Add certificate store

experimental/clashapi/api_meta_group.go

@@ -111,7 +111,7 @@ func getGroupDelay(server *Server) func(w http.ResponseWriter, r *http.Request)
 						server.urlTestHistory.DeleteURLTestHistory(realTag)
 					} else {
 						server.logger.Debug("outbound ", tag, " available: ", t, "ms")
-						server.urlTestHistory.StoreURLTestHistory(realTag, &urltest.History{
+						server.urlTestHistory.StoreURLTestHistory(realTag, &adapter.URLTestHistory{
 							Time:  time.Now(),
 							Delay: t,
 						})

experimental/clashapi/proxies.go

@@ -72,9 +72,9 @@ func proxyInfo(server *Server, detour adapter.Outbound) *badjson.JSONObject {
 	info.Put("udp", common.Contains(detour.Network(), N.NetworkUDP))
 	delayHistory := server.urlTestHistory.LoadURLTestHistory(adapter.OutboundTag(detour))
 	if delayHistory != nil {
-		info.Put("history", []*urltest.History{delayHistory})
+		info.Put("history", []*adapter.URLTestHistory{delayHistory})
 	} else {
-		info.Put("history", []*urltest.History{})
+		info.Put("history", []*adapter.URLTestHistory{})
 	}
 	if group, isGroup := detour.(adapter.OutboundGroup); isGroup {
 		info.Put("now", group.Now())
@@ -116,7 +116,7 @@ func getProxies(server *Server) func(w http.ResponseWriter, r *http.Request) {
 			"type":    "Fallback",
 			"name":    "GLOBAL",
 			"udp":     true,
-			"history": []*urltest.History{},
+			"history": []*adapter.URLTestHistory{},
 			"all":     allProxies,
 			"now":     defaultTag,
 		})
@@ -208,7 +208,7 @@ func getProxyDelay(server *Server) func(w http.ResponseWriter, r *http.Request)
 			if err != nil {
 				server.urlTestHistory.DeleteURLTestHistory(realTag)
 			} else {
-				server.urlTestHistory.StoreURLTestHistory(realTag, &urltest.History{
+				server.urlTestHistory.StoreURLTestHistory(realTag, &adapter.URLTestHistory{
 					Time:  time.Now(),
 					Delay: delay,
 				})

experimental/clashapi/server.go

@@ -48,7 +48,7 @@ type Server struct {
 	logger         log.Logger
 	httpServer     *http.Server
 	trafficManager *trafficontrol.Manager
-	urlTestHistory *urltest.HistoryStorage
+	urlTestHistory adapter.URLTestHistoryStorage
 	mode           string
 	modeList       []string
 	modeUpdateHook chan<- struct{}
@@ -79,7 +79,7 @@ func NewServer(ctx context.Context, logFactory log.ObservableFactory, options op
 		externalUIDownloadURL:    options.ExternalUIDownloadURL,
 		externalUIDownloadDetour: options.ExternalUIDownloadDetour,
 	}
-	s.urlTestHistory = service.PtrFromContext[urltest.HistoryStorage](ctx)
+	s.urlTestHistory = service.FromContext[adapter.URLTestHistoryStorage](ctx)
 	if s.urlTestHistory == nil {
 		s.urlTestHistory = urltest.NewHistoryStorage()
 	}
@@ -234,7 +234,7 @@ func (s *Server) SetMode(newMode string) {
 	s.logger.Info("updated mode: ", newMode)
 }
 
-func (s *Server) HistoryStorage() *urltest.HistoryStorage {
+func (s *Server) HistoryStorage() adapter.URLTestHistoryStorage {
 	return s.urlTestHistory
 }
 

experimental/clashapi/server_resources.go

@@ -3,6 +3,7 @@ package clashapi
 import (
 	"archive/zip"
 	"context"
+	"crypto/tls"
 	"io"
 	"net"
 	"net/http"
@@ -15,6 +16,7 @@ import (
 	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing/common/ntp"
 	"github.com/sagernet/sing/service/filemanager"
 )
 
@@ -60,6 +62,10 @@ func (s *Server) downloadExternalUI() error {
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				return detour.DialContext(ctx, network, M.ParseSocksaddr(addr))
 			},
+			TLSClientConfig: &tls.Config{
+				Time:    ntp.TimeFuncFromContext(s.ctx),
+				RootCAs: adapter.RootPoolFromContext(s.ctx),
+			},
 		},
 	}
 	defer httpClient.CloseIdleConnections()

experimental/libbox/command_urltest.go

@@ -76,7 +76,7 @@ func (s *CommandServer) handleURLTest(conn net.Conn) error {
 				if err != nil {
 					historyStorage.DeleteURLTestHistory(outboundTag)
 				} else {
-					historyStorage.StoreURLTestHistory(outboundTag, &urltest.History{
+					historyStorage.StoreURLTestHistory(outboundTag, &adapter.URLTestHistory{
 						Time:  time.Now(),
 						Delay: t,
 					})

experimental/libbox/config.go

@@ -108,6 +108,10 @@ func (s *platformInterfaceStub) ReadWIFIState() adapter.WIFIState {
 	return adapter.WIFIState{}
 }
 
+func (s *platformInterfaceStub) SystemCertificates() []string {
+	return nil
+}
+
 func (s *platformInterfaceStub) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*process.Info, error) {
 	return nil, os.ErrInvalid
 }

experimental/libbox/platform.go

@@ -21,6 +21,7 @@ type PlatformInterface interface {
 	UnderNetworkExtension() bool
 	IncludeAllNetworks() bool
 	ReadWIFIState() *WIFIState
+	SystemCertificates() StringIterator
 	ClearDNSCache()
 	SendNotification(notification *Notification) error
 }

experimental/libbox/platform/interface.go

@@ -19,6 +19,7 @@ type Interface interface {
 	IncludeAllNetworks() bool
 	ClearDNSCache()
 	ReadWIFIState() adapter.WIFIState
+	SystemCertificates() []string
 	process.Searcher
 	SendNotification(notification *Notification) error
 }

experimental/libbox/service.go

@@ -34,7 +34,7 @@ import (
 type BoxService struct {
 	ctx                   context.Context
 	cancel                context.CancelFunc
-	urlTestHistoryStorage *urltest.HistoryStorage
+	urlTestHistoryStorage adapter.URLTestHistoryStorage
 	instance              *box.Box
 	clashServer           adapter.ClashServer
 	pauseManager          pause.Manager
@@ -233,6 +233,10 @@ func (w *platformInterfaceWrapper) ReadWIFIState() adapter.WIFIState {
 	return (adapter.WIFIState)(*wifiState)
 }
 
+func (w *platformInterfaceWrapper) SystemCertificates() []string {
+	return iteratorToArray[string](w.iif.SystemCertificates())
+}
+
 func (w *platformInterfaceWrapper) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*process.Info, error) {
 	var uid int32
 	if w.useProcFS {