jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Never reuse CSR files

Browse Source 
Summary:
If the app has an old CSR with data that is incompatible with sonar, we can't use it.
An example of this happening is when we moved the package name from organisation to common name in the certificate subject.
To get around this, always create a new one to guarantee it contains what we expect.

Reviewed By: emilsjolander

Differential Revision: D8350247

fbshipit-source-id: e53148fcddc47aa60e3daef5bbf36ce330a3b4e9
This commit is contained in:
John Knox
2018-06-12 03:43:04 -07:00
committed by Facebook Github Bot
parent 8e5647725a
commit 8af2af6558
1 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
xplat/Sonar/SonarWebSocketImpl.cpp
View File

@@ -228,15 +228,12 @@ bool SonarWebSocketImpl::isCertificateExchangeNeeded() {
} }
void SonarWebSocketImpl::requestSignedCertFromSonar() { void SonarWebSocketImpl::requestSignedCertFromSonar() {
generateCertSigningRequest(
deviceData_.appId.c_str(),
absoluteFilePath(CSR_FILE_NAME).c_str(),
absoluteFilePath(PRIVATE_KEY_FILE).c_str());
std::string csr = loadStringFromFile(absoluteFilePath(CSR_FILE_NAME)); std::string csr = loadStringFromFile(absoluteFilePath(CSR_FILE_NAME));
if (csr == "") {
generateCertSigningRequest(
deviceData_.appId.c_str(),
absoluteFilePath(CSR_FILE_NAME).c_str(),
absoluteFilePath(PRIVATE_KEY_FILE).c_str());
csr = loadStringFromFile(absoluteFilePath(CSR_FILE_NAME));
}
// Send CSR to Sonar desktop
folly::dynamic message = folly::dynamic::object("method", "signCertificate")( folly::dynamic message = folly::dynamic::object("method", "signCertificate")(
"csr", csr.c_str())("destination", absoluteFilePath("").c_str()); "csr", csr.c_str())("destination", absoluteFilePath("").c_str());
worker_->add([this, message]() { worker_->add([this, message]() {