Factored function to scrape TLS certs from webserver

Author: cmaglie

Diff for: certificates/certutils.go

@@ -0,0 +1,55 @@
+/*
+	arduino-fwuploader
+	Copyright (c) 2023 Arduino LLC.  All right reserved.
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published
+	by the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+package certificates
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+
+	"github.com/sirupsen/logrus"
+)
+
+// ScrapeRootCertificatesFromURL downloads from a webserver the root certificate
+// required to connect to that server from the TLS handshake response.
+func ScrapeRootCertificatesFromURL(URL string) (*x509.Certificate, error) {
+	conn, err := tls.Dial("tcp", URL, &tls.Config{
+		InsecureSkipVerify: true,
+	})
+	if err != nil {
+		logrus.Error(err)
+		return nil, err
+	}
+	defer conn.Close()
+
+	if err := conn.Handshake(); err != nil {
+		logrus.Error(err)
+		return nil, err
+	}
+
+	peerCertificates := conn.ConnectionState().PeerCertificates
+	if len(peerCertificates) == 0 {
+		err = fmt.Errorf("no peer certificates found at %s", URL)
+		logrus.Error(err)
+		return nil, err
+	}
+
+	rootCertificate := peerCertificates[len(peerCertificates)-1]
+	return rootCertificate, nil
+}

Diff for: flasher/nina.go

@@ -21,14 +21,14 @@ package flasher
 import (
 	"bytes"
 	"crypto/md5"
-	"crypto/tls"
 	"crypto/x509"
 	"encoding/binary"
 	"encoding/pem"
 	"fmt"
 	"io"
 	"time"
 
+	"github.com/arduino/arduino-fwuploader/certificates"
 	"github.com/arduino/go-paths-helper"
 	"github.com/sirupsen/logrus"
 	"go.bug.st/serial"
@@ -165,30 +165,10 @@ func (f *NinaFlasher) certificateFromFile(certificateFile *paths.Path) ([]byte,
 }
 
 func (f *NinaFlasher) certificateFromURL(URL string) ([]byte, error) {
-	config := &tls.Config{
-		InsecureSkipVerify: true,
-	}
-
-	conn, err := tls.Dial("tcp", URL, config)
+	rootCertificate, err := certificates.ScrapeRootCertificatesFromURL(URL)
 	if err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-	defer conn.Close()
-
-	if err := conn.Handshake(); err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-
-	peerCertificates := conn.ConnectionState().PeerCertificates
-	if len(peerCertificates) == 0 {
-		err = fmt.Errorf("no peer certificates found at %s", URL)
-		logrus.Error(err)
 		return nil, err
 	}
-
-	rootCertificate := peerCertificates[len(peerCertificates)-1]
 	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCertificate.Raw}), nil
 }
 

Diff for: flasher/winc.go

@@ -21,14 +21,14 @@ package flasher
 import (
 	"bytes"
 	"crypto/rsa"
-	"crypto/tls"
 	"crypto/x509"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"time"
 
+	"github.com/arduino/arduino-fwuploader/certificates"
 	"github.com/arduino/go-paths-helper"
 	"github.com/sirupsen/logrus"
 	"go.bug.st/serial"
@@ -133,29 +133,10 @@ func (f *WincFlasher) certificateFromFile(certificateFile *paths.Path) ([]byte,
 }
 
 func (f *WincFlasher) certificateFromURL(URL string) ([]byte, error) {
-	config := &tls.Config{
-		InsecureSkipVerify: true,
-	}
-
-	conn, err := tls.Dial("tcp", URL, config)
+	rootCertificate, err := certificates.ScrapeRootCertificatesFromURL(URL)
 	if err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-	defer conn.Close()
-
-	if err := conn.Handshake(); err != nil {
-		logrus.Error(err)
-		return nil, err
-	}
-
-	peerCertificates := conn.ConnectionState().PeerCertificates
-	if len(peerCertificates) == 0 {
-		err = fmt.Errorf("no peer certificates found at %s", URL)
-		logrus.Error(err)
 		return nil, err
 	}
-	rootCertificate := peerCertificates[len(peerCertificates)-1]
 	return f.getCertificateData(rootCertificate)
 }