Use multiline strings.

src/certificate-roots.toit

@@ -10692,6 +10692,7 @@ The certificates can also be used for the --root-certificates
   argument of TLS sockets.
 */
 MAP ::= {
+  "AAA Certificate Services": COMODO-AAA-SERVICES-ROOT,
   "AC RAIZ FNMT-RCM": AC-RAIZ-FNMT-RCM,
   "AC RAIZ FNMT-RCM SERVIDORES SEGUROS": AC-RAIZ-FNMT-RCM-SERVIDORES-SEGUROS,
   "ACCVRAIZ1": ACCVRAIZ1,
@@ -10843,7 +10844,6 @@ MAP ::= {
   "emSign Root CA - G1": EMSIGN-ROOT-CA-G1,
   "vTrus ECC Root CA": VTRUS-ECC-ROOT-CA,
   "vTrus Root CA": VTRUS-ROOT-CA,
-  "AAA Certificate Services": COMODO-AAA-SERVICES-ROOT,
 }
 
 /**
@@ -11017,7 +11017,7 @@ ALL ::= [
   EMSIGN-ROOT-CA-C1,
   EMSIGN-ROOT-CA-G1,
   VTRUS-ECC-ROOT-CA,
-  VTRUS-ROOT-CA,
+  VTRUS-ROOT-CA
 ]
 
 /**

tools/to_toit_source.toit

@@ -31,12 +31,13 @@ class Cert:
   constructor .mixed-case-name .name .sha-fingerprint .data --.expiry=null --.subject=null --.comment=null --.is-deprecated=false:
 
   print-on-stdout -> none:
-    print "/**"
-    print "$(mixed-case-name)."
-    print "This certificate can be added to an HTTP client or a TLS socket with"
-    print "  the --root_certificates argument."
-    print "It can also be installed on the Toit process, to be used by all TLS"
-    print "  sockets that do not have explicit roots, using its install method."
+    print """
+      /**
+      $(mixed-case-name).
+      This certificate can be added to an HTTP client or a TLS socket with
+        the --root_certificates argument.
+      It can also be installed on the Toit process, to be used by all TLS
+        sockets that do not have explicit roots, using its install method."""
     if comment: print comment
     if sha-fingerprint != null:
       print "SHA256 fingerprint: $sha-fingerprint"
@@ -48,8 +49,9 @@ class Cert:
 
     print "*/"
     if is-deprecated:
-      print "$name ::= $(name)_"
-      print "$(name)_ ::= tls.RootCertificate --fingerprint=0x$(%x hash) $(name)-BYTES_"
+      print """
+          $name ::= $(name)_
+          $(name)_ ::= tls.RootCertificate --fingerprint=0x$(%x hash) $(name)-BYTES_"""
     else:
       print "$name ::= tls.RootCertificate --fingerprint=0x$(%x hash) $(name)-BYTES_"
     print ""
@@ -80,6 +82,15 @@ encode-byte_ byte/int --extra/int=0 [report-extra]-> string:
       return alt
   unreachable
 
+to-json-map-string map/Map -> string:
+  result := "{\n"
+  map.keys.sort.map: | key |
+    result += "  \"$key\": $(map[key]),\n"
+  return result + "}"
+
+to-json-list-string list/List -> string:
+  return "[\n  $(list.join ",\n  ")\n]"
+
 main args/List:
   in-cert-data := false
   name := null
@@ -90,22 +101,23 @@ main args/List:
   all-certs := {:}  // Mapping from name in the input to Cert object.
   cert-code := []
 
