Prompt Safari users to install HTTPS certificates and check if they are outdated when the Agent is started

MatteoPologruto · MatteoPologruto · commit 53b08b502d2d · 2024-05-02T15:57:50.000+02:00
diff --git a/certificates/certificates.go b/certificates/certificates.go
@@ -30,6 +30,7 @@ import (
 	"math/big"
 	"net"
 	"os"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -279,3 +280,37 @@ func isExpired() (bool, error) {
 	date, _ := time.Parse(time.DateTime, strings.ReplaceAll(dateS, " +0000", ""))
 	return date.Before(bound), nil
 }
+
+// PromptInstallCertsSafari prompts the user to install the HTTPS certificates if they are using Safari
+func PromptInstallCertsSafari() bool {
+	if GetDefaultBrowserName() != "Safari" {
+		return false
+	}
+	oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nIf you use Safari, you need to install it.\" buttons {\"Do not install\", \"Install the certificate for Safari\"} default button 1 with title \"Install Certificates\"")
+	pressed, _ := oscmd.Output()
+	return string(pressed) == "button returned:Install the certificate for Safari"
+}
+
+// PromptExpiredCerts prompts the user to update the HTTPS certificates if they are using Safari
+func PromptExpiredCerts(certDir *paths.Path) {
+	if expired, err := isExpired(); err != nil {
+		log.Errorf("cannot check if certificates are expired something went wrong: %s", err)
+	} else if expired {
+		oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nYour certificate is expired or close to expiration. Do you want to update it?\" buttons {\"Do not update\", \"Update the certificate for Safari\"} default button 1 with title \"Update Certificates\"")
+		if pressed, _ := oscmd.Output(); string(pressed) == "button returned:Update the certificate for Safari" {
+			err := UninstallCertificates()
+			if err != nil {
+				log.Errorf("cannot uninstall certificates something went wrong: %s", err)
+			} else {
+				DeleteCertificates(certDir)
+				GenerateCertificates(certDir)
+				err := InstallCertificate(certDir.Join("ca.cert.cer"))
+				// if something goes wrong during the cert install we remove them, so the user is able to retry
+				if err != nil {
+					log.Errorf("cannot install certificates something went wrong: %s", err)
+					DeleteCertificates(certDir)
+				}
+			}
+		}
+	}
+}
diff --git a/main.go b/main.go
@@ -86,6 +86,7 @@ var (
 	verbose           = iniConf.Bool("v", true, "show debug logging")
 	crashreport       = iniConf.Bool("crashreport", false, "enable crashreport logging")
 	autostartMacOS    = iniConf.Bool("autostartMacOS", true, "the Arduino Create Agent is able to start automatically after login on macOS (launchd agent)")
+	installCerts      = iniConf.Bool("installCerts", false, "")
 )
 
 // the ports filter provided by the user via the -regex flag, if any
@@ -220,6 +221,27 @@ func loop() {
 		configPath = config.GenerateConfig(configDir)
 	}
 
+	// if the default browser is Safari, prompt the user to install HTTPS certificates
+	// and eventually install them
+	if runtime.GOOS == "darwin" {
+		if value, err := valueIni(configPath.String()); err != nil {
+			log.Panicf("config.ini cannot be parsed: %s", err)
+		} else if !value && cert.PromptInstallCertsSafari() {
+			err = modifyIni(configPath.String())
+			if err != nil {
+				log.Panicf("config.ini cannot be parsed: %s", err)
+			}
+			certDir := config.GetCertificatesDir()
+			cert.GenerateCertificates(certDir)
+			err := cert.InstallCertificate(certDir.Join("ca.cert.cer"))
+			// if something goes wrong during the cert install we remove them, so the user is able to retry
+			if err != nil {
+				log.Errorf("cannot install certificates something went wrong: %s", err)
+				cert.DeleteCertificates(certDir)
+			}
+		}
+	}
+
 	// Parse the config.ini
 	args, err := parseIni(configPath.String())
 	if err != nil {
@@ -342,6 +364,13 @@ func loop() {
 		}
 	}
 
+	// check if the HTTPS certificates are expired and prompt the user to update them on macOS
+	if runtime.GOOS == "darwin" {
+		if *installCerts && config.CertsExist() {
+			cert.PromptExpiredCerts(config.GetCertificatesDir())
+		}
+	}
+
 	// launch the discoveries for the running system
 	go serialPorts.Run()
 	// launch the hub routine which is the singleton for the websocket server
@@ -487,3 +516,27 @@ func parseIni(filename string) (args []string, err error) {
 
 	return args, nil
 }
+
+func modifyIni(filename string) error {
+	cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
+	if err != nil {
+		return err
+	}
+	_, err = cfg.Section("").NewKey("installCerts", "true")
+	if err != nil {
+		return err
+	}
+	err = cfg.SaveTo(filename)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func valueIni(filename string) (bool, error) {
+	cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
+	if err != nil {
+		return false, err
+	}
+	return cfg.Section("").HasKey("installCerts"), nil
+}
