Add toggle in the settings for cert exchange medium

Summary:
This diff adds a toggle setting in wilde which will enable certificate exchange through www.
Right now it just sends the information about which medium to be used for cert exchange to Flipper JS and its client side. But its implementation is not done yet.

### Flow for Wilde

Whenever user changes the setting(or when user logs out) we set the state of exchange medium and accordingly set/reset authtoken. Note at no given point we remove already existing certificates.

### Context for OSS

With this diff we introduce another way to do certificate exchange. Before this diff, we did certificate exchange by accessing the file system of app. But it turns out it's not possible to do that in applications signed by enterprise certs. Thus with this diff one can write their FlipperKitCertificateProvider and fetch the certificate from WWW.

Reviewed By: jknoxville

Differential Revision: D22896320

fbshipit-source-id: 55aef7028a62e71ba9c02f9f79acaab41d09c0c6

xplat/Flipper/ConnectionContextStore.cpp

@@ -8,12 +8,10 @@
 #include "ConnectionContextStore.h"
 #include <folly/json.h>
 #include <folly/portability/SysStat.h>
-#include <stdio.h>
 #include <fstream>
 #include <iostream>
 #include "CertificateUtils.h"
 #include "Log.h"
-
 using namespace facebook::flipper;
 
 static constexpr auto CSR_FILE_NAME = "app.csr";

xplat/Flipper/FlipperCertificateExchangeMedium.h

@@ -0,0 +1,8 @@
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+enum FlipperCertificateExchangeMedium { FS_ACCESS = 1, WWW = 2 };

xplat/Flipper/FlipperCertificateProvider.h

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+#pragma once
+
+#include <functional>
+#include <string>
+#include "FlipperCertificateExchangeMedium.h"
+namespace facebook {
+namespace flipper {
+
+/**
+ * Represents a FlipperCertificateProvider which is responsible for obtaining
+ * Flipper TLS certificates.
+ */
+class FlipperCertificateProvider {
+ public:
+  virtual ~FlipperCertificateProvider() {}
+
+  /**
+   * Gets certificates downloaded at a path, which is passed as an argument.
+   */
+  virtual void getCertificates(
+      const std::string& path,
+      const std::string& deviceID) = 0;
+
+  virtual void setCertificateExchangeMedium(
+      const FlipperCertificateExchangeMedium medium) = 0;
+
+  virtual FlipperCertificateExchangeMedium getCertificateExchangeMedium() = 0;
+};
+
+} // namespace flipper
+} // namespace facebook

xplat/Flipper/FlipperClient.cpp

@@ -73,6 +73,17 @@ void FlipperClient::addPlugin(std::shared_ptr<FlipperPlugin> plugin) {
   });
 }
 
+void FlipperClient::setCertificateProvider(
+    const std::shared_ptr<FlipperCertificateProvider> provider) {
+  socket_->setCertificateProvider(provider);
+  log("cpp setCertificateProvider called");
+}
+
+std::shared_ptr<FlipperCertificateProvider>
+FlipperClient::getCertificateProvider() {
+  return socket_->getCertificateProvider();
+}
+
 void FlipperClient::removePlugin(std::shared_ptr<FlipperPlugin> plugin) {
   performAndReportError([this, plugin]() {
     log("FlipperClient::removePlugin " + plugin->identifier());

xplat/Flipper/FlipperClient.h

@@ -10,6 +10,7 @@
 #include <map>
 #include <mutex>
 #include <vector>
+#include "FlipperCertificateProvider.h"
 #include "FlipperConnectionImpl.h"
 #include "FlipperConnectionManager.h"
 #include "FlipperInitConfig.h"
@@ -85,6 +86,10 @@ class FlipperClient : public FlipperConnectionManager::Callbacks {
   void setStateListener(
       std::shared_ptr<FlipperStateUpdateListener> stateListener);
 
