Commit edbc84c
committed
feat(Mountain): Add TLS infrastructure and land:// protocol support
This commit introduces a comprehensive TLS certificate management system and custom URI scheme handler for the Mountain backend, enabling secure local HTTPS services and webview isolation.
## New Components
### CertificateManager (TLS Infrastructure)
- Implements a complete PKI with root CA stored in OS keyring
- Generates ECDSA P-256 server certificates signed by the CA
- Supports automatic certificate renewal (30-day threshold)
- Uses `rcgen` for certificate generation, `x509-parser` for validation
- Integrates with `rustls` for TLS server configuration
- Provides `anyhow` for improved error handling
### ServiceRegistry
- Tracks mapping from `land://` domain names to local HTTP service ports
- Thread-safe using `Arc<RwLock<HashMap>>`
- Supports both HTTP and HTTPS service registration
- Provides health check functionality for registered services
- TLS certificates are provisioned on-demand via CertificateManager
### Scheme Handler (land:// protocol)
- Handles `land://` custom URI scheme for webview isolation
- Routes requests to local HTTP services via ServiceRegistry
- Implements CORS headers for cross-origin requests
- Provides static asset caching for performance
- Supports HTTP/HTTPS forwarding to local services
### DNS Integration (Mist)
- Starts Hickory DNS server on port 5380 (or fallback to random port)
- Registers DNS commands: `dns_get_server_info`, `dns_get_zone_info`, `dns_get_forward_allowlist`, `dns_get_health_status`, `dns_resolve`, `dns_test_resolution`, `dns_health_check`
- Provides DNS-based protocol resolution for land:// URIs
### Tauri Commands
- TLS: `tls_initialize`, `tls_get_ca_cert`, `tls_get_server_cert_info`, `tls_renew_certificate`, `tls_get_all_certs`, `tls_check_cert_status`
- DNS: Commands registered in Entry.rs for webview access
## Configuration Updates
- tauri.conf.json: Updated CSP to allow `land:` protocol in connect-src, default-src, font-src, img-src
- Cargo.toml: Changed binary path, added dev-dependencies and TLS/rustls dependencies
- Entry.rs: Initializes ServiceRegistry, DNS server, and scheme handler in setup hook
## Tests Added
- `tests/certificate_tests.rs`: Integration tests for CertificateManager
- `tests/service_registry_tests.rs`: Service registration and health check tests
This infrastructure enables the Land architecture to securely serve HTTPS to the webview while maintaining isolation through the `land://` custom protocol scheme.1 parent 5f772e3 commit edbc84c
13 files changed
Lines changed: 4516 additions & 18 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
15 | 19 | | |
16 | 20 | | |
17 | 21 | | |
| |||
28 | 32 | | |
29 | 33 | | |
30 | 34 | | |
| 35 | + | |
31 | 36 | | |
32 | 37 | | |
33 | 38 | | |
34 | 39 | | |
35 | 40 | | |
36 | 41 | | |
37 | 42 | | |
| 43 | + | |
38 | 44 | | |
39 | 45 | | |
40 | 46 | | |
| |||
61 | 67 | | |
62 | 68 | | |
63 | 69 | | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
64 | 76 | | |
65 | 77 | | |
66 | 78 | | |
| |||
0 commit comments