mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-12-04 21:40:33 +00:00
Tests: Rework TLS test to use new cacert.pem
This commit is contained in:
parent
b07654c3c1
commit
da6130a6d8
Notes:
sideshowbarker
2024-07-16 22:49:24 +09:00
Author: https://github.com/fdellwing Commit: https://github.com/SerenityOS/serenity/commit/da6130a6d8 Pull-request: https://github.com/SerenityOS/serenity/pull/17835 Reviewed-by: https://github.com/alimpfard Reviewed-by: https://github.com/linusg Reviewed-by: https://github.com/sin-ack Reviewed-by: https://github.com/timschumi
2 changed files with 35 additions and 27 deletions
|
@ -9,10 +9,11 @@
|
|||
#include <LibCore/DeprecatedFile.h>
|
||||
#include <LibCore/EventLoop.h>
|
||||
#include <LibCrypto/ASN1/ASN1.h>
|
||||
#include <LibCrypto/ASN1/PEM.h>
|
||||
#include <LibTLS/TLSv12.h>
|
||||
#include <LibTest/TestCase.h>
|
||||
|
||||
static StringView ca_certs_file = "./ca_certs.ini"sv;
|
||||
static StringView ca_certs_file = "./cacert.pem"sv;
|
||||
static int port = 443;
|
||||
|
||||
constexpr auto DEFAULT_SERVER = "www.google.com"sv;
|
||||
|
@ -30,7 +31,7 @@ DeprecatedString locate_ca_certs_file()
|
|||
if (Core::DeprecatedFile::exists(ca_certs_file)) {
|
||||
return ca_certs_file;
|
||||
}
|
||||
auto on_target_path = DeprecatedString("/etc/ca_certs.ini");
|
||||
auto on_target_path = DeprecatedString("/etc/cacert.pem");
|
||||
if (Core::DeprecatedFile::exists(on_target_path)) {
|
||||
return on_target_path;
|
||||
}
|
||||
|
@ -40,33 +41,41 @@ DeprecatedString locate_ca_certs_file()
|
|||
Vector<Certificate> load_certificates()
|
||||
{
|
||||
Vector<Certificate> certificates;
|
||||
auto ca_certs_filepath = locate_ca_certs_file();
|
||||
if (ca_certs_filepath == "") {
|
||||
warnln("Could not locate ca_certs.ini file.");
|
||||
|
||||
auto cacert_result = Core::File::open(locate_ca_certs_file(), Core::File::OpenMode::Read);
|
||||
if (cacert_result.is_error()) {
|
||||
dbgln("Failed to load CA Certificates: {}", cacert_result.error());
|
||||
return certificates;
|
||||
}
|
||||
|
||||
auto config = Core::ConfigFile::open(ca_certs_filepath).release_value_but_fixme_should_propagate_errors();
|
||||
for (auto& entity : config->groups()) {
|
||||
for (auto& subject : config->keys(entity)) {
|
||||
auto certificate_base64 = config->read_entry(entity, subject);
|
||||
auto certificate_data_result = decode_base64(certificate_base64);
|
||||
if (certificate_data_result.is_error()) {
|
||||
dbgln("Skipping CA Certificate {} {}: out of memory", entity, subject);
|
||||
continue;
|
||||
auto cacert_file = cacert_result.release_value();
|
||||
auto data_result = cacert_file->read_until_eof();
|
||||
if (data_result.is_error()) {
|
||||
dbgln("Failed to load CA Certificates: {}", data_result.error());
|
||||
return certificates;
|
||||
}
|
||||
auto certificate_data = certificate_data_result.release_value();
|
||||
auto certificate_result = Certificate::parse_asn1(certificate_data.bytes());
|
||||
auto data = data_result.release_value();
|
||||
|
||||
auto decode_result = Crypto::decode_pems(data);
|
||||
if (decode_result.is_error()) {
|
||||
dbgln("Failed to load CA Certificates: {}", decode_result.error());
|
||||
return certificates;
|
||||
}
|
||||
auto certs = decode_result.release_value();
|
||||
|
||||
for (auto& cert : certs) {
|
||||
auto certificate_result = Certificate::parse_asn1(cert.bytes());
|
||||
// If the certificate does not parse it is likely using elliptic curve keys/signatures, which are not
|
||||
// supported right now. Currently, ca_certs.ini should only contain certificates with RSA keys/signatures.
|
||||
// supported right now. It might make sense to cleanup cacert.pem before adding it to the system.
|
||||
if (!certificate_result.has_value()) {
|
||||
dbgln("Skipping CA Certificate {} {}: unable to parse", entity, subject);
|
||||
// FIXME: It would be nice to have more informations about the certificate we failed to parse.
|
||||
// Like: Issuer, Algorithm, CN, etc
|
||||
continue;
|
||||
}
|
||||
auto certificate = certificate_result.release_value();
|
||||
if (certificate.is_certificate_authority)
|
||||
certificates.append(move(certificate));
|
||||
}
|
||||
}
|
||||
|
||||
return certificates;
|
||||
}
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../../Base/etc/ca_certs.ini
|
Loading…
Reference in a new issue