fix: remove insecure gemini client, add secure file based cert verifier

This commit is contained in:
Artemy Egorov 2024-08-07 13:40:24 +03:00
parent b821b2bb8b
commit 055b03838d
6 changed files with 43 additions and 67 deletions

View file

@ -9,7 +9,7 @@ mod utils;
use tokio::sync::Mutex; use tokio::sync::Mutex;
use types::{VigiError, VigiJsState, VigiState}; use types::{VigiError, VigiJsState, VigiState};
use utils::{read_or_create_jsonl, read_or_create_number}; use utils::{create_file, read_or_create_jsonl, read_or_create_number};
#[tauri::command] #[tauri::command]
async fn update_input( async fn update_input(
@ -133,6 +133,14 @@ async fn setup(
state.current_tab_index_path = local_data_dir.join("current_tab_index"); state.current_tab_index_path = local_data_dir.join("current_tab_index");
state.current_tab_index = read_or_create_number(&state.current_tab_index_path); state.current_tab_index = read_or_create_number(&state.current_tab_index_path);
println!("Checking cache dir");
if !state.cache_dir.exists() {
println!(" Creating cache dir");
fs::create_dir_all(&state.cache_dir).map_err(|_| VigiError::Config)?;
}
state.gemini_certs_path = create_file(state.cache_dir.join("gemini_certs"));
state.update_top_bar_input()?; state.update_top_bar_input()?;
println!("---Setup done---"); println!("---Setup done---");

View file

@ -1,54 +0,0 @@
use tokio_rustls::rustls::{
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
ClientConfig, SignatureScheme,
};
/// TODO: update to secure version when supported
pub fn insecure_gemini_client_config() -> ClientConfig {
ClientConfig::builder()
.dangerous()
.with_custom_certificate_verifier(std::sync::Arc::new(NoCertVerification {}))
.with_no_client_auth()
}
#[derive(Debug)]
struct NoCertVerification;
impl ServerCertVerifier for NoCertVerification {
fn verify_server_cert(
&self,
_end_entity: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
_intermediates: &[tokio_rustls::rustls::pki_types::CertificateDer<'_>],
_server_name: &tokio_rustls::rustls::pki_types::ServerName<'_>,
_ocsp_response: &[u8],
_now: tokio_rustls::rustls::pki_types::UnixTime,
) -> Result<ServerCertVerified, tokio_rustls::rustls::Error> {
Ok(ServerCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
_message: &[u8],
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
Ok(HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
Ok(HandshakeSignatureValid::assertion())
}
fn supported_verify_schemes(&self) -> Vec<tokio_rustls::rustls::SignatureScheme> {
vec![
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP521_SHA512,
]
}
}

View file

@ -1,9 +1,8 @@
use crate::types::{VigiError, VigiOutput}; use crate::types::{VigiError, VigiOutput, VigiState};
use bytes::Bytes; use bytes::Bytes;
use mime::Mime; use mime::Mime;
use url::Url; use url::Url;
mod insecure_gemini_client;
mod process_data; mod process_data;
mod process_url; mod process_url;
@ -12,11 +11,11 @@ use process_url::process_url;
type ReqResult = (Mime, Bytes); type ReqResult = (Mime, Bytes);
pub async fn process_input(input: &String) -> Result<VigiOutput, VigiError> { pub async fn process_input(input: &String, state: &VigiState) -> Result<VigiOutput, VigiError> {
let parsed = Url::parse(input); let parsed = Url::parse(input);
let (mime, data) = match parsed { let (mime, data) = match parsed {
Ok(url) => process_url(url).await?, Ok(url) => process_url(url, state).await?,
Err(_) => Err(VigiError::Network)?, Err(_) => Err(VigiError::Network)?,
}; };

View file

@ -1,15 +1,15 @@
use crate::types::VigiError; use crate::types::{VigiError, VigiState};
use insecure_gemini_client::insecure_gemini_client_config;
use mime::Mime; use mime::Mime;
use reqwest::header::CONTENT_TYPE; use reqwest::header::CONTENT_TYPE;
use tokio_gemini::certs::file_sscv::FileBasedCertVerifier;
use url::Url; use url::Url;
use super::{insecure_gemini_client, ReqResult}; use super::ReqResult;
pub async fn process_url(url: Url) -> Result<ReqResult, VigiError> { pub async fn process_url(url: Url, state: &VigiState) -> Result<ReqResult, VigiError> {
let result = match url.scheme() { let result = match url.scheme() {
"http" | "https" => process_http(url.to_string()).await?, "http" | "https" => process_http(url.to_string()).await?,
"gemini" => process_gemini(url.to_string()).await?, "gemini" => process_gemini(url.to_string(), state).await?,
_ => Err(VigiError::UnsupportedProtocol)?, _ => Err(VigiError::UnsupportedProtocol)?,
}; };
@ -37,8 +37,17 @@ async fn process_http(url: String) -> Result<ReqResult, VigiError> {
)) ))
} }
async fn process_gemini(url: String) -> Result<ReqResult, VigiError> { async fn process_gemini(url: String, state: &VigiState) -> Result<ReqResult, VigiError> {
let mut res = tokio_gemini::Client::from(insecure_gemini_client_config()) let mut res = tokio_gemini::Client::builder()
.with_selfsigned_cert_verifier(
FileBasedCertVerifier::init(&state.gemini_certs_path.to_string_lossy().to_string())
.await
.map_err(|e| {
println!("{:#?}", e);
VigiError::GeminiCertsFile
})?,
)
.build()
.request(&url) .request(&url)
.await .await
.map_err(|_| VigiError::Network)?; .map_err(|_| VigiError::Network)?;

View file

@ -22,6 +22,8 @@ pub enum VigiError {
InvalidMimeType, InvalidMimeType,
InvalidCharset, InvalidCharset,
GeminiCertsFile,
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@ -30,6 +32,7 @@ pub struct VigiState {
pub current_tab_index_path: PathBuf, pub current_tab_index_path: PathBuf,
pub local_tabs_path: PathBuf, pub local_tabs_path: PathBuf,
pub favorites_tabs_path: PathBuf, pub favorites_tabs_path: PathBuf,
pub gemini_certs_path: PathBuf,
pub cache_dir: PathBuf, pub cache_dir: PathBuf,
@ -74,6 +77,8 @@ impl VigiState {
current_tab_index_path: PathBuf::new(), current_tab_index_path: PathBuf::new(),
local_tabs_path: PathBuf::new(), local_tabs_path: PathBuf::new(),
favorites_tabs_path: PathBuf::new(), favorites_tabs_path: PathBuf::new(),
gemini_certs_path: PathBuf::new(),
cache_dir: PathBuf::new(), cache_dir: PathBuf::new(),
tabs_id_counter: 0, tabs_id_counter: 0,
@ -135,7 +140,7 @@ impl VigiState {
vec![El("Type something in the address bar".into()).into()], vec![El("Type something in the address bar".into()).into()],
) )
} else { } else {
process_input(&self.top_bar_input).await? process_input(&self.top_bar_input, &self).await?
} }
}; };

View file

@ -38,6 +38,15 @@ pub fn read_or_create_number(path: &PathBuf) -> usize {
} }
} }
pub fn create_file(path: PathBuf) -> PathBuf {
if !path.exists() {
println!(" Creating {}", path.to_string_lossy());
File::create(&path).unwrap();
}
path
}
pub fn write_tabs(path: &PathBuf, tabs: &Vec<Tab>) -> Result<(), VigiError> { pub fn write_tabs(path: &PathBuf, tabs: &Vec<Tab>) -> Result<(), VigiError> {
fs::write( fs::write(
path, path,