mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-15 23:09:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibTLS: Move DefaultRootCACertificates to own file

Browse source
This commit is contained in:
devgianlu 2025-02-14 09:35:31 +01:00 committed by Ali Mohammad Pur
commit 53dd99098c
Notes: github-actions[bot] 2025-02-17 18:54:08 +00:00
8 changed files with 132 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

83
Libraries/LibTLS/TLSv12.cpp
View file

@ -9,18 +9,14 @@
#include <AK/Endian.h>
#include <LibCore/ConfigFile.h>
#include <LibCore/DateTime.h>
#include <LibCore/File.h>
#include <LibCore/StandardPaths.h>
#include <LibCore/Timer.h>
#include <LibCrypto/ASN1/ASN1.h>
#include <LibCrypto/ASN1/Constants.h>
#include <LibCrypto/ASN1/PEM.h>
#include <LibCrypto/Certificate/Certificate.h>
#include <LibCrypto/Curves/Ed25519.h>
#include <LibCrypto/Curves/SECPxxxr1.h>
#include <LibFileSystem/FileSystem.h>
#include <LibTLS/DefaultRootCACertificates.h>
#include <LibTLS/TLSv12.h>
#include <errno.h>
namespace TLS {
@ -509,83 +505,6 @@ Vector<Certificate> TLSv12::parse_pem_certificate(ReadonlyBytes certificate_pem_
return { move(certificate) };
}
static Vector<ByteString> s_default_ca_certificate_paths;
void DefaultRootCACertificates::set_default_certificate_paths(Span<ByteString> paths)
{
s_default_ca_certificate_paths.clear();
s_default_ca_certificate_paths.ensure_capacity(paths.size());
for (auto& path : paths)
s_default_ca_certificate_paths.unchecked_append(path);
}
DefaultRootCACertificates::DefaultRootCACertificates()
{
auto load_result = load_certificates(s_default_ca_certificate_paths);
if (load_result.is_error()) {
dbgln("Failed to load CA Certificates: {}", load_result.error());
return;
}
m_ca_certificates = load_result.release_value();
}
DefaultRootCACertificates& DefaultRootCACertificates::the()
{
static thread_local DefaultRootCACertificates s_the;
return s_the;
}
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates(Span<ByteString> custom_cert_paths)
{
auto cacert_file_or_error = Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read);
ByteBuffer data;
if (!cacert_file_or_error.is_error())
data = TRY(cacert_file_or_error.value()->read_until_eof());
auto user_cert_path = TRY(String::formatted("{}/.config/certs.pem", Core::StandardPaths::home_directory()));
if (FileSystem::exists(user_cert_path)) {
auto user_cert_file = TRY(Core::File::open(user_cert_path, Core::File::OpenMode::Read));
TRY(data.try_append(TRY(user_cert_file->read_until_eof())));
}
for (auto& custom_cert_path : custom_cert_paths) {
if (FileSystem::exists(custom_cert_path)) {
auto custom_cert_file = TRY(Core::File::open(custom_cert_path, Core::File::OpenMode::Read));
TRY(data.try_append(TRY(custom_cert_file->read_until_eof())));
}
}
return TRY(parse_pem_root_certificate_authorities(data));
}
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::parse_pem_root_certificate_authorities(ByteBuffer& data)
{
Vector<Certificate> certificates;
auto certs = TRY(Crypto::decode_pems(data));
for (auto& cert : certs) {
auto certificate_result = Certificate::parse_certificate(cert.data);
if (certificate_result.is_error()) {
// FIXME: It would be nice to have more informations about the certificate we failed to parse.
// Like: Issuer, Algorithm, CN, etc
dbgln("Failed to load certificate: {}", certificate_result.error());
continue;
}
auto certificate = certificate_result.release_value();
if (certificate.is_certificate_authority && certificate.is_self_signed()) {
TRY(certificates.try_append(move(certificate)));
} else {
dbgln("Skipped '{}' because it is not a valid root CA", TRY(certificate.subject.to_string()));
}
}
dbgln_if(TLS_DEBUG, "Loaded {} of {} ({:.2}%) provided CA Certificates", certificates.size(), certs.size(), (certificates.size() * 100.0) / certs.size());
return certificates;
}
ErrorOr<SupportedGroup> oid_to_curve(Vector<int> curve)
{
if (curve == Crypto::ASN1::secp384r1_oid)