wangle::FizzConfigUtil Class Reference

#include <FizzConfigUtil.h>

Static Public Member Functions
static std::shared_ptr< fizz::server::FizzServerContext >	createFizzContext (const wangle::ServerSocketConfig &config, std::unique_ptr< fizz::server::CertManager > certMgr=nullptr)
template<class TicketCipher >
static std::unique_ptr< TicketCipher >	createTicketCipher (const std::vector< std::string > &oldSecrets, const std::vector< std::string > &currentSecrets, const std::vector< std::string > &newSecrets, std::chrono::seconds validity, folly::Optional< std::string > pskContext)

Detailed Description

Definition at line 26 of file FizzConfigUtil.h.

Member Function Documentation

std::shared_ptr< fizz::server::FizzServerContext > wangle::FizzConfigUtil::createFizzContext ( const wangle::ServerSocketConfig &  config, std::unique_ptr< fizz::server::CertManager >  certMgr = nullptr  )

static

Definition at line 67 of file FizzConfigUtil.cpp.

References bm::list, folly::gen::move, wangle::ServerSocketConfig::sslContextConfigs, and verify().

Referenced by wangle::Acceptor::createFizzContext().

                                                  {
  if (config.sslContextConfigs.empty()) {
    return nullptr;
  }
  if (!certMgr) {
    certMgr = createCertManager(config);
    if (!certMgr) {
      return nullptr;
    }
  }

  auto ctx = std::make_shared<fizz::server::FizzServerContext>();
  ctx->setSupportedVersions({ProtocolVersion::tls_1_3,
                             ProtocolVersion::tls_1_3_28,
                             ProtocolVersion::tls_1_3_26});
  ctx->setVersionFallbackEnabled(true);
  ctx->setCertManager(std::move(certMgr));

  // Fizz does not yet support randomized next protocols so we use the highest
  // weighted list on the first context.
  const auto& list = config.sslContextConfigs.front().nextProtocols;
  if (!list.empty()) {
    ctx->setSupportedAlpns(FizzUtil::getAlpnsFromNpnList(list));
  }

  auto verify = config.sslContextConfigs.front().clientVerification;
  switch (verify) {
    case folly::SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT:
      ctx->setClientAuthMode(ClientAuthMode::Required);
      break;
    case folly::SSLContext::SSLVerifyPeerEnum::VERIFY:
      ctx->setClientAuthMode(ClientAuthMode::Optional);
      break;
    default:
      ctx->setClientAuthMode(ClientAuthMode::None);
  }

  auto caFile = config.sslContextConfigs.front().clientCAFile;
  if (!caFile.empty()) {
    auto verifier = DefaultCertificateVerifier::createFromCAFile(
        VerificationContext::Server, caFile);
    ctx->setClientCertVerifier(std::move(verifier));
  }

  return ctx;
}

template<class TicketCipher >

static std::unique_ptr<TicketCipher> wangle::FizzConfigUtil::createTicketCipher ( const std::vector< std::string > &  oldSecrets, const std::vector< std::string > &  currentSecrets, const std::vector< std::string > &  newSecrets, std::chrono::seconds  validity, folly::Optional< std::string >  pskContext  )

inlinestatic

Definition at line 34 of file FizzConfigUtil.h.

References folly::gen::move.

                                           {
    if (currentSecrets.empty()) {
      return fizz::FizzUtil::createTicketCipher<TicketCipher>(
          oldSecrets, "", newSecrets, validity, std::move(pskContext));
    } else {
      return fizz::FizzUtil::createTicketCipher<TicketCipher>(
          oldSecrets,
          currentSecrets.at(0),
          newSecrets,
          validity,
          std::move(pskContext));
    }
  }

---

The documentation for this class was generated from the following files:

• proxygen/wangle/wangle/acceptor/FizzConfigUtil.h
• proxygen/wangle/wangle/acceptor/FizzConfigUtil.cpp