projects
/
moonshot-ui.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bump the version number in configure.ac to 1.0.5
[moonshot-ui.git]
/
src
/
moonshot-trust-anchor-dialog.vala
diff --git
a/src/moonshot-trust-anchor-dialog.vala
b/src/moonshot-trust-anchor-dialog.vala
index
a4210ab
..
89ea6fc
100644
(file)
--- a/
src/moonshot-trust-anchor-dialog.vala
+++ b/
src/moonshot-trust-anchor-dialog.vala
@@
-39,7
+39,7
@@
public class TrustAnchorConfirmationRequest : GLib.Object {
IdentityManagerApp parent_app;
string userid;
string realm;
IdentityManagerApp parent_app;
string userid;
string realm;
- string
ca_hash
;
+ string
fingerprint
;
public bool confirmed = false;
TrustAnchorConfirmationCallback callback = null;
public bool confirmed = false;
TrustAnchorConfirmationCallback callback = null;
@@
-47,12
+47,12
@@
public class TrustAnchorConfirmationRequest : GLib.Object {
public TrustAnchorConfirmationRequest(IdentityManagerApp parent_app,
string userid,
string realm,
public TrustAnchorConfirmationRequest(IdentityManagerApp parent_app,
string userid,
string realm,
- string
ca_hash
)
+ string
fingerprint
)
{
this.parent_app = parent_app;
this.userid = userid;
this.realm = realm;
{
this.parent_app = parent_app;
this.userid = userid;
this.realm = realm;
- this.
ca_hash = ca_hash
;
+ this.
fingerprint = fingerprint
;
}
public void set_callback(owned TrustAnchorConfirmationCallback cb)
}
public void set_callback(owned TrustAnchorConfirmationCallback cb)
@@
-80,13
+80,20
@@
public class TrustAnchorConfirmationRequest : GLib.Object {
return false;
}
return false;
}
- if (card.trust_anchor.server_cert == ca_hash) {
+ logger.trace("execute: expected cert='%s'; fingerprint='%s'".printf(card.trust_anchor.server_cert, fingerprint));
+ if (card.trust_anchor.server_cert == fingerprint) {
logger.trace(@"execute: Fingerprint for $nai matches stored value; returning true.");
return_confirmation(true);
return false;
}
logger.trace(@"execute: Fingerprint for $nai matches stored value; returning true.");
return_confirmation(true);
return false;
}
- var dialog = new TrustAnchorDialog(card, userid, realm, ca_hash);
+ if (parent_app.headless) {
+ logger.trace(@"execute: Running in headless mode; returning false.");
+ return_confirmation(false);
+ return false;
+ }
+
+ var dialog = new TrustAnchorDialog(card, userid, realm, fingerprint);
var response = dialog.run();
dialog.destroy();
bool is_confirmed = (response == ResponseType.OK);
var response = dialog.run();
dialog.destroy();
bool is_confirmed = (response == ResponseType.OK);
@@
-94,7
+101,7
@@
public class TrustAnchorConfirmationRequest : GLib.Object {
if (is_confirmed) {
logger.trace(@"execute: Fingerprint confirmed; updating stored value.");
if (is_confirmed) {
logger.trace(@"execute: Fingerprint confirmed; updating stored value.");
- card.trust_anchor.update_server_fingerprint(
ca_hash
);
+ card.trust_anchor.update_server_fingerprint(
fingerprint
);
parent_app.model.update_card(card);
}
parent_app.model.update_card(card);
}
@@
-135,9
+142,9
@@
class TrustAnchorDialog : Dialog
public TrustAnchorDialog(IdCard card,
string userid,
string realm,
public TrustAnchorDialog(IdCard card,
string userid,
string realm,
- string
ca_hash
)
+ string
fingerprint
)
{
{
- string server_ta_label_text =
null
;
+ string server_ta_label_text =
_("Server's trust anchor certificate (SHA-256 fingerprint):")
;
this.set_title(_("Trust Anchor"));
this.set_modal(true);
this.set_title(_("Trust Anchor"));
this.set_modal(true);
@@
-147,7
+154,7
@@
class TrustAnchorDialog : Dialog
this.add_buttons(_("Cancel"), ResponseType.CANCEL,
_("Confirm"), ResponseType.OK);
this.add_buttons(_("Cancel"), ResponseType.CANCEL,
_("Confirm"), ResponseType.OK);
- this.set_default_response(ResponseType.
