feat(GODT-3104): added log entry for cert install status on startup on macOS.

2025-12-17 23:56:56 +00:00 · 2023-11-08 16:30:06 +01:00
parent 4a01c46aed
commit dc584ea29b
6 changed files with 33 additions and 0 deletions
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -22,6 +22,7 @@ import (
 	"path"
 	"github.com/ProtonMail/gluon/async"
 	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
@ -44,6 +45,9 @@ func WithVault(locations *locations.Locations, keychains *keychain.List, panicHa
 		"corrupt":  corrupt,
 	}).Debug("Vault created")
 	cert, _ := encVault.GetBridgeTLSCert()
 	certs.NewInstaller().LogCertInstallStatus(cert)
 	// GODT-1950: Add teardown actions (e.g. to close the vault).
 	return fn(encVault, insecure, corrupt)
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@ -356,6 +356,10 @@ func removeCertTrustCGo(buffer *C.char, size C.ulonglong) error {
 	}
 }
 func osSupportCertInstall() bool {
 	return true
 }
 // installCert installs a certificate in the keychain. The certificate is added to the keychain and it is set as trusted.
 // This function will trigger a security prompt from the system, unless the certificate is already trusted in the user keychain.
 func installCert(certPEM []byte) error {
--- a/internal/certs/cert_store_darwin_test.go
+++ b/internal/certs/cert_store_darwin_test.go
@ -28,6 +28,7 @@ import (
 func TestCertInKeychain(t *testing.T) {
 	// no trust settings change is performed, so this test will not trigger an OS security prompt.
 	certPEM := generatePEMCertificate(t)
 	require.True(t, osSupportCertInstall())
 	require.False(t, isCertInKeychain(certPEM))
 	require.NoError(t, addCertToKeychain(certPEM))
 	require.True(t, isCertInKeychain(certPEM))
--- a/internal/certs/cert_store_linux.go
+++ b/internal/certs/cert_store_linux.go
@ -17,6 +17,10 @@
 package certs
 func osSupportCertInstall() bool {
 	return false
 }
 func installCert([]byte) error {
 	return nil // Linux doesn't have a root cert store.
 }
--- a/internal/certs/cert_store_windows.go
+++ b/internal/certs/cert_store_windows.go
@ -17,6 +17,10 @@
 package certs
 func osSupportCertInstall() bool {
 	return false
 }
 func installCert([]byte) error {
 	return nil // NOTE(GODT-986): Install certs to root cert store?
 }
--- a/internal/certs/installer.go
+++ b/internal/certs/installer.go
@ -37,6 +37,10 @@ func NewInstaller() *Installer {
 	}
 }
 func (installer *Installer) OSSupportCertInstall() bool {
 	return osSupportCertInstall()
 }
 func (installer *Installer) InstallCert(certPEM []byte) error {
 	installer.log.Info("Installing the Bridge TLS certificate in the OS keychain")
@ -64,3 +68,15 @@ func (installer *Installer) UninstallCert(certPEM []byte) error {
 func (installer *Installer) IsCertInstalled(certPEM []byte) bool {
 	return isCertInstalled(certPEM)
 }
 // LogCertInstallStatus reports the current status of the certificate installation in the log.
 // If certificate installation is not supported on the platform, this function does nothing.
 func (installer *Installer) LogCertInstallStatus(certPEM []byte) {
 	if installer.OSSupportCertInstall() {
 		if installer.IsCertInstalled(certPEM) {
 			installer.log.Info("The Bridge TLS certificate is installed in the OS keychain")
 		} else {
 			installer.log.Info("The Bridge TLS certificate is not installed in the OS keychain")
 		}
 	}
 }