From 91d5c6c130e0ee057313b4ed6896f57ac24f08f2 Mon Sep 17 00:00:00 2001
From: Anton Nikolaev <nikoant@fb.com>
Date: Wed, 3 Jun 2020 11:56:08 -0700
Subject: [PATCH] Import MacOS CA when Flipper running in dev mode

Summary:
By default Node.JS has its internal certificate storage and doesn't use the system store. Because of this, it's impossible to access ondemand / devserver which are signed using some internal self-issued FB certificates. These internal certificates are automatically installed to MacOS system store on FB machines, so here we're using "mac-ca" library to load them into Node.JS when Flipper is running in dev mode.

For production version of Flipper we don't need to do this, because production certs are issued by DigiCert which is already trusted by node.js.

Reviewed By: passy

Differential Revision: D21862620

fbshipit-source-id: f7276e255fae1c208cb68af6632a303661af883e
---
 desktop/app/package.json |  1 +
 desktop/app/src/init.tsx | 10 ++++++++++
 desktop/yarn.lock        |  9 ++++++++-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/desktop/app/package.json b/desktop/app/package.json
index 5dfd414c3..ab58d6d81 100644
--- a/desktop/app/package.json
+++ b/desktop/app/package.json
@@ -70,6 +70,7 @@
   },
   "devDependencies": {
     "@testing-library/react": "^10.0.2",
+    "mac-ca": "^1.0.4",
     "metro": "^0.59.0",
     "pretty-format": "^25.4.0",
     "react-refresh": "^0.8.1",
diff --git a/desktop/app/src/init.tsx b/desktop/app/src/init.tsx
index bcf59d67d..5c9fc329c 100644
--- a/desktop/app/src/init.tsx
+++ b/desktop/app/src/init.tsx
@@ -33,6 +33,16 @@ import {registerRecordingHooks} from './utils/pluginStateRecorder';
 import {cache} from 'emotion';
 import {CacheProvider} from '@emotion/core';
 import {enableMapSet} from 'immer';
+import os from 'os';
+
+if (process.env.NODE_ENV === 'development' && os.platform() === 'darwin') {
+  // By default Node.JS has its internal certificate storage and doesn't use
+  // the system store. Because of this, it's impossible to access ondemand / devserver
+  // which are signed using some internal self-issued FB certificates. These certificates
+  // are automatically installed to MacOS system store on FB machines, so here we're using
+  // this "mac-ca" library to load them into Node.JS.
+  global.electronRequire('mac-ca');
+}
 
 const logger = initLogger(store);
 
diff --git a/desktop/yarn.lock b/desktop/yarn.lock
index 6846ee5c8..be8ca45d4 100644
--- a/desktop/yarn.lock
+++ b/desktop/yarn.lock
@@ -8812,6 +8812,13 @@ lru-cache@^5.1.1:
   dependencies:
     yallist "^3.0.2"
 
+mac-ca@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/mac-ca/-/mac-ca-1.0.4.tgz#4c8ae50f003dec4bc63f4688791f9321ff84e5f5"
+  integrity sha512-6Yf4IKnH2Irv9nm2QjoQg7DcNY+wYygYeU2EM+xWmQ0M7cwboPv9O3U2eZ378KwAIWJUiVh5BC9QzmcqmTyrPw==
+  dependencies:
+    node-forge "^0.7.5"
+
 make-dir@^1.0.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-1.3.0.tgz#79c1033b80515bd6d24ec9933e860ca75ee27f0c"
@@ -9443,7 +9450,7 @@ node-fetch@^1.0.1:
     encoding "^0.1.11"
     is-stream "^1.0.1"
 
-node-forge@^0.7.1:
+node-forge@^0.7.1, node-forge@^0.7.5:
   version "0.7.6"
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac"
   integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==