+  void setCertificateProvider(
+      const std::shared_ptr<FlipperCertificateProvider> provider);
+  std::shared_ptr<FlipperCertificateProvider> getCertificateProvider();
+
   std::shared_ptr<FlipperPlugin> getPlugin(const std::string& identifier);
 
   std::string getState();

xplat/Flipper/FlipperConnectionManager.h

@@ -8,6 +8,7 @@
 #pragma once
 
 #include <folly/json.h>
+#include "FlipperCertificateProvider.h"
 #include "FlipperResponder.h"
 
 namespace facebook {
@@ -30,6 +31,18 @@ class FlipperConnectionManager {
    */
   virtual void stop() = 0;
 
+  /**
+   Sets the Auth token to be used for hitting an Intern end point
+   */
+  virtual void setCertificateProvider(
+      const std::shared_ptr<FlipperCertificateProvider> provider) = 0;
+
+  /**
+   Gets the certificate provider
+   */
+  virtual std::shared_ptr<FlipperCertificateProvider>
+  getCertificateProvider() = 0;
+
   /**
    True if there's an open connection.
    This method may block if the connection is busy.

xplat/Flipper/FlipperConnectionManagerImpl.cpp

@@ -90,6 +90,16 @@ FlipperConnectionManagerImpl::~FlipperConnectionManagerImpl() {
   stop();
 }
 
+void FlipperConnectionManagerImpl::setCertificateProvider(
+    const std::shared_ptr<FlipperCertificateProvider> provider) {
+  certProvider_ = provider;
+};
+
+std::shared_ptr<FlipperCertificateProvider>
+FlipperConnectionManagerImpl::getCertificateProvider() {
+  return certProvider_;
+};
+
 void FlipperConnectionManagerImpl::start() {
   if (isStarted_) {
     log("Already started");
@@ -169,10 +179,13 @@ void FlipperConnectionManagerImpl::startSync() {
 bool FlipperConnectionManagerImpl::doCertificateExchange() {
   rsocket::SetupParameters parameters;
   folly::SocketAddress address;
+  int medium = certProvider_ != nullptr
+      ? certProvider_->getCertificateExchangeMedium()
+      : FlipperCertificateExchangeMedium::FS_ACCESS;
 
   parameters.payload = rsocket::Payload(folly::toJson(folly::dynamic::object(
       "os", deviceData_.os)("device", deviceData_.device)(
-      "app", deviceData_.app)("sdk_version", sdkVersion)));
+      "app", deviceData_.app)("sdk_version", sdkVersion)("medium", medium)));
   address.setFromHostPort(deviceData_.host, insecurePort);
 
   auto connectingInsecurely = flipperState_->start("Connect insecurely");
@@ -358,6 +371,9 @@ void FlipperConnectionManagerImpl::requestSignedCertFromFlipper() {
               }
               gettingCert->complete();
               log("Certificate exchange complete.");
+              // TODO: Use Certificate provider get Certificates
+              // `certProvider_->getCertificates("path", "device");`
+
               // Disconnect after message sending is complete.
               // This will trigger a reconnect which should use the secure
               // channel.

xplat/Flipper/FlipperConnectionManagerImpl.h

@@ -50,10 +50,14 @@ class FlipperConnectionManagerImpl : public FlipperConnectionManager {
       std::unique_ptr<FlipperResponder> responder) override;
 
   void reconnect();
+  void setCertificateProvider(
+      const std::shared_ptr<FlipperCertificateProvider> provider) override;
+  std::shared_ptr<FlipperCertificateProvider> getCertificateProvider() override;
 
  private:
   bool isOpen_ = false;
   bool isStarted_ = false;
+  std::shared_ptr<FlipperCertificateProvider> certProvider_ = nullptr;
   Callbacks* callbacks_;
   DeviceData deviceData_;
   std::shared_ptr<FlipperState> flipperState_;

xplat/FlipperTestLib/FlipperConnectionManagerMock.h

@@ -40,6 +40,14 @@ class FlipperConnectionManagerMock : public FlipperConnectionManager {
     messages.push_back(message);
   }
 
+  void setCertificateProvider(
+      const std::shared_ptr<FlipperCertificateProvider> provider) override{};
+
+  std::shared_ptr<FlipperCertificateProvider> getCertificateProvider()
+      override {
+    return nullptr;
+  };
+
   void onMessageReceived(
       const folly::dynamic& message,
       std::unique_ptr<FlipperResponder> responder) override {