ConnectionContext to expose client certificate in PKCS #12 format

Summary:
RSocket plays nicely with Folly and OpenSSL.

Flipper WebSocket-client uses SocketRocket which instead relies on Apple's NSInputStream and NSOutputStream types.

SSL options can be set to secure the communication in both.

Unfortunately, Apple APIs are a bit limited on the supported cryptographic formats it can accept as arguments.

SSL options require the client certificate to be set in PKCS #12 format, contrary to the existing PEM format used by RSocket.

This change adds a method to the ConnectionContext which converts and saves the client certificate in PKCS #12 format.

The method is always expected to succeed as it will only be called once a valid client certificate is available. An unlikely failure will raise an exception.

Reviewed By: fabiomassimo

Differential Revision: D30074334

fbshipit-source-id: 91a475d080569cc339b649c7302b1f28793c7de7

xplat/Flipper/ConnectionContextStore.h

@@ -12,8 +12,6 @@
 #include <string>
 #include "FlipperInitConfig.h"
 
-using namespace folly;
-
 namespace facebook {
 namespace flipper {
 
@@ -22,12 +20,19 @@ class ConnectionContextStore {
   ConnectionContextStore(DeviceData deviceData);
   bool hasRequiredFiles();
   std::string getCertificateSigningRequest();
-  std::shared_ptr<SSLContext> getSSLContext();
+  std::shared_ptr<folly::SSLContext> getSSLContext();
   std::string getCertificateDirectoryPath();
   std::string getDeviceId();
   void storeConnectionConfig(folly::dynamic& config);
   bool resetState();
 
+  /** Convert and save to disk the existing certificate to PKCS #12 format.
+   * @return Returns a pair where `first` contains the certificate file path and
+   * `second` contains the certificate export password. If there's an error, the
+   * pair will contain both empty strings.
+   */
+  std::pair<std::string, std::string> getCertificate();
+
  private:
   DeviceData deviceData_;
   std::string csr = "";