jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ConnectionContext to expose client certificate in PKCS #12 format

Browse Source 
Summary:
RSocket plays nicely with Folly and OpenSSL.

Flipper WebSocket-client uses SocketRocket which instead relies on Apple's NSInputStream and NSOutputStream types.

SSL options can be set to secure the communication in both.

Unfortunately, Apple APIs are a bit limited on the supported cryptographic formats it can accept as arguments.

SSL options require the client certificate to be set in PKCS #12 format, contrary to the existing PEM format used by RSocket.

This change adds a method to the ConnectionContext which converts and saves the client certificate in PKCS #12 format.

The method is always expected to succeed as it will only be called once a valid client certificate is available. An unlikely failure will raise an exception.

Reviewed By: fabiomassimo

Differential Revision: D30074334

fbshipit-source-id: 91a475d080569cc339b649c7302b1f28793c7de7
This commit is contained in:
Lorenzo Blasa
2021-08-04 06:33:27 -07:00
committed by Facebook GitHub Bot
parent a5b83dc148
commit 43179a7ef4
6 changed files with 237 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xplat/FlipperTestLib/ConnectionContextStoreMock.h
View File

@@ -20,10 +20,10 @@ class ConnectionContextStoreMock : public ConnectionContextStore {
std::string createCertificateSigningRequest() {
return "thisIsACsr";
}
std::shared_ptr<SSLContext> getSSLContext() {
std::shared_ptr<folly::SSLContext> getSSLContext() {
return nullptr;
}
dynamic getConnectionConfig() {
folly::dynamic getConnectionConfig() {
return nullptr;
}
std::string getCertificateDirectoryPath() {