Add some protections against the incorrect cert type being used

This commit is contained in:
Nate Brown 2020-08-10 10:48:00 -05:00
parent ca05eff124
commit 50d50f690b
4 changed files with 18 additions and 7 deletions

View File

@ -362,11 +362,7 @@ struct IncomingSite: Codable {
} }
proto.providerConfiguration = ["config": rawConfig] proto.providerConfiguration = ["config": rawConfig]
proto.serverAddress = "Nebula"
//TODO: proto is a subclass and we should probably set some settings on the parents
//TODO: set these to meaningful values, or not at all
proto.serverAddress = "TODO"
proto.username = "TEST USERNAME"
// Finish up the manager, this is what stores everything at the system level // Finish up the manager, this is what stores everything at the system level
manager.protocolConfiguration = proto manager.protocolConfiguration = proto

View File

@ -28,7 +28,7 @@ class SiteItem extends StatelessWidget {
Widget _buildContent(BuildContext context) { Widget _buildContent(BuildContext context) {
final border = BorderSide(color: Utils.configSectionBorder(context)); final border = BorderSide(color: Utils.configSectionBorder(context));
var ip = "Error"; var ip = "Error";
if (site.cert != null) { if (site.cert != null && site.cert.cert.details.ips.length > 0) {
ip = site.cert.cert.details.ips[0]; ip = site.cert.cert.details.ips[0];
} }

View File

@ -99,12 +99,22 @@ class _CAListScreenState extends State<CAListScreen> {
//TODO: show an error popup //TODO: show an error popup
try { try {
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": ca}); var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": ca});
var ignored = 0;
List<dynamic> certs = jsonDecode(rawCerts); List<dynamic> certs = jsonDecode(rawCerts);
certs.forEach((rawCert) { certs.forEach((rawCert) {
final info = CertificateInfo.fromJson(rawCert); final info = CertificateInfo.fromJson(rawCert);
if (!info.cert.details.isCa) {
ignored++;
return;
}
cas[info.cert.fingerprint] = info; cas[info.cert.fingerprint] = info;
}); });
if (ignored > 0) {
error = 'One or more certificates were ignored because they were not certificate authorities.';
}
changed = true; changed = true;
} on PlatformException catch (err) { } on PlatformException catch (err) {
//TODO: fix this message //TODO: fix this message

View File

@ -285,7 +285,12 @@ class _CertificateScreenState extends State<CertificateScreen> {
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": rawCert}); var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": rawCert});
List<dynamic> certs = jsonDecode(rawCerts); List<dynamic> certs = jsonDecode(rawCerts);
if (certs.length > 0) { if (certs.length > 0) {
cert = CertificateInfo.fromJson(certs.first); var tryCert = CertificateInfo.fromJson(certs.first);
if (tryCert.cert.details.isCa) {
return callback('A certificate authority is not appropriate for a client certificate.');
}
//TODO: test that the pubkey matches the privkey
cert = tryCert;
} }
} on PlatformException catch (err) { } on PlatformException catch (err) {
error = err.details ?? err.message; error = err.details ?? err.message;