[feat] use fingerprint-based verification for TLS connection

2026-03-30 05:25:30 +08:00 · 2025-12-10 03:28:28 +08:00
parent e09243f1ec
commit 5ff624f7b2
9 changed files with 3222 additions and 3055 deletions
--- a/src/gui/assets/fonts/OPPOSans_Regular.h
+++ b/src/gui/assets/fonts/OPPOSans_Regular.h
--- a/src/gui/assets/localization/localization.h
+++ b/src/gui/assets/localization/localization.h
@@ -116,6 +116,9 @@ static std::vector<std::string> self_hosted_server_certificate_path = {
    reinterpret_cast<const char*>(u8"证书文件路径:"), "Certificate File Path:"};
 static std::vector<std::string> select_a_file = {
    reinterpret_cast<const char*>(u8"请选择文件"), "Please select a file"};
+static std::vector<std::string> reset_cert_fingerprint = {
+    reinterpret_cast<const char*>(u8"重置证书指纹"),
+    "Reset Certificate Fingerprint"};
 static std::vector<std::string> ok = {reinterpret_cast<const char*>(u8"确认"),
                                      "OK"};
 static std::vector<std::string> cancel = {
--- a/src/gui/render.cpp
+++ b/src/gui/render.cpp
@@ -537,13 +537,13 @@ int Render::CreateConnectionPeer() {
  std::string signal_server_ip;
  int signal_server_port;
  int coturn_server_port;
-  std::string tls_cert_path;
+  std::string tls_cert_fingerprint;

  if (config_center_->IsSelfHosted()) {
    signal_server_ip = config_center_->GetSignalServerHost();
    signal_server_port = config_center_->GetSignalServerPort();
    coturn_server_port = config_center_->GetCoturnServerPort();
-    tls_cert_path = config_center_->GetCertFilePath();
+    tls_cert_fingerprint = config_center_->GetCertFingerprint();

    std::string current_self_hosted_ip = config_center_->GetSignalServerHost();
    bool use_cached_id = false;
@@ -604,7 +604,7 @@ int Render::CreateConnectionPeer() {
    signal_server_ip = config_center_->GetDefaultServerHost();
    signal_server_port = config_center_->GetDefaultSignalServerPort();
    coturn_server_port = config_center_->GetDefaultCoturnServerPort();
-    tls_cert_path = config_center_->GetDefaultCertFilePath();
+    tls_cert_fingerprint = "";
    params_.user_id = client_id_with_password_;
  }

@@ -649,9 +649,22 @@ int Render::CreateConnectionPeer() {
  strncpy((char*)params_.turn_server_password, "crossdeskpw",
          sizeof(params_.turn_server_password) - 1);
  params_.turn_server_password[sizeof(params_.turn_server_password) - 1] = '\0';
-  strncpy(params_.tls_cert_path, tls_cert_path.c_str(),
-          sizeof(params_.tls_cert_path) - 1);
-  params_.tls_cert_path[sizeof(params_.tls_cert_path) - 1] = '\0';
+  strncpy(params_.tls_cert_fingerprint, tls_cert_fingerprint.c_str(),
+          sizeof(params_.tls_cert_fingerprint) - 1);
+  params_.tls_cert_fingerprint[sizeof(params_.tls_cert_fingerprint) - 1] = '\0';
+
+  if (config_center_->IsSelfHosted()) {
+    params_.on_cert_fingerprint = [](const char* fingerprint, void* user_data) {
+      Render* render = static_cast<Render*>(user_data);
+      if (render && render->config_center_) {
+        render->config_center_->SetCertFingerprint(fingerprint);
+      }
+    };
+    params_.fingerprint_user_data = this;
+  } else {
+    params_.on_cert_fingerprint = nullptr;
+    params_.fingerprint_user_data = nullptr;
+  }

  strncpy(params_.log_path, dll_log_path_.c_str(),
          sizeof(params_.log_path) - 1);
--- a/src/gui/windows/server_settings_window.cpp
+++ b/src/gui/windows/server_settings_window.cpp
@@ -214,20 +214,30 @@ int Render::SelfHostedServerWindow() {

      ImGui::Separator();

+      // {
+      //   ImGui::AlignTextToFramePadding();
+      //   ImGui::Text(
+      //       "%s",
+      //       localization::reset_cert_fingerprint[localization_language_index_]
+      //           .c_str());
+      //   ImGui::SameLine();
+      //   if (ConfigCenter::LANGUAGE::CHINESE == localization_language_) {
+      //     ImGui::SetCursorPosX(title_bar_button_width_ * 2.5f);
+      //   } else {
+      //     ImGui::SetCursorPosX(title_bar_button_width_ * 3.43f);
+      //   }
+      //   ImGui::SetNextItemWidth(title_bar_button_width_ * 3.8f);
+
+      //   ShowSimpleFileBrowser();
+      // }
      {
        ImGui::AlignTextToFramePadding();
-        ImGui::Text("%s", localization::self_hosted_server_certificate_path
+        if (ImGui::Button(localization::reset_cert_fingerprint
                              [localization_language_index_]
-                                  .c_str());
-        ImGui::SameLine();
-        if (ConfigCenter::LANGUAGE::CHINESE == localization_language_) {
-          ImGui::SetCursorPosX(title_bar_button_width_ * 2.5f);
-        } else {
-          ImGui::SetCursorPosX(title_bar_button_width_ * 3.43f);
+                                  .c_str())) {
+          config_center_->ClearCertFingerprint();
+          LOG_INFO("Certificate fingerprint cleared by user");
        }
-        ImGui::SetNextItemWidth(title_bar_button_width_ * 3.8f);
-
-        ShowSimpleFileBrowser();
      }

      if (stream_window_inited_) {