Remove support for custom certificate exceptions.

Version 5.4.0 and later uses electron.net for all network
requests (#993), so custom certificates can now be configured in the
same system certificate store that Chrome uses.

https://zulip.com/help/custom-certificates#desktop

Signed-off-by: Anders Kaseorg <anders@zulip.com>

app/main/index.ts

@@ -6,7 +6,6 @@ import path from 'path';
 import windowStateKeeper from 'electron-window-state';
 
 import * as BadgeSettings from '../renderer/js/pages/preference/badge-settings';
-import * as CertificateUtil from '../renderer/js/utils/certificate-util';
 import * as ConfigUtil from '../renderer/js/utils/config-util';
 import * as ProxyUtil from '../renderer/js/utils/proxy-util';
 import {sentryInit} from '../renderer/js/utils/sentry-util';
@@ -221,36 +220,9 @@ app.on('ready', () => {
 		event: Event,
 		webContents: Electron.WebContents,
 		urlString: string,
-		error: string,
-		certificate: Electron.Certificate,
-		callback: (isTrusted: boolean) => void
-	) /* eslint-disable-line max-params */ => {
-		// TODO: The entire concept of selectively ignoring certificate errors
-		// is ill-conceived, and this handler needs to be deleted.
-
+		error: string
+	) => {
 		const url = new URL(urlString);
-		if (url.protocol === 'wss:') {
-			url.protocol = 'https:';
-		}
-
-		const filename = CertificateUtil.getCertificate(encodeURIComponent(url.origin));
-		if (filename !== undefined) {
-			try {
-				const savedCertificate = fs.readFileSync(
-					path.join(`${app.getPath('userData')}/certificates`, filename),
-					'utf8'
-				);
-				if (certificate.data.replace(/[\r\n]/g, '') ===
-					savedCertificate.replace(/[\r\n]/g, '')) {
-					event.preventDefault();
-					callback(true);
-					return;
-				}
-			} catch (error) {
-				console.error(`Error reading certificate file ${filename}:`, error);
-			}
-		}
-
 		dialog.showErrorBox(
 			'Certificate error',
 			`The server presented an invalid certificate for ${url.origin}:

app/renderer/css/preference.css

@@ -622,10 +622,6 @@ input.toggle-round:checked + label::after {
     max-width: 100%;
 }
 
-#add-certificate-button {
-    margin: 10px 10px 10px 37px;
-}
-
 .tip {
     background: none;
     padding: 0;

app/renderer/js/pages/preference/add-certificate.ts

@@ -1,99 +0,0 @@
-import {remote, OpenDialogOptions} from 'electron';
-import path from 'path';
-
-import {htmlEscape} from 'escape-goat';
-
-import BaseComponent from '../../components/base';
-import * as CertificateUtil from '../../utils/certificate-util';
-import * as DomainUtil from '../../utils/domain-util';
-import * as t from '../../utils/translation-util';
-
-interface AddCertificateProps {
-	$root: Element;
-}
-
-const {dialog} = remote;
-
-export default class AddCertificate extends BaseComponent {
-	props: AddCertificateProps;
-	_certFile: string;
-	$addCertificate: Element | null;
-	addCertificateButton: Element | null;
-	serverUrl: HTMLInputElement | null;
-	constructor(props: AddCertificateProps) {
-		super();
-		this.props = props;
-		this._certFile = '';
-	}
-
-	templateHTML(): string {
-		return htmlEscape`
-			<div class="settings-card certificates-card">
-				<div class="certificate-input">
-					<div>${t.__('Organization URL')}</div>
-					<input class="setting-input-value" autofocus placeholder="your-organization.zulipchat.com or zulip.your-organization.com"/>
-				</div>
-				<div class="certificate-input">
-					<div>${t.__('Certificate file')}</div>
-					<button class="green" id="add-certificate-button">${t.__('Upload')}</button>
-				</div>
-			</div>
-		`;
-	}
-
-	init(): void {
-		this.$addCertificate = this.generateNodeFromHTML(this.templateHTML());
-		this.props.$root.append(this.$addCertificate);
-		this.addCertificateButton = this.$addCertificate.querySelector('#add-certificate-button');
-		this.serverUrl = this.$addCertificate.querySelectorAll('input.setting-input-value')[0] as HTMLInputElement;
-		this.initListeners();
-	}
-
-	async validateAndAdd(): Promise<void> {
-		const certificate = this._certFile;
-		const serverUrl = this.serverUrl.value;
-		if (certificate !== '' && serverUrl !== '') {
-			const server = encodeURIComponent(DomainUtil.formatUrl(serverUrl));
-			const fileName = path.basename(certificate);
-			const copy = CertificateUtil.copyCertificate(server, certificate, fileName);
-			if (!copy) {
-				return;
-			}
-
-			CertificateUtil.setCertificate(server, fileName);
-			this.serverUrl.value = '';
-			await dialog.showMessageBox({
-				title: 'Success',
-				message: 'Certificate saved!'
-			});
-		} else {
-			dialog.showErrorBox('Error', `Please, ${serverUrl === '' ?
-				'Enter an Organization URL' : 'Choose certificate file'}`);
-		}
-	}
-
-	async addHandler(): Promise<void> {
-		const showDialogOptions: OpenDialogOptions = {
-			title: 'Select file',
-			properties: ['openFile'],
-			filters: [{name: 'crt, pem', extensions: ['crt', 'pem']}]
-		};
-		const {filePaths, canceled} = await dialog.showOpenDialog(showDialogOptions);
-		if (!canceled) {
-			this._certFile = filePaths[0] || '';
-			await this.validateAndAdd();
-		}
-	}
-
-	initListeners(): void {
-		this.addCertificateButton.addEventListener('click', async () => {
-			await this.addHandler();
-		});
-
-		this.serverUrl.addEventListener('keypress', async event => {
-			if (event.key === 'Enter') {
-				await this.addHandler();
-			}
-		});
-	}
-}

