diff options
| author | Fabian Dellwing <fabian.dellwing@gmail.com> | 2023-03-27 19:28:27 +0200 |
|---|---|---|
| committer | Andrew Kaster <andrewdkaster@gmail.com> | 2023-04-03 19:58:47 -0600 |
| commit | 459dee1f86f2427264c6ad4eff65a8834f82ded4 (patch) | |
| tree | c345b62f6c8454a02d89da6c04210217f4fd8a70 /Userland/Libraries | |
| parent | 924758c6f8bcf463b5e996e5168d3a01779da912 (diff) | |
| download | serenity-459dee1f86f2427264c6ad4eff65a8834f82ded4.zip | |
LibTLS: Refactor CA loading into central function
Diffstat (limited to 'Userland/Libraries')
| -rw-r--r-- | Userland/Libraries/LibTLS/Certificate.h | 2 | ||||
| -rw-r--r-- | Userland/Libraries/LibTLS/TLSv12.cpp | 27 |
2 files changed, 17 insertions, 12 deletions
diff --git a/Userland/Libraries/LibTLS/Certificate.h b/Userland/Libraries/LibTLS/Certificate.h index 265cc4b789..97f84de0a4 100644 --- a/Userland/Libraries/LibTLS/Certificate.h +++ b/Userland/Libraries/LibTLS/Certificate.h @@ -137,7 +137,7 @@ public: Vector<Certificate> const& certificates() const { return m_ca_certificates; } - void reload_certificates(ByteBuffer&); + ErrorOr<Vector<Certificate>> reload_certificates(ByteBuffer&); static DefaultRootCACertificates& the() { return s_the; } diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp index d2ff01791b..7dc10f0c7f 100644 --- a/Userland/Libraries/LibTLS/TLSv12.cpp +++ b/Userland/Libraries/LibTLS/TLSv12.cpp @@ -499,18 +499,21 @@ DefaultRootCACertificates::DefaultRootCACertificates() return; } auto data = data_result.release_value(); - reload_certificates(data); -} -void DefaultRootCACertificates::reload_certificates(ByteBuffer& data) -{ - auto decode_result = Crypto::decode_pems(data); - if (decode_result.is_error()) { - dbgln("Failed to load CA Certificates: {}", decode_result.error()); + auto reload_result = reload_certificates(data); + if (reload_result.is_error()) { + dbgln("Failed to load CA Certificates: {}", reload_result.error()); return; } - m_ca_certificates.clear(); - auto certs = decode_result.release_value(); + + m_ca_certificates = reload_result.release_value(); +} + +ErrorOr<Vector<Certificate>> DefaultRootCACertificates::reload_certificates(ByteBuffer& data) +{ + Vector<Certificate> certificates; + + auto certs = TRY(Crypto::decode_pems(data)); for (auto& cert : certs) { auto certificate_result = Certificate::parse_asn1(cert.bytes()); @@ -523,12 +526,14 @@ void DefaultRootCACertificates::reload_certificates(ByteBuffer& data) } auto certificate = certificate_result.release_value(); if (certificate.is_certificate_authority && certificate.is_self_signed()) { - m_ca_certificates.append(move(certificate)); + TRY(certificates.try_append(move(certificate))); } else { dbgln("Skipped '{}' because it is not a valid root CA", certificate.subject_identifier_string()); } } - dbgln("Loaded {} of {} ({:.2}%) provided CA Certificates", m_ca_certificates.size(), certs.size(), (m_ca_certificates.size() * 100.0) / certs.size()); + dbgln("Loaded {} of {} ({:.2}%) provided CA Certificates", certificates.size(), certs.size(), (certificates.size() * 100.0) / certs.size()); + + return certificates; } } |