OK
);
+ this.set_default_response(ResponseType.
CANCEL
);
var content_area = this.get_content_area();
((Box) content_area).set_spacing(12);
var content_area = this.get_content_area();
((Box) content_area).set_spacing(12);
@@
-158,15
+165,16
@@
class TrustAnchorDialog : Dialog
string label_markup;
if (card.trust_anchor.server_cert == "") {
string label_markup;
if (card.trust_anchor.server_cert == "") {
- label_markup = "<span font-weight='heavy'>" + _("You are using this identity for the first time with the following trust anchor:") + "</span>";
+ label_markup = "<span font-weight='heavy'>"
+ + _("You are using this identity for the first time with the following trust anchor:") + "</span>";
}
else {
// The server's fingerprint isn't what we're expecting this server to provide.
}
else {
// The server's fingerprint isn't what we're expecting this server to provide.
- label_markup = "<span font-weight='heavy'>" + _("WARNING: This connection may not be secure! ")
- + _("The server's trust anchor does not match the expected trust anchor for this server.")
+ label_markup = "<span font-weight='heavy'>" +
+ _("WARNING: The certificate we received for the authentication server for %s").printf(card.issuer)
+ + _(" is different than expected. Either the server certificate has changed, or an")
+ + _(" attack may be underway. If you proceed to the wrong server, your login credentials may be compromised.")
+ "</span>";
+ "</span>";
-
- server_ta_label_text = _("Server's trust anchor (SHA-256 fingerprint) :");
}
dialog_label.set_markup(label_markup);
}
dialog_label.set_markup(label_markup);
@@
-179,10
+187,16
@@
class TrustAnchorDialog : Dialog
var realm_label = new Label(_("Realm: ") + realm);
realm_label.set_alignment(0, 0.5f);
var realm_label = new Label(_("Realm: ") + realm);
realm_label.set_alignment(0, 0.5f);
- Label confirm_label = new Label(_("Please confirm that this is the correct trust anchor."));
+ string confirm_text = _("\nPlease check with your realm administrator for the correct fingerprint")
+ + _(" for your authentication server. If it matches the above fingerprint,")
+ + _(" confirm the change. If not, then cancel.");
+
+ Label confirm_label = new Label(confirm_text);
confirm_label.set_alignment(0, 0.5f);
confirm_label.set_alignment(0, 0.5f);
+ confirm_label.set_line_wrap(true);
+ confirm_label.set_width_chars(60);
- var trust_anchor_display = make_ta_fingerprint_widget(
ca_hash
, server_ta_label_text);
+ var trust_anchor_display = make_ta_fingerprint_widget(
fingerprint
, server_ta_label_text);
var vbox = new VBox(false, 0);
vbox.set_border_width(6);
var vbox = new VBox(false, 0);
vbox.set_border_width(6);
@@
-192,12
+206,6
@@
class TrustAnchorDialog : Dialog
vbox.pack_start(trust_anchor_display, true, true, 0);
vbox.pack_start(confirm_label, true, true, 12);
vbox.pack_start(trust_anchor_display, true, true, 0);
vbox.pack_start(confirm_label, true, true, 12);
- if (card.trust_anchor.server_cert != "") {
- var expected_ta_display = make_ta_fingerprint_widget(card.trust_anchor.server_cert,
- _("Expected trust anchor (SHA-256 fingerprint) :"));
- vbox.pack_start(expected_ta_display, true, true, 0);
- }
-
((Container) content_area).add(vbox);
this.set_border_width(6);
((Container) content_area).add(vbox);
this.set_border_width(6);