Summary:
This change isolates the usage of folly async from Flipper. Is now self-contained in Flipper Folly schedulers.
Users of Flipper can decide not to use the types defined in that header and implement their own.
NOTE: changes are minimal, we are just replacing direct calls to folly event base with a scheduler which simply relays this on to folly.
Reviewed By: fabiomassimo
Differential Revision: D36626483
fbshipit-source-id: add0241caf4af0aa5c3b5c2e7efc2e725f5400ab
Summary:
This change isolates the usage of folly async from Flipper. Is now self-contained in Flipper Folly schedulers.
Users of Flipper can decide not to use the types defined in that header and implement their own.
NOTE: changes are minimal, we are just replacing direct calls to folly event base with a scheduler which simply relays this on to folly.
Reviewed By: fabiomassimo
Differential Revision: D36052198
fbshipit-source-id: 170d64a324a1f1f100224e2622a59cbac3c8b642
Summary:
^
It was used by rsocket.
Reviewed By: fabiomassimo
Differential Revision: D36246038
fbshipit-source-id: 8bdc77d9e1ecf22402436e0102b5522ed36aff27
Summary:
Flipper doesn really use library specific exceptions throughout, and that's OK.
Introducing SSLException as a replacement for the existing Folly Async Socket SSL exception.
This exception originally thrown by rsocket. Because we had rsocket and websockets using the same code, websockets were creating and throwing this same exception.
With rsocket gone, we can fully replace the usage of that exception. This is also needed as to decouple Flipper from folly async components.
Reviewed By: fabiomassimo
Differential Revision: D36245624
fbshipit-source-id: f5c97c5efe063280ce95be130008dee7f4e5d788
Summary: Introduce a 'Scheduler' interface which will allow to decouple from the existing used Folly scheduler.
Reviewed By: fabiomassimo
Differential Revision: D36245587
fbshipit-source-id: 2f28bc1612e37ae53060a134d1c8059231fbc8ad
Summary:
^
Change necessary when OpenSSL is compiled without STDIO for file operations. Basically, don't use the BIO file API's. Instead use in-memory BIO and do file operations manually.
UPDATE:
The changes were good, but have been simplified and fixed. A fixed was needed as to read and write the file in binary mode. This has no effect in POSIX systems but it does on Windows and this change was made for Windows. It meant that the BIO was incorrectly written to disk thus corrupting its content.
Changelog: Remove OpenSSL file BIO operations
Reviewed By: jknoxville
Differential Revision: D36060992
fbshipit-source-id: 21b30582dd0b32c24b8ba001d6993034d92de1da
Summary:
^
There's a similar issue/request for Android. So, this change moves the code out from the FlipperKit into Flipper as to be able to reuse it.
Reviewed By: aigoncharov
Differential Revision: D35961745
fbshipit-source-id: aa255db582a7852dc06c2feaba389d1dac3b0f67
Summary:
^
:android:third-party task, on ocassions, gets parallelised with the :configureCMake task resulting in build errors.
:configureCMake depends on dependencies being in-place and patched.
Our current setup was achieving this via setting these tasks as dependencies of the preBuild task.
Unfortunately, this seems not be a bullet-proof solution.
This patch aims to improve this situation by ensuring the tasks are executed before :configureCMake. Whatever happens first.
Changelog: Execute :third-party:prepare before :configureCMake task on Android
Reviewed By: passy
Differential Revision: D36001637
fbshipit-source-id: 6c53b6852e40e354337c0ac940b5bbad4ef83078
Summary:
To ensure that no deadlocks take place, it is important that there are no re-entrant calls from within the callbacks or event handlers.
For the most part, this was already the case. Event and message handlers run critical sections into a Folly event scheduler.
The only exception was the sendExpectResponse used during the certificate exchange. Once the response was received, the non-secure socket was disconnected.
The solution was to put that operation in the Folly event scheduler as it should've been from the beginning.
changelog: Certificate signing request response to be processed on the right event loop.
