Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor electron window setCertificateVerifyProc #7185

Merged
merged 3 commits into from
Mar 28, 2023
Merged

Refactor electron window setCertificateVerifyProc #7185

merged 3 commits into from
Mar 28, 2023

Conversation

jakolehm
Copy link
Contributor

Follow-up to #7180

@jakolehm jakolehm added the chore label Feb 17, 2023
@jakolehm jakolehm added this to the 6.4.0 milestone Feb 17, 2023
@jakolehm jakolehm requested a review from Iku-turso February 17, 2023 06:22
@jakolehm jakolehm requested a review from a team as a code owner February 17, 2023 06:22
@jakolehm jakolehm requested review from ixrock and removed request for a team February 17, 2023 06:22
@jakolehm jakolehm modified the milestones: 6.4.0, 6.4.1 Feb 17, 2023
Iku-turso
Iku-turso reviewed Feb 17, 2023
View reviewed changes
...t-main-application/lens-window/application-window/session-certificate-verifier.injectable.ts
Comment on lines +11 to +15
export enum ChromiumNetError {
SUCCESS = 0,
FAILURE = -2,
RESULT_FROM_CHROMIUM = -3,
}
Copy link
Contributor

@Iku-turso Iku-turso Feb 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if there's an official enum for this from eg. electron or chromium itself.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wondering the same, feels bad to include error codes here from chromium... but I could not find anything.

Iku-turso
Iku-turso reviewed Feb 17, 2023
View reviewed changes
...t-main-application/lens-window/application-window/session-certificate-verifier.injectable.ts
const lensProxyCertificate = di.inject(lensProxyCertificateInjectable).get();
const lensProxyX509Cert = new X509Certificate(lensProxyCertificate.cert);

return (request: Request, shouldBeTrusted: CertificateVerificationCallback) => {
Copy link
Contributor

@Iku-turso Iku-turso Feb 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function could be simpler by being named requestCanBeTrustedInjectable, and returning boolean instead of bleeding abstraction of ChromiumNetError. That would mean that call to shouldBeTrusted happens somewhere else, and it would internally translate said boolean to appropriate ChromiumNetError.

The resulting code could be dead-simple such as:

const thereIsTrust = requestCanBeTrusted(request);
shouldBeTrusted(thereIsTrust);

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree. boolean is not a good fit because the return type either YES or MAYBE.

Iku-turso
Iku-turso reviewed Feb 17, 2023
View reviewed changes
...n/start-main-application/lens-window/application-window/create-electron-window.injectable.ts
Comment on lines -122 to +113
browserWindow.webContents.session.setCertificateVerifyProc((request, shouldBeTrusted) => {
const { certificate } = request;
const cert = new X509Certificate(certificate.data);
const shouldTrustCert = cert.raw.length === lensProxyX509Cert.raw.length
&& timingSafeEqual(cert.raw, lensProxyX509Cert.raw);

shouldBeTrusted(shouldTrustCert ? ChromiumNetError.SUCCESS : ChromiumNetError.RESULT_FROM_CHROMIUM);
});
browserWindow.webContents.session.setCertificateVerifyProc(sessionCertificateVerifier);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Responsibility extracted, nice :)

I spent a moment thinking if this responsibility of "certificate verification" should be abstracted to eg. createLensWindowInjectable, and to have no knowledge of Electron. But the implementation seems to be very Electron-specific, making this the correct place.

Iku-turso
Iku-turso previously approved these changes Feb 17, 2023
View reviewed changes
@github-actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@jakolehm jakolehm modified the milestones: 6.4.1, 6.5.0 Feb 28, 2023
@Nokel81 Nokel81 force-pushed the refactor-session-certificate-verify-proc branch from d055f5a to 8134ad4 Compare March 10, 2023 19:11
Nokel81
Nokel81 previously approved these changes Mar 10, 2023
View reviewed changes
@github-actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@Nokel81 Nokel81 force-pushed the refactor-session-certificate-verify-proc branch from 8134ad4 to 80d5b9c Compare March 21, 2023 17:54
jakolehm and others added 3 commits March 27, 2023 15:05
@jakolehm @Nokel81
refactor electron window setCertificateVerifyProc
823da21 
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
@jakolehm @Nokel81
use ChromiumNetError enum in tests
c8414a9 
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
@Nokel81
Fix unit tests
553ba40 
Signed-off-by: Sebastian Malton <sebastian@malton.name>
@Nokel81 Nokel81 force-pushed the refactor-session-certificate-verify-proc branch from 80d5b9c to 553ba40 Compare March 27, 2023 19:09
@Nokel81 Nokel81 merged commit ba4a283 into master Mar 28, 2023
@Nokel81 Nokel81 deleted the refactor-session-certificate-verify-proc branch March 28, 2023 13:42
@Nokel81 Nokel81 mentioned this pull request Apr 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nokel81 Nokel81 Nokel81 approved these changes

@Iku-turso Iku-turso Iku-turso left review comments

@ixrock ixrock Awaiting requested review from ixrock ixrock is a code owner automatically assigned from lensapp/lens-ide

Assignees
No one assigned
Labels
chore
Projects
None yet
Milestone
6.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jakolehm @Iku-turso @Nokel81