hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

Replace buggy mac-ca dep with own injectMacCA()

Browse Source 
Signed-off-by: Hung-Han (Henry) Chen <1474479+chenhunghan@users.noreply.github.com>
This commit is contained in:
Hung-Han (Henry) Chen 2020-12-04 14:47:07 +08:00
parent e510ec3880
commit 08fa0c6d63
No known key found for this signature in database
GPG Key ID: A28B7834EFA73792
2 changed files with 53 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/common/system-ca.test.ts Normal file
View File

@ -0,0 +1,31 @@
import https from "https";
import { injectMacCA } from "./system-ca";
import { dependencies, devDependencies } from "../../package.json";
describe("injectMacCA()", () => {
// for reset https.globalAgent.options.ca after testing
let _ca: string | Buffer | (string | Buffer)[];
beforeEach(() => {
_ca = https.globalAgent.options.ca;
});
afterEach(() => {
https.globalAgent.options.ca = _ca;
});
const deps = { ...dependencies, ...devDependencies };
// skip the test if mac-ca is not installed
(deps["mac-ca"] ? it: it.skip)("should inject the same ca as mac-ca", async () => {
injectMacCA();
const injected = https.globalAgent.options.ca;
await import("mac-ca");
const injectedByMacCA = https.globalAgent.options.ca;
// @ts-ignore
expect(new Set(injected)).toEqual(new Set(injectedByMacCA));
});
});

32
src/common/system-ca.ts
View File

@ -1,16 +1,28 @@
import { isMac, isWindows } from "./vars";
import winca from "win-ca";
import macca from "mac-ca";
import logger from "../main/logger";
import { spawnSync } from "child_process";
import https from "https";
if (isMac) {
for (const crt of macca.all()) {
const attributes = crt.issuer?.attributes?.map((a: any) => `${a.name}=${a.value}`);
const injectMacCA = () => {
// inspired mac-ca (abandoned by author)
// https://github.com/jfromaniello/mac-ca
const args = ["find-certificate", "-a", "-p"];
const splitPattern = /(?=-----BEGIN\sCERTIFICATE-----)/g;
const systemRootCertsPath = "/System/Library/Keychains/SystemRootCertificates.keychain";
const trusted = spawnSync("/usr/bin/security", args).stdout.toString().split(splitPattern);
const rootCerts = spawnSync("/usr/bin/security", args.concat(systemRootCertsPath)).stdout.toString().split(splitPattern);
const certs = [...new Set([...trusted, ...rootCerts])];
logger.debug(`Using host CA: ${attributes.join(",")}`);
for (const cert of certs) {
if (Array.isArray(https.globalAgent.options.ca)) {
!https.globalAgent.options.ca.includes(cert) && https.globalAgent.options.ca.push(cert);
} else {
https.globalAgent.options.ca = [cert];
}
}
}
};
if (isWindows) {
winca.inject("+"); // see: https://github.com/ukoloff/win-ca#caveats
}
isMac && injectMacCA();
isWindows && winca.inject("+"); // see: https://github.com/ukoloff/win-ca#caveats
export { injectMacCA };