Fix the examples (#21)

examples/discover_root.toit

@@ -6,7 +6,9 @@
 An example that shows how to find out which root certificate
   a host uses.  This enables you to pick the right root, rather
   than putting all the roots in your program, which would explode
-  the size.
+  the size. You can run a modified version of this on your host
+  workstation (eg with `jag -d host discover_root.toit`), and use
+  the output to pick the right root for your device.
 */
 
 import net
@@ -23,17 +25,16 @@ found_one_that_worked := false
 
 main:
   names := []
-  cert_texts := []
+  certs := []
 
   certificate_roots.MAP.do: | name cert |
     names.add name
-    cert_texts.add cert
+    certs.add cert
 
-  // We can't parse up all certs at once, so do them 12 at a time and avoid
-  // running out of memory.
-  List.chunk_up 0 names.size 12: | from to size |
-    certs := cert_texts[from..to].map: net.Certificate.parse it
-    binary_split names[from..to] certs
+  // This will not work on small devices since it parses all certificates
+  // at once.  Once parsed, the memory is not freed, so there's no easy
+  // way around this.
+  binary_split names certs
 
   if not found_one_that_worked:
     print "None of the certificate roots was suitable for connecting to $HOST"

examples/get_google.toit

@@ -13,7 +13,6 @@ main:
 
   host := "www.google.com"
   root_certificates := [
-    certificate_roots.GLOBALSIGN_ROOT_CA_R2,
     certificate_roots.GLOBALSIGN_ROOT_CA,
   ]
   client := http.Client.tls network_interface

examples/get_root_from_first_attempt.toit

@@ -29,7 +29,7 @@ main:
   if exception:
     print "Failed to connect: $exception"
 
-try_with_root cert/net.Certificate -> string?:
+try_with_root cert/tls.RootCertificate -> string?:
   exception := catch:
     client := http.Client.tls network_interface --root_certificates=[cert]
     response := client.get HOST PATH

src/certificate_roots.toit

@@ -10860,7 +10860,7 @@ MAP ::= {
   "emSign Root CA - G1": EMSIGN_ROOT_CA_G1,
   "vTrus ECC Root CA": VTRUS_ECC_ROOT_CA,
   "vTrus Root CA": VTRUS_ROOT_CA,
-  "AAA Certificate Services": COMODO_AAA_SERVICES_ROOT_BYTES_,
+  "AAA Certificate Services": COMODO_AAA_SERVICES_ROOT,
 }
 
 /**

src/get_root.toit

@@ -2,7 +2,7 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-import net.x509 as net
+import tls
 
 import .certificate_roots
 
@@ -20,7 +20,7 @@ Due to memory limitations it is not normally possible to add
   and then use this to parse the exception and get the correct
   root for a second attempt.
 */
-get_root_from_exception exception/string -> net.Certificate?:
+get_root_from_exception exception/string -> tls.RootCertificate?:
   INTRO ::= "Site relies on unknown root certificate: '"
   if not exception.starts_with INTRO: return null
   cn_index := exception.index_of "CN="
@@ -31,7 +31,7 @@ get_root_from_exception exception/string -> net.Certificate?:
     cn_end_index = exception[cn_index..].index_of "'"
   if cn_end_index == -1: return null
   common_name := exception[cn_index..][..cn_end_index]
-  cert_text := MAP.get common_name
-  if cert_text == null: return null
+  cert := MAP.get common_name
+  if cert == null: return null
   print "Found cert $common_name"
-  return net.Certificate.parse cert_text
+  return cert

tools/to_toit_source.toit

@@ -167,7 +167,7 @@ main args/List:
     cert := all_certs[mixed_case_name]
     if not cert.name.contains "TUNTRUST":
       print "  \"$mixed_case_name\": $(cert.name),"
-  print "  \"AAA Certificate Services\": COMODO_AAA_SERVICES_ROOT_BYTES_,"
+  print "  \"AAA Certificate Services\": COMODO_AAA_SERVICES_ROOT,"
   print "}"
   print ""
   print "/**"