Add peer identity interface to AsyncTransport

Summary: Add a generic Identity class to AsyncTransport that applications are free to implement to convey identity information for both self and peer. Reviewed By: yfeldblum Differential Revision: D7177085 fbshipit-source-id: f1dcd9bb2dbf57751fe7ef0608663ddc1d527b92

Add peer identity interface to AsyncTransport
Summary: Add a generic Identity class to AsyncTransport that applications are free to implement to convey identity information for both self and peer. Reviewed By: yfeldblum Differential Revision: D7177085 fbshipit-source-id: f1dcd9bb2dbf57751fe7ef0608663ddc1d527b92
25702fca · Neel Goyal · Facebook Github Bot · ca53d920 · 25702fca · 25702fca
Commit 25702fca authored Mar 16, 2018 by Neel Goyal Committed by Facebook Github Bot Mar 16, 2018
5 changed files
--- a/folly/Makefile.am
+++ b/folly/Makefile.am
@@ -283,6 +283,7 @@ nobase_follyinclude_HEADERS = \
 	io/async/AsyncPipe.h \
 	io/async/AsyncTimeout.h \
 	io/async/AsyncTransport.h \
+	io/async/AsyncTransportCertificate.h \
 	io/async/AsyncUDPServerSocket.h \
 	io/async/AsyncUDPSocket.h \
 	io/async/AsyncServerSocket.h \

--- a/folly/io/async/AsyncSocket.h
+++ b/folly/io/async/AsyncSocket.h
@@ -814,6 +814,23 @@ class AsyncSocket : virtual public AsyncTransportWrapper {
   */
  bool processZeroCopyWriteInProgress() noexcept;

+  void setPeerCertificate(
+      std::unique_ptr<const AsyncTransportCertificate> cert) {
+    peerCertData_ = std::move(cert);
+  }
+  const AsyncTransportCertificate* getPeerCertificate() const override {
+    return peerCertData_.get();
+  }
+
+  void setSelfCertificate(
+      std::unique_ptr<const AsyncTransportCertificate> cert) {
+    selfCertData_ = std::move(cert);
+  }
+
+  const AsyncTransportCertificate* getSelfCertificate() const override {
+    return selfCertData_.get();
+  }
+
  /**
   * writeReturn is the total number of bytes written, or WRITE_ERROR on error.
   * If no data has been written, 0 is returned.
@@ -1234,6 +1251,9 @@ class AsyncSocket : virtual public AsyncTransportWrapper {
  bool trackEor_{false};
  bool zeroCopyEnabled_{false};
  bool zeroCopyVal_{false};
+
+  std::unique_ptr<const AsyncTransportCertificate> peerCertData_{nullptr};
+  std::unique_ptr<const AsyncTransportCertificate> selfCertData_{nullptr};
 };
 #ifdef _MSC_VER
 #pragma vtordisp(pop)

--- a/folly/io/async/AsyncTransport.h
+++ b/folly/io/async/AsyncTransport.h
@@ -20,6 +20,7 @@

 #include <folly/io/IOBuf.h>
 #include <folly/io/async/AsyncSocketBase.h>
+#include <folly/io/async/AsyncTransportCertificate.h>
 #include <folly/io/async/DelayedDestruction.h>
 #include <folly/io/async/EventBase.h>
 #include <folly/portability/OpenSSL.h>
@@ -390,6 +391,20 @@ class AsyncTransport : public DelayedDestruction, public AsyncSocketBase {
    return nullptr;
  }

+  /**
+   * Get the peer certificate information if any
+   */
+  virtual const AsyncTransportCertificate* getPeerCertificate() const {
+    return nullptr;
+  }
+
+  /**
+   * Get the certificate information of this transport, if any
+   */
+  virtual const AsyncTransportCertificate* getSelfCertificate() const {
+    return nullptr;
+  }
+
  /**
   * Return the application protocol being used by the underlying transport
   * protocol. This is useful for transports which are used to tunnel other

--- a/folly/io/async/AsyncTransportCertificate.h
+++ b/folly/io/async/AsyncTransportCertificate.h
+/*
+ * Copyright 2014-present Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <folly/portability/OpenSSL.h>
+#include <folly/ssl/OpenSSLPtrTypes.h>
+
+namespace folly {
+
+/**
+ * Generic interface applications may implement to convey self or peer
+ * certificate related information.
+ */
+class AsyncTransportCertificate {
+ public:
+  virtual ~AsyncTransportCertificate() = default;
+
+  /**
+   * Returns the identity this certificate conveys.
+   *
+   * An identity is an opaque string that may be used by the application for
+   * authentication or authorization purposes. The exact structure and
+   * semantics of the identity string are determined by concrete
+   * implementations of AsyncTransport.
+   */
+  virtual std::string getIdentity() const = 0;
+
+  /**
+   * Returns an X509 structure associated with this Certificate. This may be
+   * null.
+   */
+  virtual folly::ssl::X509UniquePtr getX509() const = 0;
+};
+} // namespace folly
--- a/folly/io/async/DecoratedAsyncTransportWrapper.h
+++ b/folly/io/async/DecoratedAsyncTransportWrapper.h
@@ -189,6 +189,14 @@ class DecoratedAsyncTransportWrapper : public folly::AsyncTransportWrapper {
    transport_->setReplaySafetyCallback(callback);
  }

+  const AsyncTransportCertificate* getPeerCertificate() const override {
+    return transport_->getPeerCertificate();
+  }
+
+  const AsyncTransportCertificate* getSelfCertificate() const override {
+    return transport_->getSelfCertificate();
+  }
+
 protected:
  ~DecoratedAsyncTransportWrapper() override {}