From 69ec45eac76c63ea973c68479ea4f0bbf58b29e9 Mon Sep 17 00:00:00 2001
From: Andreu Botella <andreu@andreubotella.com>
Date: Tue, 17 Jan 2023 16:18:24 -0800
Subject: refactor(cli): Integrate standalone mode cert handling into `Flags`
 (#17419)

The way the standalone mode handles the `--cert` flag is different to
all other modes. This is because `--cert` takes a path to the
certificate file, which is directly added to the root cert store; except
for compile mode, where its byte contents are stored in the standalone
metadata, and they are added to the root cert store after the
`ProcState` is created.

This change instead changes `Flags::ca_file` (an `Option<String>`) into
`Flags::ca_data`, which can represent a `String` file path or a
`Vec<u8>` with the certificate contents. That way, standalone mode can
create a `ProcState` whose root cert store alreay contains the
certificate.

This change also adds a tests for certificates in standalone mode, since
there weren't any before.

This refactor will help with implementing web workers in standalone mode
in the future.
---
 cli/args/flags.rs | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

(limited to 'cli/args/flags.rs')

diff --git a/cli/args/flags.rs b/cli/args/flags.rs
index 903f93639..c6c922bd6 100644
--- a/cli/args/flags.rs
+++ b/cli/args/flags.rs
@@ -291,6 +291,15 @@ impl Default for ConfigFlag {
   }
 }
 
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum CaData {
+  /// The string is a file path
+  File(String),
+  /// This variant is not exposed as an option in the CLI, it is used internally
+  /// for standalone binaries.
+  Bytes(Vec<u8>),
+}
+
 #[derive(Clone, Debug, Eq, PartialEq, Default)]
 pub struct Flags {
   /// Vector of CLI arguments - these are user script arguments, all Deno
@@ -308,7 +317,7 @@ pub struct Flags {
   pub allow_sys: Option<Vec<String>>,
   pub allow_write: Option<Vec<PathBuf>>,
   pub ca_stores: Option<Vec<String>>,
-  pub ca_file: Option<String>,
+  pub ca_data: Option<CaData>,
   pub cache_blocklist: Vec<String>,
   /// This is not exposed as an option in the CLI, it is used internally when
   /// the language server is configured with an explicit cache option.
@@ -3091,7 +3100,10 @@ fn reload_arg_parse(flags: &mut Flags, matches: &ArgMatches) {
 }
 
 fn ca_file_arg_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
-  flags.ca_file = matches.value_of("cert").map(ToOwned::to_owned);
+  flags.ca_data = matches
+    .value_of("cert")
+    .map(ToOwned::to_owned)
+    .map(CaData::File);
 }
 
 fn enable_testing_features_arg_parse(
@@ -4276,7 +4288,7 @@ mod tests {
         reload: true,
         lock: Some(PathBuf::from("lock.json")),
         lock_write: true,
-        ca_file: Some("example.crt".to_string()),
+        ca_data: Some(CaData::File("example.crt".to_string())),
         cached_only: true,
         location: Some(Url::parse("https://foo/").unwrap()),
         v8_flags: svec!["--help", "--random-seed=1"],
@@ -4370,7 +4382,7 @@ mod tests {
         reload: true,
         lock: Some(PathBuf::from("lock.json")),
         lock_write: true,
-        ca_file: Some("example.crt".to_string()),
+        ca_data: Some(CaData::File("example.crt".to_string())),
         cached_only: true,
         location: Some(Url::parse("https://foo/").unwrap()),
         v8_flags: svec!["--help", "--random-seed=1"],
@@ -5036,7 +5048,7 @@ mod tests {
         reload: true,
         lock: Some(PathBuf::from("lock.json")),
         lock_write: true,
-        ca_file: Some("example.crt".to_string()),
+        ca_data: Some(CaData::File("example.crt".to_string())),
         cached_only: true,
         v8_flags: svec!["--help", "--random-seed=1"],
         seed: Some(1),
@@ -5608,7 +5620,7 @@ mod tests {
         subcommand: DenoSubcommand::Run(RunFlags {
           script: "script.ts".to_string(),
         }),
-        ca_file: Some("example.crt".to_owned()),
+        ca_data: Some(CaData::File("example.crt".to_owned())),
         ..Flags::default()
       }
     );
@@ -5856,7 +5868,7 @@ mod tests {
           out_file: None,
         }),
         type_check_mode: TypeCheckMode::Local,
-        ca_file: Some("example.crt".to_owned()),
+        ca_data: Some(CaData::File("example.crt".to_owned())),
         ..Flags::default()
       }
     );
@@ -5875,7 +5887,7 @@ mod tests {
           version: None,
           output: None,
         }),
-        ca_file: Some("example.crt".to_owned()),
+        ca_data: Some(CaData::File("example.crt".to_owned())),
         ..Flags::default()
       }
     );
@@ -5897,7 +5909,7 @@ mod tests {
         subcommand: DenoSubcommand::Cache(CacheFlags {
           files: svec!["script.ts", "script_two.ts"],
         }),
-        ca_file: Some("example.crt".to_owned()),
+        ca_data: Some(CaData::File("example.crt".to_owned())),
         ..Flags::default()
       }
     );
@@ -5919,7 +5931,7 @@ mod tests {
           json: false,
           file: Some("https://example.com".to_string()),
         }),
-        ca_file: Some("example.crt".to_owned()),
+        ca_data: Some(CaData::File("example.crt".to_owned())),
         ..Flags::default()
       }
     );
@@ -6093,7 +6105,7 @@ mod tests {
         reload: true,
         lock: Some(PathBuf::from("lock.json")),
         lock_write: true,
-        ca_file: Some("example.crt".to_string()),
+        ca_data: Some(CaData::File("example.crt".to_string())),
         cached_only: true,
         location: Some(Url::parse("https://foo/").unwrap()),
         allow_read: Some(vec![]),
-- 
cgit v1.2.3