diff --git a/internal/app/vault.go b/internal/app/vault.go index 042e89f2..dc349c22 100644 --- a/internal/app/vault.go +++ b/internal/app/vault.go @@ -22,7 +22,6 @@ import ( "path" "github.com/ProtonMail/gluon/async" - "github.com/ProtonMail/proton-bridge/v3/internal/certs" "github.com/ProtonMail/proton-bridge/v3/internal/constants" "github.com/ProtonMail/proton-bridge/v3/internal/locations" "github.com/ProtonMail/proton-bridge/v3/internal/vault" @@ -45,23 +44,6 @@ func WithVault(locations *locations.Locations, panicHandler async.PanicHandler, "corrupt": corrupt, }).Debug("Vault created") - // Install the certificates if needed. - if installed := encVault.GetCertsInstalled(); !installed { - logrus.Debug("Installing certificates") - - certPEM, _ := encVault.GetBridgeTLSCert() - - if err := certs.NewInstaller().InstallCert(certPEM); err != nil { - return fmt.Errorf("failed to install certs: %w", err) - } - - if err := encVault.SetCertsInstalled(true); err != nil { - return fmt.Errorf("failed to set certs installed: %w", err) - } - - logrus.Debug("Certificates successfully installed") - } - // GODT-1950: Add teardown actions (e.g. to close the vault). return fn(encVault, insecure, corrupt) diff --git a/internal/certs/cert_store_darwin.go b/internal/certs/cert_store_darwin.go index faafb448..c6642645 100644 --- a/internal/certs/cert_store_darwin.go +++ b/internal/certs/cert_store_darwin.go @@ -234,10 +234,6 @@ const ( errAuthorizationCanceled = -60006 ) -var ( - ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog") -) - // certPEMToDER converts a certificate in PEM format to DER format, which is the format required by Apple's Security framework. func certPEMToDER(certPEM []byte) ([]byte, error) { block, left := pem.Decode(certPEM) diff --git a/internal/certs/cert_store_darwin_test.go b/internal/certs/cert_store_darwin_test.go index 2b7dda59..2f6fa84f 100644 --- a/internal/certs/cert_store_darwin_test.go +++ b/internal/certs/cert_store_darwin_test.go @@ -40,7 +40,7 @@ func TestCertInKeychain(t *testing.T) { } // This test require human interaction (macOS security prompts), and is disabled by default. -func TestCertificateTrust(t *testing.T) { +func _TestCertificateTrust(t *testing.T) { certPEM := generatePEMCertificate(t) require.False(t, isCertTrusted(certPEM)) require.NoError(t, addCertToKeychain(certPEM)) @@ -52,7 +52,7 @@ func TestCertificateTrust(t *testing.T) { } // This test require human interaction (macOS security prompts), and is disabled by default. -func TestInstallAndRemove(t *testing.T) { +func _TestInstallAndRemove(t *testing.T) { certPEM := generatePEMCertificate(t) // fresh install diff --git a/internal/certs/cert_store_linux.go b/internal/certs/cert_store_linux.go index 16c4ff3f..072816ee 100644 --- a/internal/certs/cert_store_linux.go +++ b/internal/certs/cert_store_linux.go @@ -25,6 +25,6 @@ func uninstallCert([]byte) error { return nil // Linux doesn't have a root cert store. } -func isCertInstalled([]byte) error { +func isCertInstalled([]byte) bool { return false } diff --git a/internal/certs/cert_store_windows.go b/internal/certs/cert_store_windows.go index cb6f19e3..fd647f5a 100644 --- a/internal/certs/cert_store_windows.go +++ b/internal/certs/cert_store_windows.go @@ -25,6 +25,6 @@ func uninstallCert([]byte) error { return nil // NOTE(GODT-986): Uninstall certs from root cert store? } -func isCertInstalled([]byte) error { +func isCertInstalled([]byte) bool { return false } diff --git a/internal/certs/installer.go b/internal/certs/installer.go index fd14054f..7d164740 100644 --- a/internal/certs/installer.go +++ b/internal/certs/installer.go @@ -17,6 +17,12 @@ package certs +import "errors" + +var ( + ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog") +) + type Installer struct{} func NewInstaller() *Installer { diff --git a/internal/vault/certs.go b/internal/vault/certs.go index ee48e203..1434eef6 100644 --- a/internal/vault/certs.go +++ b/internal/vault/certs.go @@ -66,16 +66,6 @@ func (vault *Vault) SetBridgeTLSCertKey(cert, key []byte) error { }) } -func (vault *Vault) GetCertsInstalled() bool { - return vault.getSafe().Certs.Installed -} - -func (vault *Vault) SetCertsInstalled(installed bool) error { - return vault.modSafe(func(data *Data) { - data.Certs.Installed = installed - }) -} - func readPEMCert(certPEMPath, keyPEMPath string) ([]byte, []byte, error) { certPEM, err := os.ReadFile(filepath.Clean(certPEMPath)) if err != nil { diff --git a/internal/vault/certs_test.go b/internal/vault/certs_test.go index 0a3d7fde..8f5b6187 100644 --- a/internal/vault/certs_test.go +++ b/internal/vault/certs_test.go @@ -31,13 +31,4 @@ func TestVault_TLSCerts(t *testing.T) { cert, key := s.GetBridgeTLSCert() require.NotEmpty(t, cert) require.NotEmpty(t, key) - - // Check the certificates are not installed. - require.False(t, s.GetCertsInstalled()) - - // Install the certificates. - require.NoError(t, s.SetCertsInstalled(true)) - - // Check the certificates are installed. - require.True(t, s.GetCertsInstalled()) } diff --git a/internal/vault/types_certs.go b/internal/vault/types_certs.go index 195a43a1..190cb975 100644 --- a/internal/vault/types_certs.go +++ b/internal/vault/types_certs.go @@ -20,8 +20,7 @@ package vault import "github.com/ProtonMail/proton-bridge/v3/internal/certs" type Certs struct { - Bridge Cert - Installed bool + Bridge Cert // If non-empty, the path to the PEM-encoded certificate file. CustomCertPath string