feat(GODT-2771): removed cert check and install on app startup on macOS.

2025-12-10 20:56:51 +00:00 · 2023-08-17 18:06:23 +02:00
parent 69190daf3f
commit 452d3068f0
9 changed files with 11 additions and 47 deletions
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -22,7 +22,6 @@ import (
 	"path"

 	"github.com/ProtonMail/gluon/async"
-	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
@ -45,23 +44,6 @@ func WithVault(locations *locations.Locations, panicHandler async.PanicHandler,
 		"corrupt":  corrupt,
 	}).Debug("Vault created")

-	// Install the certificates if needed.
-	if installed := encVault.GetCertsInstalled(); !installed {
-		logrus.Debug("Installing certificates")
-
-		certPEM, _ := encVault.GetBridgeTLSCert()
-
-		if err := certs.NewInstaller().InstallCert(certPEM); err != nil {
-			return fmt.Errorf("failed to install certs: %w", err)
-		}
-
-		if err := encVault.SetCertsInstalled(true); err != nil {
-			return fmt.Errorf("failed to set certs installed: %w", err)
-		}
-
-		logrus.Debug("Certificates successfully installed")
-	}
-
 	// GODT-1950: Add teardown actions (e.g. to close the vault).

 	return fn(encVault, insecure, corrupt)
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@ -234,10 +234,6 @@ const (
 	errAuthorizationCanceled = -60006
 )

-var (
-	ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog")
-)
-
 // certPEMToDER converts a certificate in PEM format to DER format, which is the format required by Apple's Security framework.
 func certPEMToDER(certPEM []byte) ([]byte, error) {
 	block, left := pem.Decode(certPEM)
--- a/internal/certs/cert_store_darwin_test.go
+++ b/internal/certs/cert_store_darwin_test.go
@ -40,7 +40,7 @@ func TestCertInKeychain(t *testing.T) {
 }

 // This test require human interaction (macOS security prompts), and is disabled by default.
-func TestCertificateTrust(t *testing.T) {
+func _TestCertificateTrust(t *testing.T) {
 	certPEM := generatePEMCertificate(t)
 	require.False(t, isCertTrusted(certPEM))
 	require.NoError(t, addCertToKeychain(certPEM))
@ -52,7 +52,7 @@ func TestCertificateTrust(t *testing.T) {
 }

 // This test require human interaction (macOS security prompts), and is disabled by default.
-func TestInstallAndRemove(t *testing.T) {
+func _TestInstallAndRemove(t *testing.T) {
 	certPEM := generatePEMCertificate(t)

 	// fresh install
--- a/internal/certs/cert_store_linux.go
+++ b/internal/certs/cert_store_linux.go
@ -25,6 +25,6 @@ func uninstallCert([]byte) error {
 	return nil // Linux doesn't have a root cert store.
 }

-func isCertInstalled([]byte) error {
+func isCertInstalled([]byte) bool {
 	return false
 }
--- a/internal/certs/cert_store_windows.go
+++ b/internal/certs/cert_store_windows.go
@ -25,6 +25,6 @@ func uninstallCert([]byte) error {
 	return nil // NOTE(GODT-986): Uninstall certs from root cert store?
 }

-func isCertInstalled([]byte) error {
+func isCertInstalled([]byte) bool {
 	return false
 }
--- a/internal/certs/installer.go
+++ b/internal/certs/installer.go
@ -17,6 +17,12 @@

 package certs

+import "errors"
+
+var (
+	ErrUserCanceledCertificateInstall = errors.New("the user cancelled the authorization dialog")
+)
+
 type Installer struct{}

 func NewInstaller() *Installer {
--- a/internal/vault/certs.go
+++ b/internal/vault/certs.go
@ -66,16 +66,6 @@ func (vault *Vault) SetBridgeTLSCertKey(cert, key []byte) error {
 	})
 }

-func (vault *Vault) GetCertsInstalled() bool {
-	return vault.getSafe().Certs.Installed
-}
-
-func (vault *Vault) SetCertsInstalled(installed bool) error {
-	return vault.modSafe(func(data *Data) {
-		data.Certs.Installed = installed
-	})
-}
-
 func readPEMCert(certPEMPath, keyPEMPath string) ([]byte, []byte, error) {
 	certPEM, err := os.ReadFile(filepath.Clean(certPEMPath))
 	if err != nil {
--- a/internal/vault/certs_test.go
+++ b/internal/vault/certs_test.go
@ -31,13 +31,4 @@ func TestVault_TLSCerts(t *testing.T) {
 	cert, key := s.GetBridgeTLSCert()
 	require.NotEmpty(t, cert)
 	require.NotEmpty(t, key)
-
-	// Check the certificates are not installed.
-	require.False(t, s.GetCertsInstalled())
-
-	// Install the certificates.
-	require.NoError(t, s.SetCertsInstalled(true))
-
-	// Check the certificates are installed.
-	require.True(t, s.GetCertsInstalled())
 }
--- a/internal/vault/types_certs.go
+++ b/internal/vault/types_certs.go
@ -20,8 +20,7 @@ package vault
 import "github.com/ProtonMail/proton-bridge/v3/internal/certs"

 type Certs struct {
-	Bridge    Cert
-	Installed bool
+	Bridge Cert

 	// If non-empty, the path to the PEM-encoded certificate file.
 	CustomCertPath string