From b2654ea9dbc002e56a12d83cb34eece4d47b2d3b Mon Sep 17 00:00:00 2001 From: dijunkun Date: Wed, 10 Dec 2025 03:46:03 +0800 Subject: [PATCH] [feat] use fingerprint-based verification for both default and self-hosted servers --- src/config_center/config_center.cpp | 69 ++++++++++++++++++++++++++++- src/config_center/config_center.h | 5 +++ src/gui/render.cpp | 14 ++++-- 3 files changed, 84 insertions(+), 4 deletions(-) diff --git a/src/config_center/config_center.cpp b/src/config_center/config_center.cpp index 6b41dd1..3709b84 100644 --- a/src/config_center/config_center.cpp +++ b/src/config_center/config_center.cpp @@ -93,6 +93,24 @@ int ConfigCenter::Load() { cert_fingerprint_server_host_ = ""; } + const char* default_cert_fingerprint_value = + ini_.GetValue(section_, "default_cert_fingerprint", nullptr); + if (default_cert_fingerprint_value != nullptr && + strlen(default_cert_fingerprint_value) > 0) { + default_cert_fingerprint_ = default_cert_fingerprint_value; + } else { + default_cert_fingerprint_ = ""; + } + const char* default_cert_fingerprint_server_host_value = + ini_.GetValue(section_, "default_cert_fingerprint_server_host", nullptr); + if (default_cert_fingerprint_server_host_value != nullptr && + strlen(default_cert_fingerprint_server_host_value) > 0) { + default_cert_fingerprint_server_host_ = + default_cert_fingerprint_server_host_value; + } else { + default_cert_fingerprint_server_host_ = ""; + } + if (enable_self_hosted_ && !cert_fingerprint_.empty() && !cert_fingerprint_server_host_.empty() && signal_server_host_ != cert_fingerprint_server_host_) { @@ -105,6 +123,19 @@ int ConfigCenter::Load() { ini_.SaveFile(config_path_.c_str()); } + if (!enable_self_hosted_ && !default_cert_fingerprint_.empty() && + !default_cert_fingerprint_server_host_.empty() && + signal_server_host_default_ != default_cert_fingerprint_server_host_) { + LOG_INFO( + "Default server IP changed from {} to {}, clearing old fingerprint", + default_cert_fingerprint_server_host_, signal_server_host_default_); + default_cert_fingerprint_.clear(); + default_cert_fingerprint_server_host_.clear(); + ini_.Delete(section_, "default_cert_fingerprint", false); + ini_.Delete(section_, "default_cert_fingerprint_server_host", false); + ini_.SaveFile(config_path_.c_str()); + } + enable_autostart_ = ini_.GetBoolValue(section_, "enable_autostart", enable_autostart_); enable_daemon_ = ini_.GetBoolValue(section_, "enable_daemon", enable_daemon_); @@ -142,6 +173,13 @@ int ConfigCenter::Save() { } } + if (!default_cert_fingerprint_.empty()) { + ini_.SetValue(section_, "default_cert_fingerprint", + default_cert_fingerprint_.c_str()); + ini_.SetValue(section_, "default_cert_fingerprint_server_host", + default_cert_fingerprint_server_host_.c_str()); + } + ini_.SetBoolValue(section_, "enable_autostart", enable_autostart_); ini_.SetBoolValue(section_, "enable_daemon", enable_daemon_); ini_.SetBoolValue(section_, "enable_minimize_to_tray", @@ -284,7 +322,6 @@ int ConfigCenter::SetCertFilePath(const std::string& cert_file_path) { int ConfigCenter::SetCertFingerprint(const std::string& fingerprint) { cert_fingerprint_ = fingerprint; - // 保存指纹时,同时保存当前的服务器IP cert_fingerprint_server_host_ = signal_server_host_; ini_.SetValue(section_, "cert_fingerprint", cert_fingerprint_.c_str()); ini_.SetValue(section_, "cert_fingerprint_server_host", @@ -296,6 +333,20 @@ int ConfigCenter::SetCertFingerprint(const std::string& fingerprint) { return 0; } +int ConfigCenter::SetDefaultCertFingerprint(const std::string& fingerprint) { + default_cert_fingerprint_ = fingerprint; + default_cert_fingerprint_server_host_ = signal_server_host_default_; + ini_.SetValue(section_, "default_cert_fingerprint", + default_cert_fingerprint_.c_str()); + ini_.SetValue(section_, "default_cert_fingerprint_server_host", + default_cert_fingerprint_server_host_.c_str()); + SI_Error