From b8af3c3fd83a0b3368b938422e7f2545c7e2be94 Mon Sep 17 00:00:00 2001 From: Erik Corry Date: Wed, 26 Jul 2023 15:41:49 +0200 Subject: [PATCH] Fix the examples (#21) --- examples/discover_root.toit | 17 +++++++++-------- examples/get_google.toit | 1 - examples/get_root_from_first_attempt.toit | 2 +- src/certificate_roots.toit | 2 +- src/get_root.toit | 10 +++++----- tools/to_toit_source.toit | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/examples/discover_root.toit b/examples/discover_root.toit index be0b6d9..2aa4d21 100644 --- a/examples/discover_root.toit +++ b/examples/discover_root.toit @@ -6,7 +6,9 @@ An example that shows how to find out which root certificate a host uses. This enables you to pick the right root, rather than putting all the roots in your program, which would explode - the size. + the size. You can run a modified version of this on your host + workstation (eg with `jag -d host discover_root.toit`), and use + the output to pick the right root for your device. */ import net @@ -23,17 +25,16 @@ found_one_that_worked := false main: names := [] - cert_texts := [] + certs := [] certificate_roots.MAP.do: | name cert | names.add name - cert_texts.add cert + certs.add cert - // We can't parse up all certs at once, so do them 12 at a time and avoid - // running out of memory. - List.chunk_up 0 names.size 12: | from to size | - certs := cert_texts[from..to].map: net.Certificate.parse it - binary_split names[from..to] certs + // This will not work on small devices since it parses all certificates + // at once. Once parsed, the memory is not freed, so there's no easy + // way around this. + binary_split names certs if not found_one_that_worked: print "None of the certificate roots was suitable for connecting to $HOST" diff --git a/examples/get_google.toit b/examples/get_google.toit index 1fc6140..538017a 100644 --- a/examples/get_google.toit +++ b/examples/get_google.toit @@ -13,7 +13,6 @@ main: host := "www.google.com" root_certificates := [ - certificate_roots.GLOBALSIGN_ROOT_CA_R2, certificate_roots.GLOBALSIGN_ROOT_CA, ] client := http.Client.tls network_interface diff --git a/examples/get_root_from_first_attempt.toit b/examples/get_root_from_first_attempt.toit index 130a7c6..74c26a9 100644 --- a/examples/get_root_from_first_attempt.toit +++ b/examples/get_root_from_first_attempt.toit @@ -29,7 +29,7 @@ main: if exception: print "Failed to connect: $exception" -try_with_root cert/net.Certificate -> string?: +try_with_root cert/tls.RootCertificate -> string?: exception := catch: client := http.Client.tls network_interface --root_certificates=[cert] response := client.get HOST PATH diff --git a/src/certificate_roots.toit b/src/certificate_roots.toit index 2a83434..828d067 100644 --- a/src/certificate_roots.toit +++ b/src/certificate_roots.toit @@ -10860,7 +10860,7 @@ MAP ::= { "emSign Root CA - G1": EMSIGN_ROOT_CA_G1, "vTrus ECC Root CA": VTRUS_ECC_ROOT_CA, "vTrus Root CA": VTRUS_ROOT_CA, - "AAA Certificate Services": COMODO_AAA_SERVICES_ROOT_BYTES_, + "AAA Certificate Services": COMODO_AAA_SERVICES_ROOT, } /** diff --git a/src/get_root.toit b/src/get_root.toit index c84cde5..506152b 100644 --- a/src/get_root.toit +++ b/src/get_root.toit @@ -2,7 +2,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -import net.x509 as net +import tls import .certificate_roots @@ -20,7 +20,7 @@ Due to memory limitations it is not normally possible to add and then use this to parse the exception and get the correct root for a second attempt. */ -get_root_from_exception exception/string -> net.Certificate?: +get_root_from_exception exception/string -> tls.RootCertificate?: INTRO ::= "Site relies on unknown root certificate: '" if not exception.starts_with INTRO: return null cn_index := exception.index_of "CN=" @@ -31,7 +31,7 @@ get_root_from_exception exception/string -> net.Certificate?: cn_end_index = exception[cn_index..].index_of "'" if cn_end_index == -1: return null common_name := exception[cn_index..][..cn_end_index] - cert_text := MAP.get common_name - if cert_text == null: return null + cert := MAP.get common_name + if cert == null: return null print "Found cert $common_name" - return net.Certificate.parse cert_text + return cert diff --git a/tools/to_toit_source.toit b/tools/to_toit_source.toit index 7ac914b..2a365a8 100644 --- a/tools/to_toit_source.toit +++ b/tools/to_toit_source.toit @@ -167,7 +167,7 @@ main args/List: cert := all_certs[mixed_case_name] if not cert.name.contains "TUNTRUST": print " \"$mixed_case_name\": $(cert.name)," - print " \"AAA Certificate Services\": COMODO_AAA_SERVICES_ROOT_BYTES_," + print " \"AAA Certificate Services\": COMODO_AAA_SERVICES_ROOT," print "}" print "" print "/**"