Reviewed By: fabiomassimo
Differential Revision: D35548148
fbshipit-source-id: cea2476ad66137f376acda66cdbc27801c0c47e1
Summary:
^
Changes include:
- C++ WebSocket integration
- Explicit asio namespace usage as namespace asio = websocketpp::lib::asio; this way we don't care if boost::asio or just asio is used in the end.
Reviewed By: javache
Differential Revision: D34388770
fbshipit-source-id: d0b3ee8ac687751ab1b93d483729eb2baccb8687
Summary:
^
Note: this is already a working case. The difference is that if we are unable to establish a socket connection, we will not attempt to create one using rsocket.
Changelog: Removes rsocket-fallback for mobile clients
Reviewed By: nikoant
Differential Revision: D33655430
fbshipit-source-id: cb6f752f2d1354ab46d011b1f19c89520e1e7dd3
Summary:
Introducing a Flipper WebSocket client implemented in C++.
The requirement came from Spark AR (Skylight) as they have a macOS/Linux/Windows clients.
For reviewers:
- This is an implementation of the existing FlipperSocket interface. Effectively, the only type that needs to be reviewed is WebSocketTLSClient.
- BaseClient defined a base class for WebSocketClient and WebSocketTLSClient.
- WebSocketClient is a simplified version of WebSocketTLSClient as there's no TLS configuration.
Reviewed By: mweststrate
Differential Revision: D34081943
fbshipit-source-id: 619a83f5a6783a21069d0f5111d139bb180f9e97
Summary:
^
This change allow callers to retrieve the path of different store items some of which are used for connection authentication.
Reviewed By: aigoncharov
Differential Revision: D34081942
fbshipit-source-id: c6b8d3590993de6c48a36266a5c16f2caf9f5a93
Summary:
The problem seems to be exclusive to Android emulators.
Bringing the emulator ON from a warm state brings the app from is previous state before shutting down. At this point there may have been a Flipper connection.
Flipper tries to connect and does so successfully replacing the previously, now dead connection.
The problem is that replacing that connection triggers the reconnect cycle as Flipper thinks the connection is dead and hence the reconnect loop initiates.
Changelog: Release an existing client before attempting a secure connection
Reviewed By: passy
Differential Revision: D34080726
fbshipit-source-id: 8185adb492dd4d9255fcea5874ca2e5b7fee0c84
Summary:
This change adds a safety net for receivers that may throw an exception on invocation.
Without this change, the exception is logged but not shown in Flipper.
Reviewed By: nikoant
Differential Revision: D34001224
fbshipit-source-id: ca07d3dd006b277e306ecbc1c033845929a83f4c
Summary:
Changelog: Fallback to RSockets if cert exchange fails even if the connection was successful.
Currently, we fallback to RSockets only if the connected is rejected.
It turns out that WS server does not reject connection from our RSocket client. Instead, it rejects the messages.
As result, requestSignedCertFromFlipper fails, but it never triggers the change of protocol.
With this diff we start evaluating if we need to change our protocol for every socket error.
Reviewed By: lblasa
Differential Revision: D33890235
fbshipit-source-id: f79b5c6992f01f8a93e0793e180a5cbd4a105619
Summary:
^
Changelog: Minimises the probability of throwing an exception if no exchange medium is known
Reviewed By: passy
Differential Revision: D33620655
fbshipit-source-id: e03e7fed0607c376add218ee98dcd2bd0f8880f1
Summary:
^
There was an issue for some characters in newer android API versions. One option was to fix our implementation, which can be done by casting to char to unsigned int before using std::isalnum.
But, do not duplicate existing functionality, used a solid implementation instead.
