From 0066ca4ea2f3aeb564ef3ba281b09b86007a4c68 Mon Sep 17 00:00:00 2001
From: Sebastian Malton <sebastian@malton.name>
Date: Tue, 24 Jan 2023 09:30:38 -0800
Subject: [PATCH] Change renderer attempting to load CAs to go through main
 (#7003)

* Move files to features/ to simplify structure

Signed-off-by: Sebastian Malton <sebastian@malton.name>

* Request string CAs from main on renderer

Signed-off-by: Sebastian Malton <sebastian@malton.name>

* Fix override

Signed-off-by: Sebastian Malton <sebastian@malton.name>

Signed-off-by: Sebastian Malton <sebastian@malton.name>
---
 .../certificate-authorities/common/channel.ts |  8 ++++++
 .../common}/inject-system-cas.injectable.ts   |  0
 .../common}/request-system-cas-token.ts       |  0
 ...-handler.global-override-for-injectable.ts | 13 ++++++++++
 .../main/channel-handler.injectable.ts        | 25 +++++++++++++++++++
 .../request-system-cas.injectable.darwin.ts   |  8 +++---
 .../request-system-cas.injectable.linux.ts    |  2 +-
 ...quest-system-cas.injectable.testing-env.ts |  2 +-
 .../request-system-cas.injectable.win32.ts    |  6 ++---
 .../renderer/request-system-cas.injectable.ts | 20 +++++++++++++++
 .../runnables/setup-system-ca.injectable.ts   |  2 +-
 .../root-frame/setup-system-ca.injectable.ts  |  2 +-
 12 files changed, 77 insertions(+), 11 deletions(-)
 create mode 100644 src/features/certificate-authorities/common/channel.ts
 rename src/{common/certificate-authorities => features/certificate-authorities/common}/inject-system-cas.injectable.ts (100%)
 rename src/{common/certificate-authorities => features/certificate-authorities/common}/request-system-cas-token.ts (100%)
 create mode 100644 src/features/certificate-authorities/main/channel-handler.global-override-for-injectable.ts
 create mode 100644 src/features/certificate-authorities/main/channel-handler.injectable.ts
 rename src/{common/certificate-authorities => features/certificate-authorities/main}/request-system-cas.injectable.darwin.ts (86%)
 rename src/{common/certificate-authorities => features/certificate-authorities/main}/request-system-cas.injectable.linux.ts (83%)
 rename src/{common/certificate-authorities => features/certificate-authorities/main}/request-system-cas.injectable.testing-env.ts (83%)
 rename src/{common/certificate-authorities => features/certificate-authorities/main}/request-system-cas.injectable.win32.ts (87%)
 create mode 100644 src/features/certificate-authorities/renderer/request-system-cas.injectable.ts

