From a85644bbfd3d3e920dd517f74832e7018d84032e Mon Sep 17 00:00:00 2001
From: Michael Zanetti <michael_zanetti@gmx.net>
Date: Sat, 23 Jan 2021 23:22:09 +0100
Subject: [PATCH] Extract certificate data before disconnecting

---
 libnymea-app/jsonrpc/jsonrpcclient.cpp | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/libnymea-app/jsonrpc/jsonrpcclient.cpp b/libnymea-app/jsonrpc/jsonrpcclient.cpp
index ee39c506..6e654785 100644
--- a/libnymea-app/jsonrpc/jsonrpcclient.cpp
+++ b/libnymea-app/jsonrpc/jsonrpcclient.cpp
@@ -152,7 +152,7 @@ void JsonRpcClient::disconnectFromHost()
 
 void JsonRpcClient::acceptCertificate(const QString &serverUuid, const QByteArray &pem)
 {
-    qDebug() << "Pinning new certificate for" << serverUuid;
+    qDebug() << "Pinning new certificate for" << serverUuid << pem;
     storePem(serverUuid, pem);
 }
 
@@ -654,25 +654,27 @@ void JsonRpcClient::helloReply(int /*commandId*/, const QVariantMap &params)
 
     // Verify SSL certificate
     if (m_connection->isEncrypted()) {
-        QByteArray pem;
-        if (!loadPem(m_serverUuid, pem)) {
+        QByteArray oldPem;
+        QSslCertificate certificate = m_connection->sslCertificate();
+        if (!loadPem(m_serverUuid, oldPem)) {
             qDebug() << "No SSL certificate for this host stored. Accepting and pinning new certificate.";
             // No certificate yet! Inform ui about it.
             emit newSslCertificate();
             storePem(m_serverUuid, m_connection->sslCertificate().toPem());
         } else {
             // We have a certificate pinned already. Check if it's the same
-            if (m_connection->sslCertificate().toPem() != pem) {
+            if (certificate.toPem() != oldPem) {
                 // Uh oh, the certificate has changed
                 qWarning() << "This connections certificate has changed!";
-                qWarning() << "Old PEM:" << pem;
-                qWarning() << "New PEM:" << m_connection->sslCertificate().toPem();
+                qWarning() << "Old PEM:" << oldPem;
+                qWarning() << "New PEM:" << certificate.toPem();
+
+                // Extract certificate info before disconnecting.
+                QVariantMap issuerInfo = certificateIssuerInfo();
 
                 // Reject the connection until the UI explicitly accepts this...
                 m_connection->disconnectFromHost();
 
-                QSslCertificate certificate = m_connection->sslCertificate();
-                QVariantMap issuerInfo = certificateIssuerInfo();
                 emit verifyConnectionCertificate(m_serverUuid, issuerInfo, certificate.toPem());
                 return;
             }