From 8af2af6558c7e9650260a212c62b335eeead9ca9 Mon Sep 17 00:00:00 2001 From: John Knox Date: Tue, 12 Jun 2018 03:43:04 -0700 Subject: [PATCH] Never reuse CSR files Summary: If the app has an old CSR with data that is incompatible with sonar, we can't use it. An example of this happening is when we moved the package name from organisation to common name in the certificate subject. To get around this, always create a new one to guarantee it contains what we expect. Reviewed By: emilsjolander Differential Revision: D8350247 fbshipit-source-id: e53148fcddc47aa60e3daef5bbf36ce330a3b4e9 --- xplat/Sonar/SonarWebSocketImpl.cpp | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/xplat/Sonar/SonarWebSocketImpl.cpp b/xplat/Sonar/SonarWebSocketImpl.cpp index 78b3d1338..26419b99d 100644 --- a/xplat/Sonar/SonarWebSocketImpl.cpp +++ b/xplat/Sonar/SonarWebSocketImpl.cpp @@ -228,15 +228,12 @@ bool SonarWebSocketImpl::isCertificateExchangeNeeded() { } void SonarWebSocketImpl::requestSignedCertFromSonar() { + generateCertSigningRequest( + deviceData_.appId.c_str(), + absoluteFilePath(CSR_FILE_NAME).c_str(), + absoluteFilePath(PRIVATE_KEY_FILE).c_str()); std::string csr = loadStringFromFile(absoluteFilePath(CSR_FILE_NAME)); - if (csr == "") { - generateCertSigningRequest( - deviceData_.appId.c_str(), - absoluteFilePath(CSR_FILE_NAME).c_str(), - absoluteFilePath(PRIVATE_KEY_FILE).c_str()); - csr = loadStringFromFile(absoluteFilePath(CSR_FILE_NAME)); - } - // Send CSR to Sonar desktop + folly::dynamic message = folly::dynamic::object("method", "signCertificate")( "csr", csr.c_str())("destination", absoluteFilePath("").c_str()); worker_->add([this, message]() {