We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
ladybird
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

LibTLS: Refactor CA loading into central function

Fabian Dellwing 2 jaren geleden
bovenliggende
924758c6f8
commit
459dee1f86
3 gewijzigde bestanden met toevoegingen van 20 en 52 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 3 40
      Tests/LibTLS/TestTLSHandshake.cpp
  2. 1 1
      Userland/Libraries/LibTLS/Certificate.h
  3. 16 11
      Userland/Libraries/LibTLS/TLSv12.cpp

+ 3 - 40
Tests/LibTLS/TestTLSHandshake.cpp
Bestand weergeven 

@@ -40,46 +40,9 @@ DeprecatedString locate_ca_certs_file()
 
 
 
 Vector<Certificate> load_certificates()
 
 Vector<Certificate> load_certificates()
 
 {
 
 {
 
-    Vector<Certificate> certificates;
 
-
 
-    auto cacert_result = Core::File::open(locate_ca_certs_file(), Core::File::OpenMode::Read);
 
-    if (cacert_result.is_error()) {
 
-        dbgln("Failed to load CA Certificates: {}", cacert_result.error());
 
-        return certificates;
 
-    }
 
-    auto cacert_file = cacert_result.release_value();
 
-    auto data_result = cacert_file->read_until_eof();
 
-    if (data_result.is_error()) {
 
-        dbgln("Failed to load CA Certificates: {}", data_result.error());
 
-        return certificates;
 
-    }
 
-    auto data = data_result.release_value();
 
-
 
-    auto decode_result = Crypto::decode_pems(data);
 
-    if (decode_result.is_error()) {
 
-        dbgln("Failed to load CA Certificates: {}", decode_result.error());
 
-        return certificates;
 
-    }
 
-    auto certs = decode_result.release_value();
 
-
 
-    for (auto& cert : certs) {
 
-        auto certificate_result = Certificate::parse_asn1(cert.bytes());
 
-        // If the certificate does not parse it is likely using elliptic curve keys/signatures, which are not
 
-        // supported right now. It might make sense to cleanup cacert.pem before adding it to the system.
 
-        if (!certificate_result.has_value()) {
 
-            // FIXME: It would be nice to have more informations about the certificate we failed to parse.
 
-            //        Like: Issuer, Algorithm, CN, etc
 
-            continue;
 
-        }
 
-        auto certificate = certificate_result.release_value();
 
-        if (certificate.is_certificate_authority && certificate.is_self_signed()) {
 
-            certificates.append(move(certificate));
 
-        } else {
 
-            dbgln("Skipped '{}' because it is not a valid root CA", certificate.subject_identifier_string());
 
-        }
 
-    }
 
-
 
-    return certificates;
 
+    auto cacert_file = MUST(Core::File::open(locate_ca_certs_file(), Core::File::OpenMode::Read));
 
+    auto data = MUST(cacert_file->read_until_eof());
 
+    return MUST(DefaultRootCACertificates::the().reload_certificates(data));
 
 }
 
 }
 
 
 
 static Vector<Certificate> s_root_ca_certificates = load_certificates();
 
 static Vector<Certificate> s_root_ca_certificates = load_certificates();

+ 1 - 1
Userland/Libraries/LibTLS/Certificate.h
Bestand weergeven 

@@ -137,7 +137,7 @@ public:
 
 
 
     Vector<Certificate> const& certificates() const { return m_ca_certificates; }
 
     Vector<Certificate> const& certificates() const { return m_ca_certificates; }
 
 
 
-    void reload_certificates(ByteBuffer&);
 
+    ErrorOr<Vector<Certificate>> reload_certificates(ByteBuffer&);
 
 
 
     static DefaultRootCACertificates& the() { return s_the; }
 
     static DefaultRootCACertificates& the() { return s_the; }

+ 16 - 11
Userland/Libraries/LibTLS/TLSv12.cpp
Bestand weergeven 

@@ -499,18 +499,21 @@ DefaultRootCACertificates::DefaultRootCACertificates()
 
         return;
 
         return;
 
     }
 
     }
 
     auto data = data_result.release_value();
 
     auto data = data_result.release_value();
 
-    reload_certificates(data);
 
-}
 
 
 
-void DefaultRootCACertificates::reload_certificates(ByteBuffer& data)
 
-{
 
-    auto decode_result = Crypto::decode_pems(data);
 
-    if (decode_result.is_error()) {
 
-        dbgln("Failed to load CA Certificates: {}", decode_result.error());
 
+    auto reload_result = reload_certificates(data);
 
+    if (reload_result.is_error()) {
 
+        dbgln("Failed to load CA Certificates: {}", reload_result.error());
 
         return;
 
         return;
 
     }
 
     }
 
-    m_ca_certificates.clear();
 
-    auto certs = decode_result.release_value();
 
+
 
+    m_ca_certificates = reload_result.release_value();
 
+}
 
+
 
+ErrorOr<Vector<Certificate>> DefaultRootCACertificates::reload_certificates(ByteBuffer& data)
 
+{
 
+    Vector<Certificate> certificates;
 
+
 
+    auto certs = TRY(Crypto::decode_pems(data));
 
 
 
     for (auto& cert : certs) {
 
     for (auto& cert : certs) {
 
         auto certificate_result = Certificate::parse_asn1(cert.bytes());
 
         auto certificate_result = Certificate::parse_asn1(cert.bytes());
 
@@ -523,12 +526,14 @@ void DefaultRootCACertificates::reload_certificates(ByteBuffer& data)
 
         }
 
         }
 
         auto certificate = certificate_result.release_value();
 
         auto certificate = certificate_result.release_value();
 
         if (certificate.is_certificate_authority && certificate.is_self_signed()) {
 
         if (certificate.is_certificate_authority && certificate.is_self_signed()) {
 
-            m_ca_certificates.append(move(certificate));
 
+            TRY(certificates.try_append(move(certificate)));
 
         } else {
 
         } else {
 
             dbgln("Skipped '{}' because it is not a valid root CA", certificate.subject_identifier_string());
 
             dbgln("Skipped '{}' because it is not a valid root CA", certificate.subject_identifier_string());
 
         }
 
         }
 
     }
 
     }
 
 
 
-    dbgln("Loaded {} of {} ({:.2}%) provided CA Certificates", m_ca_certificates.size(), certs.size(), (m_ca_certificates.size() * 100.0) / certs.size());
 
+    dbgln("Loaded {} of {} ({:.2}%) provided CA Certificates", certificates.size(), certs.size(), (certificates.size() * 100.0) / certs.size());
 
+
 
+    return certificates;
 
 }
 
 }
 
 }
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5