rc = ini_.SaveFile(config_path_.c_str()); + if (rc < 0) { + return -1; + } + return 0; +} + int ConfigCenter::ClearCertFingerprint() { cert_fingerprint_.clear(); cert_fingerprint_server_host_.clear(); @@ -308,6 +359,18 @@ int ConfigCenter::ClearCertFingerprint() { return 0; } +int ConfigCenter::ClearDefaultCertFingerprint() { + default_cert_fingerprint_.clear(); + default_cert_fingerprint_server_host_.clear(); + ini_.Delete(section_, "default_cert_fingerprint", false); + ini_.Delete(section_, "default_cert_fingerprint_server_host", false); + SI_Error rc = ini_.SaveFile(config_path_.c_str()); + if (rc < 0) { + return -1; + } + return 0; +} + int ConfigCenter::SetSelfHosted(bool enable_self_hosted) { enable_self_hosted_ = enable_self_hosted; ini_.SetBoolValue(section_, "enable_self_hosted", enable_self_hosted_); @@ -466,6 +529,10 @@ std::string ConfigCenter::GetCertFingerprint() const { return cert_fingerprint_; } +std::string ConfigCenter::GetDefaultCertFingerprint() const { + return default_cert_fingerprint_; +} + std::string ConfigCenter::GetDefaultServerHost() const { return signal_server_host_default_; } diff --git a/src/config_center/config_center.h b/src/config_center/config_center.h index f5993b2..4e556a6 100644 --- a/src/config_center/config_center.h +++ b/src/config_center/config_center.h @@ -39,7 +39,9 @@ class ConfigCenter { int SetCoturnServerPort(int coturn_server_port); int SetCertFilePath(const std::string& cert_file_path); int SetCertFingerprint(const std::string& fingerprint); + int SetDefaultCertFingerprint(const std::string& fingerprint); int ClearCertFingerprint(); + int ClearDefaultCertFingerprint(); int SetSelfHosted(bool enable_self_hosted); int SetMinimizeToTray(bool enable_minimize_to_tray); int SetAutostart(bool enable_autostart); @@ -59,6 +61,7 @@ class ConfigCenter { int GetCoturnServerPort() const; std::string GetCertFilePath() const; std::string GetCertFingerprint() const; + std::string GetDefaultCertFingerprint() const; std::string GetDefaultServerHost() const; int GetDefaultSignalServerPort() const; int GetDefaultCoturnServerPort() const; @@ -93,6 +96,8 @@ class ConfigCenter { std::string cert_file_path_default_ = ""; std::string cert_fingerprint_ = ""; std::string cert_fingerprint_server_host_ = ""; + std::string default_cert_fingerprint_ = ""; + std::string default_cert_fingerprint_server_host_ = ""; bool enable_self_hosted_ = false; bool enable_minimize_to_tray_ = false; bool enable_autostart_ = false; diff --git a/src/gui/render.cpp b/src/gui/render.cpp index 3f4aa43..25677bc 100644 --- a/src/gui/render.cpp +++ b/src/gui/render.cpp @@ -604,7 +604,7 @@ int Render::CreateConnectionPeer() { signal_server_ip = config_center_->GetDefaultServerHost(); signal_server_port = config_center_->GetDefaultSignalServerPort(); coturn_server_port = config_center_->GetDefaultCoturnServerPort(); - tls_cert_fingerprint = ""; + tls_cert_fingerprint = config_center_->GetDefaultCertFingerprint(); params_.user_id = client_id_with_password_; } @@ -658,12 +658,20 @@ int Render::CreateConnectionPeer() { Render* render = static_cast(user_data); if (render && render->config_center_) { render->config_center_->SetCertFingerprint(fingerprint); + LOG_INFO("Saved self-hosted certificate fingerprint: {}", fingerprint); } }; params_.fingerprint_user_data = this; } else { - params_.on_cert_fingerprint = nullptr; - params_.fingerprint_user_data = nullptr; + params_.on_cert_fingerprint = [](const char* fingerprint, void* user_data) { + Render* render = static_cast(user_data); + if (render && render->config_center_) { + render->config_center_->SetDefaultCertFingerprint(fingerprint); + LOG_INFO("Saved default server certificate fingerprint: {}", + fingerprint); + } + }; + params_.fingerprint_user_data = this; } strncpy(params_.log_path, dll_log_path_.c_str(),