Prompt Safari users to install HTTPS certificates and check if they are outdated when the Agent is started

MatteoPologruto · MatteoPologruto · commit f80791d84cb9 · 2024-05-08T15:37:11.000+02:00
diff --git a/certificates/certificates.go b/certificates/certificates.go
@@ -30,6 +30,7 @@ import (
 	"math/big"
 	"net"
 	"os"
+	"os/exec"
 	"time"
 
 	"github.com/arduino/go-paths-helper"
@@ -278,3 +279,37 @@ func isExpired() (bool, error) {
 	date, _ := time.Parse(time.DateTime, dateS)
 	return date.Before(bound), nil
 }
+
+// PromptInstallCertsSafari prompts the user to install the HTTPS certificates if they are using Safari
+func PromptInstallCertsSafari() bool {
+	if GetDefaultBrowserName() != "Safari" {
+		return false
+	}
+	oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nIf you use Safari, you need to install it.\" buttons {\"Do not install\", \"Install the certificate for Safari\"} default button 2 with title \"Install Certificates\"")
+	pressed, _ := oscmd.Output()
+	return string(pressed) == "button returned:Install the certificate for Safari"
+}
+
+// PromptExpiredCerts prompts the user to update the HTTPS certificates if they are using Safari
+func PromptExpiredCerts(certDir *paths.Path) {
+	if expired, err := isExpired(); err != nil {
+		log.Errorf("cannot check if certificates are expired something went wrong: %s", err)
+	} else if expired {
+		oscmd := exec.Command("osascript", "-e", "display dialog \"The Arduino Agent needs a local HTTPS certificate to work correctly with Safari.\nYour certificate is expired or close to expiration. Do you want to update it?\" buttons {\"Do not update\", \"Update the certificate for Safari\"} default button 2 with title \"Update Certificates\"")
+		if pressed, _ := oscmd.Output(); string(pressed) == "button returned:Update the certificate for Safari" {
+			err := UninstallCertificates()
+			if err != nil {
+				log.Errorf("cannot uninstall certificates something went wrong: %s", err)
+			} else {
+				DeleteCertificates(certDir)
+				GenerateCertificates(certDir)
+				err := InstallCertificate(certDir.Join("ca.cert.cer"))
+				// if something goes wrong during the cert install we remove them, so the user is able to retry
+				if err != nil {
+					log.Errorf("cannot install certificates something went wrong: %s", err)
+					DeleteCertificates(certDir)
+				}
+			}
+		}
+	}
+}
diff --git a/main.go b/main.go
@@ -86,6 +86,7 @@ var (
 	verbose           = iniConf.Bool("v", true, "show debug logging")
 	crashreport       = iniConf.Bool("crashreport", false, "enable crashreport logging")
 	autostartMacOS    = iniConf.Bool("autostartMacOS", true, "the Arduino Create Agent is able to start automatically after login on macOS (launchd agent)")
+	installCerts      = iniConf.Bool("installCerts", false, "install the HTTPS certificate for Safari and keep it updated")
 )
 
 // the ports filter provided by the user via the -regex flag, if any
@@ -220,6 +221,34 @@ func loop() {
 		configPath = config.GenerateConfig(configDir)
 	}
 
+	// if the default browser is Safari, prompt the user to install HTTPS certificates
+	// and eventually install them
+	if runtime.GOOS == "darwin" {
+		if exist, err := installCertsKeyExists(configPath.String()); err != nil {
+			log.Panicf("config.ini cannot be parsed: %s", err)
+		} else if !exist {
+			if cert.PromptInstallCertsSafari() {
+				err = modifyIni(configPath.String(), "true")
+				if err != nil {
+					log.Panicf("config.ini cannot be parsed: %s", err)
+				}
+				certDir := config.GetCertificatesDir()
+				cert.GenerateCertificates(certDir)
+				err := cert.InstallCertificate(certDir.Join("ca.cert.cer"))
+				// if something goes wrong during the cert install we remove them, so the user is able to retry
+				if err != nil {
+					log.Errorf("cannot install certificates something went wrong: %s", err)
+					cert.DeleteCertificates(certDir)
+				}
+			} else {
+				err = modifyIni(configPath.String(), "false")
+				if err != nil {
+					log.Panicf("config.ini cannot be parsed: %s", err)
+				}
+			}
+		}
+	}
+
 	// Parse the config.ini
 	args, err := parseIni(configPath.String())
 	if err != nil {
@@ -342,6 +371,13 @@ func loop() {
 		}
 	}
 
+	// check if the HTTPS certificates are expired and prompt the user to update them on macOS
+	if runtime.GOOS == "darwin" {
+		if *installCerts && config.CertsExist() {
+			cert.PromptExpiredCerts(config.GetCertificatesDir())
+		}
+	}
+
 	// launch the discoveries for the running system
 	go serialPorts.Run()
 	// launch the hub routine which is the singleton for the websocket server
@@ -487,3 +523,27 @@ func parseIni(filename string) (args []string, err error) {
 
 	return args, nil
 }
+
+func modifyIni(filename string, value string) error {
+	cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
+	if err != nil {
+		return err
+	}
+	_, err = cfg.Section("").NewKey("installCerts", value)
+	if err != nil {
+		return err
+	}
+	err = cfg.SaveTo(filename)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func installCertsKeyExists(filename string) (bool, error) {
+	cfg, err := ini.LoadSources(ini.LoadOptions{IgnoreInlineComment: false, AllowPythonMultilineValues: true}, filename)
+	if err != nil {
+		return false, err
+	}
+	return cfg.Section("").HasKey("installCerts"), nil
+}