app/renderer/js/pages/preference/connected-org-section.ts

@@ -5,7 +5,6 @@ import {htmlEscape} from 'escape-goat';
 import * as DomainUtil from '../../utils/domain-util';
 import * as t from '../../utils/translation-util';
 
-import AddCertificate from './add-certificate';
 import BaseSection from './base-section';
 import FindAccounts from './find-accounts';
 import ServerInfoForm from './server-info-form';
@@ -19,7 +18,6 @@ export default class ConnectedOrgSection extends BaseSection {
 	$serverInfoContainer: Element | null;
 	$existingServers: Element | null;
 	$newOrgButton: HTMLButtonElement | null;
-	$addCertificateContainer: Element | null;
 	$findAccountsContainer: Element | null;
 	constructor(props: ConnectedOrgSectionProps) {
 		super();
@@ -33,8 +31,6 @@ export default class ConnectedOrgSection extends BaseSection {
 				<div class="title" id="existing-servers">${t.__('All the connected orgnizations will appear here.')}</div>
 				<div id="server-info-container"></div>
 				<div id="new-org-button"><button class="green sea w-250">${t.__('Connect to another organization')}</button></div>
-				<div class="page-title">${t.__('Add Custom Certificates')}</div>
-				<div id="add-certificate-container"></div>
 				<div class="page-title">${t.__('Find accounts by email')}</div>
 				<div id="find-accounts-container"></div>
 			</div>
@@ -54,7 +50,6 @@ export default class ConnectedOrgSection extends BaseSection {
 		this.$serverInfoContainer = document.querySelector('#server-info-container');
 		this.$existingServers = document.querySelector('#existing-servers');
 		this.$newOrgButton = document.querySelector('#new-org-button');
-		this.$addCertificateContainer = document.querySelector('#add-certificate-container');
 		this.$findAccountsContainer = document.querySelector('#find-accounts-container');
 
 		const noServerText = t.__('All the connected orgnizations will appear here');
@@ -74,16 +69,9 @@ export default class ConnectedOrgSection extends BaseSection {
 			ipcRenderer.send('forward-message', 'open-org-tab');
 		});
 
-		this.initAddCertificate();
 		this.initFindAccounts();
 	}
 
-	initAddCertificate(): void {
-		new AddCertificate({
-			$root: this.$addCertificateContainer
-		}).init();
-	}
-
 	initFindAccounts(): void {
 		new FindAccounts({
 			$root: this.$findAccountsContainer

app/renderer/js/pages/preference/general-section.ts

@@ -148,7 +148,7 @@ export default class GeneralSection extends BaseSection {
 				<div class="title">${t.__('Factory Reset Data')}</div>
                 <div class="settings-card">
 					<div class="setting-row" id="factory-reset-option">
-						<div class="setting-description">${t.__('Reset the application, thus deleting all the connected organizations, accounts, and certificates.')}
+						<div class="setting-description">${t.__('Reset the application, thus deleting all the connected organizations and accounts.')}
 						</div>
 						<button class="factory-reset-button red w-150">${t.__('Factory Reset')}</button>
 					</div>

