diff options
Diffstat (limited to 'cli/args')
| -rw-r--r-- | cli/args/flags.rs | 34 | ||||
| -rw-r--r-- | cli/args/mod.rs | 37 |
2 files changed, 47 insertions, 24 deletions
diff --git a/cli/args/flags.rs b/cli/args/flags.rs index 903f93639..c6c922bd6 100644 --- a/cli/args/flags.rs +++ b/cli/args/flags.rs @@ -291,6 +291,15 @@ impl Default for ConfigFlag { } } +#[derive(Clone, Debug, Eq, PartialEq)] +pub enum CaData { + /// The string is a file path + File(String), + /// This variant is not exposed as an option in the CLI, it is used internally + /// for standalone binaries. + Bytes(Vec<u8>), +} + #[derive(Clone, Debug, Eq, PartialEq, Default)] pub struct Flags { /// Vector of CLI arguments - these are user script arguments, all Deno @@ -308,7 +317,7 @@ pub struct Flags { pub allow_sys: Option<Vec<String>>, pub allow_write: Option<Vec<PathBuf>>, pub ca_stores: Option<Vec<String>>, - pub ca_file: Option<String>, + pub ca_data: Option<CaData>, pub cache_blocklist: Vec<String>, /// This is not exposed as an option in the CLI, it is used internally when /// the language server is configured with an explicit cache option. @@ -3091,7 +3100,10 @@ fn reload_arg_parse(flags: &mut Flags, matches: &ArgMatches) { } fn ca_file_arg_parse(flags: &mut Flags, matches: &clap::ArgMatches) { - flags.ca_file = matches.value_of("cert").map(ToOwned::to_owned); + flags.ca_data = matches + .value_of("cert") + .map(ToOwned::to_owned) + .map(CaData::File); } fn enable_testing_features_arg_parse( @@ -4276,7 +4288,7 @@ mod tests { reload: true, lock: Some(PathBuf::from("lock.json")), lock_write: true, - ca_file: Some("example.crt".to_string()), + ca_data: Some(CaData::File("example.crt".to_string())), cached_only: true, location: Some(Url::parse("https://foo/").unwrap()), v8_flags: svec!["--help", "--random-seed=1"], @@ -4370,7 +4382,7 @@ mod tests { reload: true, lock: Some(PathBuf::from("lock.json")), lock_write: true, - ca_file: Some("example.crt".to_string()), + ca_data: Some(CaData::File("example.crt".to_string())), cached_only: true, location: Some(Url::parse("https://foo/").unwrap()), v8_flags: svec!["--help", "--random-seed=1"], @@ -5036,7 +5048,7 @@ mod tests { reload: true, lock: Some(PathBuf::from("lock.json")), lock_write: true, - ca_file: Some("example.crt".to_string()), + ca_data: Some(CaData::File("example.crt".to_string())), cached_only: true, v8_flags: svec!["--help", "--random-seed=1"], seed: Some(1), @@ -5608,7 +5620,7 @@ mod tests { subcommand: DenoSubcommand::Run(RunFlags { script: "script.ts".to_string(), }), - ca_file: Some("example.crt".to_owned()), + ca_data: Some(CaData::File("example.crt".to_owned())), ..Flags::default() } ); @@ -5856,7 +5868,7 @@ mod tests { out_file: None, }), type_check_mode: TypeCheckMode::Local, - ca_file: Some("example.crt".to_owned()), + ca_data: Some(CaData::File("example.crt".to_owned())), ..Flags::default() } ); @@ -5875,7 +5887,7 @@ mod tests { version: None, output: None, }), - ca_file: Some("example.crt".to_owned()), + ca_data: Some(CaData::File("example.crt".to_owned())), ..Flags::default() } ); @@ -5897,7 +5909,7 @@ mod tests { subcommand: DenoSubcommand::Cache(CacheFlags { files: svec!["script.ts", "script_two.ts"], }), - ca_file: Some("example.crt".to_owned()), + ca_data: Some(CaData::File("example.crt".to_owned())), ..Flags::default() } ); @@ -5919,7 +5931,7 @@ mod tests { json: false, file: Some("https://example.com".to_string()), }), - ca_file: Some("example.crt".to_owned()), + ca_data: Some(CaData::File("example.crt".to_owned())), ..Flags::default() } ); @@ -6093,7 +6105,7 @@ mod tests { reload: true, lock: Some(PathBuf::from("lock.json")), lock_write: true, - ca_file: Some("example.crt".to_string()), + ca_data: Some(CaData::File("example.crt".to_string())), cached_only: true, location: Some(Url::parse("https://foo/").unwrap()), allow_read: Some(vec![]), diff --git a/cli/args/mod.rs b/cli/args/mod.rs index 0f60d09c3..b604d3ab5 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -42,6 +42,7 @@ use deno_runtime::permissions::PermissionsOptions; use std::collections::BTreeMap; use std::env; use std::io::BufReader; +use std::io::Cursor; use std::net::SocketAddr; use std::num::NonZeroUsize; use std::path::PathBuf; @@ -370,7 +371,7 @@ fn resolve_lint_rules_options( pub fn get_root_cert_store( maybe_root_path: Option<PathBuf>, maybe_ca_stores: Option<Vec<String>>, - maybe_ca_file: Option<String>, + maybe_ca_data: Option<CaData>, ) -> Result<RootCertStore, AnyError> { let mut root_cert_store = RootCertStore::empty(); let ca_stores: Vec<String> = maybe_ca_stores @@ -413,17 +414,27 @@ pub fn get_root_cert_store( } } - let ca_file = maybe_ca_file.or_else(|| env::var("DENO_CERT").ok()); - if let Some(ca_file) = ca_file { - let ca_file = if let Some(root) = &maybe_root_path { - root.join(&ca_file) - } else { - PathBuf::from(ca_file) + let ca_data = + maybe_ca_data.or_else(|| env::var("DENO_CERT").ok().map(CaData::File)); + if let Some(ca_data) = ca_data { + let result = match ca_data { + CaData::File(ca_file) => { + let ca_file = if let Some(root) = &maybe_root_path { + root.join(&ca_file) + } else { + PathBuf::from(ca_file) + }; + let certfile = std::fs::File::open(ca_file)?; + let mut reader = BufReader::new(certfile); + rustls_pemfile::certs(&mut reader) + } + CaData::Bytes(data) => { + let mut reader = BufReader::new(Cursor::new(data)); + rustls_pemfile::certs(&mut reader) + } }; - let certfile = std::fs::File::open(ca_file)?; - let mut reader = BufReader::new(certfile); - match rustls_pemfile::certs(&mut reader) { + match result { Ok(certs) => { root_cert_store.add_parsable_certificates(&certs); } @@ -576,7 +587,7 @@ impl CliOptions { get_root_cert_store( None, self.flags.ca_stores.clone(), - self.flags.ca_file.clone(), + self.flags.ca_data.clone(), ) } @@ -722,8 +733,8 @@ impl CliOptions { &self.flags.argv } - pub fn ca_file(&self) -> &Option<String> { - &self.flags.ca_file + pub fn ca_data(&self) -> &Option<CaData> { + &self.flags.ca_data } pub fn ca_stores(&self) -> &Option<Vec<String>> { |