Add an OpenSSLTransportCertificate

Summary:
To remove OpenSSL dependencies from some of our public interfaces, we need to
make `AsyncTransportCertificate` more implementation-agnostic. To start, we can
create an `OpenSSLTransportCertificate` that will have the `getX509()` method
instead of the `AsyncTransportCertificate`.

I start here by making `OpenSSLTransportCertificate` a dummy class, then I'll
update all our callsites to ensure that `getX509()` is only called on instances
of this class. After that, I can move `getX509()` exclusively to
`OpenSSLTransportCertificate`.

This means that in the future interfaces can use `AsyncTransportCertificate`
without depending on OpenSSL.

Reviewed By: yfeldblum, mingtaoy

Differential Revision: D26583479

fbshipit-source-id: 664e697a32fce61d22ee9842f998c4de1182924c

folly/io/async/ssl/BasicTransportCertificate.h

@@ -18,12 +18,12 @@
 
 #include <memory>
 
-#include <folly/io/async/AsyncTransportCertificate.h>
+#include <folly/io/async/ssl/OpenSSLTransportCertificate.h>
 
 namespace folly {
 namespace ssl {
 
-class BasicTransportCertificate : public folly::AsyncTransportCertificate {
+class BasicTransportCertificate : public folly::OpenSSLTransportCertificate {
  public:
   // Create a basic transport cert from an existing one.  Returns nullptr
   // if cert is null.

folly/io/async/ssl/OpenSSLTransportCertificate.h

+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <folly/io/async/AsyncTransportCertificate.h>
+#include <folly/portability/OpenSSL.h>
+#include <folly/ssl/OpenSSLPtrTypes.h>
+
+namespace folly {
+
+/**
+ * Generic interface applications may implement to convey self or peer
+ * certificate related information.
+ */
+class OpenSSLTransportCertificate : public AsyncTransportCertificate {
+ public:
+  virtual ~OpenSSLTransportCertificate() = default;
+
+  // TODO: Once all callsites using getX509() perform dynamic casts to this
+  // OpenSSLTransportCertificate type, we can move that method to be declared
+  // here instead.
+};
+} // namespace folly

folly/io/async/test/AsyncSSLSocketTest.cpp

@@ -34,6 +34,7 @@
 #include <folly/io/async/EventBase.h>
 #include <folly/io/async/EventBaseThread.h>
 #include <folly/io/async/ScopedEventBaseThread.h>
+#include <folly/io/async/ssl/OpenSSLTransportCertificate.h>
 #include <folly/io/async/test/BlockingSocket.h>
 #include <folly/io/async/test/MockAsyncTransportObserver.h>
 #include <folly/net/NetOps.h>
@@ -1012,9 +1013,16 @@ TEST(AsyncSSLSocketTest, GetClientCertificate) {
   auto clientSelfCert = cliSocket->getSelfCertificate();
   CHECK(clientSelfCert);
 
-  auto serverX509 = serverPeerCert->getX509();
-  auto clientX509 = clientSelfCert->getX509();
+  auto serverOpenSSLPeerCert =
+      dynamic_cast<const OpenSSLTransportCertificate*>(serverPeerCert);
+  CHECK(serverOpenSSLPeerCert);
+  auto serverX509 = serverOpenSSLPeerCert->getX509();
   CHECK(serverX509);
+
+  auto clientOpenSSLSelfCert =
+      dynamic_cast<const OpenSSLTransportCertificate*>(clientSelfCert);
+  CHECK(clientOpenSSLSelfCert);
+  auto clientX509 = clientSelfCert->getX509();
   CHECK(clientX509);
 
   // The two certs should be the same.