diff --git a/src/features/certificate-authorities/common/channel.ts b/src/features/certificate-authorities/common/channel.ts
new file mode 100644
index 0000000000..5fb58ee1ca
--- /dev/null
+++ b/src/features/certificate-authorities/common/channel.ts
@@ -0,0 +1,8 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+
+import { getRequestChannel } from "../../../common/utils/channel/get-request-channel";
+
+export const casChannel = getRequestChannel<void, string[]>("certificate-authorities");
diff --git a/src/common/certificate-authorities/inject-system-cas.injectable.ts b/src/features/certificate-authorities/common/inject-system-cas.injectable.ts
similarity index 100%
rename from src/common/certificate-authorities/inject-system-cas.injectable.ts
rename to src/features/certificate-authorities/common/inject-system-cas.injectable.ts
diff --git a/src/common/certificate-authorities/request-system-cas-token.ts b/src/features/certificate-authorities/common/request-system-cas-token.ts
similarity index 100%
rename from src/common/certificate-authorities/request-system-cas-token.ts
rename to src/features/certificate-authorities/common/request-system-cas-token.ts
diff --git a/src/features/certificate-authorities/main/channel-handler.global-override-for-injectable.ts b/src/features/certificate-authorities/main/channel-handler.global-override-for-injectable.ts
new file mode 100644
index 0000000000..d8346706bb
--- /dev/null
+++ b/src/features/certificate-authorities/main/channel-handler.global-override-for-injectable.ts
@@ -0,0 +1,13 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+
+import { getGlobalOverride } from "../../../common/test-utils/get-global-override";
+import { casChannel } from "../common/channel";
+import certificateAuthoritiesChannelListenerInjectable from "./channel-handler.injectable";
+
+export default getGlobalOverride(certificateAuthoritiesChannelListenerInjectable, () => ({
+  channel: casChannel,
+  handler: () => [],
+}));
diff --git a/src/features/certificate-authorities/main/channel-handler.injectable.ts b/src/features/certificate-authorities/main/channel-handler.injectable.ts
new file mode 100644
index 0000000000..300b69c383
--- /dev/null
+++ b/src/features/certificate-authorities/main/channel-handler.injectable.ts
@@ -0,0 +1,25 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getRequestChannelListenerInjectable } from "../../../main/utils/channel/channel-listeners/listener-tokens";
+import { casChannel } from "../common/channel";
+import { globalAgent } from "https";
+import { isString } from "../../../common/utils";
+
+const certificateAuthoritiesChannelListenerInjectable = getRequestChannelListenerInjectable({
+  channel: casChannel,
+  handler: () => () => {
+    if (Array.isArray(globalAgent.options.ca)) {
+      return globalAgent.options.ca.filter(isString);
+    }
+
+    if (typeof globalAgent.options.ca === "string") {
+      return [globalAgent.options.ca];
+    }
+
+    return [];
+  },
+});
+
+export default certificateAuthoritiesChannelListenerInjectable;
diff --git a/src/common/certificate-authorities/request-system-cas.injectable.darwin.ts b/src/features/certificate-authorities/main/request-system-cas.injectable.darwin.ts
similarity index 86%
rename from src/common/certificate-authorities/request-system-cas.injectable.darwin.ts
rename to src/features/certificate-authorities/main/request-system-cas.injectable.darwin.ts
index c471c954e4..62cf75f6ff 100644
--- a/src/common/certificate-authorities/request-system-cas.injectable.darwin.ts
+++ b/src/features/certificate-authorities/main/request-system-cas.injectable.darwin.ts
@@ -3,10 +3,10 @@
  * Licensed under MIT License. See LICENSE in root directory for more information.
  */
 import { getInjectable } from "@ogre-tools/injectable";
-import execFileInjectable from "../fs/exec-file.injectable";
-import loggerInjectable from "../logger.injectable";
-import type { AsyncResult } from "../utils/async-result";
-import { requestSystemCAsInjectionToken } from "./request-system-cas-token";
+import execFileInjectable from "../../../common/fs/exec-file.injectable";
+import loggerInjectable from "../../../common/logger.injectable";
+import type { AsyncResult } from "../../../common/utils/async-result";
+import { requestSystemCAsInjectionToken } from "../common/request-system-cas-token";
 
 // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Cheatsheet#other_assertions
 const certSplitPattern = /(?=-----BEGIN\sCERTIFICATE-----)/g;
diff --git a/src/common/certificate-authorities/request-system-cas.injectable.linux.ts b/src/features/certificate-authorities/main/request-system-cas.injectable.linux.ts
similarity index 83%
rename from src/common/certificate-authorities/request-system-cas.injectable.linux.ts
rename to src/features/certificate-authorities/main/request-system-cas.injectable.linux.ts
index 1d7bf10350..cffd0d172a 100644
--- a/src/common/certificate-authorities/request-system-cas.injectable.linux.ts
+++ b/src/features/certificate-authorities/main/request-system-cas.injectable.linux.ts
@@ -3,7 +3,7 @@
  * Licensed under MIT License. See LICENSE in root directory for more information.
  */
 import { getInjectable } from "@ogre-tools/injectable";
-import { requestSystemCAsInjectionToken } from "./request-system-cas-token";
+import { requestSystemCAsInjectionToken } from "../common/request-system-cas-token";
 
 const requestSystemCAsInjectable = getInjectable({
   id: "request-system-cas",
diff --git a/src/common/certificate-authorities/request-system-cas.injectable.testing-env.ts b/src/features/certificate-authorities/main/request-system-cas.injectable.testing-env.ts
similarity index 83%
rename from src/common/certificate-authorities/request-system-cas.injectable.testing-env.ts
rename to src/features/certificate-authorities/main/request-system-cas.injectable.testing-env.ts
index 1d7bf10350..cffd0d172a 100644
--- a/src/common/certificate-authorities/request-system-cas.injectable.testing-env.ts
+++ b/src/features/certificate-authorities/main/request-system-cas.injectable.testing-env.ts
@@ -3,7 +3,7 @@
  * Licensed under MIT License. See LICENSE in root directory for more information.
  */
 import { getInjectable } from "@ogre-tools/injectable";
-import { requestSystemCAsInjectionToken } from "./request-system-cas-token";
+import { requestSystemCAsInjectionToken } from "../common/request-system-cas-token";
 
