Merge pull request #22066 from Faless/bundle_certs

Bundle SSL certs with the templates

2 files changed, 43 insertions, 19 deletions

diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp
index 1f59021938..8d8682686a 100644
--- a/core/io/stream_peer_ssl.cpp
+++ b/core/io/stream_peer_ssl.cpp
@@ -30,6 +30,8 @@
 
 #include "stream_peer_ssl.h"
 
+#include "core/io/certs_compressed.gen.h"
+#include "core/io/compression.h"
 #include "core/os/file_access.h"
 #include "core/project_settings.h"
 
@@ -42,13 +44,20 @@ StreamPeerSSL *StreamPeerSSL::create() {
 
 StreamPeerSSL::LoadCertsFromMemory StreamPeerSSL::load_certs_func = NULL;
 bool StreamPeerSSL::available = false;
-bool StreamPeerSSL::initialize_certs = true;
 
 void StreamPeerSSL::load_certs_from_memory(const PoolByteArray &p_memory) {
 	if (load_certs_func)
 		load_certs_func(p_memory);
 }
 
+void StreamPeerSSL::load_certs_from_file(String p_path) {
+	if (p_path != "") {
+		PoolByteArray certs = get_cert_file_as_array(p_path);
+		if (certs.size() > 0)
+			load_certs_func(certs);
+	}
+}
+
 bool StreamPeerSSL::is_available() {
 	return available;
 }
@@ -61,6 +70,25 @@ bool StreamPeerSSL::is_blocking_handshake_enabled() const {
 	return blocking_handshake;
 }
 
+PoolByteArray StreamPeerSSL::get_cert_file_as_array(String p_path) {
+
+	PoolByteArray out;
+	FileAccess *f = FileAccess::open(p_path, FileAccess::READ);
+	if (f) {
+		int flen = f->get_len();
+		out.resize(flen + 1);
+		PoolByteArray::Write w = out.write();
+		f->get_buffer(w.ptr(), flen);
+		w[flen] = 0; // Make sure it ends with string terminator
+		memdelete(f);
+#ifdef DEBUG_ENABLED
+		print_verbose(vformat("Loaded certs from '%s'.", p_path));
+#endif
+	}
+
+	return out;
+}
+
 PoolByteArray StreamPeerSSL::get_project_cert_array() {
 
 	PoolByteArray out;
@@ -68,24 +96,21 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() {
 	ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt"));
 
 	if (certs_path != "") {
-
-		FileAccess *f = FileAccess::open(certs_path, FileAccess::READ);
-		if (f) {
-			int flen = f->get_len();
-			out.resize(flen + 1);
-			{
-				PoolByteArray::Write w = out.write();
-				f->get_buffer(w.ptr(), flen);
-				w[flen] = 0; //end f string
-			}
-
-			memdelete(f);
-
+		// Use certs defined in project settings.
+		return get_cert_file_as_array(certs_path);
+	}
+#ifdef BUILTIN_CERTS_ENABLED
+	else {
+		// Use builtin certs only if user did not override it in project settings.
+		out.resize(_certs_uncompressed_size + 1);
+		PoolByteArray::Write w = out.write();
+		Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
+		w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
 #ifdef DEBUG_ENABLED
-			print_verbose(vformat("Loaded certs from '%s'.", certs_path));
+		print_verbose("Loaded builtin certs");
 #endif
-		}
 	}
+#endif
 
 	return out;
 }
diff --git a/core/io/stream_peer_ssl.h b/core/io/stream_peer_ssl.h
index f66c1c7de9..8ce36d7e7d 100644
--- a/core/io/stream_peer_ssl.h
+++ b/core/io/stream_peer_ssl.h
@@ -46,9 +46,6 @@ protected:
 	static LoadCertsFromMemory load_certs_func;
 	static bool available;
 
-	friend class Main;
-	static bool initialize_certs;
-
 	bool blocking_handshake;
 
 public:
@@ -72,7 +69,9 @@ public:
 
 	static StreamPeerSSL *create();
 
+	static PoolByteArray get_cert_file_as_array(String p_path);
 	static PoolByteArray get_project_cert_array();
+	static void load_certs_from_file(String p_path);
 	static void load_certs_from_memory(const PoolByteArray &p_memory);
 	static bool is_available();