fix(core): stop corrupted state from permanently breaking SSL and wallet loading
CertificatePinStore.Load threw on a corrupted pin file, blocking every SSL connection until the user manually deleted it; EncryptedFile.IsEncrypted threw on valid JSON with a non-object root or invalid UTF-16 instead of returning false. Both now degrade gracefully. Found by property-based tests while extending the test suite.
This commit is contained in:
@@ -58,10 +58,21 @@ public sealed class CertificatePinStore(string filePath)
|
||||
}
|
||||
}
|
||||
|
||||
private Dictionary<string, string> Load() =>
|
||||
File.Exists(filePath)
|
||||
? JsonSerializer.Deserialize<Dictionary<string, string>>(File.ReadAllText(filePath)) ?? []
|
||||
: [];
|
||||
private Dictionary<string, string> Load()
|
||||
{
|
||||
if (!File.Exists(filePath))
|
||||
return [];
|
||||
try
|
||||
{
|
||||
return JsonSerializer.Deserialize<Dictionary<string, string>>(File.ReadAllText(filePath)) ?? [];
|
||||
}
|
||||
catch (JsonException)
|
||||
{
|
||||
// A corrupt pin file must not make every SSL connection fail forever:
|
||||
// fall back to first-contact TOFU (same trust level as the bootstrap).
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
private void Save(Dictionary<string, string> pins)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user