Merge pull request #620 from NetSparkleUpdater/feature/relative-downl…

…oad-paths Feature: Relative download paths, small fixes
NetSparkleUpdater · Sep 15, 2024 · 90508c1 · 90508c1
2 parents a94aa3d + 6cb0599
commit 90508c1
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 18 deletions.
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -122,6 +122,9 @@
 * `NetSparkle.UI.WinForms.NetFramework` now includes `System.Resources.Extensions`
 * Fixed WPF and Avalonia download progress windows not turning red on signature validation failure
 * `AppCastItem` operating system checks now use `.Contains` rather than `==`, allowing for OS strings like `macOS-arm64` rather than just `macOS`
+* Add `TrustEverySSLConnection` to .NET Core `WebFileDownloader`
+* Fix `WebFileDownloader` not setting up an `HttpClientHandler` (was always auto-redirect'ing before despite setting `RedirectHandler`; now behaves more similarly to `WebRequestAppCastDataDownloader`)
+* Fixed `Unsafe` mode in DSA/ed25519 checkers still checking signatures if a signature existed
 
 ## Updating from 0.X or 1.X to 2.X
 

diff --git a/src/NetSparkle.Samples.Avalonia.MacOS/CustomSparkleUpdater.cs b/src/NetSparkle.Samples.Avalonia.MacOS/CustomSparkleUpdater.cs
@@ -82,7 +82,7 @@ protected override async Task RunDownloadedInstaller(string downloadFilePath)
             }
             catch (InvalidDataException)
             {
-                UIFactory?.ShowUnknownInstallerFormatMessage(this, downloadFilePath);
+                UIFactory?.ShowUnknownInstallerFormatMessage(downloadFilePath);
                 return;
             }
 

diff --git a/src/NetSparkle/Downloaders/WebFileDownloader.cs b/src/NetSparkle/Downloaders/WebFileDownloader.cs
@@ -3,7 +3,10 @@
 using System;
 using System.ComponentModel;
 using System.IO;
+using System.Net;
 using System.Net.Http;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -56,6 +59,13 @@ public ILogger? LogWriter
         /// </summary>
         public RedirectHandler? RedirectHandler { get; set; }
 
+#if NETCORE
+        /// <summary>
+        /// If true, don't check the validity of SSL certificates. Defaults to false.
+        /// </summary>
+        public bool TrustEverySSLConnection { get; set; } = false;
+#endif
+
         /// <summary>
         /// Do preparation work necessary to download a file,
         /// aka set up the HttpClient for use.
@@ -88,7 +98,23 @@ public virtual void PrepareToDownloadFile()
         /// <returns>The client used for file downloads</returns>
         protected virtual HttpClient CreateHttpClient()
         {
-            return CreateHttpClient(null);
+            var handler = new HttpClientHandler();
+            if (RedirectHandler != null)
+            {
+                handler.AllowAutoRedirect = false;
+            }
+#if NETCORE
+            if (TrustEverySSLConnection)
+            {
+                // ServerCertificateCustomValidationCallback not available on .NET 4.6.2 (first available in 4.7.1)
+                handler.ServerCertificateCustomValidationCallback =
+                    (httpRequestMessage, cert, cetChain, policyErrors) =>
+                    {
+                        return true;
+                    };
+            }
+#endif
+            return CreateHttpClient(handler);
         }
 
         /// <summary>

diff --git a/src/NetSparkle/SignatureVerifiers/DSAChecker.cs b/src/NetSparkle/SignatureVerifiers/DSAChecker.cs
@@ -102,14 +102,8 @@ private bool CheckSecurityMode(string signature, ref ValidationResult result)
 
                 case SecurityMode.Unsafe:
                     // always accept anything
-                    // If we don't have a signature, make sure to note this as "Unchecked" since we
-                    // didn't end up checking anything due to a lack of public key/signature
-                    if (!hasValidKeyInformation || !isSignatureValid)
-                    {
-                        result = ValidationResult.Unchecked;
-                        return false;
-                    }
-                    break;
+                    result = ValidationResult.Unchecked;
+                    return false;
 
                 case SecurityMode.OnlyVerifySoftwareDownloads:
                     // If we don't have a signature, make sure to note this as "Unchecked" since we

diff --git a/src/NetSparkle/SignatureVerifiers/Ed25519Checker.cs b/src/NetSparkle/SignatureVerifiers/Ed25519Checker.cs
@@ -120,14 +120,8 @@ private bool CheckSecurityMode(string signature, ref ValidationResult result)
 
                 case SecurityMode.Unsafe:
                     // always accept anything
-                    // If we don't have a signature, make sure to note this as "Unchecked" since we
-                    // didn't end up checking anything due to a lack of public key/signature
-                    if (!HasValidKeyInformation() || string.IsNullOrWhiteSpace(signature))
-                    {
-                        result = ValidationResult.Unchecked;
-                        return false;
-                    }
-                    break;
+                    result = ValidationResult.Unchecked;
+                    return false;
 
                 case SecurityMode.OnlyVerifySoftwareDownloads:
                     // If we don't have a signature, make sure to note this as "Unchecked" since we

diff --git a/src/NetSparkle/SparkleUpdater.cs b/src/NetSparkle/SparkleUpdater.cs
@@ -864,6 +864,41 @@ private void ShowUpdateAvailableWindow(List<AppCastItem> updates, bool isUpdateA
                     }
                 }
 
+                if (string.IsNullOrWhiteSpace(filename))
+                {
+                    if (item.DownloadLink.StartsWith("..") || item.DownloadLink.StartsWith("."))
+                    {
+                        LogWriter?.PrintMessage("Trying for a relative path with download link of {0} and app cast URL of {1}", item.DownloadLink, AppCastUrl);
+                        var downloadUrl = Utilities.GetAbsoluteURL(item.DownloadLink, AppCastUrl);
+                        if (CheckServerFileName && UpdateDownloader != null)
+                        {
+                            try
+                            {
+                                var appCastItem = new AppCastItem() { DownloadLink = downloadUrl.ToString() };
+                                filename = await UpdateDownloader.RetrieveDestinationFileNameAsync(appCastItem);
+                            }
+                            catch (Exception)
+                            {
+                                // ignore
+                            }
+                        }
+
+                        if (string.IsNullOrWhiteSpace(filename))
+                        {
+                            // attempt to get download file name based on download link
+                            try
+                            {
+                                filename = Path.GetFileName(downloadUrl.LocalPath);
+                            }
+                            catch (UriFormatException)
+                            {
+                                // ignore
+                            }
+                        }
+                        LogWriter?.PrintMessage("After attempting relative path resolving, filename is {0}", filename ?? "");
+                    }
+                }
+
                 if (!string.IsNullOrWhiteSpace(filename))
                 {
                     string tmpPath = TmpDownloadFilePath == null || string.IsNullOrWhiteSpace(TmpDownloadFilePath)
-Original file line number
+Diff line change
@@ Expand Up @@
                 }
                 catch (InvalidDataException)
                 {
-                    UIFactory?.ShowUnknownInstallerFormatMessage(this, downloadFilePath);
+                    UIFactory?.ShowUnknownInstallerFormatMessage(downloadFilePath);
                     return;
                 }
@@ Expand Down @@