X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fmoonshot-trust-anchor-dialog.vala;h=89ea6fc3fb3f66e94d12d111dfa5f525cf2dc5af;hb=HEAD;hp=a4210aba4f62358d2f5506fe9bc6552370f3cbff;hpb=4769d205d26666af11c7d62d246115f4d46bd82b;p=moonshot-ui.git
diff --git a/src/moonshot-trust-anchor-dialog.vala b/src/moonshot-trust-anchor-dialog.vala
index a4210ab..89ea6fc 100644
--- a/src/moonshot-trust-anchor-dialog.vala
+++ b/src/moonshot-trust-anchor-dialog.vala
@@ -39,7 +39,7 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
IdentityManagerApp parent_app;
string userid;
string realm;
- string ca_hash;
+ string fingerprint;
public bool confirmed = false;
TrustAnchorConfirmationCallback callback = null;
@@ -47,12 +47,12 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
public TrustAnchorConfirmationRequest(IdentityManagerApp parent_app,
string userid,
string realm,
- string ca_hash)
+ string fingerprint)
{
this.parent_app = parent_app;
this.userid = userid;
this.realm = realm;
- this.ca_hash = ca_hash;
+ this.fingerprint = fingerprint;
}
public void set_callback(owned TrustAnchorConfirmationCallback cb)
@@ -80,13 +80,20 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
return false;
}
- if (card.trust_anchor.server_cert == ca_hash) {
+ logger.trace("execute: expected cert='%s'; fingerprint='%s'".printf(card.trust_anchor.server_cert, fingerprint));
+ if (card.trust_anchor.server_cert == fingerprint) {
logger.trace(@"execute: Fingerprint for $nai matches stored value; returning true.");
return_confirmation(true);
return false;
}
- var dialog = new TrustAnchorDialog(card, userid, realm, ca_hash);
+ if (parent_app.headless) {
+ logger.trace(@"execute: Running in headless mode; returning false.");
+ return_confirmation(false);
+ return false;
+ }
+
+ var dialog = new TrustAnchorDialog(card, userid, realm, fingerprint);
var response = dialog.run();
dialog.destroy();
bool is_confirmed = (response == ResponseType.OK);
@@ -94,7 +101,7 @@ public class TrustAnchorConfirmationRequest : GLib.Object {
if (is_confirmed) {
logger.trace(@"execute: Fingerprint confirmed; updating stored value.");
- card.trust_anchor.update_server_fingerprint(ca_hash);
+ card.trust_anchor.update_server_fingerprint(fingerprint);
parent_app.model.update_card(card);
}
@@ -135,9 +142,9 @@ class TrustAnchorDialog : Dialog
public TrustAnchorDialog(IdCard card,
string userid,
string realm,
- string ca_hash)
+ string fingerprint)
{
- string server_ta_label_text = null;
+ string server_ta_label_text = _("Server's trust anchor certificate (SHA-256 fingerprint):");
this.set_title(_("Trust Anchor"));
this.set_modal(true);
@@ -147,7 +154,7 @@ class TrustAnchorDialog : Dialog
this.add_buttons(_("Cancel"), ResponseType.CANCEL,
_("Confirm"), ResponseType.OK);
- this.set_default_response(ResponseType.OK);
+ this.set_default_response(ResponseType.CANCEL);
var content_area = this.get_content_area();
((Box) content_area).set_spacing(12);
@@ -158,15 +165,16 @@ class TrustAnchorDialog : Dialog
string label_markup;
if (card.trust_anchor.server_cert == "") {
- label_markup = "" + _("You are using this identity for the first time with the following trust anchor:") + "";
+ label_markup = ""
+ + _("You are using this identity for the first time with the following trust anchor:") + "";
}
else {
// The server's fingerprint isn't what we're expecting this server to provide.
- label_markup = "" + _("WARNING: This connection may not be secure! ")
- + _("The server's trust anchor does not match the expected trust anchor for this server.")
+ label_markup = "" +
+ _("WARNING: The certificate we received for the authentication server for %s").printf(card.issuer)
+ + _(" is different than expected. Either the server certificate has changed, or an")
+ + _(" attack may be underway. If you proceed to the wrong server, your login credentials may be compromised.")
+ "";
-
- server_ta_label_text = _("Server's trust anchor (SHA-256 fingerprint) :");
}
dialog_label.set_markup(label_markup);
@@ -179,10 +187,16 @@ class TrustAnchorDialog : Dialog
var realm_label = new Label(_("Realm: ") + realm);
realm_label.set_alignment(0, 0.5f);
- Label confirm_label = new Label(_("Please confirm that this is the correct trust anchor."));
+ string confirm_text = _("\nPlease check with your realm administrator for the correct fingerprint")
+ + _(" for your authentication server. If it matches the above fingerprint,")
+ + _(" confirm the change. If not, then cancel.");
+
+ Label confirm_label = new Label(confirm_text);
confirm_label.set_alignment(0, 0.5f);
+ confirm_label.set_line_wrap(true);
+ confirm_label.set_width_chars(60);
- var trust_anchor_display = make_ta_fingerprint_widget(ca_hash, server_ta_label_text);
+ var trust_anchor_display = make_ta_fingerprint_widget(fingerprint, server_ta_label_text);
var vbox = new VBox(false, 0);
vbox.set_border_width(6);
@@ -192,12 +206,6 @@ class TrustAnchorDialog : Dialog
vbox.pack_start(trust_anchor_display, true, true, 0);
vbox.pack_start(confirm_label, true, true, 12);
- if (card.trust_anchor.server_cert != "") {
- var expected_ta_display = make_ta_fingerprint_widget(card.trust_anchor.server_cert,
- _("Expected trust anchor (SHA-256 fingerprint) :"));
- vbox.pack_start(expected_ta_display, true, true, 0);
- }
-
((Container) content_area).add(vbox);
this.set_border_width(6);