Commit 015068ad authored by Joel Rennich's avatar Joel Rennich

Merge branch '33-warn-on-untrusted-ssl' into 'Experimental'

Now do preflight on ssl and other connectivity issues.

Closes #33

See merge request !38
parents b047acf3 7879d91e
......@@ -383,9 +383,17 @@ class NoMADMenuController: NSObject, LoginWindowDelegate, PasswordChangeDelegate
if ( certCATest != "" && certTemplateTest != "" ) {
let lastExpire = defaults.object(forKey: Preferences.lastCertificateExpiration) as! Date ?? Date.distantPast
let lastExpireTemp = defaults.object(forKey: Preferences.lastCertificateExpiration)
var lastExpire: Date? = nil
if lastExpire.timeIntervalSinceNow > 2592000 {
if (String(describing: lastExpireTemp)) == "" {
lastExpire = Date.distantPast as Date
} else {
lastExpire = lastExpireTemp as! Date
}
if (lastExpire?.timeIntervalSinceNow)! > 2592000 {
let alertController = NSAlert()
alertController.messageText = "You already have a valid certificate."
alertController.addButton(withTitle: "Cancel")
......@@ -408,8 +416,32 @@ class NoMADMenuController: NSObject, LoginWindowDelegate, PasswordChangeDelegate
certCATest = "https://" + certCATest
}
// preflight that there aren't SSL issues
var caTestWait = true
var caSSLTest = true
testSite(caURL: certCATest, completionHandler: { (data, response, error) in
if (error != nil) {
caSSLTest = false
}
caTestWait = false
}
)
while caTestWait {
RunLoop.current.run(mode: RunLoopMode.defaultRunLoopMode, before: Date.distantFuture)
}
if !caSSLTest {
let certAlertController = NSAlert()
certAlertController.messageText = "Connetion error. Please ensure SSL certificates are trusted and URL is correct for your X509 CA."
certAlertController.runModal()
} else {
let certCARequest = WindowsCATools(serverURL: certCATest, template: certTemplateTest)
certCARequest.certEnrollment()
}
} else {
let certAlertController = NSAlert()
......@@ -621,6 +653,16 @@ class NoMADMenuController: NSObject, LoginWindowDelegate, PasswordChangeDelegate
}
}
func testSite(caURL: String, completionHandler: @escaping (Data?, URLResponse?, Error?) -> Void) {
let request = NSMutableURLRequest(url: URL(string: caURL)!)
request.httpMethod = "GET"
let session = URLSession.shared
session.dataTask(with: request as URLRequest, completionHandler: completionHandler).resume()
}
// function to see if we should autologin and then proceede accordingly
func autoLogin() {
......
......@@ -57,18 +57,6 @@ class WindowsCATools {
// we should return this in case there's an error
// TODO: Don't use certtool for this, but SecTransform to create the CSR
//cliTask("/usr/bin/certtool r " + directoryURL.appendingPathComponent("new.csr")!.path + " Z")
//
//
// let path = directoryURL.appendingPathComponent("new.csr")
//
// do {
// certCSR = try NSString(contentsOfFile: path!.path, encoding: String.Encoding.ascii.rawValue) as String
// } catch {
// certCSR = ""
// myLogger.logit(.base, message: "Error getting CSR")
// }
certCSR = ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment