Summary:
RSocket plays nicely with Folly and OpenSSL.
Flipper WebSocket-client uses SocketRocket which instead relies on Apple's NSInputStream and NSOutputStream types.
SSL options can be set to secure the communication in both.
Unfortunately, Apple APIs are a bit limited on the supported cryptographic formats it can accept as arguments.
SSL options require the client certificate to be set in PKCS #12 format, contrary to the existing PEM format used by RSocket.
This change adds a method to the ConnectionContext which converts and saves the client certificate in PKCS #12 format.
The method is always expected to succeed as it will only be called once a valid client certificate is available. An unlikely failure will raise an exception.
Reviewed By: fabiomassimo
Differential Revision: D30074334
fbshipit-source-id: 91a475d080569cc339b649c7302b1f28793c7de7
Summary:
It has been seen [here](https://fb.workplace.com/groups/flippersupport/permalink/1094276434386347/) that the user's app sandbox can be in a state where it might not have the device id information, but other app certificates. This causes the issue of "Timed out waiting for unknown device".
We get the deviceid from flipper into app's sandbox when cert exchange happens. So if we don't have the device id information, we can again redo the cert exchange to get the sandbox in a state where flipper connects. Thus I updated the logic of `hasRequiredFiles` which checks the required files for cert exchange.
Reviewed By: mweststrate
Differential Revision: D27265693
fbshipit-source-id: ccf311f4728837ee9385c95c38f94c9c93380feb
Summary: This gets exposed by using glog from tp2 for fbcode platform builds.
Reviewed By: aniketmathur
Differential Revision: D26515732
fbshipit-source-id: 7bb4b20a43702f9096bd6014278faffb5029712f
Summary: See the previous diffs, we pollute the global namespace here and there. Found some more missing namespace wrappers. Tried to wrap `FlipperStep` as well, which passed tests but gave weird linking errors in Wilde, so reverted that part (the name is not very ambiguous anyway)
Reviewed By: cekkaewnumchai
Differential Revision: D24193109
fbshipit-source-id: 111c479e421fdb321e898f948586229f30a7d777
Summary:
This diff adds a toggle setting in wilde which will enable certificate exchange through www.
Right now it just sends the information about which medium to be used for cert exchange to Flipper JS and its client side. But its implementation is not done yet.
### Flow for Wilde
Whenever user changes the setting(or when user logs out) we set the state of exchange medium and accordingly set/reset authtoken. Note at no given point we remove already existing certificates.
### Context for OSS
With this diff we introduce another way to do certificate exchange. Before this diff, we did certificate exchange by accessing the file system of app. But it turns out it's not possible to do that in applications signed by enterprise certs. Thus with this diff one can write their FlipperKitCertificateProvider and fetch the certificate from WWW.
Reviewed By: jknoxville
Differential Revision: D22896320
fbshipit-source-id: 55aef7028a62e71ba9c02f9f79acaab41d09c0c6
Summary:
The problem is that whenever an app is shutdown, and then reopened, the flipper dir gets reset when getting the CSR for connecting to flipper.
This causes the first connection attempt to fail always, and it goes through the whole cert exchange, taking longer than necessary.
Fixes it by loading the csr from disk if it's not loaded yet, without blowing away the whole certs state.
A side effect of this would be that as long as some file exists where the csr lives, flipper state would never get reset, so it wouldn't be able to fix itself automatically anymore. To keep that working, I've made `resetFlipperDir()` public and am calling it explicitly when starting certificate exchange. This should ensure that we still reset when we need to, but not unnecessarily.
The reason it went wrong is that getCSR used to be called only at cert exchange, when resetting and generating a new one was always desirable. However, when we shipped the fix for changeable android serials, it started to be used as a normal getter.
Reviewed By: timur-valiev
Differential Revision: D18834806
fbshipit-source-id: 56ca7e03e1aa9011f836bc9c021cf3048f7dc1e4
Summary:
D17629896 was intended to fix this in ovrsource, but it turns out these changes should be made on fbsource first then get synced.
The MSVC build of OculusPCSDK has numerous warnings, including these low-hanging fruit:
```
c:\open\ovrsource\xplat\omnistore\client\common\reportsubscriptionstatetiming.cpp(28): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\databaseanalyticsmetadatatiming.cpp(23): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\sendqueuereportbacklogtiming.cpp(32): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\omnistore.cpp(192): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\omnistore.cpp(907): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\omnistore.cpp(934): warning C4101: 'e': unreferenced local variable
c:\open\ovrsource\xplat\omnistore\client\common\omnistore.cpp(946): warning C4101: 'e': unreferenced local variable
```
Clang doesn't complain, but the code is just as clear without the 'e' so best to remove.
Reviewed By: vener91
Differential Revision: D17631747
fbshipit-source-id: 0190a48e640311b40c9d1b988b0c07cfbdcfd7e5
Summary:
`/*` is the standard throughout open source code. For example, Firefox uses single /*: https://hg.mozilla.org/mozilla-central/file/21d22b2f541258d3d1cf96c7ba5ad73e96e616b5/gfx/ipc/CompositorWidgetVsyncObserver.cpp#l3
In addition, Rust considers `/**` to be a doc comment (similar to Javadoc) and having such a comment at the beginning of the file causes `rustc` to barf.
Note that some JavaScript tooling requires `/**`. This is OK since JavaScript files were not covered by the linter in the first place, but it would be good to have that tooling fixed too.
Reviewed By: zertosh
Differential Revision: D15640366
fbshipit-source-id: b4ed4599071516364d6109720750d6a43304c089
Summary: The CSR has no need to change, don't recreate it every time we need it. Useful for the physical iOS case especially, because it connects to the portforwarder and keeps attempting to send a CSR.
Reviewed By: passy
Differential Revision: D14131617
fbshipit-source-id: 82a69d5aff813d77fa05dd13fc2441b784766d99
Summary:
During certificate exchange, the mobile device creates a public/private key pair, and then requests a certificate from flipper to match it's public key.
Flipper responds with the cert and it's written to the sonar dir along side the key pair files.
If certificate exchange happens again for any reason, the mobile device will regenerate the key pair and request a new cert. If for any reason that cert never arrives, then the device is in a state where it has the new key pair, but the old certificate that doesn't match its new credentials. This would never work, but it means you get a strange SSL error because you're using inconsistent files.
To improve error messaging, I'm making the client wipe all files before starting the certificate exchange step, so you should never get key/cert mismatches. Now the device can tell it doesn't have all the necessary files and won't even attempt to connect until it does.
Reviewed By: passy
Differential Revision: D13256369
fbshipit-source-id: 28f3cb5ba5938c17f01294683ba86c418f651376
Summary:
The CSR generation code is written in C-like code with no excpetions because so is openssl, with no RAII structures.
So we don't have fine-grained insight on what could go wrong, but at least if it fails altogether we should error.
Reviewed By: passy
Differential Revision: D13233725
fbshipit-source-id: 75cb3c21144b591947f686b5ad529a14a011baa8
Summary:
Part of the Sonar -> Flipper rename
Intentionally left externally visible buck target as Sonar for now to minimize diff size.
Reviewed By: passy
Differential Revision: D9871684
fbshipit-source-id: 6926eb62c578a05cd895745c75ed7da3cfe965b5
