From ab1e391e1d700a68964e899963670e903f498cdf Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Wed, 18 Sep 2024 21:14:26 +0200
Subject: feat(ext/node): add rootCertificates to node:tls (#25707)

Closes https://github.com/denoland/deno/issues/25604

Signed-off-by: Satya Rohith <me@satyarohith.com>
Co-authored-by: Satya Rohith <me@satyarohith.com>
---
 ext/node/ops/mod.rs |  1 +
 ext/node/ops/tls.rs | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 ext/node/ops/tls.rs

(limited to 'ext/node/ops')

diff --git a/ext/node/ops/mod.rs b/ext/node/ops/mod.rs
index d11cc7461..b562261f3 100644
--- a/ext/node/ops/mod.rs
+++ b/ext/node/ops/mod.rs
@@ -11,6 +11,7 @@ pub mod ipc;
 pub mod os;
 pub mod process;
 pub mod require;
+pub mod tls;
 pub mod util;
 pub mod v8;
 pub mod vm;
diff --git a/ext/node/ops/tls.rs b/ext/node/ops/tls.rs
new file mode 100644
index 000000000..86b177960
--- /dev/null
+++ b/ext/node/ops/tls.rs
@@ -0,0 +1,29 @@
+// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
+use base64::Engine;
+use deno_core::op2;
+use webpki_root_certs;
+
+#[op2]
+#[serde]
+pub fn op_get_root_certificates() -> Vec<String> {
+  let certs = webpki_root_certs::TLS_SERVER_ROOT_CERTS
+    .iter()
+    .map(|cert| {
+      let b64 = base64::engine::general_purpose::STANDARD.encode(cert);
+      let pem_lines = b64
+        .chars()
+        .collect::<Vec<char>>()
+        // Node uses 72 characters per line, so we need to follow node even though
+        // it's not spec compliant https://datatracker.ietf.org/doc/html/rfc7468#section-2
+        .chunks(72)
+        .map(|c| c.iter().collect::<String>())
+        .collect::<Vec<String>>()
+        .join("\n");
+      let pem = format!(
+        "-----BEGIN CERTIFICATE-----\n{pem_lines}\n-----END CERTIFICATE-----\n",
+      );
+      pem
+    })
+    .collect::<Vec<String>>();
+  certs
+}
-- 
cgit v1.2.3