Changelog: Fixes an issue whereas the url encoding was incorrect for UTF-8
Reviewed By: mweststrate
Differential Revision: D33405760
fbshipit-source-id: e1c0a4da3dceb27e923b26d0ebfac091febeceb3
Summary:
Changelog: Initiate cert exchange when medium changes
Fixes the following bug:
1. Start an iOS app with WWW cert exchange
2. Get cert (and fake serial of a virtual device)
3. Close app
4. Restart Flipper
5. Switch app to FS_ACCESS cert exchange
6. Start app
Expected result:
App re-initializes cert exchange to get a new serial of a real device
Current result:
App tries to connect securely using the previous fake serial of a virtual device. Flipper does not recognize it and refuses the connection.
Reviewed By: lblasa
Differential Revision: D33163798
fbshipit-source-id: 67126a9b562f2cb7cfe6521a46abf38b2699fb2d
Summary:
This change moves the existing serialiser from FlipperWebSocket to FlipperURLSerializer.
The serialiser can be shared with Android as it no longer has any iOS dependencies.
Reviewed By: fabiomassimo
Differential Revision: D31571272
fbshipit-source-id: 0769b384d4143d7404fcfcf993d49dc1b00eeffd
Summary: This change adds a function to base64 encode. It is used to encode the CSR which gets added to the connection url.
Reviewed By: passy
Differential Revision: D31570706
fbshipit-source-id: 8356550fe87ae3ac6aae8616744a9339cf69b511
Summary:
This change makes WebSockets the default for Flipper on iOS.
Having said that, we are introducing some logic to deal with clients connecting to older Flipper Desktop versions.
The mobile client will first attempt to connect via WebSocket with the Desktop. This connection can either be secure or insecure. If that fails, it will attempt to connect via RSocket.
Connection failure logic:
The mobile client will attempt to connect up-to 3 times via a WebSocket. If it fails to connect, then the socket provider is switched to RSocket.
As before, the mobile client will attempt to connect up-to 3 times via a RSocket. If it fails to connect, then the socket provider is switched back to WebSocket.
Process repeats until a successful connection is established.
Some logs that can be seen from iOS:
2021-09-15 14:31:51.193503+0100 Sample[92026:92107440] [] nw_protocol_get_quic_image_block_invoke dlopen libquic failed
2021-09-15 14:31:51.878257+0100 Sample[92026:92107440] [connection] nw_socket_handle_socket_event [C1.1:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:52.553729+0100 Sample[92026:92107440] [connection] nw_socket_handle_socket_event [C1.2:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:52.899511+0100 Sample[92026:92107442] [connection] nw_connection_get_connected_socket [C1] Client called nw_connection_get_connected_socket on unconnected nw_connection
2021-09-15 14:31:52.899664+0100 Sample[92026:92107442] TCP Conn 0x600001d384d0 Failed : error 0:61 [61]
2021-09-15 14:31:57.120120+0100 Sample[92026:92107439] [connection] nw_socket_handle_socket_event [C2.1:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:57.141785+0100 Sample[92026:92107439] [connection] nw_socket_handle_socket_event [C2.2:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:57.151604+0100 Sample[92026:92107483] [connection] nw_connection_get_connected_socket [C2] Client called nw_connection_get_connected_socket on unconnected nw_connection
2021-09-15 14:31:57.154312+0100 Sample[92026:92107483] TCP Conn 0x600001d7c0b0 Failed : error 0:61 [61]
2021-09-15 14:31:59.206079+0100 Sample[92026:92107483] [connection] nw_socket_handle_socket_event [C3.1:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:59.236824+0100 Sample[92026:92107483] [connection] nw_socket_handle_socket_event [C3.2:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:31:59.251927+0100 Sample[92026:92107439] [connection] nw_connection_get_connected_socket [C3] Client called nw_connection_get_connected_socket on unconnected nw_connection
2021-09-15 14:31:59.255963+0100 Sample[92026:92107439] TCP Conn 0x600001d1c210 Failed : error 0:61 [61]
2021-09-15 14:32:01.291303+0100 Sample[92026:92107439] [connection] nw_socket_handle_socket_event [C4.1:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:32:01.312406+0100 Sample[92026:92107439] [connection] nw_socket_handle_socket_event [C4.2:1] Socket SO_ERROR [61: Connection refused]
2021-09-15 14:32:01.323099+0100 Sample[92026:92107483] [connection] nw_connection_get_connected_socket [C4] Client called nw_connection_get_connected_socket on unconnected nw_connection
2021-09-15 14:32:01.326028+0100 Sample[92026:92107483] TCP Conn 0x600001d7c0b0 Failed : error 0:61 [61]
flipper: Failed to connect with the current socket provider
flipper: Use legacy socket provider
flipper: FlipperClient::onConnected
Reviewed By: passy
Differential Revision: D30900471
fbshipit-source-id: 7c242ad71306803b050d0174fc22696bb74fdba5
Summary:
This change fixes a bug with the handled flag during the certificate exchange process.
