ca certs fixes and tests (#5429)

Co-authored-by: Anoop M D <anoop.md1421@gmail.com>
This commit is contained in:
lohit
2025-09-07 23:06:44 +05:30
committed by GitHub
parent 1bc7a1f655
commit 3c656270b3
57 changed files with 1853 additions and 50 deletions

View File

@@ -1,7 +1,7 @@
const fs = require('fs');
const tls = require('tls');
const fs = require('node:fs');
const path = require('path');
const { get } = require('lodash');
const { getCACertificates } = require('@usebruno/requests');
const { preferencesUtil } = require('../../store/preferences');
const { getBrunoConfig } = require('../../store/bruno-config');
const { interpolateString } = require('./interpolate-string');
@@ -26,15 +26,28 @@ const getCertsAndProxyConfig = async ({
httpsAgentRequestFields['rejectUnauthorized'] = false;
}
if (preferencesUtil.shouldUseCustomCaCertificate()) {
const caCertFilePath = preferencesUtil.getCustomCaCertificateFilePath();
if (caCertFilePath) {
let caCertBuffer = fs.readFileSync(caCertFilePath);
if (preferencesUtil.shouldKeepDefaultCaCertificates()) {
caCertBuffer += '\n' + tls.rootCertificates.join('\n'); // Augment default truststore with custom CA certificates
}
httpsAgentRequestFields['ca'] = caCertBuffer;
}
let caCertFilePath = preferencesUtil.shouldUseCustomCaCertificate() && preferencesUtil.getCustomCaCertificateFilePath();
let caCertificatesWithCertType = getCACertificates({
caCertFilePath,
shouldKeepDefaultCerts: preferencesUtil.shouldKeepDefaultCaCertificates()
});
let caCertificates = caCertificatesWithCertType.map(certData => certData.certificate);
let caCertificateDetails = caCertificatesWithCertType.reduce((details, certificateData) => {
// get the count for each certificate type
details[certificateData.type] += 1;
return details;
}, {
custom: 0,
bundled: 0,
system: 0,
extra: 0
});
// configure HTTPS agent with aggregated CA certificates
if (caCertificates?.length > 0) {
httpsAgentRequestFields['caCertificateDetails'] = caCertificateDetails;
httpsAgentRequestFields['ca'] = caCertificates;
}
const brunoConfig = getBrunoConfig(collectionUid);

View File

@@ -1,3 +1,4 @@
const path = require('node:path');
const _ = require('lodash');
const Store = require('electron-store');
const { isDirectory } = require('../utils/filesystem');
@@ -12,7 +13,9 @@ class LastOpenedCollections {
}
getAll() {
return this.store.get('lastOpenedCollections') || [];
let collections = this.store.get('lastOpenedCollections') || [];
collections = collections.map(collection => path.resolve(collection));
return collections;
}
add(collectionPath) {

View File

@@ -1,5 +1,5 @@
const parseUrl = require('url').parse;
const https = require('https');
const https = require('node:https');
const { HttpsProxyAgent } = require('https-proxy-agent');
const { interpolateString } = require('../ipc/network/interpolate-string');
const { SocksProxyAgent } = require('socks-proxy-agent');
@@ -87,6 +87,10 @@ class PatchedHttpsProxyAgent extends HttpsProxyAgent {
function createTimelineAgentClass(BaseAgentClass) {
return class extends BaseAgentClass {
constructor(options, timeline) {
let caCertificateDetails = options.caCertificateDetails || {};
delete options.caCertificateDetails;
// For proxy agents, the first argument is the proxy URI and the second is options
if (options?.proxy) {
const { proxy: proxyUri, ...agentOptions } = options;
@@ -118,7 +122,7 @@ function createTimelineAgentClass(BaseAgentClass) {
const tlsOptions = {
...options,
rejectUnauthorized: options.rejectUnauthorized ?? true,
};
};
super(tlsOptions);
this.timeline = Array.isArray(timeline) ? timeline : [];
this.alpnProtocols = options.ALPNProtocols || ['h2', 'http/1.1'];
@@ -131,6 +135,8 @@ function createTimelineAgentClass(BaseAgentClass) {
message: `SSL validation: ${tlsOptions.rejectUnauthorized ? 'enabled' : 'disabled'}`,
});
}
this.caCertificateDetails = caCertificateDetails;
}
@@ -146,20 +152,16 @@ function createTimelineAgentClass(BaseAgentClass) {
});
}
// Log CAfile and CApath (if possible)
if (this.caProvided) {
this.timeline.push({
timestamp: new Date(),
type: 'tls',
message: `CA certificates provided`,
});
} else {
this.timeline.push({
timestamp: new Date(),
type: 'tls',
message: `Using system default CA certificates`,
});
}
const bundledCerts = this.caCertificateDetails.bundled || 0;
const systemCerts = this.caCertificateDetails.system || 0;
const extraCerts = this.caCertificateDetails.extra || 0;
const customCerts = this.caCertificateDetails.custom || 0;
this.timeline.push({
timestamp: new Date(),
type: 'tls',
message: `CA Certificates: ${bundledCerts} bundled, ${systemCerts} system, ${extraCerts} extra, ${customCerts} custom`,
});
// Log "Trying host:port..."
this.timeline.push({