From 693c7b6346002a5e1b01abe62f62d2dfb99683b8 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Wed, 17 May 2023 12:10:11 -0400 Subject: [PATCH] Hide CA expiration errors on managed sites (#128) --- .../kotlin/net/defined/mobile_nebula/Sites.kt | 4 +-- ios/NebulaNetworkExtension/Site.swift | 33 +++++++++---------- lib/screens/siteConfig/SiteConfigScreen.dart | 17 ++++++---- 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/android/app/src/main/kotlin/net/defined/mobile_nebula/Sites.kt b/android/app/src/main/kotlin/net/defined/mobile_nebula/Sites.kt index 7517d86..c86d617 100644 --- a/android/app/src/main/kotlin/net/defined/mobile_nebula/Sites.kt +++ b/android/app/src/main/kotlin/net/defined/mobile_nebula/Sites.kt @@ -52,7 +52,7 @@ class Sites(private var engine: FlutterEngine) { val context = MainActivity.getContext()!! val site = containers[id]!!.site - val baseDir = if(site.managed == true) context.noBackupFilesDir else context.filesDir + val baseDir = if(site.managed) context.noBackupFilesDir else context.filesDir val siteDir = baseDir.resolve("sites").resolve(id) siteDir.deleteRecursively() refreshSites() @@ -275,7 +275,7 @@ class Site(context: Context, siteDir: File) { } } - if (hasErrors) { + if (hasErrors && !managed) { errors.add("There are issues with 1 or more ca certificates") } diff --git a/ios/NebulaNetworkExtension/Site.swift b/ios/NebulaNetworkExtension/Site.swift index 7a8ba20..0a5653d 100644 --- a/ios/NebulaNetworkExtension/Site.swift +++ b/ios/NebulaNetworkExtension/Site.swift @@ -194,6 +194,15 @@ class Site: Codable { id = incoming.id staticHostmap = incoming.staticHostmap unsafeRoutes = incoming.unsafeRoutes ?? [] + lhDuration = incoming.lhDuration + port = incoming.port + cipher = incoming.cipher + sortKey = incoming.sortKey ?? 0 + logVerbosity = incoming.logVerbosity ?? "info" + mtu = incoming.mtu ?? 1300 + managed = incoming.managed ?? false + lastManagedUpdate = incoming.lastManagedUpdate + rawConfig = incoming.rawConfig do { let rawCert = incoming.cert @@ -232,7 +241,7 @@ class Site: Codable { } } - if (hasErrors) { + if (hasErrors && !managed) { errors.append("There are issues with 1 or more ca certificates") } @@ -248,16 +257,6 @@ class Site: Codable { errors.append("Unable to create the site directory: \(error.localizedDescription)") } - lhDuration = incoming.lhDuration - port = incoming.port - cipher = incoming.cipher - sortKey = incoming.sortKey ?? 0 - logVerbosity = incoming.logVerbosity ?? "info" - mtu = incoming.mtu ?? 1300 - managed = incoming.managed ?? false - lastManagedUpdate = incoming.lastManagedUpdate - rawConfig = incoming.rawConfig - if (managed && (try? getDNCredentials())?.invalid != false) { errors.append("Unable to fetch managed updates - please re-enroll the device") } @@ -307,16 +306,16 @@ class Site: Codable { func invalidateDNCredentials() throws { let creds = try getDNCredentials() creds.invalid = true - + if (!(try creds.save(siteID: self.id))) { throw "failed to store dn credentials in keychain" } } - + func validateDNCredentials() throws { let creds = try getDNCredentials() creds.invalid = false - + if (!(try creds.save(siteID: self.id))) { throw "failed to store dn credentials in keychain" } @@ -370,16 +369,16 @@ class DNCredentials: Codable { get { return _invalid ?? false } set { _invalid = newValue } } - + private var _invalid: Bool? - + func save(siteID: String) throws -> Bool { let encoder = JSONEncoder() let rawDNCredentials = try encoder.encode(self) return KeyChain.save(key: "\(siteID).dnCredentials", data: rawDNCredentials, managed: true) } - + enum CodingKeys: String, CodingKey { case hostID case privateKey diff --git a/lib/screens/siteConfig/SiteConfigScreen.dart b/lib/screens/siteConfig/SiteConfigScreen.dart index 7344561..1709a4d 100644 --- a/lib/screens/siteConfig/SiteConfigScreen.dart +++ b/lib/screens/siteConfig/SiteConfigScreen.dart @@ -154,13 +154,16 @@ class _SiteConfigScreenState extends State { Widget _keys() { final certError = site.certInfo == null || site.certInfo!.validity == null || !site.certInfo!.validity!.valid; - var caError = site.ca.length == 0; - if (!caError) { - site.ca.forEach((ca) { - if (ca.validity == null || !ca.validity!.valid) { - caError = true; - } - }); + var caError = false; + if (!site.managed) { + var caError = site.ca.length == 0; + if (!caError) { + site.ca.forEach((ca) { + if (ca.validity == null || !ca.validity!.valid) { + caError = true; + } + }); + } } return ConfigSection(