hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

Use setCertificateVerifyProc to verify lens proxy certificate (#7118)

Browse Source 
Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
This commit is contained in:
Jari Kolehmainen 2023-02-08 12:51:55 +02:00 committed by GitHub
parent ac2d0e46ff
commit ccab5fda1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
packages/core/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts
View File

@ -27,6 +27,12 @@ export interface UrlSource {
} }
export type ContentSource = RequireExactlyOne<FileSource & UrlSource>; export type ContentSource = RequireExactlyOne<FileSource & UrlSource>;
enum ChromiumNetError {
SUCCESS = 0,
FAILURE = 1,
RESULT_FROM_CHROMIUM,
}
export interface ElectronWindowConfiguration { export interface ElectronWindowConfiguration {
id: string; id: string;
title: string; title: string;
@ -112,6 +118,15 @@ const createElectronWindowInjectable = getInjectable({
applicationWindowState.manage(browserWindow); applicationWindowState.manage(browserWindow);
browserWindow.webContents.session.setCertificateVerifyProc((request, shouldBeTrusted) => {
const { certificate } = request;
const cert = new X509Certificate(certificate.data);
const shouldTrustCert = cert.raw.length === lensProxyX509Cert.raw.length
&& timingSafeEqual(cert.raw, lensProxyX509Cert.raw);
shouldBeTrusted(shouldTrustCert ? ChromiumNetError.SUCCESS : ChromiumNetError.RESULT_FROM_CHROMIUM);
});
browserWindow browserWindow
.on("focus", () => { .on("focus", () => {
configuration.onFocus?.(); configuration.onFocus?.();
@ -126,13 +141,6 @@ const createElectronWindowInjectable = getInjectable({
.webContents.on("dom-ready", () => { .webContents.on("dom-ready", () => {
configuration.onDomReady?.(); configuration.onDomReady?.();
}) })
.on("certificate-error", (event, url, error, certificate, shouldBeTrusted) => {
const cert = new X509Certificate(certificate.data);
const shouldTrustCert = cert.raw.length === lensProxyX509Cert.raw.length
&& timingSafeEqual(cert.raw, lensProxyX509Cert.raw);
shouldBeTrusted(shouldTrustCert);
})
.on("did-fail-load", (_event, code, desc) => { .on("did-fail-load", (_event, code, desc) => {
logger.error( logger.error(
`[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`, `[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`,