LibTLS: Remove unused DefaultRootCACertificates

The certificates are set inside `DefaultRootCACertificates` in some
places, but no one reads them.

Libraries/LibTLS/CMakeLists.txt

@@ -1,7 +1,6 @@
 add_cxx_compile_options(-Wvla)
 
 set(SOURCES
-    DefaultRootCACertificates.cpp
     TLSv12.cpp
 )
 

Libraries/LibTLS/DefaultRootCACertificates.cpp

@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
- * Copyright (c) 2025, Altomani Gianluca <altomanigianluca@gmail.com>
- *
- * SPDX-License-Identifier: BSD-2-Clause
- */
-
-#include <AK/ByteBuffer.h>
-#include <LibCore/StandardPaths.h>
-#include <LibCrypto/ASN1/PEM.h>
-#include <LibFileSystem/FileSystem.h>
-#include <LibTLS/DefaultRootCACertificates.h>
-
-namespace TLS {
-
-static Vector<ByteString> s_default_ca_certificate_paths;
-
-void DefaultRootCACertificates::set_default_certificate_paths(Span<ByteString> paths)
-{
-    s_default_ca_certificate_paths.clear();
-    s_default_ca_certificate_paths.ensure_capacity(paths.size());
-    for (auto& path : paths)
-        s_default_ca_certificate_paths.unchecked_append(path);
-}
-
-DefaultRootCACertificates::DefaultRootCACertificates()
-{
-    auto load_result = load_certificates(s_default_ca_certificate_paths);
-    if (load_result.is_error()) {
-        dbgln("Failed to load CA Certificates: {}", load_result.error());
-        return;
-    }
-
-    m_ca_certificates = load_result.release_value();
-}
-
-DefaultRootCACertificates& DefaultRootCACertificates::the()
-{
-    static thread_local DefaultRootCACertificates s_the;
-    return s_the;
-}
-
-ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates(Span<ByteString> custom_cert_paths)
-{
-    auto cacert_file_or_error = Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read);
-    ByteBuffer data;
-    if (!cacert_file_or_error.is_error())
-        data = TRY(cacert_file_or_error.value()->read_until_eof());
-
-    auto user_cert_path = TRY(String::formatted("{}/.config/certs.pem", Core::StandardPaths::home_directory()));
-    if (FileSystem::exists(user_cert_path)) {
-        auto user_cert_file = TRY(Core::File::open(user_cert_path, Core::File::OpenMode::Read));
-        TRY(data.try_append(TRY(user_cert_file->read_until_eof())));
-    }
-
-    for (auto& custom_cert_path : custom_cert_paths) {
-        if (FileSystem::exists(custom_cert_path)) {
-            auto custom_cert_file = TRY(Core::File::open(custom_cert_path, Core::File::OpenMode::Read));
-            TRY(data.try_append(TRY(custom_cert_file->read_until_eof())));
-        }
-    }
-
-    return TRY(parse_pem_root_certificate_authorities(data));
-}
-
-ErrorOr<Vector<Certificate>> DefaultRootCACertificates::parse_pem_root_certificate_authorities(ByteBuffer& data)
-{
-    Vector<Certificate> certificates;
-
-    auto certs = TRY(Crypto::decode_pems(data));
-
-    for (auto& cert : certs) {
-        auto certificate_result = Certificate::parse_certificate(cert.data);
-        if (certificate_result.is_error()) {
-            // FIXME: It would be nice to have more informations about the certificate we failed to parse.
-            //        Like: Issuer, Algorithm, CN, etc
-            dbgln("Failed to load certificate: {}", certificate_result.error());
-            continue;
-        }
-        auto certificate = certificate_result.release_value();
-        if (certificate.is_certificate_authority && certificate.is_self_signed()) {
-            TRY(certificates.try_append(move(certificate)));
-        } else {
-            dbgln("Skipped '{}' because it is not a valid root CA", TRY(certificate.subject.to_string()));
-        }
-    }
-
-    dbgln_if(TLS_DEBUG, "Loaded {} of {} ({:.2}%) provided CA Certificates", certificates.size(), certs.size(), (certificates.size() * 100.0) / certs.size());
-
-    return certificates;
-}
-
-}

Libraries/LibTLS/DefaultRootCACertificates.h

@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
- * Copyright (c) 2025, Altomani Gianluca <altomanigianluca@gmail.com>
- *
- * SPDX-License-Identifier: BSD-2-Clause
- */
-
-#pragma once
-
-#include <LibCrypto/Certificate/Certificate.h>
-
-namespace TLS {
-
-using Crypto::Certificate::Certificate;
-
-class DefaultRootCACertificates {
-public:
-    DefaultRootCACertificates();
-
-    Vector<Certificate> const& certificates() const { return m_ca_certificates; }
-
-    static ErrorOr<Vector<Certificate>> parse_pem_root_certificate_authorities(ByteBuffer&);
-    static ErrorOr<Vector<Certificate>> load_certificates(Span<ByteString> custom_cert_paths = {});
-
-    static DefaultRootCACertificates& the();
-
-    static void set_default_certificate_paths(Span<ByteString> paths);
-
-private:
-    Vector<Certificate> m_ca_certificates;
-};
-}
-
-using TLS::DefaultRootCACertificates;

Services/RequestServer/main.cpp

@@ -15,7 +15,6 @@
 #include <LibFileSystem/FileSystem.h>
 #include <LibIPC/SingleServer.h>
 #include <LibMain/Main.h>
-#include <LibTLS/DefaultRootCACertificates.h>
 #include <LibTLS/TLSv12.h>
 #include <RequestServer/ConnectionFromClient.h>
 
@@ -60,9 +59,6 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     else
         RequestServer::g_default_certificate_path = certificates.first();
 
-    DefaultRootCACertificates::set_default_certificate_paths(certificates.span());
-    [[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
-
     Core::EventLoop event_loop;
 
 #if defined(AK_OS_MACOS)

UI/Android/src/main/cpp/RequestServerService.cpp

@@ -20,21 +20,8 @@
 #include <RequestServer/HttpsProtocol.h>
 #include <UI/Utilities.h>
 
-// FIXME: Share b/w RequestServer and WebSocket
-static ErrorOr<ByteString> find_certificates(StringView serenity_resource_root)
-{
-    auto cert_path = ByteString::formatted("{}/res/ladybird/cacert.pem", serenity_resource_root);
-    if (!FileSystem::exists(cert_path))
-        return Error::from_string_literal("Don't know how to load certs!");
-    return cert_path;
-}
-
 ErrorOr<int> service_main(int ipc_socket)
 {
-    // Ensure the certificates are read out here.
-    DefaultRootCACertificates::set_default_certificate_paths(Vector { TRY(find_certificates(s_ladybird_resource_root)) });
-    [[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
-
     Core::EventLoop event_loop;
 
     RequestServer::HttpProtocol::install();

Utilities/dns.cpp

@@ -9,7 +9,6 @@
 #include <LibCore/Socket.h>
 #include <LibDNS/Resolver.h>
 #include <LibMain/Main.h>
-#include <LibTLS/DefaultRootCACertificates.h>
 #include <LibTLS/TLSv12.h>
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
@@ -95,8 +94,6 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
         }
     };
 
-    DefaultRootCACertificates::set_default_certificate_paths(Array<ByteString, 1> { cert_path.is_empty() ? "/etc/ssl/cert.pem"sv : cert_path });
-
     MUST(resolver.when_socket_ready()->await());
 
     size_t pending_requests = requests.size();