proxygen: wangle::SSLUtil Class Reference

#include <SSLUtil.h>

Static Public Member Functions
static void	getSSLCtxExIndex (int *pindex)

static void	getRSAExIndex (int *pindex)

static int	exDataStdStringDup (CRYPTO_EX_DATA , ex_data_dup_from_arg_t, ex_data_dup_ptr_arg_t ptr, int, long, void )

static void	exDataStdStringFree (void , void ptr, CRYPTO_EX_DATA , int, long, void )

static void	getSSLSessionExStrIndex (int *pindex)

static std::string	hexlify (const std::string &binary)

static const std::string &	hexlify (const std::string &binary, std::string &hex)

static SSLResumeEnum	getResumeState (folly::AsyncSSLSocket *sslSocket)

static std::unique_ptr< std::string >	getCommonName (const X509 *cert)

static std::unique_ptr< std::list< std::string > >	getSubjectAltName (const X509 *cert)

static folly::ssl::X509UniquePtr	getX509FromCertificate (const std::string &certificateData)

Private Types
using	ex_data_dup_from_arg_t = CRYPTO_EX_DATA *

using	ex_data_dup_ptr_arg_t = void *

Static Private Attributes
static std::mutex	sIndexLock_

Detailed Description

Definition at line 65 of file SSLUtil.h.

Member Typedef Documentation

using wangle::SSLUtil::ex_data_dup_from_arg_t = CRYPTO_EX_DATA*

private

Definition at line 94 of file SSLUtil.h.

using wangle::SSLUtil::ex_data_dup_ptr_arg_t = void*

private

Definition at line 100 of file SSLUtil.h.

Member Function Documentation

static int wangle::SSLUtil::exDataStdStringDup	(	CRYPTO_EX_DATA *	,
		ex_data_dup_from_arg_t	,
		ex_data_dup_ptr_arg_t	ptr,
		int	,
		long	,
		void *
	)

inlinestatic

Definition at line 105 of file SSLUtil.h.

References dataPtr(), ptr, and string.

                {
     // TODO: With OpenSSL, ptr is passed in as a void* but is actually a void**
     // So we need to convert it and then set to the duped data.
     // see int_dup_ex_data in ex_data.c
     // BoringSSL is saner and uses a void**
     void** dataPtr = reinterpret_cast<void**>(ptr);
     std::string* strData = reinterpret_cast<std::string*>(*dataPtr);
     if (strData) {
       *dataPtr = new std::string(*strData);
     }
     return 1;
   }

static void wangle::SSLUtil::exDataStdStringFree	(	void *	,
		void *	ptr,
		CRYPTO_EX_DATA *	,
		int	,
		long	,
		void *
	)

inlinestatic

Definition at line 125 of file SSLUtil.h.

References ptr, and string.

                {
     if (ptr) {
       auto strPtr = reinterpret_cast<std::string*>(ptr);
       delete strPtr;
     }
   }

std::unique_ptr< std::string > wangle::SSLUtil::getCommonName ( const X509 * cert )

static

Get the Common Name from an X.509 certificate

Parameters

cert	certificate to inspect

Returns: common name, or null if an error occurs

Definition at line 54 of file SSLUtil.cpp.

Referenced by wangle::SSLContextManager::addSSLContextConfig(), and wangle::SSLContextManager::insert().

                                                                 {
   X509_NAME* subject = X509_get_subject_name((X509*)cert);
   if (!subject) {
     return nullptr;
   }
   char cn[ub_common_name + 1];
   int res = X509_NAME_get_text_by_NID(subject, NID_commonName,
                                       cn, ub_common_name);
   if (res <= 0) {
     return nullptr;
   } else {
     cn[ub_common_name] = '\0';
     return std::make_unique<std::string>(cn);
   }
 }

SSLResumeEnum wangle::SSLUtil::getResumeState ( folly::AsyncSSLSocket * sslSocket )

static

Return the SSL resume type for the given socket.

Definition at line 46 of file SSLUtil.cpp.

References folly::AsyncSSLSocket::getSSLSessionReused(), wangle::HANDSHAKE, wangle::RESUME_SESSION_ID, wangle::RESUME_TICKET, and folly::AsyncSSLSocket::sessionIDResumed().

Referenced by proxygen::HTTPConnector::connectSuccess(), and wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields().

                                                                     {
   return sslSocket->getSSLSessionReused() ?
     (sslSocket->sessionIDResumed() ?
      SSLResumeEnum::RESUME_SESSION_ID :
      SSLResumeEnum::RESUME_TICKET) :
     SSLResumeEnum::HANDSHAKE;
 }

static void wangle::SSLUtil::getRSAExIndex ( int * pindex )

inlinestatic

Definition at line 81 of file SSLUtil.h.

References g().

                                          {
     std::lock_guard<std::mutex> g(sIndexLock_);
     if (*pindex < 0) {
       *pindex = RSA_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
     }
   }

static void wangle::SSLUtil::getSSLCtxExIndex ( int * pindex )

inlinestatic

Ensures only one caller will allocate an ex_data index for a given static or global.

Definition at line 74 of file SSLUtil.h.

References g().

Referenced by wangle::SSLSessionCacheManager::SSLSessionCacheManager().

                                             {
     std::lock_guard<std::mutex> g(sIndexLock_);
     if (*pindex < 0) {
       *pindex = SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
     }
   }

static void wangle::SSLUtil::getSSLSessionExStrIndex ( int * pindex )

inlinestatic

Definition at line 138 of file SSLUtil.h.

References g().

                                                    {
     std::lock_guard<std::mutex> g(sIndexLock_);
     if (*pindex < 0) {
       *pindex = SSL_SESSION_get_ex_new_index(
           0,
           nullptr,
           nullptr,
           exDataStdStringDup,
           exDataStdStringFree);
     }
   }

std::unique_ptr< std::list< std::string > > wangle::SSLUtil::getSubjectAltName ( const X509 * cert )

static

Get the Subject Alternative Name value(s) from an X.509 certificate

Parameters

cert	certificate to inspect

Returns: set of zero or more alternative names, or null if an error occurs

Definition at line 70 of file SSLUtil.cpp.

References folly::portability::ssl::ASN1_STRING_get0_data(), count, folly::gen::guard(), i, folly::makeGuard(), max, name, and s.

Referenced by wangle::SSLContextManager::addSSLContextConfig(), and wangle::SSLContextManager::insert().

                       {
 #ifdef OPENSSL_GE_101
   auto nameList = std::make_unique<std::list<std::string>>();
   GENERAL_NAMES* names = (GENERAL_NAMES*)X509_get_ext_d2i(
       (X509*)cert, NID_subject_alt_name, nullptr, nullptr);
   if (names) {
     auto guard = folly::makeGuard([names] { GENERAL_NAMES_free(names); });
     size_t count = sk_GENERAL_NAME_num(names);
     CHECK(count < std::numeric_limits<int>::max());
     for (int i = 0; i < (int)count; ++i) {
       GENERAL_NAME* generalName = sk_GENERAL_NAME_value(names, i);
       if (generalName->type == GEN_DNS) {
         ASN1_STRING* s = generalName->d.dNSName;
         const char* name = (const char*)ASN1_STRING_get0_data(s);
         // I can't find any docs on what a negative return value here
         // would mean, so I'm going to ignore it.
         auto len = ASN1_STRING_length(s);
         DCHECK(len >= 0);
         if (size_t(len) != strlen(name)) {
           // Null byte(s) in the name; return an error rather than depending on
           // the caller to safely handle this case.
           return nullptr;
         }
         nameList->emplace_back(name);
       }
     }
   }
   return nameList;
 #else
   return nullptr;
 #endif
 }

folly::ssl::X509UniquePtr wangle::SSLUtil::getX509FromCertificate ( const std::string & certificateData )

static

Parse an X509 out of a certificate buffer (usually read from the cert file)

Parameters

certificateData Buffer containing certificate data from file

Returns: unique_ptr to X509 (may be null)

Definition at line 104 of file SSLUtil.cpp.

                                       {
   // BIO_new_mem_buf creates a bio pointing to a read-only buffer. However,
   // older versions of OpenSSL fail to mark the first argument `const`.
   folly::ssl::BioUniquePtr bio(
     BIO_new_mem_buf((void*)certificateData.data(), certificateData.length()));
   if (!bio) {
     throw std::runtime_error("Cannot create mem BIO");
   }
 
   auto x509 = folly::ssl::X509UniquePtr(
       PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
   if (!x509) {
     throw std::runtime_error("Cannot read X509 from PEM bio");
   }
   return x509;
 }

static std::string wangle::SSLUtil::hexlify ( const std::string & binary )

inlinestatic

Definition at line 150 of file SSLUtil.h.

References string.

Referenced by wangle::SSLSessionCacheManager::getSession(), wangle::SSLSessionCacheManager::newSession(), wangle::LocalSSLSessionCache::pruneSessionCallback(), wangle::SSLSessionCacheManager::removeSession(), and wangle::ServerSocketConfig::ServerSocketConfig().

                                                            {
     std::string hex;
     folly::hexlify<std::string, std::string>(binary, hex);
 
     return hex;
   }

static const std::string& wangle::SSLUtil::hexlify	(	const std::string &	binary,
		std::string &	hex
	)

inlinestatic

Definition at line 157 of file SSLUtil.h.

References string.

                                                            {
     folly::hexlify<std::string, std::string>(binary, hex);
 
     return hex;
   }

Member Data Documentation

std::mutex wangle::SSLUtil::sIndexLock_

staticprivate

Definition at line 67 of file SSLUtil.h.

The documentation for this class was generated from the following files:

proxygen/wangle/wangle/ssl/SSLUtil.h
proxygen/wangle/wangle/ssl/SSLUtil.cpp

Static Public Member Functions

Private Types

Static Private Attributes

Detailed Description

Member Typedef Documentation

Member Function Documentation

Member Data Documentation