feat(GODT-3104): added log entry for cert install status on startup on macOS.

2023-11-08 16:30:06 +01:00 · 2023-11-08 16:30:06 +01:00 · dc584ea29b
parent 4a01c46aed
commit dc584ea29b
6 changed files with 33 additions and 0 deletions
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@ -22,6 +22,7 @@ import (
 	"path"

 	"github.com/ProtonMail/gluon/async"
+	"github.com/ProtonMail/proton-bridge/v3/internal/certs"
 	"github.com/ProtonMail/proton-bridge/v3/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
@ -44,6 +45,9 @@ func WithVault(locations *locations.Locations, keychains *keychain.List, panicHa
 		"corrupt":  corrupt,
 	}).Debug("Vault created")

+	cert, _ := encVault.GetBridgeTLSCert()
+	certs.NewInstaller().LogCertInstallStatus(cert)
+
 	// GODT-1950: Add teardown actions (e.g. to close the vault).

 	return fn(encVault, insecure, corrupt)
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@ -356,6 +356,10 @@ func removeCertTrustCGo(buffer *C.char, size C.ulonglong) error {
 	}
 }

+func osSupportCertInstall() bool {
+	return true
+}
+
 // installCert installs a certificate in the keychain. The certificate is added to the keychain and it is set as trusted.
 // This function will trigger a security prompt from the system, unless the certificate is already trusted in the user keychain.
 func installCert(certPEM []byte) error {
--- a/internal/certs/cert_store_darwin_test.go
+++ b/internal/certs/cert_store_darwin_test.go
@ -28,6 +28,7 @@ import (
 func TestCertInKeychain(t *testing.T) {
 	// no trust settings change is performed, so this test will not trigger an OS security prompt.
 	certPEM := generatePEMCertificate(t)
+	require.True(t, osSupportCertInstall())
 	require.False(t, isCertInKeychain(certPEM))
 	require.NoError(t, addCertToKeychain(certPEM))
 	require.True(t, isCertInKeychain(certPEM))
--- a/internal/certs/cert_store_linux.go
+++ b/internal/certs/cert_store_linux.go
@ -17,6 +17,10 @@

 package certs

+func osSupportCertInstall() bool {
+	return false
+}
+
 func installCert([]byte) error {
 	return nil // Linux doesn't have a root cert store.
 }
--- a/internal/certs/cert_store_windows.go
+++ b/internal/certs/cert_store_windows.go
@ -17,6 +17,10 @@

 package certs

+func osSupportCertInstall() bool {
+	return false
+}
+
 func installCert([]byte) error {
 	return nil // NOTE(GODT-986): Install certs to root cert store?
 }
--- a/internal/certs/installer.go
+++ b/internal/certs/installer.go
@ -37,6 +37,10 @@ func NewInstaller() *Installer {
 	}
 }

+func (installer *Installer) OSSupportCertInstall() bool {
+	return osSupportCertInstall()
+}
+
 func (installer *Installer) InstallCert(certPEM []byte) error {
 	installer.log.Info("Installing the Bridge TLS certificate in the OS keychain")

@ -64,3 +68,15 @@ func (installer *Installer) UninstallCert(certPEM []byte) error {
 func (installer *Installer) IsCertInstalled(certPEM []byte) bool {
 	return isCertInstalled(certPEM)
 }
+
+// LogCertInstallStatus reports the current status of the certificate installation in the log.
+// If certificate installation is not supported on the platform, this function does nothing.
+func (installer *Installer) LogCertInstallStatus(certPEM []byte) {
+	if installer.OSSupportCertInstall() {
+		if installer.IsCertInstalled(certPEM) {
+			installer.log.Info("The Bridge TLS certificate is installed in the OS keychain")
+		} else {
+			installer.log.Info("The Bridge TLS certificate is not installed in the OS keychain")
+		}
+	}
+}