tedkulp/Readarr
1
0
Fork 0
mirror of https://github.com/Readarr/Readarr.git synced 2026-03-05 13:20:32 -05:00
Code Issues Projects Releases Wiki Activity

New: Add exception to SSL Certificate validation message

Browse Source 
(cherry picked from commit d84c4500949a530fac92d73f7f2f8e8462b37244)
This commit is contained in:
Mark McDowall
2024-09-14 13:40:02 -07:00
committed by servarr
parent 05f262dc0a
commit 366625510f
2 changed files with 53 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/Readarr.Api.V1/Config/HostConfigController.cs
View File

@@ -1,7 +1,6 @@
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using FluentValidation; using FluentValidation;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using NzbDrone.Common.Extensions; using NzbDrone.Common.Extensions;
@@ -58,7 +57,7 @@ namespace Readarr.Api.V1.Config
.NotEmpty() .NotEmpty()
.IsValidPath() .IsValidPath()
.SetValidator(fileExistsValidator) .SetValidator(fileExistsValidator)
.Must((resource, path) => IsValidSslCertificate(resource)).WithMessage("Invalid SSL certificate file or password") .IsValidCertificate()
.When(c => c.EnableSsl); .When(c => c.EnableSsl);
SharedValidator.RuleFor(c => c.Branch).NotEmpty().WithMessage("Branch name is required, 'master' is the default"); SharedValidator.RuleFor(c => c.Branch).NotEmpty().WithMessage("Branch name is required, 'master' is the default");
@@ -69,21 +68,6 @@ namespace Readarr.Api.V1.Config
SharedValidator.RuleFor(c => c.BackupRetention).InclusiveBetween(1, 90); SharedValidator.RuleFor(c => c.BackupRetention).InclusiveBetween(1, 90);
} }
private bool IsValidSslCertificate(HostConfigResource resource)
{
X509Certificate2 cert;
try
{
cert = new X509Certificate2(resource.SslCertPath, resource.SslCertPassword, X509KeyStorageFlags.DefaultKeySet);
}
catch
{
return false;
}
return cert != null;
}
private bool IsMatchingPassword(HostConfigResource resource) private bool IsMatchingPassword(HostConfigResource resource)
{ {
var user = _userService.FindUser(); var user = _userService.FindUser();

52
src/Sonarr.Api.V3/Config/CertificateValidator.cs Normal file
View File

@@ -0,0 +1,52 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using FluentValidation;
using FluentValidation.Validators;
using NLog;
using NzbDrone.Common.Instrumentation;
namespace Sonarr.Api.V3.Config
{
public static class CertificateValidation
{
public static IRuleBuilderOptions<T, string> IsValidCertificate<T>(this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.SetValidator(new CertificateValidator());
}
}
public class CertificateValidator : PropertyValidator
{
protected override string GetDefaultMessageTemplate() => "Invalid SSL certificate file or password. {message}";
private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(CertificateValidator));
protected override bool IsValid(PropertyValidatorContext context)
{
if (context.PropertyValue == null)
{
return false;
}
if (context.InstanceToValidate is not HostConfigResource resource)
{
return true;
}
try
{
new X509Certificate2(resource.SslCertPath, resource.SslCertPassword, X509KeyStorageFlags.DefaultKeySet);
return true;
}
catch (CryptographicException ex)
{
Logger.Debug(ex, "Invalid SSL certificate file or password. {0}", ex.Message);
context.MessageFormatter.AppendArgument("message", ex.Message);
return false;
}
}
}
}