Explanation:
handled was passed by reference as &handled
Once the function goes out of scope then the reference, well, it just becomes invalid (undefined behaviour)
In some cases, it appears as 'handled' because the reference is invalid and it happens to be 'true'.
Changelog: Fixed an issue where clients would randomly not connect to Flipper. Please update FlipperKit to 0.110.0 to apply the fix: https://fbflipper.com/docs/getting-started/react-native#using-the-latest-flipper-sdk
Reviewed By: mweststrate
Differential Revision: D31017592
fbshipit-source-id: c087a769fa23de1acfd3c198b4db4d6ccdb2be90
Summary:
The changes below add the notion of alternative ports to Flipper.
These alternative ports are meant to and will be used to connect via WebSocket instead of RSocket. The name does not suggest that as to make as generic as possible so that they can be reused for different purposes in the future.
Reviewed By: passy
Differential Revision: D30898874
fbshipit-source-id: 5eed8c61b41b502c859192aaac59c284b7b36228
Summary:
I've been really sweating about this one. It looks like Google now removed NDK 21 as it's too old. However, we've been struggling with the upgrade because OpenSSL was built against an old version of the NDK/glibc/LLVM/some other stuff.
I've now managed to create an OpenSSL distribution for 1.1.1k (we had 1.1.0h before) that seems to build with this after some small modifications.
This seems to do the trick, but I wouldn't be shocked if we found some more incompatibilities further down the line.
Pull Request resolved: https://github.com/facebook/flipper/pull/2836
Test Plan:
- Locally: `./gradlew :tutorial:installDebug`. Builds, starts up. Cool.
- Public GitHub CI: Happy.
- Circle CI: Only triggers post-land. We'll see. But the setup is simple, so hopefully it should work there, too.
- Internal CI: Waiting for signal.
Reviewed By: fabiomassimo
Differential Revision: D30839209
Pulled By: passy
fbshipit-source-id: efe599f28cc0edfdf2149f905c3483555239edc0
Summary:
Abstract the socket creation from FlipperConnectionManagerImpl. Instead, use FlipperSocketProvider.
There's a default provider which will always return RSocket sockets. This provider can be changed and thus can return other implementations.
Reviewed By: fabiomassimo
Differential Revision: D30396322
fbshipit-source-id: 0583865376809260b0240e5bd653d73f2fa514b1
Summary:
It's just bad that we give a naked pointer of the connection manager to other instances. If the connection manager gets deallocated, the instances keeping a pointer to it are doomed to crash.
This change creates a wrapper on top of the pointer that can be freely shared. On deallocation, the shared wrapper gets invalidated.
Reviewed By: timur-valiev
Differential Revision: D30398466
fbshipit-source-id: 8f228e7fbaebc0ea28921409de071b58bbb69f1e
Summary:
These changes abstract RSocket from FlipperConnectionManagerImpl.
This is achieved by defining FlipperSocket.
