improve: make prompt safer

By using the new Description field. Also fix a bug, previously the cerificate was not being saved as PEM encoded on the second save.
infrahq · Jun 13, 2022 · 08a6424 · 08a6424
1 parent 8e4706e
commit 08a6424
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 29 deletions.
diff --git a/internal/certs/certs.go b/internal/certs/certs.go
@@ -110,7 +110,7 @@ func SelfSignedOrLetsEncryptCert(manager *autocert.Manager, serverName string) f
 			}
 
 			logging.L.Info("new server certificate",
-				zap.String("SHA256 fingerprint", Fingerprint(PEMDecode(certBytes))))
+				zap.String("SHA256 fingerprint", Fingerprint(pemDecode(certBytes))))
 		}
 
 		keypair, err := tls.X509KeyPair(certBytes, keyBytes)
@@ -131,7 +131,7 @@ func Fingerprint(raw []byte) string {
 	return strings.ToUpper(s)
 }
 
-func PEMDecode(raw []byte) []byte {
+func pemDecode(raw []byte) []byte {
 	block, _ := pem.Decode(raw)
 	return block.Bytes
 }

diff --git a/internal/cmd/cmd.go b/internal/cmd/cmd.go
@@ -20,7 +20,6 @@ import (
 
 	"github.com/infrahq/infra/api"
 	"github.com/infrahq/infra/internal"
-	"github.com/infrahq/infra/internal/certs"
 	"github.com/infrahq/infra/internal/cmd/cliopts"
 	"github.com/infrahq/infra/internal/connector"
 	"github.com/infrahq/infra/internal/logging"
@@ -102,12 +101,10 @@ func httpTransportForHostConfig(config *ClientHostConfig) *http.Transport {
 		pool = x509.NewCertPool()
 	}
 
-	if len(config.TrustedCertificate) > 0 {
-		cert, err := x509.ParseCertificate(certs.PEMDecode(config.TrustedCertificate))
-		if err != nil {
+	if config.TrustedCertificate != "" {
+		ok := pool.AppendCertsFromPEM([]byte(config.TrustedCertificate))
+		if !ok {
 			logging.S.Warnf("Failed to read trusted certificates for server: %v", err)
-		} else {
-			pool.AddCert(cert)
 		}
 	}
 

diff --git a/internal/cmd/cmd_test.go b/internal/cmd/cmd_test.go
@@ -19,6 +19,7 @@ import (
 	"gotest.tools/v3/fs"
 
 	"github.com/infrahq/infra/api"
+	"github.com/infrahq/infra/internal/certs"
 	"github.com/infrahq/infra/internal/connector"
 	"github.com/infrahq/infra/uid"
 )
@@ -270,14 +271,13 @@ func newTestClientConfig(srv *httptest.Server, user api.User) ClientConfig {
 		Version: clientConfigVersion,
 		Hosts: []ClientHostConfig{
 			{
-				PolymorphicID: uid.NewIdentityPolymorphicID(user.ID),
-				Name:          user.Name,
-				Host:          srv.Listener.Addr().String(),
-				// TODO: change to using TrustedCertificate
-				SkipTLSVerify: true,
-				AccessKey:     "the-access-key",
-				Expires:       api.Time(time.Now().Add(time.Hour)),
-				Current:       true,
+				PolymorphicID:      uid.NewIdentityPolymorphicID(user.ID),
+				Name:               user.Name,
+				Host:               srv.Listener.Addr().String(),
+				TrustedCertificate: string(certs.PEMEncodeCertificate(srv.Certificate().Raw)),
+				AccessKey:          "the-access-key",
+				Expires:            api.Time(time.Now().Add(time.Hour)),
+				Current:            true,
 			},
 		},
 	}

diff --git a/internal/cmd/config.go b/internal/cmd/config.go
@@ -32,7 +32,7 @@ type ClientHostConfig struct {
 	Current       bool              `json:"current"`
 	// TrustedCertificate is the PEM encoded TLS certificate used by the server
 	// that was verified and trusted by the user as part of login.
-	TrustedCertificate []byte `json:"trusted-certificate"`
+	TrustedCertificate string `json:"trusted-certificate"`
 }
 
 // checks if user is logged in to the given session (ClientHostConfig)

diff --git a/internal/cmd/login.go b/internal/cmd/login.go
@@ -35,7 +35,7 @@ type loginCmdOptions struct {
 	Provider      string
 	SkipTLSVerify bool
 	// TODO: add flag for trusted certificate
-	TrustedCertificate []byte
+	TrustedCertificate string
 	NonInteractive     bool
 }
 
@@ -397,8 +397,10 @@ func runSignupForLogin(cli *CLI, client *api.Client) (*api.LoginRequestPasswordC
 }
 
 type loginClient struct {
-	APIClient          *api.Client
-	TrustedCertificate []byte
+	APIClient *api.Client
+	// TrustedCertificate is a PEM encoded certificate that has been trusted by
+	// the user for TLS communication with the server.
+	TrustedCertificate string
 }
 
 // Only used when logging in or switching to a new session, since user has no credentials. Otherwise, use defaultAPIClient().
@@ -449,7 +451,7 @@ func newLoginClient(cli *CLI, options loginCmdOptions) (loginClient, error) {
 			},
 		}
 		c.APIClient = apiClient(options.Server, "", transport)
-		c.TrustedCertificate = uaErr.Cert.Raw
+		c.TrustedCertificate = string(certs.PEMEncodeCertificate(uaErr.Cert.Raw))
 	}
 	return c, nil
 }
@@ -602,22 +604,28 @@ to manually verify the certificate can be trusted.
 	confirmPrompt := &survey.Select{
 		Message: "Options:",
 		Options: []string{
-			"I do not trust this certificate",
-			"Trust and save the certificate",
+			"NO",
+			"TRUST",
+		},
+		Description: func(value string, index int) string {
+			switch value {
+			case "NO":
+				return "I do not trust this certificate"
+			case "TRUST":
+				return "Trust and save the certificate"
+			default:
+				return ""
+			}
 		},
 	}
 	var selection string
 	if err := survey.AskOne(confirmPrompt, &selection, cli.surveyIO); err != nil {
 		return err
 	}
-	switch {
-	case selection == confirmPrompt.Options[0]:
-		return terminal.InterruptErr
-	case selection == confirmPrompt.Options[1]:
+	if selection == "TRUST" {
 		return nil
 	}
-	// TODO: can this happen?
-	panic("unexpected")
+	return terminal.InterruptErr
 }
 
 // Returns the host address of the Infra server that user would like to log into