Add some protections against the incorrect cert type being used
This commit is contained in:
parent
ca05eff124
commit
50d50f690b
|
@ -362,11 +362,7 @@ struct IncomingSite: Codable {
|
|||
}
|
||||
|
||||
proto.providerConfiguration = ["config": rawConfig]
|
||||
|
||||
//TODO: proto is a subclass and we should probably set some settings on the parents
|
||||
//TODO: set these to meaningful values, or not at all
|
||||
proto.serverAddress = "TODO"
|
||||
proto.username = "TEST USERNAME"
|
||||
proto.serverAddress = "Nebula"
|
||||
|
||||
// Finish up the manager, this is what stores everything at the system level
|
||||
manager.protocolConfiguration = proto
|
||||
|
|
|
@ -28,7 +28,7 @@ class SiteItem extends StatelessWidget {
|
|||
Widget _buildContent(BuildContext context) {
|
||||
final border = BorderSide(color: Utils.configSectionBorder(context));
|
||||
var ip = "Error";
|
||||
if (site.cert != null) {
|
||||
if (site.cert != null && site.cert.cert.details.ips.length > 0) {
|
||||
ip = site.cert.cert.details.ips[0];
|
||||
}
|
||||
|
||||
|
|
|
@ -99,12 +99,22 @@ class _CAListScreenState extends State<CAListScreen> {
|
|||
//TODO: show an error popup
|
||||
try {
|
||||
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": ca});
|
||||
var ignored = 0;
|
||||
|
||||
List<dynamic> certs = jsonDecode(rawCerts);
|
||||
certs.forEach((rawCert) {
|
||||
final info = CertificateInfo.fromJson(rawCert);
|
||||
if (!info.cert.details.isCa) {
|
||||
ignored++;
|
||||
return;
|
||||
}
|
||||
cas[info.cert.fingerprint] = info;
|
||||
});
|
||||
|
||||
if (ignored > 0) {
|
||||
error = 'One or more certificates were ignored because they were not certificate authorities.';
|
||||
}
|
||||
|
||||
changed = true;
|
||||
} on PlatformException catch (err) {
|
||||
//TODO: fix this message
|
||||
|
|
|
@ -285,7 +285,12 @@ class _CertificateScreenState extends State<CertificateScreen> {
|
|||
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": rawCert});
|
||||
List<dynamic> certs = jsonDecode(rawCerts);
|
||||
if (certs.length > 0) {
|
||||
cert = CertificateInfo.fromJson(certs.first);
|
||||
var tryCert = CertificateInfo.fromJson(certs.first);
|
||||
if (tryCert.cert.details.isCa) {
|
||||
return callback('A certificate authority is not appropriate for a client certificate.');
|
||||
}
|
||||
//TODO: test that the pubkey matches the privkey
|
||||
cert = tryCert;
|
||||
}
|
||||
} on PlatformException catch (err) {
|
||||
error = err.details ?? err.message;
|
||||
|
|
Loading…
Reference in New Issue