Merge pull request #454 from mRemoteNG/Gecko_Insecure_Certs_v2

Gecko insecure certs v2
This commit is contained in:
Sean Kaim
2017-03-15 11:43:47 -04:00
committed by GitHub
7 changed files with 150 additions and 71 deletions

View File

@@ -5,15 +5,9 @@ namespace mRemoteNG.Connection.Protocol.Http
public ProtocolHTTP(RenderingEngine RenderingEngine) : base(RenderingEngine)
{
}
public override void NewExtended()
{
base.NewExtended();
httpOrS = "http";
defaultPort = (int)Defaults.Port;
}
httpOrS = "http";
defaultPort = (int)Defaults.Port;
}
public enum Defaults
{

View File

@@ -5,21 +5,20 @@ using mRemoteNG.Tools;
using mRemoteNG.App;
using TabPage = Crownwood.Magic.Controls.TabPage;
//using SHDocVw;
namespace mRemoteNG.Connection.Protocol.Http
{
public class HTTPBase : ProtocolBase
{
#region Private Properties
private Control wBrowser;
public string httpOrS;
public int defaultPort;
protected string httpOrS;
protected int defaultPort;
private string tabTitle;
#endregion
#region Public Methods
public HTTPBase(RenderingEngine RenderingEngine)
protected HTTPBase(RenderingEngine RenderingEngine)
{
try
{
@@ -34,18 +33,12 @@ namespace mRemoteNG.Connection.Protocol.Http
{
Control = new WebBrowser();
}
NewExtended();
}
catch (Exception ex)
{
Runtime.MessageCollector.AddExceptionStackTrace(Language.strHttpConnectionFailed, ex);
}
}
public virtual void NewExtended()
{
}
public override bool Initialize()
{
@@ -71,13 +64,16 @@ namespace mRemoteNG.Connection.Protocol.Http
if (GeckoBrowser != null)
{
GeckoBrowser.DocumentTitleChanged += geckoBrowser_DocumentTitleChanged;
//GeckoBrowser.Tab.LastTabRemoved += wBrowser_LastTabRemoved;
GeckoBrowser.NSSError += CertEvent.GeckoBrowser_NSSError;
}
else
{
throw new Exception("Failed to initialize Gecko Rendering Engine.");
}
}
else
{
var objWebBrowser = (WebBrowser)wBrowser;
//SHDocVw.WebBrowserClass objAxWebBrowser = (SHDocVw.WebBrowserClass)objWebBrowser.ActiveXInstance;
objWebBrowser.ScrollBarsEnabled = true;
// http://stackoverflow.com/questions/4655662/how-to-ignore-script-errors-in-webbrowser
@@ -85,8 +81,6 @@ namespace mRemoteNG.Connection.Protocol.Http
objWebBrowser.Navigated += wBrowser_Navigated;
objWebBrowser.DocumentTitleChanged += wBrowser_DocumentTitleChanged;
//objWebBrowser.NewWindow3 += wBrowser_NewWindow3;
//objAxWebBrowser.NewWindow3 += wBrowser_NewWindow3;
}
return true;
@@ -178,24 +172,6 @@ namespace mRemoteNG.Connection.Protocol.Http
objWebBrowser.Navigated -= wBrowser_Navigated;
}
#if false
private void wBrowser_NewWindow3(ref object ppDisp, ref bool Cancel, uint dwFlags, string bstrUrlContext, string bstrUrl)
{
if ((dwFlags & (long)NWMF.NWMF_OVERRIDEKEY) > 0)
{
Cancel = false;
}
else
{
Cancel = true;
}
}
private void wBrowser_LastTabRemoved(object sender)
{
Close();
}
#endif
private void wBrowser_DocumentTitleChanged(object sender, EventArgs e)
{
try
@@ -301,27 +277,6 @@ namespace mRemoteNG.Connection.Protocol.Http
Gecko = 2
}
#if false
private enum NWMF
{
// ReSharper disable InconsistentNaming
NWMF_UNLOADING = 0x1,
NWMF_USERINITED = 0x2,
NWMF_FIRST = 0x4,
NWMF_OVERRIDEKEY = 0x8,
NWMF_SHOWHELP = 0x10,
NWMF_HTMLDIALOG = 0x20,
NWMF_FROMDIALOGCHILD = 0x40,
NWMF_USERREQUESTED = 0x80,
NWMF_USERALLOWED = 0x100,
NWMF_FORCEWINDOW = 0x10000,
NWMF_FORCETAB = 0x20000,
NWMF_SUGGESTWINDOW = 0x40000,
NWMF_SUGGESTTAB = 0x80000,
NWMF_INACTIVETAB = 0x100000
// ReSharper restore InconsistentNaming
}
#endif
#endregion
}
}

