[geary/wip/20-cert-pinning: 31/32] Handle untrusted certs when adding a new account
- From: Michael Gratton <mjog src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/20-cert-pinning: 31/32] Handle untrusted certs when adding a new account
- Date: Tue, 8 Jan 2019 13:02:11 +0000 (UTC)
commit a906dfdfd230c1aebde6f99143262a137fc2f143
Author: Michael Gratton <mike vee net>
Date: Tue Jan 8 23:44:44 2019 +1100
Handle untrusted certs when adding a new account
Make the cert mamager easily available to acccount editor panes, hook up
to untrusted-host when validating the new account and prompt to pin
certs as needed.
src/client/accounts/accounts-editor-add-pane.vala | 75 +++++++++++++++++++----
src/client/accounts/accounts-editor.vala | 4 ++
2 files changed, 68 insertions(+), 11 deletions(-)
---
diff --git a/src/client/accounts/accounts-editor-add-pane.vala
b/src/client/accounts/accounts-editor-add-pane.vala
index cee7d989..3acc54fa 100644
--- a/src/client/accounts/accounts-editor-add-pane.vala
+++ b/src/client/accounts/accounts-editor-add-pane.vala
@@ -160,7 +160,7 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
this.set_sensitive(false);
bool is_valid = false;
- string message = "";
+ string? message = null;
Gtk.Widget? to_focus = null;
Geary.AccountInformation account =
@@ -175,6 +175,7 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
account.incoming = new_imap_service();
account.outgoing = new_smtp_service();
+ account.untrusted_host.connect(on_untrusted_host);
if (this.provider == Geary.ServiceProvider.OTHER) {
bool imap_valid = false;
@@ -190,8 +191,14 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
to_focus = this.imap_login.value;
// Translators: In-app notification label
message = _("Check your receiving login and password");
+ } catch (GLib.TlsError.BAD_CERTIFICATE err) {
+ debug("Error validating IMAP certifiate: %s", err.message);
+ // Nothing to do here, since the untrusted host
+ // handler will be dealing with it
} catch (GLib.Error err) {
- debug("Error validating IMAP service: %s", err.message);
+ Geary.ErrorContext context = new Geary.ErrorContext(err);
+ debug("Error validating IMAP service: %s",
+ context.format_full_error());
this.imap_tls.show();
to_focus = this.imap_hostname.value;
// Translators: In-app notification label
@@ -218,8 +225,14 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
to_focus = this.smtp_login.value;
// Translators: In-app notification label
message = _("Check your sending login and password");
+ } catch (GLib.TlsError.BAD_CERTIFICATE err) {
+ debug("Error validating SMTP certifiate: %s", err.message);
+ // Nothing to do here, since the untrusted host
+ // handler will be dealing with it
} catch (GLib.Error err) {
- debug("Error validating SMTP service: %s", err.message);
+ Geary.ErrorContext context = new Geary.ErrorContext(err);
+ debug("Error validating SMTP service: %s",
+ context.format_full_error());
this.smtp_tls.show();
to_focus = this.smtp_hostname.value;
// Translators: In-app notification label
@@ -240,7 +253,9 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
// Translators: In-app notification label
message = _("Check your email address and password");
} catch (GLib.Error err) {
- debug("Error validating provider service: %s", err.message);
+ Geary.ErrorContext context = new Geary.ErrorContext(err);
+ debug("Error validating SMTP service: %s",
+ context.format_full_error());
is_valid = false;
// Translators: In-app notification label
message = _("Could not connect, check your network");
@@ -260,6 +275,8 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
}
}
+ account.untrusted_host.disconnect(on_untrusted_host);
+
this.create_spinner.stop();
this.create_spinner.hide();
this.create_button.set_sensitive(true);
@@ -271,13 +288,15 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
if (to_focus != null) {
to_focus.grab_focus();
}
- add_notification(
- new InAppNotification(
- // Translators: In-app notification label, the
- // string substitution is a more detailed reason.
- _("Account not created: %s").printf(message)
- )
- );
+ if (message != null) {
+ add_notification(
+ new InAppNotification(
+ // Translators: In-app notification label, the
+ // string substitution is a more detailed reason.
+ _("Account not created: %s").printf(message)
+ )
+ );
+ }
}
}
@@ -405,6 +424,40 @@ internal class Accounts.EditorAddPane : Gtk.Grid, EditorPane {
check_validation();
}
+ private void on_untrusted_host(Geary.AccountInformation account,
+ Geary.ServiceInformation service,
+ Geary.Endpoint endpoint,
+ GLib.TlsConnection cx) {
+ this.editor.certificates.prompt_pin_certificate.begin(
+ this.editor, account, service, endpoint, true, null,
+ (obj, res) => {
+ try {
+ this.editor.certificates.prompt_pin_certificate.end(res);
+ } catch (Application.CertificateManagerError.UNTRUSTED err) {
+ // All good, just drop back into the editor window.
+ return;
+ } catch (Application.CertificateManagerError.STORE_FAILED err) {
+ // All good, just drop back into the editor
+ // window. XXX show error info bar rather than a
+ // notification
+ add_notification(
+ new InAppNotification(
+ // Translators: In-app notification label,
+ // when the app had a problem pinning an
+ // otherwise untrusted TLS certificate
+ _("Failed to store certificate")
+ )
+ );
+ return;
+ } catch (Application.CertificateManagerError err) {
+ debug("Unexptected error pinning cert: %s", err.message);
+ }
+
+ // Kick off another attempt to validate
+ this.validate_account.begin(null);
+ });
+ }
+
[GtkCallback]
private void on_create_button_clicked() {
this.validate_account.begin(null);
diff --git a/src/client/accounts/accounts-editor.vala b/src/client/accounts/accounts-editor.vala
index 4080164d..c6b87a22 100644
--- a/src/client/accounts/accounts-editor.vala
+++ b/src/client/accounts/accounts-editor.vala
@@ -29,6 +29,9 @@ public class Accounts.Editor : Gtk.Dialog {
internal Manager accounts { get; private set; }
+ internal Application.CertificateManager certificates {
+ get; private set;
+ }
private SimpleActionGroup actions = new SimpleActionGroup();
@@ -42,6 +45,7 @@ public class Accounts.Editor : Gtk.Dialog {
public Editor(GearyApplication application, Gtk.Window parent) {
this.application = application;
this.accounts = application.controller.account_manager;
+ this.certificates = application.controller.certificate_manager;
set_default_size(700, 450);
set_icon_name(GearyApplication.APP_ID);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
