From c4ddeeb37ca241f5a405818c84de092a19c628d7 Mon Sep 17 00:00:00 2001 From: Dan Breslau Date: Wed, 26 Oct 2016 14:20:14 -0400 Subject: [PATCH] In TrustAnchorConfirmationRequest, check for headless mode and return false if fingerprints don't match --- src/moonshot-identity-manager-app.vala | 3 +++ src/moonshot-trust-anchor-dialog.vala | 23 +++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/moonshot-identity-manager-app.vala b/src/moonshot-identity-manager-app.vala index 5d0fbd5..c4c8437 100644 --- a/src/moonshot-identity-manager-app.vala +++ b/src/moonshot-identity-manager-app.vala @@ -55,6 +55,7 @@ public class IdentityManagerApp { private bool name_is_owned; private bool show_requested; public bool use_flat_file_store {public get; private set;} + public bool headless {public get; private set;} #if OS_MACOS public OSXApplication osxApp; @@ -88,6 +89,8 @@ public class IdentityManagerApp { #endif public IdentityManagerApp(bool headless, bool use_flat_file_store) { + this.headless = headless; + use_flat_file_store |= UserForcesFlatFileStore(); this.use_flat_file_store = use_flat_file_store; diff --git a/src/moonshot-trust-anchor-dialog.vala b/src/moonshot-trust-anchor-dialog.vala index b22c874..04fc1e0 100644 --- a/src/moonshot-trust-anchor-dialog.vala +++ b/src/moonshot-trust-anchor-dialog.vala @@ -39,7 +39,7 @@ public class TrustAnchorConfirmationRequest : GLib.Object { IdentityManagerApp parent_app; string userid; string realm; - string ca_hash; + string fingerprint; public bool confirmed = false; TrustAnchorConfirmationCallback callback = null; @@ -47,12 +47,12 @@ public class TrustAnchorConfirmationRequest : GLib.Object { public TrustAnchorConfirmationRequest(IdentityManagerApp parent_app, string userid, string realm, - string ca_hash) + string fingerprint) { this.parent_app = parent_app; this.userid = userid; this.realm = realm; - this.ca_hash = ca_hash; + this.fingerprint = fingerprint; } public void set_callback(owned TrustAnchorConfirmationCallback cb) @@ -80,13 +80,20 @@ public class TrustAnchorConfirmationRequest : GLib.Object { return false; } - if (card.trust_anchor.server_cert == ca_hash) { + logger.trace("execute: expected cert='%s'; fingerprint='%s'".printf(card.trust_anchor.server_cert, fingerprint)); + if (card.trust_anchor.server_cert == fingerprint) { logger.trace(@"execute: Fingerprint for $nai matches stored value; returning true."); return_confirmation(true); return false; } - var dialog = new TrustAnchorDialog(card, userid, realm, ca_hash); + if (parent_app.headless) { + logger.trace(@"execute: Running in headless mode; returning false."); + return_confirmation(false); + return false; + } + + var dialog = new TrustAnchorDialog(card, userid, realm, fingerprint); var response = dialog.run(); dialog.destroy(); bool is_confirmed = (response == ResponseType.OK); @@ -94,7 +101,7 @@ public class TrustAnchorConfirmationRequest : GLib.Object { if (is_confirmed) { logger.trace(@"execute: Fingerprint confirmed; updating stored value."); - card.trust_anchor.update_server_fingerprint(ca_hash); + card.trust_anchor.update_server_fingerprint(fingerprint); parent_app.model.update_card(card); } @@ -135,7 +142,7 @@ class TrustAnchorDialog : Dialog public TrustAnchorDialog(IdCard card, string userid, string realm, - string ca_hash) + string fingerprint) { string server_ta_label_text = _("Server’s trust anchor certificate (SHA-256 fingerprint):"); @@ -189,7 +196,7 @@ class TrustAnchorDialog : Dialog confirm_label.set_line_wrap(true); confirm_label.set_width_chars(60); - var trust_anchor_display = make_ta_fingerprint_widget(ca_hash, server_ta_label_text); + var trust_anchor_display = make_ta_fingerprint_widget(fingerprint, server_ta_label_text); var vbox = new VBox(false, 0); vbox.set_border_width(6); -- 2.1.4