From c238cef5b031c8e6336f0d4d29b7bd6b92ccaa7c Mon Sep 17 00:00:00 2001
From: Andrey Goncharov <aigoncharov@fb.com>
Date: Wed, 2 Feb 2022 03:05:34 -0800
Subject: [PATCH] Verify certificate provider medium

Reviewed By: antonk52

Differential Revision: D33917041

fbshipit-source-id: 91a9554397063d53a903a5b1406b46ddf07360b2
---
 .../flipper-server-core/src/comms/ServerController.tsx   | 2 ++
 .../src/devices/android/AndroidCertificateProvider.tsx   | 3 +++
 .../src/devices/desktop/DesktopCertificateProvider.tsx   | 2 ++
 .../src/devices/ios/iOSCertificateProvider.tsx           | 2 ++
 .../src/fb-stubs/WWWCertificateProvider.tsx              | 2 ++
 .../src/utils/CertificateProvider.tsx                    | 9 +++++++++
 6 files changed, 20 insertions(+)

diff --git a/desktop/flipper-server-core/src/comms/ServerController.tsx b/desktop/flipper-server-core/src/comms/ServerController.tsx
index 7a47c6829..7db2a9cfe 100644
--- a/desktop/flipper-server-core/src/comms/ServerController.tsx
+++ b/desktop/flipper-server-core/src/comms/ServerController.tsx
@@ -311,6 +311,8 @@ class ServerController extends EventEmitter implements ServerEventsListener {
       }
     }
 
+    certificateProvider.verifyMedium(medium);
+
     return new Promise((resolve, reject) => {
       reportPlatformFailures(
         certificateProvider.processCertificateSigningRequest(
diff --git a/desktop/flipper-server-core/src/devices/android/AndroidCertificateProvider.tsx b/desktop/flipper-server-core/src/devices/android/AndroidCertificateProvider.tsx
index 25bf9794b..5ff253eb4 100644
--- a/desktop/flipper-server-core/src/devices/android/AndroidCertificateProvider.tsx
+++ b/desktop/flipper-server-core/src/devices/android/AndroidCertificateProvider.tsx
@@ -15,6 +15,9 @@ import {csrFileName, extractAppNameFromCSR} from '../../utils/certificateUtils';
 const logTag = 'AndroidCertificateProvider';
 
 export default class AndroidCertificateProvider extends CertificateProvider {
+  name = 'AndroidCertificateProvider';
+  medium = 'FS_ACCESS' as const;
+
   constructor(private adb: Client) {
     super();
   }
diff --git a/desktop/flipper-server-core/src/devices/desktop/DesktopCertificateProvider.tsx b/desktop/flipper-server-core/src/devices/desktop/DesktopCertificateProvider.tsx
index 806493086..cbecfaa7d 100644
--- a/desktop/flipper-server-core/src/devices/desktop/DesktopCertificateProvider.tsx
+++ b/desktop/flipper-server-core/src/devices/desktop/DesktopCertificateProvider.tsx
@@ -11,6 +11,8 @@ import CertificateProvider from '../../utils/CertificateProvider';
 import fs from 'fs-extra';
 
 export default class DesktopCertificateProvider extends CertificateProvider {
+  name = 'DesktopCertificateProvider';
+  medium = 'FS_ACCESS' as const;
   async getTargetDeviceId(): Promise<string> {
     // TODO: Could we use some real device serial? Currently, '' corresponds to a local device.
     // Whats if some app connects from a remote device?
diff --git a/desktop/flipper-server-core/src/devices/ios/iOSCertificateProvider.tsx b/desktop/flipper-server-core/src/devices/ios/iOSCertificateProvider.tsx
index 4520b322b..1915cec6b 100644
--- a/desktop/flipper-server-core/src/devices/ios/iOSCertificateProvider.tsx
+++ b/desktop/flipper-server-core/src/devices/ios/iOSCertificateProvider.tsx
@@ -19,6 +19,8 @@ const tmpDir = promisify(tmp.dir) as (options?: DirOptions) => Promise<string>;
 
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export default class iOSCertificateProvider extends CertificateProvider {
+  name = 'iOSCertificateProvider';
+  medium = 'FS_ACCESS' as const;
   constructor(private idbConfig: IdbConfig) {
     super();
   }
diff --git a/desktop/flipper-server-core/src/fb-stubs/WWWCertificateProvider.tsx b/desktop/flipper-server-core/src/fb-stubs/WWWCertificateProvider.tsx
index 5bcbb0305..cf706ecab 100644
--- a/desktop/flipper-server-core/src/fb-stubs/WWWCertificateProvider.tsx
+++ b/desktop/flipper-server-core/src/fb-stubs/WWWCertificateProvider.tsx
@@ -11,6 +11,8 @@ import {KeytarManager} from '../utils/keytar';
 import CertificateProvider from '../utils/CertificateProvider';
 
 export default class WWWCertificateProvider extends CertificateProvider {
+  name = 'WWWCertificateProvider';
+  medium = 'WWW' as const;
   constructor(private keytarManager: KeytarManager) {
     super();
   }
diff --git a/desktop/flipper-server-core/src/utils/CertificateProvider.tsx b/desktop/flipper-server-core/src/utils/CertificateProvider.tsx
index 2e4655f7a..43f41cbd4 100644
--- a/desktop/flipper-server-core/src/utils/CertificateProvider.tsx
+++ b/desktop/flipper-server-core/src/utils/CertificateProvider.tsx
@@ -19,6 +19,15 @@ import {
 export type CertificateExchangeMedium = 'FS_ACCESS' | 'WWW' | 'NONE';
 
 export default abstract class CertificateProvider {
+  abstract medium: CertificateExchangeMedium;
+  abstract name: string;
+
+  verifyMedium(medium: CertificateExchangeMedium) {
+    if (this.medium !== medium) {
+      throw new Error(`${this.name} does not support medium ${medium}`);
+    }
+  }
+
   async processCertificateSigningRequest(
     unsanitizedCsr: string,
     os: string,