diff options
| author | Andreu Botella <andreu@andreubotella.com> | 2023-01-17 16:18:24 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-18 01:18:24 +0100 |
| commit | 69ec45eac76c63ea973c68479ea4f0bbf58b29e9 (patch) | |
| tree | 6e58f2eecc903f91981c695430dc64dca98fe7b6 /cli/standalone.rs | |
| parent | 1a792f8805d835257302baf538505451b149d84c (diff) | |
refactor(cli): Integrate standalone mode cert handling into `Flags` (#17419)
The way the standalone mode handles the `--cert` flag is different to
all other modes. This is because `--cert` takes a path to the
certificate file, which is directly added to the root cert store; except
for compile mode, where its byte contents are stored in the standalone
metadata, and they are added to the root cert store after the
`ProcState` is created.
This change instead changes `Flags::ca_file` (an `Option<String>`) into
`Flags::ca_data`, which can represent a `String` file path or a
`Vec<u8>` with the certificate contents. That way, standalone mode can
create a `ProcState` whose root cert store alreay contains the
certificate.
This change also adds a tests for certificates in standalone mode, since
there weren't any before.
This refactor will help with implementing web workers in standalone mode
in the future.
Diffstat (limited to 'cli/standalone.rs')
| -rw-r--r-- | cli/standalone.rs | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/cli/standalone.rs b/cli/standalone.rs index 18d134293..593cff7ce 100644 --- a/cli/standalone.rs +++ b/cli/standalone.rs @@ -1,5 +1,6 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +use crate::args::CaData; use crate::args::Flags; use crate::colors; use crate::file_fetcher::get_source_from_data_url; @@ -7,7 +8,6 @@ use crate::ops; use crate::proc_state::ProcState; use crate::version; use crate::CliResolver; -use deno_core::anyhow::anyhow; use deno_core::anyhow::Context; use deno_core::error::type_error; use deno_core::error::AnyError; @@ -26,7 +26,6 @@ use deno_core::ModuleSpecifier; use deno_core::ResolutionKind; use deno_graph::source::Resolver; use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel; -use deno_runtime::deno_tls::rustls_pemfile; use deno_runtime::deno_web::BlobStore; use deno_runtime::fmt_errors::format_js_error; use deno_runtime::permissions::Permissions; @@ -38,8 +37,6 @@ use deno_runtime::BootstrapOptions; use import_map::parse_from_json; use log::Level; use std::env::current_exe; -use std::io::BufReader; -use std::io::Cursor; use std::io::SeekFrom; use std::iter::once; use std::pin::Pin; @@ -217,6 +214,7 @@ fn metadata_to_flags(metadata: &Metadata) -> Flags { v8_flags: metadata.v8_flags.clone(), log_level: metadata.log_level, ca_stores: metadata.ca_stores.clone(), + ca_data: metadata.ca_data.clone().map(CaData::Bytes), ..Default::default() } } @@ -257,22 +255,7 @@ pub async fn run( .collect::<Vec<_>>(), ); - let mut root_cert_store = ps.root_cert_store.clone(); - - if let Some(cert) = metadata.ca_data { - let reader = &mut BufReader::new(Cursor::new(cert)); - match rustls_pemfile::certs(reader) { - Ok(certs) => { - root_cert_store.add_parsable_certificates(&certs); - } - Err(e) => { - return Err(anyhow!( - "Unable to add pem file to certificate store: {}", - e - )); - } - } - } + let root_cert_store = ps.root_cert_store.clone(); let options = WorkerOptions { bootstrap: BootstrapOptions { |