Add some protections against the incorrect cert type being used
This commit is contained in:
parent
ca05eff124
commit
50d50f690b
|
@ -362,11 +362,7 @@ struct IncomingSite: Codable {
|
||||||
}
|
}
|
||||||
|
|
||||||
proto.providerConfiguration = ["config": rawConfig]
|
proto.providerConfiguration = ["config": rawConfig]
|
||||||
|
proto.serverAddress = "Nebula"
|
||||||
//TODO: proto is a subclass and we should probably set some settings on the parents
|
|
||||||
//TODO: set these to meaningful values, or not at all
|
|
||||||
proto.serverAddress = "TODO"
|
|
||||||
proto.username = "TEST USERNAME"
|
|
||||||
|
|
||||||
// Finish up the manager, this is what stores everything at the system level
|
// Finish up the manager, this is what stores everything at the system level
|
||||||
manager.protocolConfiguration = proto
|
manager.protocolConfiguration = proto
|
||||||
|
|
|
@ -28,7 +28,7 @@ class SiteItem extends StatelessWidget {
|
||||||
Widget _buildContent(BuildContext context) {
|
Widget _buildContent(BuildContext context) {
|
||||||
final border = BorderSide(color: Utils.configSectionBorder(context));
|
final border = BorderSide(color: Utils.configSectionBorder(context));
|
||||||
var ip = "Error";
|
var ip = "Error";
|
||||||
if (site.cert != null) {
|
if (site.cert != null && site.cert.cert.details.ips.length > 0) {
|
||||||
ip = site.cert.cert.details.ips[0];
|
ip = site.cert.cert.details.ips[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -99,12 +99,22 @@ class _CAListScreenState extends State<CAListScreen> {
|
||||||
//TODO: show an error popup
|
//TODO: show an error popup
|
||||||
try {
|
try {
|
||||||
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": ca});
|
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": ca});
|
||||||
|
var ignored = 0;
|
||||||
|
|
||||||
List<dynamic> certs = jsonDecode(rawCerts);
|
List<dynamic> certs = jsonDecode(rawCerts);
|
||||||
certs.forEach((rawCert) {
|
certs.forEach((rawCert) {
|
||||||
final info = CertificateInfo.fromJson(rawCert);
|
final info = CertificateInfo.fromJson(rawCert);
|
||||||
|
if (!info.cert.details.isCa) {
|
||||||
|
ignored++;
|
||||||
|
return;
|
||||||
|
}
|
||||||
cas[info.cert.fingerprint] = info;
|
cas[info.cert.fingerprint] = info;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
if (ignored > 0) {
|
||||||
|
error = 'One or more certificates were ignored because they were not certificate authorities.';
|
||||||
|
}
|
||||||
|
|
||||||
changed = true;
|
changed = true;
|
||||||
} on PlatformException catch (err) {
|
} on PlatformException catch (err) {
|
||||||
//TODO: fix this message
|
//TODO: fix this message
|
||||||
|
|
|
@ -285,7 +285,12 @@ class _CertificateScreenState extends State<CertificateScreen> {
|
||||||
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": rawCert});
|
var rawCerts = await platform.invokeMethod("nebula.parseCerts", <String, String>{"certs": rawCert});
|
||||||
List<dynamic> certs = jsonDecode(rawCerts);
|
List<dynamic> certs = jsonDecode(rawCerts);
|
||||||
if (certs.length > 0) {
|
if (certs.length > 0) {
|
||||||
cert = CertificateInfo.fromJson(certs.first);
|
var tryCert = CertificateInfo.fromJson(certs.first);
|
||||||
|
if (tryCert.cert.details.isCa) {
|
||||||
|
return callback('A certificate authority is not appropriate for a client certificate.');
|
||||||
|
}
|
||||||
|
//TODO: test that the pubkey matches the privkey
|
||||||
|
cert = tryCert;
|
||||||
}
|
}
|
||||||
} on PlatformException catch (err) {
|
} on PlatformException catch (err) {
|
||||||
error = err.details ?? err.message;
|
error = err.details ?? err.message;
|
||||||
|
|
Loading…
Reference in New Issue