 const requestSystemCAsInjectable = getInjectable({
   id: "request-system-cas",
diff --git a/src/common/certificate-authorities/request-system-cas.injectable.win32.ts b/src/features/certificate-authorities/main/request-system-cas.injectable.win32.ts
similarity index 87%
rename from src/common/certificate-authorities/request-system-cas.injectable.win32.ts
rename to src/features/certificate-authorities/main/request-system-cas.injectable.win32.ts
index 4940aa2a7b..9e5d5d8caf 100644
--- a/src/common/certificate-authorities/request-system-cas.injectable.win32.ts
+++ b/src/features/certificate-authorities/main/request-system-cas.injectable.win32.ts
@@ -3,9 +3,9 @@
  * Licensed under MIT License. See LICENSE in root directory for more information.
  */
 import { getInjectable } from "@ogre-tools/injectable";
-import execFileInjectable from "../fs/exec-file.injectable";
-import loggerInjectable from "../logger.injectable";
-import { requestSystemCAsInjectionToken } from "./request-system-cas-token";
+import execFileInjectable from "../../../common/fs/exec-file.injectable";
+import loggerInjectable from "../../../common/logger.injectable";
+import { requestSystemCAsInjectionToken } from "../common/request-system-cas-token";
 
 const pemEncoding = (hexEncodedCert: String) => {
   const certData = Buffer.from(hexEncodedCert, "hex").toString("base64");
diff --git a/src/features/certificate-authorities/renderer/request-system-cas.injectable.ts b/src/features/certificate-authorities/renderer/request-system-cas.injectable.ts
new file mode 100644
index 0000000000..e3c840a95a
--- /dev/null
+++ b/src/features/certificate-authorities/renderer/request-system-cas.injectable.ts
@@ -0,0 +1,20 @@
+/**
+ * Copyright (c) OpenLens Authors. All rights reserved.
+ * Licensed under MIT License. See LICENSE in root directory for more information.
+ */
+import { getInjectable } from "@ogre-tools/injectable";
+import { requestFromChannelInjectionToken } from "../../../common/utils/channel/request-from-channel-injection-token";
+import { casChannel } from "../common/channel";
+import { requestSystemCAsInjectionToken } from "../common/request-system-cas-token";
+
+const requestSystemCAsInjectable = getInjectable({
+  id: "request-system-cas",
+  instantiate: (di) => {
+    const requestFromChannel = di.inject(requestFromChannelInjectionToken);
+
+    return () => requestFromChannel(casChannel);
+  },
+  injectionToken: requestSystemCAsInjectionToken,
+});
+
+export default requestSystemCAsInjectable;
diff --git a/src/main/start-main-application/runnables/setup-system-ca.injectable.ts b/src/main/start-main-application/runnables/setup-system-ca.injectable.ts
index b5219dbf4f..e819c42596 100644
--- a/src/main/start-main-application/runnables/setup-system-ca.injectable.ts
+++ b/src/main/start-main-application/runnables/setup-system-ca.injectable.ts
@@ -4,7 +4,7 @@
  */
 import { getInjectable } from "@ogre-tools/injectable";
 import { beforeApplicationIsLoadingInjectionToken } from "../runnable-tokens/before-application-is-loading-injection-token";
-import injectSystemCAsInjectable from "../../../common/certificate-authorities/inject-system-cas.injectable";
+import injectSystemCAsInjectable from "../../../features/certificate-authorities/common/inject-system-cas.injectable";
 
 const setupSystemCaInjectable = getInjectable({
   id: "setup-system-ca",
diff --git a/src/renderer/frames/root-frame/setup-system-ca.injectable.ts b/src/renderer/frames/root-frame/setup-system-ca.injectable.ts
index 557d87c81f..4fe4d07758 100644
--- a/src/renderer/frames/root-frame/setup-system-ca.injectable.ts
+++ b/src/renderer/frames/root-frame/setup-system-ca.injectable.ts
@@ -4,7 +4,7 @@
  */
 import { getInjectable } from "@ogre-tools/injectable";
 import { beforeFrameStartsSecondInjectionToken } from "../../before-frame-starts/tokens";
-import injectSystemCAsInjectable from "../../../common/certificate-authorities/inject-system-cas.injectable";
+import injectSystemCAsInjectable from "../../../features/certificate-authorities/common/inject-system-cas.injectable";
 
 const setupSystemCaInjectable = getInjectable({
   id: "setup-system-ca",