-  print "/// Root certificates, automatically extracted from Mozilla's NSS"
-  print ""
-  print "// This file was autogenerated from certdata.txt, which carried the"
-  print "// following copyright message:"
-  print ""
-  print "// This Source Code Form is subject to the terms of the Mozilla Public"
-  print "// License, v. 2.0. If a copy of the MPL was not distributed with this"
-  print "// file, You can obtain one at http://mozilla.org/MPL/2.0/."
-  print ""
-  print "import encoding.base64"
-  print "import net.x509 as net"
-  print "import tls"
-  print ""
-  print "import .get-root"
-  print "export get-root-from-exception"
-  print ""
+  print """
+      /// Root certificates, automatically extracted from Mozilla's NSS
+
+      // This file was autogenerated from certdata.txt, which carried the
+      // following copyright message:
+
+      // This Source Code Form is subject to the terms of the Mozilla Public
+      // License, v. 2.0. If a copy of the MPL was not distributed with this
+      // file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+      import encoding.base64
+      import net.x509 as net
+      import tls
+
+      import .get-root
+      export get-root-from-exception
+      """
 
   tr := Translator "a-z ._" "A-Z-"
   squeeze := Translator --squeeze "-" "-"
@@ -151,85 +163,88 @@ main args/List:
     cert/Cert := all-certs[mixed-case-name]
     cert.print-on-stdout
 
