Silverfish/proton-bridge
1
0
Fork 1
mirror of https://github.com/ProtonMail/proton-bridge.git synced 2025-12-10 04:36:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(GODT-2771): removed cert check and install on app startup on macOS.

Browse Source
This commit is contained in:
Xavier Michelon
2023-08-17 18:06:23 +02:00
parent 69190daf3f
commit 452d3068f0
9 changed files with 11 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/app/vault.go
View File

@ -22,7 +22,6 @@ import (
"path"
"github.com/ProtonMail/gluon/async"
"github.com/ProtonMail/proton-bridge/v3/internal/certs"
"github.com/ProtonMail/proton-bridge/v3/internal/constants"
"github.com/ProtonMail/proton-bridge/v3/internal/locations"
"github.com/ProtonMail/proton-bridge/v3/internal/vault"
@ -45,23 +44,6 @@ func WithVault(locations *locations.Locations, panicHandler async.PanicHandler,
"corrupt": corrupt,
}).Debug("Vault created")
// Install the certificates if needed.
if installed := encVault.GetCertsInstalled(); !installed {
logrus.Debug("Installing certificates")
certPEM, _ := encVault.GetBridgeTLSCert()
if err := certs.NewInstaller().InstallCert(certPEM); err != nil {
return fmt.Errorf("failed to install certs: %w", err)
}
if err := encVault.SetCertsInstalled(true); err != nil {
return fmt.Errorf("failed to set certs installed: %w", err)
}
logrus.Debug("Certificates successfully installed")
}
// GODT-1950: Add teardown actions (e.g. to close the vault).
return fn(encVault, insecure, corrupt)

4
internal/certs/cert_store_darwin.go
View File

@ -234,10 +234,6 @@ const (
errAuthorizationCanceled = -60006
)
var (
ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog")
)
// certPEMToDER converts a certificate in PEM format to DER format, which is the format required by Apple's Security framework.
func certPEMToDER(certPEM []byte) ([]byte, error) {
block, left := pem.Decode(certPEM)

4
internal/certs/cert_store_darwin_test.go
View File

@ -40,7 +40,7 @@ func TestCertInKeychain(t *testing.T) {
}
// This test require human interaction (macOS security prompts), and is disabled by default.
func TestCertificateTrust(t *testing.T) {
func _TestCertificateTrust(t *testing.T) {
certPEM := generatePEMCertificate(t)
require.False(t, isCertTrusted(certPEM))
require.NoError(t, addCertToKeychain(certPEM))
@ -52,7 +52,7 @@ func TestCertificateTrust(t *testing.T) {
}
// This test require human interaction (macOS security prompts), and is disabled by default.
func TestInstallAndRemove(t *testing.T) {
func _TestInstallAndRemove(t *testing.T) {
certPEM := generatePEMCertificate(t)
// fresh install

2
internal/certs/cert_store_linux.go
View File

@ -25,6 +25,6 @@ func uninstallCert([]byte) error {
return nil // Linux doesn't have a root cert store.
}
func isCertInstalled([]byte) error {
func isCertInstalled([]byte) bool {
return false
}

2
internal/certs/cert_store_windows.go
View File

@ -25,6 +25,6 @@ func uninstallCert([]byte) error {
return nil // NOTE(GODT-986): Uninstall certs from root cert store?
}
func isCertInstalled([]byte) error {
func isCertInstalled([]byte) bool {
return false
}

6
internal/certs/installer.go
View File

@ -17,6 +17,12 @@
package certs
import "errors"
var (
ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog")
)
type Installer struct{}
func NewInstaller() *Installer {

10
internal/vault/certs.go
View File

@ -66,16 +66,6 @@ func (vault *Vault) SetBridgeTLSCertKey(cert, key []byte) error {
})
}
func (vault *Vault) GetCertsInstalled() bool {
return vault.getSafe().Certs.Installed
}
func (vault *Vault) SetCertsInstalled(installed bool) error {
return vault.modSafe(func(data *Data) {
data.Certs.Installed = installed
})
}
func readPEMCert(certPEMPath, keyPEMPath string) ([]byte, []byte, error) {
certPEM, err := os.ReadFile(filepath.Clean(certPEMPath))
if err != nil {

9
internal/vault/certs_test.go
View File

@ -31,13 +31,4 @@ func TestVault_TLSCerts(t *testing.T) {
cert, key := s.GetBridgeTLSCert()
require.NotEmpty(t, cert)
require.NotEmpty(t, key)
// Check the certificates are not installed.
require.False(t, s.GetCertsInstalled())
// Install the certificates.
require.NoError(t, s.SetCertsInstalled(true))
// Check the certificates are installed.
require.True(t, s.GetCertsInstalled())
}

3
internal/vault/types_certs.go
View File

@ -20,8 +20,7 @@ package vault
import "github.com/ProtonMail/proton-bridge/v3/internal/certs"
type Certs struct {
Bridge Cert
Installed bool
Bridge Cert
// If non-empty, the path to the PEM-encoded certificate file.
CustomCertPath string