jyapayne/moonlight-qt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require cert pinning for HTTPS

Browse source
This commit is contained in:
Cameron Gutman 2018-12-22 19:55:28 -08:00
commit 61d7aa0400
4 changed files with 128 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

13
app/backend/nvpairingmanager.cpp
View file

@ -208,6 +208,18 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
return PairState::ALREADY_IN_PROGRESS;
}
serverCert = QSslCertificate(serverCertStr);
if (serverCert.isNull()) {
Q_ASSERT(!serverCert.isNull());
qCritical() << "Failed to parse plaincert";
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
return PairState::FAILED;
}
// Pin this cert for TLS
m_Http.setServerCert(serverCert);
QByteArray randomChallenge = generateRandomBytes(16);
QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey);
QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
@ -309,6 +321,5 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
return PairState::FAILED;
}
serverCert = QSslCertificate(serverCertStr);
return PairState::PAIRED;
}