feat(GODT-3104): added log entry for cert install status on startup on macOS.
This commit is contained in:
parent
4a01c46aed
commit
dc584ea29b
|
@ -22,6 +22,7 @@ import (
|
|||
"path"
|
||||
|
||||
"github.com/ProtonMail/gluon/async"
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/certs"
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/constants"
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/locations"
|
||||
"github.com/ProtonMail/proton-bridge/v3/internal/vault"
|
||||
|
@ -44,6 +45,9 @@ func WithVault(locations *locations.Locations, keychains *keychain.List, panicHa
|
|||
"corrupt": corrupt,
|
||||
}).Debug("Vault created")
|
||||
|
||||
cert, _ := encVault.GetBridgeTLSCert()
|
||||
certs.NewInstaller().LogCertInstallStatus(cert)
|
||||
|
||||
// GODT-1950: Add teardown actions (e.g. to close the vault).
|
||||
|
||||
return fn(encVault, insecure, corrupt)
|
||||
|
|
|
@ -356,6 +356,10 @@ func removeCertTrustCGo(buffer *C.char, size C.ulonglong) error {
|
|||
}
|
||||
}
|
||||
|
||||
func osSupportCertInstall() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
// installCert installs a certificate in the keychain. The certificate is added to the keychain and it is set as trusted.
|
||||
// This function will trigger a security prompt from the system, unless the certificate is already trusted in the user keychain.
|
||||
func installCert(certPEM []byte) error {
|
||||
|
|
|
@ -28,6 +28,7 @@ import (
|
|||
func TestCertInKeychain(t *testing.T) {
|
||||
// no trust settings change is performed, so this test will not trigger an OS security prompt.
|
||||
certPEM := generatePEMCertificate(t)
|
||||
require.True(t, osSupportCertInstall())
|
||||
require.False(t, isCertInKeychain(certPEM))
|
||||
require.NoError(t, addCertToKeychain(certPEM))
|
||||
require.True(t, isCertInKeychain(certPEM))
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
|
||||
package certs
|
||||
|
||||
func osSupportCertInstall() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func installCert([]byte) error {
|
||||
return nil // Linux doesn't have a root cert store.
|
||||
}
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
|
||||
package certs
|
||||
|
||||
func osSupportCertInstall() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func installCert([]byte) error {
|
||||
return nil // NOTE(GODT-986): Install certs to root cert store?
|
||||
}
|
||||
|
|
|
@ -37,6 +37,10 @@ func NewInstaller() *Installer {
|
|||
}
|
||||
}
|
||||
|
||||
func (installer *Installer) OSSupportCertInstall() bool {
|
||||
return osSupportCertInstall()
|
||||
}
|
||||
|
||||
func (installer *Installer) InstallCert(certPEM []byte) error {
|
||||
installer.log.Info("Installing the Bridge TLS certificate in the OS keychain")
|
||||
|
||||
|
@ -64,3 +68,15 @@ func (installer *Installer) UninstallCert(certPEM []byte) error {
|
|||
func (installer *Installer) IsCertInstalled(certPEM []byte) bool {
|
||||
return isCertInstalled(certPEM)
|
||||
}
|
||||
|
||||
// LogCertInstallStatus reports the current status of the certificate installation in the log.
|
||||
// If certificate installation is not supported on the platform, this function does nothing.
|
||||
func (installer *Installer) LogCertInstallStatus(certPEM []byte) {
|
||||
if installer.OSSupportCertInstall() {
|
||||
if installer.IsCertInstalled(certPEM) {
|
||||
installer.log.Info("The Bridge TLS certificate is installed in the OS keychain")
|
||||
} else {
|
||||
installer.log.Info("The Bridge TLS certificate is not installed in the OS keychain")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue