Merge pull request #452 from nworbnhoj/main

minor fixes across chat components
betrusted-io · Nov 30, 2023 · b255468 · b255468
2 parents 26a1277 + 9de7f05
commit b255468
Show file tree

Hide file tree

Showing 6 changed files with 65 additions and 24 deletions.
diff --git a/apps/mtxchat/Cargo.toml b/apps/mtxchat/Cargo.toml
@@ -33,7 +33,6 @@ chat = { path = "../../libs/chat" }
 modals = { path = "../../services/modals" }
 percent-encoding = "2.2"
 rkyv = {version = "0.4.3", default-features = false, features = ["const_generics"]}
-rustls = { version = "0.21.7" }
 serde = { version = "1.0", features = [ "derive" ] }
 tls = { path = "../../libs/tls" }
 ureq = { version = "2.7.1", features = ["json"] }

diff --git a/libs/chat/src/lib.rs b/libs/chat/src/lib.rs
@@ -354,7 +354,7 @@ pub fn server(
     log::info!("my PID is {}", xous::process::id());
 
     let mut ui = ui::Ui::new(sid, app_name, app_menu, app_cid, opcode_event);
-
+    let mut dialogue_key = None;
     let mut allow_redraw = false;
     loop {
         let msg = xous::receive_message(sid).unwrap();
@@ -408,7 +408,7 @@ pub fn server(
                 let buffer =
                     unsafe { Buffer::from_memory_message(msg.body.memory_message().unwrap()) };
                 let dialogue = buffer.to_original::<Dialogue, _>().unwrap();
-                let dialogue_key = match dialogue.key {
+                dialogue_key = match dialogue.key {
                     Some(key) => Some(key.to_string()),
                     None => None,
                 };
@@ -526,19 +526,24 @@ pub fn server(
             }
             Some(ChatOp::PostAdd) => {
                 log::info!("ChatOp::PostAdd");
-                let buffer =
-                    unsafe { Buffer::from_memory_message(msg.body.memory_message().unwrap()) };
-                match buffer.to_original::<api::Post, _>() {
-                    Ok(post) => ui
-                        .post_add(
-                            post.dialogue_id.as_str().unwrap(),
-                            post.author.as_str().unwrap(),
-                            post.timestamp,
-                            post.text.as_str().unwrap(),
-                            None, // TODO implement
-                        )
-                        .unwrap(),
-                    Err(e) => log::warn!("failed to deserialize Post: {:?}", e),
+                match dialogue_key {
+                    Some(ref dialogue_id) => {
+                        let buffer =
+                            unsafe { Buffer::from_memory_message(msg.body.memory_message().unwrap()) };
+                        match buffer.to_original::<api::Post, _>() {
+                            Ok(post) => ui
+                                .post_add(
+                                    &dialogue_id,
+                                    post.author.as_str().unwrap(),
+                                    post.timestamp,
+                                    post.text.as_str().unwrap(),
+                                    None, // TODO implement
+                                )
+                                .unwrap(),
+                            Err(e) => log::warn!("failed to deserialize Post: {:?}", e),
+                        }
+                    }
+                    None => log::warn!("failed to PostAdd with Dialogue == None"),
                 }
             }
             Some(ChatOp::PostDel) => {

diff --git a/libs/tls/README.md b/libs/tls/README.md
@@ -15,8 +15,8 @@ Note that hosts with self-signed Certificates may be probed and trusted (e.g. [c
 A small set of shellchat commands are included to enact the base functionality:
 
 - `net tls probe <host>` will initiate a modified tls handshake with `<host>`, obtain the certificate chain offered by `<host>`, and immediately terminate the connection. A call to Tls::check_trust() will present the CA certificate chain in a modal to be individually selected and saved to PDDB if trusted.
--  `net tls test <host>` will attempt a normal tls handshake with `<host>` based on the trusted Root CA certificates in the PDDB. If the connection is successful, then a simple `get` is emitted, the response accepted, and the connection closed.
--  `net tls mozilla` trusts and saves all Root CA's in the [webpki-roots crate](https://crates.io/crates/webpki-roots) - which contains Mozilla's root certificates. (requires `--feature rootCA`)
+- `net tls test <host>` will attempt a normal tls handshake with `<host>` based on the trusted Root CA certificates in the PDDB. If the connection is successful, then a simple `get` is emitted, the response accepted, and the connection closed.
+- `net tls mozilla` trusts and saves all Root CA's in the [webpki-roots crate](https://crates.io/crates/webpki-roots) - which contains Mozilla's root certificates. (requires `--feature rootCA`)
 - `net list` lists all trusted certificates in the PDDB
 - `net deleteall` deletes all trusted certificates in the PDDB
 
@@ -37,5 +37,5 @@ Considerations:
 - there is an outstanding **issue** where the `checkbox` modal does not display options with multiple lines correctly. This impacts the display of fingerprints for some certificates with longer subjects.
 - It may be worth considering rendering public `pddb::KEY_NAME_LEN` to allow developer to avoid sending overly long key's which will be rejected by the pddb.
 - probably need a shellchat `net tls delete <cert>`
-- some broken code is included for a future fix if required [RustlsOwnedTrustAnchor::publik_key()](https://github.com/betrusted-io/xous-core/pull/394/commits/4e0298c17ad2c51aa220a88dc69bf2f56e51076f)
+- some broken code is included for a future fix if required [RustlsOwnedTrustAnchor::public_key()](https://github.com/betrusted-io/xous-core/pull/394/commits/4e0298c17ad2c51aa220a88dc69bf2f56e51076f)
 - some hosts (eg bunnyfoo.com) emit an `unexpected eof` error during tls handshake 🤷
diff --git a/libs/tls/locales/i18n.json b/libs/tls/locales/i18n.json
@@ -40,8 +40,20 @@
         "en-tts": "save host CA'a if trusted"
     },
     "tls.probe_fail_servername": {
-        "en": "failed to create sever name from",
-        "en-tts": "failed to create sever name from"
+        "en": "failed to create server name from",
+        "en-tts": "failed to create server name from"
+    },
+    "tls.probe_invalid_certificate": {
+        "en": "Invalid certificate : ",
+        "en-tts": "Invalid certificate : "
+    },
+    "tls.probe_help_unknown_issuer": {
+        "en": "you may choose to trust a known CA",
+        "en-tts": "you may choose to trust a known CA"
+    },
+    "tls.probe_help_not_valid_yet": {
+        "en": "error maybe caused by an improperly set clock",
+        "en-tts": "error maybe caused by an improperly set clock"
     },
     "tls.probe_done": {
         "en": "trusted CA's",

diff --git a/libs/tls/src/danger.rs b/libs/tls/src/danger.rs
@@ -1,5 +1,8 @@
+use locales::t;
+use modals::Modals;
 use rustls::client::{ServerCertVerified, WebPkiVerifier};
 use rustls::{CertificateError, Error, RootCertStore};
+use xous_names::XousNames;
 
 pub struct StifledCertificateVerification {
     pub roots: RootCertStore,
@@ -28,8 +31,30 @@ impl rustls::client::ServerCertVerifier for StifledCertificateVerification {
             now,
         ) {
             Ok(ok) => Ok(ok),
-            Err(Error::InvalidCertificate(CertificateError::UnknownIssuer)) => {
-                Ok(ServerCertVerified::assertion())
+            Err(Error::InvalidCertificate(e)) => {
+                let xns = XousNames::new().unwrap();
+                let modals = Modals::new(&xns).unwrap();
+                modals
+                    .show_notification(
+                        format!("{}\n{:?}", t!("tls.probe_invalid_certificate", locales::LANG), e).as_str(),
+                        None,
+                    )
+                    .expect("modal failed");
+                match e {
+                    CertificateError::UnknownIssuer => {
+                        modals
+                            .show_notification(t!("tls.probe_help_unknown_issuer", locales::LANG), None)
+                            .expect("modal failed");
+                        Ok(ServerCertVerified::assertion())
+                    }
+                    CertificateError::NotValidYet => {
+                        modals
+                            .show_notification(t!("tls.probe_help_not_valid_yet", locales::LANG), None)
+                            .expect("modal failed");
+                        Err(Error::InvalidCertificate(e))
+                    }
+                    _ => Err(Error::InvalidCertificate(e)),
+                }
             }
             Err(e) => Err(e),
         }

diff --git a/libs/tls/src/lib.rs b/libs/tls/src/lib.rs
@@ -278,7 +278,7 @@ impl Tls {
         root_store
     }
 
-    /// Probes the target and returns true is at least 1 certificate is trusted
+    /// Probes the target and returns a count of newly trusted 1 certificates
     ///
     /// Establishes a tls connection to the target host, extracts the
     /// certificates offered and immediately closes the connection.