sparrowwallet/sparrow
1
0
Fork 0
mirror of https://github.com/sparrowwallet/sparrow.git synced 2024-11-02 12:26:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow expired certificates for electrum servers so long as they have been previously used or explicitly approved

Browse source
This commit is contained in:
Craig Raw 2022-12-16 12:06:05 +02:00
parent 1fa52f043c
commit 56784b684a
3 changed files with 37 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/main/java/com/sparrowwallet/sparrow/AppServices.java
View file

@ -290,8 +290,7 @@ public class AppServices {
connectionService.setRestartOnFailure(false);
}
if(failEvent.getSource().getException() instanceof TlsServerException && failEvent.getSource().getException().getCause() != null) {
TlsServerException tlsServerException = (TlsServerException)failEvent.getSource().getException();
if(failEvent.getSource().getException() instanceof TlsServerException tlsServerException && failEvent.getSource().getException().getCause() != null) {
connectionService.setRestartOnFailure(false);
if(tlsServerException.getCause().getMessage().contains("PKIX path building failed")) {
File crtFile = Config.get().getElectrumServerCert();
@ -315,6 +314,15 @@ public class AppServices {
}
}
}
} else if(tlsServerException.getCause().getCause() instanceof UnknownCertificateExpiredException expiredException) {
Optional<ButtonType> optButton = AppServices.showErrorDialog("SSL Handshake Failed", "The certificate provided by the server at " + tlsServerException.getServer().getHost() + " has expired. "
+ tlsServerException.getMessage() + "." +
"\n\nDo you still want to proceed?", ButtonType.NO, ButtonType.YES);
if(optButton.isPresent() && optButton.get() == ButtonType.YES) {
Storage.saveCertificate(tlsServerException.getServer().getHost(), expiredException.getCertificate());
Platform.runLater(() -> restartService(connectionService));
return;
}
}
}

11
src/main/java/com/sparrowwallet/sparrow/net/TcpOverTlsTransport.java
View file

@ -57,7 +57,13 @@ public class TcpOverTlsTransport extends TcpTransport {
throw new CertificateException("No server certificate provided");
}
certs[0].checkValidity();
try {
certs[0].checkValidity();
} catch(CertificateExpiredException e) {
if(Storage.getCertificateFile(server.getHost()) == null) {
throw new UnknownCertificateExpiredException(e.getMessage(), certs[0]);
}
}
}
}
};
@ -68,6 +74,9 @@ public class TcpOverTlsTransport extends TcpTransport {
try {
X509Certificate x509Certificate = (X509Certificate)certificate;
x509Certificate.checkValidity();
} catch(CertificateExpiredException e) {
//Allow expired certificates so long as they have been previously used or explicitly approved
//These will usually be self-signed certificates that users may not have the expertise to renew
} catch(CertificateException e) {
crtFile.delete();
return getTrustManagers(null);

17
src/main/java/com/sparrowwallet/sparrow/net/UnknownCertificateExpiredException.java Normal file
View file

@ -0,0 +1,17 @@
package com.sparrowwallet.sparrow.net;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
public class UnknownCertificateExpiredException extends CertificateExpiredException {
private final Certificate certificate;
public UnknownCertificateExpiredException(String message, Certificate certificate) {
super(message);
this.certificate = certificate;
}
public Certificate getCertificate() {
return certificate;
}
}