MD5 has been broken for a long time now and SHA1 has been
deprecated as well. SHA1 is not used when issuing new
publicly trusted certificates since 1 January 2016[1] and
there are more and more effective attacks[2][3] against it,
so display SHA1 fingerprint only for old certificates
to encourage use of safer digests by users.
So, we display SHA-256 and SHA-512 fingerprints instead in
the common case.
[1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf
[2] https://shattered.io/static/shattered.pdf
[3] https://eprint.iacr.org/2019/459.pdf
Signed-off-by: Martin Sucha <git@mm.ms47.eu>
Saving all client CA's within one credential may result in:
Error: "Credential size exceeds maximum size of 2560"
Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.
IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"
- Remove client CA certs and KEY!
(uncomment "//deleteKeychainEntries();" )
Disabled as long as selecting another cert is not supported by the UI.
Signed-off-by: Michael Schuster <michael@schuster.ms>
The previous commit 50cd6af394 - Build a webflowcredentials
changed:
src/gui/wizard/flow2authcredspage.cpp in line 135 to use WebFlowCredentials
instead of HttpCredentials.
But the WebFlowCredentials class didn't include code to store and load SSL client
certificates and keys from the keychain.
This commit migrates the useful stuff from the old HttpCredentials class
into WebFlowCredentials.
Successfully tested on Windows. Please test on other systems and verify it's safe! :)
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Implements re-auth upon logout -> login
- Improves UI and security
TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>
This is the first draft of the Login Flow V2 authorization method.
See: https://docs.nextcloud.com/server/latest/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2
- Adds the Login Fĺow V2 auth method
- Adds ability to reinitiate a new request via UI
TODO:
- Implement re-auth upon logout -> login
- Improve UI
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>