diff --git a/internal/app/vault.go b/internal/app/vault.go index fd317a74..2e6d3aeb 100644 --- a/internal/app/vault.go +++ b/internal/app/vault.go @@ -22,6 +22,7 @@ import ( "path" "github.com/ProtonMail/gluon/async" + "github.com/ProtonMail/proton-bridge/v3/internal/certs" "github.com/ProtonMail/proton-bridge/v3/internal/constants" "github.com/ProtonMail/proton-bridge/v3/internal/locations" "github.com/ProtonMail/proton-bridge/v3/internal/vault" @@ -44,6 +45,9 @@ func WithVault(locations *locations.Locations, keychains *keychain.List, panicHa "corrupt": corrupt, }).Debug("Vault created") + cert, _ := encVault.GetBridgeTLSCert() + certs.NewInstaller().LogCertInstallStatus(cert) + // GODT-1950: Add teardown actions (e.g. to close the vault). return fn(encVault, insecure, corrupt) diff --git a/internal/certs/cert_store_darwin.go b/internal/certs/cert_store_darwin.go index c6642645..4d89c344 100644 --- a/internal/certs/cert_store_darwin.go +++ b/internal/certs/cert_store_darwin.go @@ -356,6 +356,10 @@ func removeCertTrustCGo(buffer *C.char, size C.ulonglong) error { } } +func osSupportCertInstall() bool { + return true +} + // installCert installs a certificate in the keychain. The certificate is added to the keychain and it is set as trusted. // This function will trigger a security prompt from the system, unless the certificate is already trusted in the user keychain. func installCert(certPEM []byte) error { diff --git a/internal/certs/cert_store_darwin_test.go b/internal/certs/cert_store_darwin_test.go index 21cddbac..aa50e18d 100644 --- a/internal/certs/cert_store_darwin_test.go +++ b/internal/certs/cert_store_darwin_test.go @@ -28,6 +28,7 @@ import ( func TestCertInKeychain(t *testing.T) { // no trust settings change is performed, so this test will not trigger an OS security prompt. certPEM := generatePEMCertificate(t) + require.True(t, osSupportCertInstall()) require.False(t, isCertInKeychain(certPEM)) require.NoError(t, addCertToKeychain(certPEM)) require.True(t, isCertInKeychain(certPEM)) diff --git a/internal/certs/cert_store_linux.go b/internal/certs/cert_store_linux.go index 072816ee..950be35a 100644 --- a/internal/certs/cert_store_linux.go +++ b/internal/certs/cert_store_linux.go @@ -17,6 +17,10 @@ package certs +func osSupportCertInstall() bool { + return false +} + func installCert([]byte) error { return nil // Linux doesn't have a root cert store. } diff --git a/internal/certs/cert_store_windows.go b/internal/certs/cert_store_windows.go index fd647f5a..bf43f65c 100644 --- a/internal/certs/cert_store_windows.go +++ b/internal/certs/cert_store_windows.go @@ -17,6 +17,10 @@ package certs +func osSupportCertInstall() bool { + return false +} + func installCert([]byte) error { return nil // NOTE(GODT-986): Install certs to root cert store? } diff --git a/internal/certs/installer.go b/internal/certs/installer.go index 39ab0cf5..14709116 100644 --- a/internal/certs/installer.go +++ b/internal/certs/installer.go @@ -37,6 +37,10 @@ func NewInstaller() *Installer { } } +func (installer *Installer) OSSupportCertInstall() bool { + return osSupportCertInstall() +} + func (installer *Installer) InstallCert(certPEM []byte) error { installer.log.Info("Installing the Bridge TLS certificate in the OS keychain") @@ -64,3 +68,15 @@ func (installer *Installer) UninstallCert(certPEM []byte) error { func (installer *Installer) IsCertInstalled(certPEM []byte) bool { return isCertInstalled(certPEM) } + +// LogCertInstallStatus reports the current status of the certificate installation in the log. +// If certificate installation is not supported on the platform, this function does nothing. +func (installer *Installer) LogCertInstallStatus(certPEM []byte) { + if installer.OSSupportCertInstall() { + if installer.IsCertInstalled(certPEM) { + installer.log.Info("The Bridge TLS certificate is installed in the OS keychain") + } else { + installer.log.Info("The Bridge TLS certificate is not installed in the OS keychain") + } + } +}