Don't inject certs via ADB if already present

Author: pimterry

custom-typings/adbkit.d.ts

@@ -7,6 +7,10 @@ declare module 'adbkit' {
         type: string;
     }
 
+    export interface File {
+        name: string;
+    }
+
     export interface AdbClient {
         listDevices(): Promise<Device[]>;
         isInstalled(id: string, pkg: string): Promise<boolean>;
@@ -20,12 +24,17 @@ declare module 'adbkit' {
                 data?: string;
             }
         ): Promise<true>;
+        readdir(id: string, path: string): Promise<Array<File>>;
         push(
             id: string,
             contents: string | stream.Readable,
             path: string,
             mode?: number
-        ): Promise<events.EventEmitter>
+        ): Promise<events.EventEmitter>;
+        pull(
+            id: string,
+            path: string
+        ): Promise<events.EventEmitter & { cancel: () => void }>
         shell(id: string, cmd: string | string[]): Promise<stream.Readable>;
         root(id: string): Promise<true>;
     }

src/interceptors/android/adb-commands.ts

@@ -82,6 +82,31 @@ export async function getRootCommand(adbClient: adb.AdbClient, deviceId: string)
     return validRootCommands[0];
 }
 
+export async function hasCertInstalled(
+    adbClient: adb.AdbClient,
+    deviceId: string,
+    certHash: string
+) {
+    try {
+        const certPath = `/system/etc/security/cacerts/${certHash}.0`;
+        const certStream = await adbClient.pull(deviceId, certPath);
+
+        // Wait until it's clear that the read is successful
+        await new Promise((resolve, reject) => {
+            certStream.on('progress', resolve);
+            certStream.on('end', resolve);
+
+            certStream.on('error', reject);
+        });
+
+        certStream.cancel();
+        return true;
+    } catch (e) {
+        // If we fail to read the cert somehow, it's probably not there
+        return false;
+    }
+}
+
 export async function injectSystemCertificate(
     adbClient: adb.AdbClient,
     deviceId: string,

src/interceptors/android/android-adb-interceptor.ts

@@ -15,7 +15,8 @@ import {
     getRootCommand,
     pushFile,
     injectSystemCertificate,
-    stringAsStream
+    stringAsStream,
+    hasCertInstalled
 } from './adb-commands';
 import { streamLatestApk } from './fetch-apk';
 
@@ -141,8 +142,14 @@ export class AndroidAdbInterceptor implements Interceptor {
         const cert = forge.pki.certificateFromPem(certContent);
 
         try {
-            const certName = getCertificateHash(cert);
-            const certPath = `${ANDROID_TEMP}/${certName}.0`;
+            const certHash = getCertificateHash(cert);
+
+            if (await hasCertInstalled(this.adbClient, deviceId, certHash)) {
+                console.log("Cert already installed, nothing to do");
+                return;
+            }
+
+            const certPath = `${ANDROID_TEMP}/${certHash}.0`;
             console.log(`Adding cert file as ${certPath}`);
 
             await pushFile(