app/renderer/js/utils/certificate-util.ts

@@ -1,79 +0,0 @@
-import electron from 'electron';
-import fs from 'fs';
-import path from 'path';
-
-import {JsonDB} from 'node-json-db';
-
-import {initSetUp} from './default-util';
-import Logger from './logger-util';
-
-const {app, dialog} =
-	process.type === 'renderer' ? electron.remote : electron;
-
-initSetUp();
-
-const logger = new Logger({
-	file: 'certificate-util.log',
-	timestamp: true
-});
-
-const certificatesDir = `${app.getPath('userData')}/certificates`;
-
-let db: JsonDB;
-
-reloadDB();
-
-export function getCertificate(server: string): string | undefined {
-	reloadDB();
-	return db.getData('/')[server];
-}
-
-// Function to copy the certificate to userData folder
-export function copyCertificate(_server: string, location: string, fileName: string): boolean {
-	let copied = false;
-	const filePath = `${certificatesDir}/${fileName}`;
-	try {
-		fs.copyFileSync(location, filePath);
-		copied = true;
-	} catch (error) {
-		dialog.showErrorBox(
-			'Error saving certificate',
-			'We encountered error while saving the certificate.'
-		);
-		logger.error('Error while copying the certificate to certificates folder.');
-		logger.error(error);
-	}
-
-	return copied;
-}
-
-export function setCertificate(server: string, fileName: string): void {
-	const filePath = `${fileName}`;
-	db.push(`/${server}`, filePath, true);
-	reloadDB();
-}
-
-export function removeCertificate(server: string): void {
-	db.delete(`/${server}`);
-	reloadDB();
-}
-
-function reloadDB(): void {
-	const settingsJsonPath = path.join(app.getPath('userData'), '/config/certificates.json');
-	try {
-		const file = fs.readFileSync(settingsJsonPath, 'utf8');
-		JSON.parse(file);
-	} catch (error) {
-		if (fs.existsSync(settingsJsonPath)) {
-			fs.unlinkSync(settingsJsonPath);
-			dialog.showErrorBox(
-				'Error saving settings',
-				'We encountered error while saving the certificate.'
-			);
-			logger.error('Error while JSON parsing certificates.json: ');
-			logger.error(error);
-		}
-	}
-
-	db = new JsonDB(settingsJsonPath, true, true);
-}

app/renderer/js/utils/default-util.ts

@@ -11,7 +11,6 @@ if (process.type === 'renderer') {
 
 const zulipDir = app.getPath('userData');
 const logDir = `${zulipDir}/Logs/`;
-const certificatesDir = `${zulipDir}/certificates/`;
 const configDir = `${zulipDir}/config/`;
 export const initSetUp = (): void => {
 	// If it is the first time the app is running
@@ -26,16 +25,11 @@ export const initSetUp = (): void => {
 			fs.mkdirSync(logDir);
 		}
 
-		if (!fs.existsSync(certificatesDir)) {
-			fs.mkdirSync(certificatesDir);
-		}
-
 		// Migrate config files from app data folder to config folder inside app
 		// data folder. This will be done once when a user updates to the new version.
 		if (!fs.existsSync(configDir)) {
 			fs.mkdirSync(configDir);
 			const domainJson = `${zulipDir}/domain.json`;
-			const certificatesJson = `${zulipDir}/certificates.json`;
 			const settingsJson = `${zulipDir}/settings.json`;
 			const updatesJson = `${zulipDir}/updates.json`;
 			const windowStateJson = `${zulipDir}/window-state.json`;
@@ -44,10 +38,6 @@ export const initSetUp = (): void => {
 					path: domainJson,
 					fileName: 'domain.json'
 				},
-				{
-					path: certificatesJson,
-					fileName: 'certificates.json'
-				},
 				{
 					path: settingsJson,
 					fileName: 'settings.json'

app/resources/messages.ts

@@ -8,7 +8,7 @@ export function invalidZulipServerError(domain: string): string {
 		\n • You can connect to that URL in a web browser.\
 		\n • If you need a proxy to connect to the Internet, that you've configured your proxy in the Network settings.\
 		\n • It's a Zulip server. (The oldest supported version is 1.6).\
-		\n • The server has a valid certificate. (You can add custom certificates in Settings > Organizations). \
+		\n • The server has a valid certificate. \
 		\n • The SSL is correctly configured for the certificate. Check out the SSL troubleshooting guide -
 		\n https://zulip.readthedocs.io/en/stable/production/ssl-certificates.html`;
 }
@@ -23,8 +23,7 @@ export function certErrorMessage(domain: string, error: string): string {
 }
 
 export function certErrorDetail(): string {
-	return `The organization you're connecting to is either someone impersonating the Zulip server you entered, or the server you're trying to connect to is configured in an insecure way.
-	\nIf you have a valid certificate please add it from Settings>Organizations and try to add the organization again.`;
+	return 'The organization you\'re connecting to is either someone impersonating the Zulip server you entered, or the server you\'re trying to connect to is configured in an insecure way.';
 }
 
 export function enterpriseOrgError(length: number, domains: string[]): DialogBoxError {