jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check certs are good for TLS

Browse Source 
Reviewed By: lblasa

Differential Revision: D50496418

fbshipit-source-id: fb4ee3a91b50d0e02f8b1d0e4618a510cf0c3a54
This commit is contained in:
Andrey Goncharov
2023-10-25 04:52:00 -07:00
committed by Facebook GitHub Bot
parent 7f6d1cf55b
commit 97f01d0057
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
View File

@@ -22,6 +22,7 @@ import {flipperDataFolder} from '../../utils/paths';
import * as jwt from 'jsonwebtoken';
import {getFlipperServerConfig} from '../../FlipperServerConfig';
import {Mutex} from 'async-mutex';
import {createSecureContext} from 'tls';
const tmpFile = promisify(tmp.file) as (
options?: FileOptions,
@@ -157,13 +158,13 @@ const certificateSetup = async () => {
const mutex = new Mutex();
const ensureServerCertExists = async (): Promise<void> => {
return mutex.runExclusive(async () => {
const allExist = await Promise.all([
fs.pathExists(serverKey),
fs.pathExists(serverCert),
fs.pathExists(caCert),
]).then((exist) => exist.every(Boolean));
const certs = await Promise.all([
fs.readFile(serverKey).catch(() => ''),
fs.readFile(serverCert).catch(() => ''),
fs.readFile(caCert).catch(() => ''),
]);
if (!allExist) {
if (!certs.every(Boolean)) {
console.info('No certificates were found, generating new ones');
await generateServerCertificate();
} else {
@@ -172,6 +173,13 @@ const ensureServerCertExists = async (): Promise<void> => {
await checkCertIsValid(serverCert);
console.info('Checking certificate was issued by current CA');
await verifyServerCertWasIssuedByCA();
console.info('Checking certs can be used for TLS');
// https://fb.workplace.com/groups/flippersupport/posts/1712654405881877/
createSecureContext({
key: certs[0],
cert: certs[1],
ca: certs[2],
});
console.info('Current certificates are valid');
} catch (e) {
console.warn('Not all certificates are valid, generating new ones', e);