-  print ""
-  print "/**"
-  print "A map from certificate name to \$tls.RootCertificate objects."
-  print "The certificates can be installed as globally trusted"
-  print "  roots using their \$tls.RootCertificate.install method."
-  print "The certificates can also be used for the --root-certificates"
-  print "  argument of TLS sockets."
-  print "*/"
-  print "MAP ::= {"
+  out-map := {:}
   names.do: | mixed-case-name |
-    cert := all-certs[mixed-case-name]
+    cert/Cert := all-certs[mixed-case-name]
     if not cert.name.contains "TUNTRUST":
-      print "  \"$mixed-case-name\": $(cert.name),"
-  print "  \"AAA Certificate Services\": COMODO-AAA-SERVICES-ROOT,"
-  print "}"
-  print ""
-  print "/**"
-  print "All the trusted roots in the collection.  If you are running"
-  print "  on a non-embedded platform with plenty of memory you can just"
-  print "  use them all."
-  print ""
-  print "# Note"
-  print "The TunTrust cert is only intended for .tn domains, but"
-  print "  currently we do not support this restriction in our TLS code,"
-  print "  therefore it is currently omitted here, and in \$MAP, but is"
-  print "  available on an opt-in basis."
-  print ""
-  print "# Examples"
-  print "Explicitly pass the root certificates to a TLS socket."
-  print "(Typically, you would use \$install-all-trusted-roots instead.)"
-  print "```"
-  print "  socket := tls.Socket.client tcp"
-  print "      --server-name=host"
-  print "      --root-certificates=certificate-roots.ALL"
-  print "```"
-  print "*/"
-  print "ALL ::= ["
+      out-map[mixed-case-name] = cert.name
+  out-map["AAA Certificate Services"] = "COMODO-AAA-SERVICES-ROOT"
+
+  out-list := []
   names.do: | mixed-case-name |
-    cert := all-certs[mixed-case-name]
+    cert/Cert := all-certs[mixed-case-name]
     if not cert.name.contains "TUNTRUST":
       if cert.is-deprecated:
-        print "  $(cert.name)_,"
+        out-list.add "$(cert.name)_"
       else:
-        print "  $cert.name,"
-  print "]"
-  print ""
-  print "/**"
-  print "Installs all certificate roots on this process so that they are used"
-  print "  for any TLS connections that do not have explicit root certificates."
-  print "This adds about 180k to the program size."
-  print "*/"
-  print "install-all-trusted-roots -> none:"
-  names.do: | mixed-case-name |
-    cert/Cert := all-certs[mixed-case-name]
-    hash := tls.add-global-root-certificate_ cert.data
-    print "  $(cert.name).install"
-  print ""
-  print "/**"
-  print "Common certificate roots."
-  print "*/"
-  print "COMMON-TRUSTED-ROOTS ::= ["
-  print "  DIGICERT-GLOBAL-ROOT-G2,"
-  print "  DIGICERT-GLOBAL-ROOT-CA,"
-  print "  GLOBALSIGN-ROOT-CA,"
-  print "  GLOBALSIGN-ROOT-CA-R3,"
-  print "  COMODO-AAA-SERVICES-ROOT,"
-  print "  COMODO-RSA-CERTIFICATION-AUTHORITY,"
-  print "  BALTIMORE-CYBERTRUST-ROOT,"
-  print "  USERTRUST-ECC-CERTIFICATION-AUTHORITY,"
-  print "  USERTRUST-RSA-CERTIFICATION-AUTHORITY,"
-  print "  DIGICERT-HIGH-ASSURANCE-EV-ROOT-CA,"
-  print "  ISRG-ROOT-X1,"
-  print "  STARFIELD-CLASS-2-CA,"
-  print "]"
+        out-list.add cert.name
+
   print ""
-  print "/**"
-  print "Installs common certificate roots on this process so that they are used"
-  print "  for any TLS connections that do not have explicit root certificates."
-  print "This adds about 14k to the program size."
-  print "*/"
-  print "install-common-trusted-roots -> none:"
-  print "  COMMON-TRUSTED-ROOTS.do: it.install"
+  print """
+      /**
+      A map from certificate name to \$tls.RootCertificate objects.
+      The certificates can be installed as globally trusted
+        roots using their \$tls.RootCertificate.install method.
+      The certificates can also be used for the --root-certificates
+        argument of TLS sockets.
+      */
+      MAP ::= $(to-json-map-string out-map)
+
+      /**
+      All the trusted roots in the collection.  If you are running
+        on a non-embedded platform with plenty of memory you can just
+        use them all.
+
+      # Note
+      The TunTrust cert is only intended for .tn domains, but
+        currently we do not support this restriction in our TLS code,
+        therefore it is currently omitted here, and in \$MAP, but is
+        available on an opt-in basis.
+
+      # Examples
+      Explicitly pass the root certificates to a TLS socket.
+      (Typically, you would use \$install-all-trusted-roots instead.)
+      ```
+        socket := tls.Socket.client tcp
+            --server-name=host
+            --root-certificates=certificate-roots.ALL
+      ```
+      */
+      ALL ::= $(to-json-list-string out-list)
+
+      /**
+      Installs all certificate roots on this process so that they are used
+        for any TLS connections that do not have explicit root certificates.
+      This adds about 180k to the program size.
+      */
+      install-all-trusted-roots -> none:
+        $((names.map: | mixed-case-name |
+            cert/Cert := all-certs[mixed-case-name]
+            hash := tls.add-global-root-certificate_ cert.data
+            "$(cert.name).install").join "\n  ")
+
+      /**
+      Common certificate roots.
+      */
+      COMMON-TRUSTED-ROOTS ::= [
+        DIGICERT-GLOBAL-ROOT-G2,
+        DIGICERT-GLOBAL-ROOT-CA,
+        GLOBALSIGN-ROOT-CA,
+        GLOBALSIGN-ROOT-CA-R3,
+        COMODO-AAA-SERVICES-ROOT,
+        COMODO-RSA-CERTIFICATION-AUTHORITY,
+        BALTIMORE-CYBERTRUST-ROOT,
+        USERTRUST-ECC-CERTIFICATION-AUTHORITY,
+        USERTRUST-RSA-CERTIFICATION-AUTHORITY,
+        DIGICERT-HIGH-ASSURANCE-EV-ROOT-CA,
+        ISRG-ROOT-X1,
+        STARFIELD-CLASS-2-CA,
+      ]
+
+      /**
+      Installs common certificate roots on this process so that they are used
+        for any TLS connections that do not have explicit root certificates.
+      This adds about 14k to the program size.
+      */
+      install-common-trusted-roots -> none:
+        COMMON-TRUSTED-ROOTS.do: it.install"""