Manage errors that may occur retrieving certificates expiration date

MatteoPologruto · MatteoPologruto · commit b3aa9ab5dada · 2024-04-24T17:00:31.000+02:00
diff --git a/certificates/certificates.go b/certificates/certificates.go
@@ -270,10 +270,12 @@ func DeleteCertificates(certDir *paths.Path) {
 }
 
 // IsExpired checks if a certificate is expired
-func IsExpired() bool {
+func IsExpired() (bool, error) {
 	bound := time.Now().AddDate(0, 1, 0)
-	// TODO: manage errors
-	dateS, _ := GetExpirationDate()
+	dateS, err := GetExpirationDate()
+	if err != nil {
+		return false, err
+	}
 	date, _ := time.Parse(time.DateTime, strings.ReplaceAll(dateS, " +0000", ""))
-	return date.Before(bound)
+	return date.Before(bound), nil
 }
diff --git a/certificates/install_darwin.go b/certificates/install_darwin.go
@@ -140,7 +140,7 @@ const char *evaluateCert(){
     return "";
 }
 
-const char *getExpirationDate(){
+const char *getExpirationDate(char *expirationDate){
     // Create a key-value dictionary used to query the Keychain and look for the "Arduino" root certificate.
     NSDictionary *getquery = @{
                 (id)kSecClass:     (id)kSecClassCertificate,
@@ -154,24 +154,39 @@ const char *getExpirationDate(){
     // Use this function to check for errors
     err = SecItemCopyMatching((CFDictionaryRef)getquery, (CFTypeRef *)&cert);
 
-    if (err != errSecItemNotFound && err != noErr){
+    if (err != noErr){
         NSString *errString = [@"Error: " stringByAppendingFormat:@"%d", err];
         NSLog(@"%@", errString);
-        return "";
+        return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];
     }
 
     // Get data from the certificate. We just need the "invalidity date" property.
     CFDictionaryRef valuesDict = SecCertificateCopyValues(cert, (__bridge CFArrayRef)@[(__bridge id)kSecOIDInvalidityDate], NULL);
 
-    // TODO: Error checking.
-    CFDictionaryRef invalidityDateDictionaryRef = CFDictionaryGetValue(valuesDict, kSecOIDInvalidityDate);
-    CFTypeRef invalidityRef = CFDictionaryGetValue(invalidityDateDictionaryRef, kSecPropertyKeyValue);
-    id expirationDateValue = CFBridgingRelease(invalidityRef);
-
-    CFRelease(valuesDict);
+    id expirationDateValue;
+    if(valuesDict){
+        CFDictionaryRef invalidityDateDictionaryRef = CFDictionaryGetValue(valuesDict, kSecOIDInvalidityDate);
+        if(invalidityDateDictionaryRef){
+            CFTypeRef invalidityRef = CFDictionaryGetValue(invalidityDateDictionaryRef, kSecPropertyKeyValue);
+            if(invalidityRef){
+                expirationDateValue = CFBridgingRelease(invalidityRef);
+            }
+        }
+        CFRelease(valuesDict);
+    }
 
     NSString *outputString = [@"" stringByAppendingFormat:@"%@", expirationDateValue];
-    return [outputString cStringUsingEncoding:[NSString defaultCStringEncoding]];
+    if([outputString isEqualToString:@""]){
+        NSString *errString = @"Error: the expiration date of the certificate could not be found";
+        NSLog(@"%@", errString);
+        return [errString cStringUsingEncoding:[NSString defaultCStringEncoding]];
+    }
+
+    // This workaround allows to obtain the expiration date alongside the error message
+    strncpy(expirationDate, [outputString cStringUsingEncoding:[NSString defaultCStringEncoding]], 32);
+    expirationDate[32-1] = 0;
+
+    return "";
 }
 */
 import "C"
@@ -233,10 +248,15 @@ func EvaluateCertificates() error {
 // GetExpirationDate returns the expiration date of a certificate stored in the keychain
 func GetExpirationDate() (string, error) {
 	log.Infof("Retrieving certificate's expiration date")
-	p := C.getExpirationDate()
+	dateString := C.CString("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") // 32 characters string
+	defer C.free(unsafe.Pointer(dateString))
+	p := C.getExpirationDate(dateString)
 	s := C.GoString(p)
 	if len(s) != 0 {
-		return s, nil
+		oscmd := exec.Command("osascript", "-e", "display dialog \""+s+"\" buttons \"OK\" with title \"Arduino Agent: Error retrieving expiration date\"")
+		_ = oscmd.Run()
+		return "", errors.New(s)
 	}
-	return "", nil
+	date := C.GoString(dateString)
+	return date, nil
 }
diff --git a/systray/systray_real.go b/systray/systray_real.go
@@ -135,7 +135,9 @@ func (s *Systray) start() {
 				oscmd := exec.Command("osascript", "-e", "display dialog \""+infoMsg+"\" buttons \"OK\" with title \"Arduino Agent: certificates info\"")
 				_ = oscmd.Run()
 			case <-mRenewCerts.ClickedCh:
-				if cert.IsExpired() {
+				if expired, err := cert.IsExpired(); err != nil {
+					log.Errorf("cannot check if certificates are expired something went wrong: %s", err)
+				} else if expired {
 					err := cert.UninstallCertificates()
 					if err != nil {
 						log.Errorf("cannot uninstall certificates something went wrong: %s", err)
