jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
43179a7ef40ca20f01b5c0741024710770e36baa
flipper/xplat/Flipper/ConnectionContextStore.h
Lorenzo Blasa 43179a7ef4 ConnectionContext to expose client certificate in PKCS #12 format 
Summary:
RSocket plays nicely with Folly and OpenSSL.

Flipper WebSocket-client uses SocketRocket which instead relies on Apple's NSInputStream and NSOutputStream types.

SSL options can be set to secure the communication in both.

Unfortunately, Apple APIs are a bit limited on the supported cryptographic formats it can accept as arguments.

SSL options require the client certificate to be set in PKCS #12 format, contrary to the existing PEM format used by RSocket.

This change adds a method to the ConnectionContext which converts and saves the client certificate in PKCS #12 format.

The method is always expected to succeed as it will only be called once a valid client certificate is available. An unlikely failure will raise an exception.

Reviewed By: fabiomassimo

Differential Revision: D30074334

fbshipit-source-id: 91a475d080569cc339b649c7302b1f28793c7de7
2021-08-04 06:34:18 -07:00

45 lines
1.2 KiB
C++
Raw Blame History

/*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
#pragma once
#include <folly/dynamic.h>
#include <folly/io/async/SSLContext.h>
#include <string>
#include "FlipperInitConfig.h"
namespace facebook {
namespace flipper {
class ConnectionContextStore {
public:
ConnectionContextStore(DeviceData deviceData);
bool hasRequiredFiles();
std::string getCertificateSigningRequest();
std::shared_ptr<folly::SSLContext> getSSLContext();
std::string getCertificateDirectoryPath();
std::string getDeviceId();
void storeConnectionConfig(folly::dynamic& config);
bool resetState();
/** Convert and save to disk the existing certificate to PKCS #12 format.
* @return Returns a pair where `first` contains the certificate file path and
* `second` contains the certificate export password. If there's an error, the
* pair will contain both empty strings.
*/
std::pair<std::string, std::string> getCertificate();
private:
DeviceData deviceData_;
std::string csr = "";
std::string absoluteFilePath(const char* filename);
};
} // namespace flipper
} // namespace facebook
Reference in New Issue View Git Blame Copy Permalink