From ccab5fda1ce8e176b4f95751543b79f3a82ab141 Mon Sep 17 00:00:00 2001
From: Jari Kolehmainen <jari.kolehmainen@gmail.com>
Date: Wed, 8 Feb 2023 12:51:55 +0200
Subject: [PATCH] Use setCertificateVerifyProc to verify lens proxy certificate
 (#7118)

Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
---
 .../create-electron-window.injectable.ts      | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/packages/core/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts b/packages/core/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts
index 67185ec2bf..fde9348234 100644
--- a/packages/core/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts
+++ b/packages/core/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts
@@ -27,6 +27,12 @@ export interface UrlSource {
 }
 export type ContentSource = RequireExactlyOne<FileSource & UrlSource>;
 
+enum ChromiumNetError {
+  SUCCESS = 0,
+  FAILURE = 1,
+  RESULT_FROM_CHROMIUM,
+}
+
 export interface ElectronWindowConfiguration {
   id: string;
   title: string;
@@ -112,6 +118,15 @@ const createElectronWindowInjectable = getInjectable({
 
       applicationWindowState.manage(browserWindow);
 
+      browserWindow.webContents.session.setCertificateVerifyProc((request, shouldBeTrusted) => {
+        const { certificate } = request;
+        const cert = new X509Certificate(certificate.data);
+        const shouldTrustCert = cert.raw.length === lensProxyX509Cert.raw.length
+          && timingSafeEqual(cert.raw, lensProxyX509Cert.raw);
+
+        shouldBeTrusted(shouldTrustCert ? ChromiumNetError.SUCCESS : ChromiumNetError.RESULT_FROM_CHROMIUM);
+      });
+
       browserWindow
         .on("focus", () => {
           configuration.onFocus?.();
@@ -126,13 +141,6 @@ const createElectronWindowInjectable = getInjectable({
         .webContents.on("dom-ready", () => {
           configuration.onDomReady?.();
         })
-        .on("certificate-error", (event, url, error, certificate, shouldBeTrusted) => {
-          const cert = new X509Certificate(certificate.data);
-          const shouldTrustCert = cert.raw.length === lensProxyX509Cert.raw.length
-            && timingSafeEqual(cert.raw, lensProxyX509Cert.raw);
-
-          shouldBeTrusted(shouldTrustCert);
-        })
         .on("did-fail-load", (_event, code, desc) => {
           logger.error(
             `[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`,