View File

@@ -0,0 +1,74 @@
using Gecko;
using Gecko.Events;
using mRemoteNG.App;
using mRemoteNG.App.Info;
using mRemoteNG.Messages;
using mRemoteNG.UI.TaskDialog;
// ReSharper disable RedundantAssignment
namespace mRemoteNG.Connection.Protocol.Http
{
internal abstract class CertEvent
{
//Refernce: https://bitbucket.org/geckofx/geckofx-33.0/issues/90/invalid-security-certificate-error-on
internal static void GeckoBrowser_NSSError(object sender, GeckoNSSErrorEventArgs e)
{
/* some messages say "Certificate", some say "certificate"
* I'm guessing that this is going to be a localization issue...
* Log a message so we can try to find a better solution if problems are reported in the future...
*/
if (!e.Message.ToLower().Contains("certificate"))
{
Runtime.MessageCollector.AddMessage(MessageClass.WarningMsg, $"Unhandled NSSError: {e.Message}");
e.Handled = false;
return;
}
string[] commandButtons =
{
Language.strHttpsInsecureAllowOnce, // 0
Language.strHttpsInsecureAllowAlways, // 1
Language.strHttpsInsecureDontAllow // 2
};
CTaskDialog.ShowTaskDialogBox(null, GeneralAppInfo.ProductName, Language.strHttpsInsecurePromptTitle,
string.Format(Language.strHttpsInsecurePrompt, e.Uri.AbsoluteUri), "", "", "", "",
string.Join(" | ", commandButtons), ETaskDialogButtons.None, ESysIcons.Question, ESysIcons.Question);
var allow = false;
var temporary = true;
// ReSharper disable once SwitchStatementMissingSomeCases
switch (CTaskDialog.CommandButtonResult)
{
case 0:
allow = true;
temporary = true;
break;
case 1:
allow = true;
temporary = false;
break;
case 2:
allow = false;
temporary = true; // just to be safe
break;
}
if (!allow)
{
Runtime.MessageCollector.AddMessage(MessageClass.WarningMsg, $"User did not allow navigation to {e.Uri.AbsoluteUri} with an insecure certificate: {e.Message}");
return;
}
/* "temporary == false" (aka always) might not work:
* https://bitbucket.org/geckofx/geckofx-45.0/issues/152/remembervalidityoverride-doesnt-save-in
* However, my testing was successful in Gecko 45.0.22
*/
CertOverrideService.GetService().RememberValidityOverride(e.Uri, e.Certificate,
CertOverride.Mismatch | CertOverride.Time | CertOverride.Untrusted, temporary);
e.Handled = true;
((GeckoWebBrowser)sender).Navigate(e.Uri.AbsoluteUri);
}
}
}

View File

@@ -5,14 +5,9 @@ namespace mRemoteNG.Connection.Protocol.Http
public ProtocolHTTPS(RenderingEngine RenderingEngine) : base(RenderingEngine)
{
}
public override void NewExtended()
{
base.NewExtended();
httpOrS = "https";
defaultPort = (int)Defaults.Port;
}
httpOrS = "https";
defaultPort = (int)Defaults.Port;
}
public enum Defaults
{

View File

@@ -2199,6 +2199,51 @@ namespace mRemoteNG {
}
}
/// <summary>
/// Looks up a localized string similar to Allow Always.
/// </summary>
internal static string strHttpsInsecureAllowAlways {
get {
return ResourceManager.GetString("strHttpsInsecureAllowAlways", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to Allow Once.
/// </summary>
internal static string strHttpsInsecureAllowOnce {
get {
return ResourceManager.GetString("strHttpsInsecureAllowOnce", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to Don&apos;t Allow.
/// </summary>
internal static string strHttpsInsecureDontAllow {
get {
return ResourceManager.GetString("strHttpsInsecureDontAllow", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to Allow Insecure Certificate for URL: {0}?.
/// </summary>
internal static string strHttpsInsecurePrompt {
get {
return ResourceManager.GetString("strHttpsInsecurePrompt", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to Allow Insecure Certificate?.
/// </summary>
internal static string strHttpsInsecurePromptTitle {
get {
return ResourceManager.GetString("strHttpsInsecurePromptTitle", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to ICA.
/// </summary>

View File

@@ -2508,4 +2508,19 @@ mRemoteNG will now quit and begin with the installation.</value>
<data name="strAssignedCredential" xml:space="preserve">
<value>Assigned Credential</value>
</data>
<data name="strHttpsInsecureAllowAlways" xml:space="preserve">
<value>Allow Always</value>
</data>
<data name="strHttpsInsecureAllowOnce" xml:space="preserve">
<value>Allow Once</value>
</data>
<data name="strHttpsInsecureDontAllow" xml:space="preserve">
<value>Don't Allow</value>
</data>
<data name="strHttpsInsecurePrompt" xml:space="preserve">
<value>Allow Insecure Certificate for URL: {0}?</value>
</data>
<data name="strHttpsInsecurePromptTitle" xml:space="preserve">
<value>Allow Insecure Certificate?</value>
</data>
</root>

View File

@@ -205,6 +205,7 @@
<Compile Include="Connection\IConnectionInitiator.cs" />
<Compile Include="Connection\IInheritable.cs" />
<Compile Include="Connection\IHasParent.cs" />
<Compile Include="Connection\Protocol\Http\Connection.Protocol.HTTPS.CertEvent.cs" />
<Compile Include="Connection\Protocol\ProtocolFactory.cs" />
<Compile Include="Connection\Protocol\VNC\VNCEnum.cs" />
<Compile Include="Credential\CredentialDeletionMsgBoxConfirmer.cs" />