fizz::SelfCert >	cert_

std::map< uint16_t, uint16_t >	requestCertMap_

std::map< uint16_t, std::vector< fizz::CertificateEntry > >	receivedCerts_

Detailed Description

Definition at line 16 of file SecondaryAuthManager.h.

Constructor & Destructor Documentation

proxygen::SecondaryAuthManager::SecondaryAuthManager ( std::unique_ptr< fizz::SelfCert > cert )

explicit

Definition at line 18 of file SecondaryAuthManager.cpp.

References folly::gen::move.

                                       {
   cert_ = std::move(cert);
 }

proxygen::SecondaryAuthManager::SecondaryAuthManager ( )

default

proxygen::SecondaryAuthManager::~SecondaryAuthManager ( )

override

Definition at line 23 of file SecondaryAuthManager.cpp.

23 {

24 }

Member Function Documentation

std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > proxygen::SecondaryAuthManager::createAuthRequest	(	std::unique_ptr< folly::IOBuf >	certRequestContext,
		std::vector< fizz::Extension >	extensions
	)

overridevirtual

Generate an authenticator request given a certificate_request_context and a set of extensions.

Returns: (request ID, encoded authenticator request)

Implements proxygen::SecondaryAuthManagerBase.

Reimplemented in proxygen::MockSecondaryAuthManager.

Definition at line 27 of file SecondaryAuthManager.cpp.

References folly::IOBufQueue::cacheChainLength(), folly::IOBuf::computeChainDataLength(), fizz::ExportedAuthenticator::getAuthenticatorRequest(), folly::gen::move, uint16_t, and folly::io::detail::Writable< Derived >::writeBE().

Referenced by TEST().

                                          {
   // The certificate_request_context has to include the two octets Request-ID.
   uint16_t requestId = requestIdCounter_++;
   folly::IOBufQueue contextQueue{folly::IOBufQueue::cacheChainLength()};
   auto contextLen =
       sizeof(requestId) + certRequestContext->computeChainDataLength();
   QueueAppender appender(&contextQueue, contextLen);
   appender.writeBE<uint16_t>(requestId);
   contextQueue.append(std::move(certRequestContext));
   auto secureContext = contextQueue.move();
   auto authRequest = fizz::ExportedAuthenticator::getAuthenticatorRequest(
       std::move(secureContext), std::move(extensions));
   auto authRequestClone = authRequest->clone();
   outstandingRequests_.insert(
       std::make_pair(requestId, std::move(authRequest)));
   return std::make_pair(requestId, std::move(authRequestClone));
 }

std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > proxygen::SecondaryAuthManager::getAuthenticator	(	const fizz::AsyncFizzBase &	transport,
		TransportDirection	dir,
		uint16_t	requestId,
		std::unique_ptr< folly::IOBuf >	authRequest
	)

overridevirtual

Generate an authenticator request given the Request-ID and authenticator request..

Returns: (cert ID, encoded authenticator)

Implements proxygen::SecondaryAuthManagerBase.

Reimplemented in proxygen::MockSecondaryAuthManager.

Definition at line 48 of file SecondaryAuthManager.cpp.

References fizz::DOWNSTREAM, fizz::ExportedAuthenticator::getAuthenticator(), folly::gen::move, uint16_t, and fizz::UPSTREAM.

Referenced by TEST().

                                            {
   uint16_t certId = certIdCounter_++;
   std::unique_ptr<folly::IOBuf> authenticator;
   if (dir == TransportDirection::UPSTREAM) {
     authenticator = fizz::ExportedAuthenticator::getAuthenticator(
         transport, fizz::Direction::UPSTREAM, *cert_, std::move(authRequest));
   } else {
     authenticator = fizz::ExportedAuthenticator::getAuthenticator(
         transport, fizz::Direction::DOWNSTREAM, *cert_, std::move(authRequest));
   }
   requestCertMap_.insert(std::make_pair(requestId, certId));
   return std::make_pair(certId, std::move(authenticator));
 }

folly::Optional< uint16_t > proxygen::SecondaryAuthManager::getCertId ( uint16_t requestId )

Retrieve a Cert-ID given the corresponding Request-ID.

Definition at line 122 of file SecondaryAuthManager.cpp.

References folly::none.

Referenced by TEST().

                                                                           {
   if (requestCertMap_.find(requestId) == requestCertMap_.end()) {
     return folly::none;
   } else {
     folly::Optional<uint16_t> certId = requestCertMap_[requestId];
     return certId;
   }
 }

folly::Optional< std::vector< fizz::CertificateEntry > > proxygen::SecondaryAuthManager::getPeerCert ( uint16_t certId )

Retrieve the peer certificate chain given the corresponding Cert-ID.

Definition at line 132 of file SecondaryAuthManager.cpp.

References folly::gen::move, and folly::none.

Referenced by TEST().

                                                  {
   folly::Optional<std::vector<fizz::CertificateEntry>> certChain;
   if (receivedCerts_.find(certId) == receivedCerts_.end()) {
     return folly::none;
   } else {
     certChain = std::move(receivedCerts_[certId]);
     return certChain;
   }
 }

bool proxygen::SecondaryAuthManager::validateAuthenticator	(	const fizz::AsyncFizzBase &	transport,
		TransportDirection	dir,
		uint16_t	certId,
		std::unique_ptr< folly::IOBuf >	authenticator
	)

overridevirtual

Validate an authenticator and cache the received certificate along with the Cert-ID if it is valid.

Implements proxygen::SecondaryAuthManagerBase.

Reimplemented in proxygen::MockSecondaryAuthManager.

Definition at line 66 of file SecondaryAuthManager.cpp.

References folly::IOBuf::clone(), fizz::DOWNSTREAM, folly::gen::move, fizz::UPSTREAM, and fizz::ExportedAuthenticator::validateAuthenticator().

Referenced by TEST().

                                              {
   // Verify the certificate_request_context contains the Request-ID of a
   // previously-sent "CERTIFICATE_REQUEST".
   auto authClone = authenticator->clone();
   auto authRequest = verifyContext(std::move(authClone));
   if (!authRequest) {
     return false;
   }
   // Validate the authenticator with regard to the authenticator request.
   folly::Optional<std::vector<fizz::CertificateEntry>> certs;
   if (dir == TransportDirection::UPSTREAM) {
     certs = fizz::ExportedAuthenticator::validateAuthenticator(
         transport,
         fizz::Direction::DOWNSTREAM,
         std::move(*authRequest),
         std::move(authenticator));
   } else {
     certs = fizz::ExportedAuthenticator::validateAuthenticator(
         transport,
         fizz::Direction::UPSTREAM,
         std::move(*authRequest),
         std::move(authenticator));
   }
   if (!certs) {
     return false;
   } else if ((*certs).size() == 0) {
     VLOG(4) << "Peer does not have appropriate certificate or does not want to "
                "provide one, empty authenticator received";
   } else {
     receivedCerts_.insert(std::make_pair(certId, std::move(*certs)));
   }
   return true;
 }

folly::Optional< std::unique_ptr< folly::IOBuf > > proxygen::SecondaryAuthManager::verifyContext ( std::unique_ptr< folly::IOBuf > authenticator )

private

Verify if the certificate_request_context of the authenticator contains a Request-ID of a previous CERTIFICATE_REQUEST.

Parameters

authenticator The received exported authenticator.

Returns: The authenticator request if verification passes.

Definition at line 105 of file SecondaryAuthManager.cpp.

References fizz::ExportedAuthenticator::getAuthenticatorContext(), folly::gen::move, folly::none, and uint16_t.

                                              {
   auto certRequestContext =
       fizz::ExportedAuthenticator::getAuthenticatorContext(
           std::move(authenticator));
   folly::io::Cursor cursor(certRequestContext.get());
   uint16_t requestId = cursor.readBE<uint16_t>();
   if (outstandingRequests_.find(requestId) == outstandingRequests_.end()) {
     VLOG(4) << "No previous CERTIFICATE_REQUEST matches the the CERTIFICATE "
                "with Request-ID="
             << requestId;
     return folly::none;
   }
   auto authRequest = std::move(outstandingRequests_[requestId]);
   return authRequest;
 }

Member Data Documentation

std::unique_ptr<fizz::SelfCert> proxygen::SecondaryAuthManager::cert_

private

Definition at line 69 of file SecondaryAuthManager.h.

uint16_t proxygen::SecondaryAuthManager::certIdCounter_ {0}

private

Definition at line 53 of file SecondaryAuthManager.h.

std::map<uint16_t, std::unique_ptr<folly::IOBuf> > proxygen::SecondaryAuthManager::outstandingRequests_

private

Definition at line 66 of file SecondaryAuthManager.h.

std::map<uint16_t, std::vector<fizz::CertificateEntry> > proxygen::SecondaryAuthManager::receivedCerts_

private

Definition at line 77 of file SecondaryAuthManager.h.

std::map<uint16_t, uint16_t> proxygen::SecondaryAuthManager::requestCertMap_

private

Definition at line 73 of file SecondaryAuthManager.h.

uint16_t proxygen::SecondaryAuthManager::requestIdCounter_ {0}

private

Definition at line 52 of file SecondaryAuthManager.h.

The documentation for this class was generated from the following files:

proxygen/lib/http/session/SecondaryAuthManager.h
proxygen/lib/http/session/SecondaryAuthManager.cpp

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation