diff options
| author | Andreu Botella <andreu@andreubotella.com> | 2023-01-17 16:18:24 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-18 01:18:24 +0100 |
| commit | 69ec45eac76c63ea973c68479ea4f0bbf58b29e9 (patch) | |
| tree | 6e58f2eecc903f91981c695430dc64dca98fe7b6 /cli/args/mod.rs | |
| parent | 1a792f8805d835257302baf538505451b149d84c (diff) | |
refactor(cli): Integrate standalone mode cert handling into `Flags` (#17419)
The way the standalone mode handles the `--cert` flag is different to
all other modes. This is because `--cert` takes a path to the
certificate file, which is directly added to the root cert store; except
for compile mode, where its byte contents are stored in the standalone
metadata, and they are added to the root cert store after the
`ProcState` is created.
This change instead changes `Flags::ca_file` (an `Option<String>`) into
`Flags::ca_data`, which can represent a `String` file path or a
`Vec<u8>` with the certificate contents. That way, standalone mode can
create a `ProcState` whose root cert store alreay contains the
certificate.
This change also adds a tests for certificates in standalone mode, since
there weren't any before.
This refactor will help with implementing web workers in standalone mode
in the future.
Diffstat (limited to 'cli/args/mod.rs')
| -rw-r--r-- | cli/args/mod.rs | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/cli/args/mod.rs b/cli/args/mod.rs index 0f60d09c3..b604d3ab5 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -42,6 +42,7 @@ use deno_runtime::permissions::PermissionsOptions; use std::collections::BTreeMap; use std::env; use std::io::BufReader; +use std::io::Cursor; use std::net::SocketAddr; use std::num::NonZeroUsize; use std::path::PathBuf; @@ -370,7 +371,7 @@ fn resolve_lint_rules_options( pub fn get_root_cert_store( maybe_root_path: Option<PathBuf>, maybe_ca_stores: Option<Vec<String>>, - maybe_ca_file: Option<String>, + maybe_ca_data: Option<CaData>, ) -> Result<RootCertStore, AnyError> { let mut root_cert_store = RootCertStore::empty(); let ca_stores: Vec<String> = maybe_ca_stores @@ -413,17 +414,27 @@ pub fn get_root_cert_store( } } - let ca_file = maybe_ca_file.or_else(|| env::var("DENO_CERT").ok()); - if let Some(ca_file) = ca_file { - let ca_file = if let Some(root) = &maybe_root_path { - root.join(&ca_file) - } else { - PathBuf::from(ca_file) + let ca_data = + maybe_ca_data.or_else(|| env::var("DENO_CERT").ok().map(CaData::File)); + if let Some(ca_data) = ca_data { + let result = match ca_data { + CaData::File(ca_file) => { + let ca_file = if let Some(root) = &maybe_root_path { + root.join(&ca_file) + } else { + PathBuf::from(ca_file) + }; + let certfile = std::fs::File::open(ca_file)?; + let mut reader = BufReader::new(certfile); + rustls_pemfile::certs(&mut reader) + } + CaData::Bytes(data) => { + let mut reader = BufReader::new(Cursor::new(data)); + rustls_pemfile::certs(&mut reader) + } }; - let certfile = std::fs::File::open(ca_file)?; - let mut reader = BufReader::new(certfile); - match rustls_pemfile::certs(&mut reader) { + match result { Ok(certs) => { root_cert_store.add_parsable_certificates(&certs); } @@ -576,7 +587,7 @@ impl CliOptions { get_root_cert_store( None, self.flags.ca_stores.clone(), - self.flags.ca_file.clone(), + self.flags.ca_data.clone(), ) } @@ -722,8 +733,8 @@ impl CliOptions { &self.flags.argv } - pub fn ca_file(&self) -> &Option<String> { - &self.flags.ca_file + pub fn ca_data(&self) -> &Option<CaData> { + &self.flags.ca_data } pub fn ca_stores(&self) -> &Option<Vec<String>> { |