Skip to content

Commit

Permalink
add getDER() to folly::AsyncTransportCertificate
Browse files Browse the repository at this point in the history
Summary: Some implementations of this cert will need to access a DER representation of the Cert. So adding this to the interface.

Reviewed By: mingtaoy

Differential Revision: D64149926

fbshipit-source-id: f471ef71e042111aba67277cd3b0101e34f92169
  • Loading branch information
Zale Young authored and facebook-github-bot committed Oct 17, 2024
1 parent 6c0b1ec commit afbcf6e
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
12 changes: 12 additions & 0 deletions folly/io/async/AsyncTransportCertificate.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
#pragma once

#include <string>
#include <folly/Optional.h>

namespace folly {

Expand All @@ -37,5 +38,16 @@ class AsyncTransportCertificate {
* implementations of AsyncTransport.
*/
virtual std::string getIdentity() const = 0;

/**
* Returns the DER representation of this certificate, if available.
*
* NOTE: Not every AsyncTransportCertificate implementation will
* have a DER representation. Whenever possible, applications should
* prefer to structure logic around the _identity_ that the
* certificate conveys (with `getIdentity()`), rather than
* certificate itself.
*/
virtual std::optional<std::string> getDER() const = 0;
};
} // namespace folly
21 changes: 21 additions & 0 deletions folly/io/async/ssl/OpenSSLTransportCertificate.h
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,27 @@ class OpenSSLTransportCertificate : virtual public AsyncTransportCertificate {
*/
virtual folly::ssl::X509UniquePtr getX509() const = 0;

virtual std::optional<std::string> getDER() const override {
auto x509 = getX509();
if (!x509) {
return std::nullopt;
}

int len = i2d_X509(x509.get(), nullptr);
if (len < 0) {
return std::nullopt;
}

std::string der(len, '\0');
auto derPtr = reinterpret_cast<unsigned char*>(der.data());

if (i2d_X509(x509.get(), &derPtr) < 0) {
return std::nullopt;
}

return der;
}

static ssl::X509UniquePtr tryExtractX509(
const AsyncTransportCertificate* cert) {
auto opensslCert = dynamic_cast<const OpenSSLTransportCertificate*>(cert);
Expand Down

0 comments on commit afbcf6e

Please sign in to comment.