headless-browser: Add ca-certs-path options

Author: https://github.com/leeight
Commit: https://github.com/SerenityOS/serenity/commit/2eb6dbd4f0
Pull-request: https://github.com/SerenityOS/serenity/pull/15391
Issue: https://github.com/SerenityOS/serenity/issues/15390
Reviewed-by: https://github.com/alimpfard

Userland/Libraries/LibTLS/Certificate.h

@@ -11,6 +11,7 @@
 #include <AK/Optional.h>
 #include <AK/Singleton.h>
 #include <AK/Types.h>
+#include <LibCore/ConfigFile.h>
 #include <LibCore/DateTime.h>
 #include <LibCrypto/BigInt/UnsignedBigInteger.h>
 #include <LibCrypto/PK/RSA.h>
@@ -131,6 +132,8 @@ public:
 
     Vector<Certificate> const& certificates() const { return m_ca_certificates; }
 
+    void reload_certificates(Core::ConfigFile&);
+
     static DefaultRootCACertificates& the() { return s_the; }
 
 private:

Userland/Libraries/LibTLS/TLSv12.cpp

@@ -476,10 +476,15 @@ DefaultRootCACertificates::DefaultRootCACertificates()
         return;
     }
     auto config = config_result.release_value();
+    reload_certificates(config);
+}
 
-    for (auto& entity : config->groups()) {
-        for (auto& subject : config->keys(entity)) {
-            auto certificate_base64 = config->read_entry(entity, subject);
+void DefaultRootCACertificates::reload_certificates(Core::ConfigFile& config)
+{
+    m_ca_certificates.clear();
+    for (auto& entity : config.groups()) {
+        for (auto& subject : config.keys(entity)) {
+            auto certificate_base64 = config.read_entry(entity, subject);
             auto certificate_data_result = decode_base64(certificate_base64);
             if (certificate_data_result.is_error()) {
                 dbgln("Skipping CA Certificate {} {}: out of memory", entity, subject);

Userland/Utilities/headless-browser.cpp

@@ -13,6 +13,7 @@
 #include <AK/StringBuilder.h>
 #include <AK/Types.h>
 #include <LibCore/ArgsParser.h>
+#include <LibCore/ConfigFile.h>
 #include <LibCore/EventLoop.h>
 #include <LibCore/File.h>
 #include <LibCore/IODevice.h>
@@ -660,6 +661,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     StringView url;
     StringView resources_folder;
     StringView error_page_url;
+    StringView ca_certs_path;
 
     Core::EventLoop event_loop;
     Core::ArgsParser args_parser;
@@ -667,6 +669,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     args_parser.add_option(take_screenshot_after, "Take a screenshot after [n] seconds (default: 1)", "screenshot", 's', "n");
     args_parser.add_option(resources_folder, "Path of the base resources folder (defaults to /res)", "resources", 'r', "resources-root-path");
     args_parser.add_option(error_page_url, "URL for the error page (defaults to file:///res/html/error.html)", "error-page", 'e', "error-page-url");
+    args_parser.add_option(ca_certs_path, "The bundled ca certificates file", "certs", 'c', "ca-certs-path");
     args_parser.add_positional_argument(url, "URL to open", "url", Core::ArgsParser::Required::Yes);
     args_parser.parse(arguments);
 
@@ -680,6 +683,15 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
         Web::FrameLoader::set_default_favicon_path(LexicalPath::join(resources_folder, "icons/16x16/app-browser.png"sv).string());
         Gfx::FontDatabase::set_default_fonts_lookup_path(LexicalPath::join(resources_folder, "fonts"sv).string());
     }
+    if (!ca_certs_path.is_empty()) {
+        auto config_result = Core::ConfigFile::open(ca_certs_path);
+        if (config_result.is_error()) {
+            dbgln("Failed to load CA Certificates: {}", config_result.error());
+        } else {
+            auto config = config_result.release_value();
+            DefaultRootCACertificates::the().reload_certificates(config);
+        }
+    }
 
     Gfx::FontDatabase::set_default_font_query("Katica 10 400 0");
     Gfx::FontDatabase::set_window_title_font_query("Katica 10 700 0");