From ab1e391e1d700a68964e899963670e903f498cdf Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Wed, 18 Sep 2024 21:14:26 +0200
Subject: feat(ext/node): add rootCertificates to node:tls (#25707)

Closes https://github.com/denoland/deno/issues/25604

Signed-off-by: Satya Rohith <me@satyarohith.com>
Co-authored-by: Satya Rohith <me@satyarohith.com>
---
 ext/node/polyfills/tls.ts | 57 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

(limited to 'ext/node/polyfills')

diff --git a/ext/node/polyfills/tls.ts b/ext/node/polyfills/tls.ts
index 7d00bc6e5..4cfe9ebd6 100644
--- a/ext/node/polyfills/tls.ts
+++ b/ext/node/polyfills/tls.ts
@@ -7,6 +7,10 @@
 import { notImplemented } from "ext:deno_node/_utils.ts";
 import tlsCommon from "node:_tls_common";
 import tlsWrap from "node:_tls_wrap";
+import { op_get_root_certificates } from "ext:core/ops";
+import { primordials } from "ext:core/mod.js";
+
+const { ObjectFreeze } = primordials;
 
 // openssl -> rustls
 const cipherMap = {
@@ -30,7 +34,58 @@ export function getCiphers() {
   return Object.keys(cipherMap).map((name) => name.toLowerCase());
 }
 
-export const rootCertificates = undefined;
+let lazyRootCertificates: string[] | null = null;
+function ensureLazyRootCertificates(target: string[]) {
+  if (lazyRootCertificates === null) {
+    lazyRootCertificates = op_get_root_certificates() as string[];
+    lazyRootCertificates.forEach((v) => target.push(v));
+    ObjectFreeze(target);
+  }
+}
+export const rootCertificates = new Proxy([] as string[], {
+  // @ts-ignore __proto__ is not in the types
+  __proto__: null,
+  get(target, prop) {
+    ensureLazyRootCertificates(target);
+    return Reflect.get(target, prop);
+  },
+  ownKeys(target) {
+    ensureLazyRootCertificates(target);
+    return Reflect.ownKeys(target);
+  },
+  has(target, prop) {
+    ensureLazyRootCertificates(target);
+    return Reflect.has(target, prop);
+  },
+  getOwnPropertyDescriptor(target, prop) {
+    ensureLazyRootCertificates(target);
+    return Reflect.getOwnPropertyDescriptor(target, prop);
+  },
+  set(target, prop, value) {
+    ensureLazyRootCertificates(target);
+    return Reflect.set(target, prop, value);
+  },
+  defineProperty(target, prop, descriptor) {
+    ensureLazyRootCertificates(target);
+    return Reflect.defineProperty(target, prop, descriptor);
+  },
+  deleteProperty(target, prop) {
+    ensureLazyRootCertificates(target);
+    return Reflect.deleteProperty(target, prop);
+  },
+  isExtensible(target) {
+    ensureLazyRootCertificates(target);
+    return Reflect.isExtensible(target);
+  },
+  preventExtensions(target) {
+    ensureLazyRootCertificates(target);
+    return Reflect.preventExtensions(target);
+  },
+  setPrototypeOf() {
+    return false;
+  },
+});
+
 export const DEFAULT_ECDH_CURVE = "auto";
 export const DEFAULT_MAX_VERSION = "TLSv1.3";
 export const DEFAULT_MIN_VERSION = "TLSv1.2";
-- 
cgit v1.2.3