FlipperConnectionManagerImpl uses instances of FlipperSocket and RSocket is now contained within FlipperRSocket which implements FlipperSocket.
On the changes to follow, FlipperConnectionManagerImpl will no longer reference FlipperRSocket directly thus fully abstracting the socket implementation in use.
For reviewers:
- All of the RSocket code now lives in FlipperRSocket.
- Main changes are in FlipperConnectionManagerImpl. Lambdas are used to deal with events and message handling.
- There's some very minimal serialisation additions for payloads.
Reviewed By: jknoxville
Differential Revision: D30341076
fbshipit-source-id: 54bb4878967378490710c05f729cdd7f4cf08bb8
Summary:
RSocket plays nicely with Folly and OpenSSL.
Flipper WebSocket-client uses SocketRocket which instead relies on Apple's NSInputStream and NSOutputStream types.
SSL options can be set to secure the communication in both.
Unfortunately, Apple APIs are a bit limited on the supported cryptographic formats it can accept as arguments.
SSL options require the client certificate to be set in PKCS #12 format, contrary to the existing PEM format used by RSocket.
This change adds a method to the ConnectionContext which converts and saves the client certificate in PKCS #12 format.
The method is always expected to succeed as it will only be called once a valid client certificate is available. An unlikely failure will raise an exception.
Reviewed By: fabiomassimo
Differential Revision: D30074334
fbshipit-source-id: 91a475d080569cc339b649c7302b1f28793c7de7
Summary:
It has been seen [here](https://fb.workplace.com/groups/flippersupport/permalink/1094276434386347/) that the user's app sandbox can be in a state where it might not have the device id information, but other app certificates. This causes the issue of "Timed out waiting for unknown device".
We get the deviceid from flipper into app's sandbox when cert exchange happens. So if we don't have the device id information, we can again redo the cert exchange to get the sandbox in a state where flipper connects. Thus I updated the logic of `hasRequiredFiles` which checks the required files for cert exchange.
Reviewed By: mweststrate
Differential Revision: D27265693
fbshipit-source-id: ccf311f4728837ee9385c95c38f94c9c93380feb
Summary: This gets exposed by using glog from tp2 for fbcode platform builds.
Reviewed By: aniketmathur
Differential Revision: D26515732
fbshipit-source-id: 7bb4b20a43702f9096bd6014278faffb5029712f
Summary: See the previous diffs, we pollute the global namespace here and there. Found some more missing namespace wrappers. Tried to wrap `FlipperStep` as well, which passed tests but gave weird linking errors in Wilde, so reverted that part (the name is not very ambiguous anyway)
Reviewed By: cekkaewnumchai
Differential Revision: D24193109
fbshipit-source-id: 111c479e421fdb321e898f948586229f30a7d777
Summary:
This diff adds upload and download logic for certs. It makes changes on both Flipper Client and Desktop side. With this we enable cert exchange through WWW.
Next Diffs:
1) Add Flipper state in cert provider for more debug data
2) Tests
Reviewed By: jknoxville
Differential Revision: D23092706
fbshipit-source-id: e576253606b64b62848b70203db7e09a3bd77fd9
Summary:
This diff adds a toggle setting in wilde which will enable certificate exchange through www.
Right now it just sends the information about which medium to be used for cert exchange to Flipper JS and its client side. But its implementation is not done yet.
### Flow for Wilde
Whenever user changes the setting(or when user logs out) we set the state of exchange medium and accordingly set/reset authtoken. Note at no given point we remove already existing certificates.
### Context for OSS
With this diff we introduce another way to do certificate exchange. Before this diff, we did certificate exchange by accessing the file system of app. But it turns out it's not possible to do that in applications signed by enterprise certs. Thus with this diff one can write their FlipperKitCertificateProvider and fetch the certificate from WWW.
Reviewed By: jknoxville
Differential Revision: D22896320
fbshipit-source-id: 55aef7028a62e71ba9c02f9f79acaab41d09c0c6
