1
0
Fork 0
mirror of https://github.com/lidarr/Lidarr synced 2024-12-22 15:53:23 +00:00

New: Add exception to SSL Certificate validation message

(cherry picked from commit d84c4500949a530fac92d73f7f2f8e8462b37244)

Closes #5103
This commit is contained in:
Mark McDowall 2024-09-14 13:40:02 -07:00 committed by Bogdan
parent b2a4c75cce
commit 856ac2ffa5
2 changed files with 53 additions and 17 deletions

View file

@ -0,0 +1,52 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using FluentValidation;
using FluentValidation.Validators;
using NLog;
using NzbDrone.Common.Instrumentation;
namespace Lidarr.Api.V1.Config
{
public static class CertificateValidation
{
public static IRuleBuilderOptions<T, string> IsValidCertificate<T>(this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.SetValidator(new CertificateValidator());
}
}
public class CertificateValidator : PropertyValidator
{
protected override string GetDefaultMessageTemplate() => "Invalid SSL certificate file or password. {message}";
private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(CertificateValidator));
protected override bool IsValid(PropertyValidatorContext context)
{
if (context.PropertyValue == null)
{
return false;
}
if (context.InstanceToValidate is not HostConfigResource resource)
{
return true;
}
try
{
new X509Certificate2(resource.SslCertPath, resource.SslCertPassword, X509KeyStorageFlags.DefaultKeySet);
return true;
}
catch (CryptographicException ex)
{
Logger.Debug(ex, "Invalid SSL certificate file or password. {0}", ex.Message);
context.MessageFormatter.AppendArgument("message", ex.Message);
return false;
}
}
}
}

View file

@ -1,7 +1,6 @@
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using FluentValidation; using FluentValidation;
using Lidarr.Http; using Lidarr.Http;
using Lidarr.Http.REST; using Lidarr.Http.REST;
@ -58,7 +57,7 @@ public HostConfigController(IConfigFileProvider configFileProvider,
.NotEmpty() .NotEmpty()
.IsValidPath() .IsValidPath()
.SetValidator(fileExistsValidator) .SetValidator(fileExistsValidator)
.Must((resource, path) => IsValidSslCertificate(resource)).WithMessage("Invalid SSL certificate file or password") .IsValidCertificate()
.When(c => c.EnableSsl); .When(c => c.EnableSsl);
SharedValidator.RuleFor(c => c.LogSizeLimit).InclusiveBetween(1, 10); SharedValidator.RuleFor(c => c.LogSizeLimit).InclusiveBetween(1, 10);
@ -71,21 +70,6 @@ public HostConfigController(IConfigFileProvider configFileProvider,
SharedValidator.RuleFor(c => c.BackupRetention).InclusiveBetween(1, 90); SharedValidator.RuleFor(c => c.BackupRetention).InclusiveBetween(1, 90);
} }
private bool IsValidSslCertificate(HostConfigResource resource)
{
X509Certificate2 cert;
try
{
cert = new X509Certificate2(resource.SslCertPath, resource.SslCertPassword, X509KeyStorageFlags.DefaultKeySet);
}
catch
{
return false;
}
return cert != null;
}
private bool IsMatchingPassword(HostConfigResource resource) private bool IsMatchingPassword(HostConfigResource resource)
{ {
var user = _userService.FindUser(); var user = _userService.FindUser();