Skip to content

Manage the HTTPS certificate from the menu and ask Safari users to install it at startup #941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MatteoPologruto merged 19 commits into from
May 8, 2024
Merged

Manage the HTTPS certificate from the menu and ask Safari users to install it at startup #941

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
64bb346
Add function to retrieve certificates expiration date
MatteoPologruto Apr 23, 2024
0cb308a
Check the certificate expiration date
MatteoPologruto Apr 23, 2024
431dc58
Obtain certificates info using the systray icon
MatteoPologruto Apr 24, 2024
0463976
Manage errors that may occur retrieving certificates expiration date
MatteoPologruto Apr 24, 2024
6a0017f
Obtain default browser name on macOS
MatteoPologruto Apr 30, 2024
f80791d
Prompt Safari users to install HTTPS certificates and check if they a…
MatteoPologruto Apr 30, 2024
40f50f4
Skip some tests on macOS because the user is prompted to install cert…
MatteoPologruto May 2, 2024
f1f76a3
Set installCerts value in config.ini if certicates are manually insta…
MatteoPologruto May 2, 2024
88495ca
Always set installCerts if the certificates exist
MatteoPologruto May 2, 2024
a438fed
Add "Arduino Agent" to the title of dialogs
Xayton May 2, 2024
66ba136
Fix check for pressed buttons
Xayton May 2, 2024
52961e2
Move osascript execution function to Utilities to avoid code duplication
MatteoPologruto May 6, 2024
a759046
Modify certificate management from the systray menu
MatteoPologruto May 6, 2024
46ceb5d
Install certificates if they are missing and the flag inside the conf…
MatteoPologruto May 7, 2024
144515b
Avoid code duplication
MatteoPologruto May 7, 2024
e9c71b3
Fix button order and title
Xayton May 7, 2024
1ba5ed1
Do not restart the Agent if no action is performed on the certificate
MatteoPologruto May 7, 2024
1ec7171
Do not modify the config if the default browser is not Safari
MatteoPologruto May 7, 2024
27d8b76
Small messages/titles fixes
Xayton May 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Prompt Safari users to install HTTPS certificates and check if they a… 
…re outdated when the Agent is started
  • Loading branch information
@MatteoPologruto
MatteoPologruto committed May 8, 2024
commit f80791d84cb9a7b7c8bb0c0d06b55087c31a8bf6
35 changes: 35 additions & 0 deletions certificates/certificates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"math/big"
"net"
"os"
"os/exec"
"time"

"github.com/arduino/go-paths-helper"
Expand Down Expand Up @@ -278,3 +279,37 @@ func isExpired() (bool, error) {
date, _ := time.Parse(time.DateTime, dateS)
return date.Before(bound), nil
}

// PromptInstallCertsSafari prompts the user to install the HTTPS certificates if they are using Safari
func PromptInstallCertsSafari() bool {
if GetDefaultBrowserName() != "Safari" {
return false
}
oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nIf you use Safari, you need to install it.\" buttons {\"Do not install\", \"Install the certificate for Safari\"} default button 2 with title \"Install Certificates\"")
pressed, _ := oscmd.Output()
return string(pressed) == "button returned:Install the certificate for Safari"
}

// PromptExpiredCerts prompts the user to update the HTTPS certificates if they are using Safari
func PromptExpiredCerts(certDir *paths.Path) {
if expired, err := isExpired(); err != nil {
log.Errorf("cannot check if certificates are expired something went wrong: %s", err)
} else if expired {
oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nYour certificate is expired or close to expiration. Do you want to update it?\" buttons {\"Do not update\", \"Update the certificate for Safari\"} default button 2 with title \"Update Certificates\"")
if pressed, _ := oscmd.Output(); string(pressed) == "button returned:Update the certificate for Safari" {
err := UninstallCertificates()
if err != nil {
log.Errorf("cannot uninstall certificates something went wrong: %s", err)
} else {
DeleteCertificates(certDir)
GenerateCertificates(certDir)
err := InstallCertificate(certDir.Join("ca.cert.cer"))
// if something goes wrong during the cert install we remove them, so the user is able to retry
if err != nil {
log.Errorf("cannot install certificates something went wrong: %s", err)
DeleteCertificates(certDir)
}
}
}
}
}
60 changes: 60 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ var (
verbose = iniConf.Bool("v", true, "show debug logging")
crashreport = iniConf.Bool("crashreport", false, "enable crashreport logging")
autostartMacOS = iniConf.Bool("autostartMacOS", true, "the Arduino Create Agent is able to start automatically after login on macOS (launchd agent)")
installCerts = iniConf.Bool("installCerts", false, "install the HTTPS certificate for Safari and keep it updated")
)

// the ports filter provided by the user via the -regex flag, if any
Expand Down Expand Up @@ -220,6 +221,34 @@ func loop() {
configPath = config.GenerateConfig(configDir)
}

// if the default browser is Safari, prompt the user to install HTTPS certificates
// and eventually install them
if runtime.GOOS == "darwin" {
if exist, err := installCertsKeyExists(configPath.String()); err != nil {
log.Panicf("config.ini cannot be parsed: %s", err)
} else if !exist {
if cert.PromptInstallCertsSafari() {
err = modifyIni(configPath.String(), "true")
if err != nil {
log.Panicf("config.ini cannot be parsed: %s", err)
}
certDir := config.GetCertificatesDir()
cert.GenerateCertificates(certDir)
err := cert.InstallCertificate(certDir.Join("ca.cert.cer"))
// if something goes wrong during the cert install we remove them, so the user is able to retry
if err != nil {
log.Errorf("cannot install certificates something went wrong: %s", err)
cert.DeleteCertificates(certDir)
}
} else {
err = modifyIni(configPath.String(), "false")
if err != nil {
log.Panicf("config.ini cannot be parsed: %s", err)
}
}
}
}

// Parse the config.ini
args, err := parseIni(configPath.String())
if err != nil {
Expand Down Expand Up @@ -342,6 +371,13 @@ func loop() {
}
}

// check if the HTTPS certificates are expired and prompt the user to update them on macOS
if runtime.GOOS == "darwin" {
if *installCerts && config.CertsExist() {
cert.PromptExpiredCerts(config.GetCertificatesDir())
}
}

// launch the discoveries for the running system
go serialPorts.Run()
// launch the hub routine which is the singleton for the websocket server
Expand Down Expand Up @@ -487,3 +523,27 @@ func parseIni(filename string) (args []string, err error) {

return args, nil
}

func modifyIni(filename string, value string) error {
cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
if err != nil {
return err
}
_, err = cfg.Section("").NewKey("installCerts", value)
if err != nil {
return err
}
err = cfg.SaveTo(filename)
if err != nil {
return err
}
return nil
}

func installCertsKeyExists(filename string) (bool, error) {
cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
if err != nil {
return false, err
}
return cfg.Section("").HasKey("installCerts"), nil
}