From 640447ecaa7ca674d48a89b238f4c290edd0539a Mon Sep 17 00:00:00 2001
From: Ferdinand Schober <ferdinand.schober@fau.de>
Date: Tue, 24 Sep 2024 19:59:03 +0200
Subject: [PATCH] fingerprints

---
 Cargo.lock     |  1 +
 Cargo.toml     |  1 +
 src/connect.rs | 29 ++++++++++++++++++++++++++---
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3ae9853..a11bc2f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1855,6 +1855,7 @@ dependencies = [
  "rustls-pemfile",
  "serde",
  "serde_json",
+ "sha2",
  "slab",
  "thiserror 2.0.0",
  "tokio",
diff --git a/Cargo.toml b/Cargo.toml
index b74d65f..2d835f0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -62,6 +62,7 @@ rustls = { version = "0.23.12", default-features = false, features = [
 ] }
 rcgen = "0.13.1"
 rustls-pemfile = "2.1.3"
+sha2 = "0.10.8"
 
 [target.'cfg(unix)'.dependencies]
 libc = "0.2.148"
diff --git a/src/connect.rs b/src/connect.rs
index ba4ad5e..cf33e05 100644
--- a/src/connect.rs
+++ b/src/connect.rs
@@ -2,6 +2,7 @@ use crate::server::Server;
 use lan_mouse_ipc::{ClientHandle, DEFAULT_PORT};
 use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE};
 use local_channel::mpsc::{channel, Receiver, Sender};
+use sha2::{Digest, Sha256};
 use std::{
     collections::{HashMap, HashSet},
     io,
@@ -48,10 +49,32 @@ async fn connect(
         extended_master_secret: ExtendedMasterSecretType::Require,
         ..Default::default()
     };
-    let dtls_conn: Arc<dyn Conn + Send + Sync> =
-        Arc::new(DTLSConn::new(conn, config, true, None).await?);
+    let dtls_conn = DTLSConn::new(conn, config, true, None).await?;
     log::info!("{addr} connected successfully!");
-    Ok((dtls_conn, addr))
+    let peer_certificates = dtls_conn.connection_state().await.peer_certificates;
+    verify_peer_certificates(peer_certificates)?;
+    Ok((Arc::new(dtls_conn), addr))
+}
+
+fn verify_peer_certificates(
+    peer_certificates: Vec<Vec<u8>>,
+) -> Result<(), LanMouseConnectionError> {
+    let fingerprints = peer_certificates
+        .into_iter()
+        .map(|cert| {
+            let mut hash = Sha256::new();
+            hash.update(cert);
+            let bytes = hash
+                .finalize()
+                .iter()
+                .map(|x| format!("{x:02x}"))
+                .collect::<Vec<_>>();
+            let fingerprint = bytes.join(":").to_lowercase();
+            fingerprint
+        })
+        .collect::<Vec<_>>();
+    log::info!("fingerprints: {fingerprints:?}");
+    Ok(())
 }
 
 async fn connect_any(