Add ability to hint AsyncTransport to drop certificate

Summary: Many protocols often only require certificate information at the beginning of the connection (for authentication and authorization). Often, the protocol implementation will itself store its own representation of a transport identity. Certain certificates, such as X509 certificates, may be large and unnecessary to hold onto during the entirety of a connection past the initial connection establishment / handshaking phase. It is desirable to hint to transport implementations when certificate information is no longer needed. Reviewed By: AjanthanAsogamoorthy Differential Revision: D26031748 fbshipit-source-id: de5164acfc141755debc0aa4f36474b1c7fd3109

Add ability to hint AsyncTransport to drop certificate
Summary: Many protocols often only require certificate information at the beginning of the connection (for authentication and authorization). Often, the protocol implementation will itself store its own representation of a transport identity. Certain certificates, such as X509 certificates, may be large and unnecessary to hold onto during the entirety of a connection past the initial connection establishment / handshaking phase. It is desirable to hint to transport implementations when certificate information is no longer needed. Reviewed By: AjanthanAsogamoorthy Differential Revision: D26031748 fbshipit-source-id: de5164acfc141755debc0aa4f36474b1c7fd3109
6477caf1 · Mingtao Yang · Facebook GitHub Bot · 2a14eb88 · 6477caf1 · 6477caf1
Commit 6477caf1 authored Jan 27, 2021 by Mingtao Yang Committed by Facebook GitHub Bot Jan 27, 2021
3 changed files
--- a/folly/io/async/AsyncSocket.h
+++ b/folly/io/async/AsyncSocket.h
@@ -900,11 +900,15 @@ class AsyncSocket : public AsyncTransport {
    return peerCertData_.get();
  }
+  void dropPeerCertificate() noexcept override { peerCertData_.reset(); }
  void setSelfCertificate(
      std::unique_ptr<const AsyncTransportCertificate> cert) {
    selfCertData_ = std::move(cert);
  }
+  void dropSelfCertificate() noexcept override { selfCertData_.reset(); }
  const AsyncTransportCertificate* getSelfCertificate() const override {
    return selfCertData_.get();
  }

--- a/folly/io/async/AsyncTransport.h
+++ b/folly/io/async/AsyncTransport.h
@@ -634,6 +634,26 @@ class AsyncTransport : public DelayedDestruction,
    return nullptr;
  }
+  /**
+   * Hints to transport implementations that the associated certificate is no
+   * longer required by the application. The transport implementation may
+   * choose to free up resources associated with the peer certificate.
+   *
+   * After this call, `getPeerCertificate()` may return nullptr, even if it
+   * previously returned non-null
+   */
+  virtual void dropPeerCertificate() noexcept {}
+  /**
+   * Hints to transport implementations that the associated certificate is no
+   * longer required by the application. The transport implementation may
+   * choose to free up resources associated with the self certificate.
+   *
+   * After this call, `getPeerCertificate()` may return nullptr, even if it
+   * previously returned non-null
+   */
+  virtual void dropSelfCertificate() noexcept {}
  /**
   * Get the certificate information of this transport, if any
   */

--- a/folly/io/async/DecoratedAsyncTransportWrapper.h
+++ b/folly/io/async/DecoratedAsyncTransportWrapper.h
@@ -165,10 +165,18 @@ class DecoratedAsyncTransportWrapper : public folly::AsyncTransport {
    return transport_->getPeerCertificate();
  }
+  void dropPeerCertificate() noexcept override {
+    transport_->dropPeerCertificate();
+  }
  const AsyncTransportCertificate* getSelfCertificate() const override {
    return transport_->getSelfCertificate();
  }
+  void dropSelfCertificate() noexcept override {
+    transport_->dropSelfCertificate();
+  }
  bool setZeroCopy(bool enable) override {
    return transport_->setZeroCopy(enable);
  }