Refactor TAKServerConfig file importer to conditionally allow p12 or pem types; update CoTMessage parsing method name for clarity; enhance mTLS logging in TAKServerManager.

2026-04-20 22:13:56 +00:00 · 2026-01-30 08:58:54 -06:00 · 2026-01-30 08:58:54 -06:00 · 8a0811387a
commit 8a0811387a
parent 1be4cb6c56
4 changed files with 13 additions and 15 deletions
--- a/Localizable.xcstrings
+++ b/Localizable.xcstrings
@ -1900,9 +1900,6 @@
          }
        }
      }
-    },
-    "8089" : {
-
    },
    "A channel index of 0 indicates the primary channel where broadcast packets are sent from. Location data is broadcast from the first channel where it is enabled with firmware 2.7 forward." : {
      "localizations" : {
--- a/Meshtastic/Helpers/TAK/CoTXMLParser.swift
+++ b/Meshtastic/Helpers/TAK/CoTXMLParser.swift
@ -323,8 +323,8 @@ enum CoTParseError: LocalizedError {
 // MARK: - CoTMessage Parsing Extension

 extension CoTMessage {
-	/// Parse CoT XML data into a CoTMessage
-	static func parse(from data: Data) throws -> CoTMessage {
+	/// Parse CoT XML data into a CoTMessage (throwing version)
+	static func parseData(_ data: Data) throws -> CoTMessage {
 		guard !data.isEmpty else {
 			throw CoTParseError.emptyData
 		}
@ -332,12 +332,4 @@ extension CoTMessage {
 		let parser = CoTXMLParser(data: data)
 		return try parser.parse()
 	}
-
-	/// Parse CoT XML string into a CoTMessage
-	static func parse(from xmlString: String) throws -> CoTMessage {
-		guard let data = xmlString.data(using: .utf8) else {
-			throw CoTParseError.emptyData
-		}
-		return try parse(from: data)
-	}
 }
--- a/Meshtastic/Helpers/TAK/TAKServerManager.swift
+++ b/Meshtastic/Helpers/TAK/TAKServerManager.swift
@ -167,7 +167,16 @@ final class TAKServerManager: ObservableObject {
 					queue
 				)
 			} else {
-				Logger.tak.warning("mTLS enabled but no CA certificates configured for client validation")
+				// No client CAs configured: keep mTLS enabled but reject all client certificates
+				Logger.tak.warning("mTLS enabled but no CA certificates configured for client validation; all client connections will be rejected")
+				sec_protocol_options_set_verify_block(
+					tlsOptions.securityProtocolOptions,
+					{ _, _, completion in
+						Logger.tak.error("Rejecting client connection because no client CA certificates are configured")
+						completion(false)
+					},
+					queue
+				)
 			}

 			// TCP options
--- a/Meshtastic/Views/Settings/TAKServerConfig.swift
+++ b/Meshtastic/Views/Settings/TAKServerConfig.swift
@ -38,7 +38,7 @@ struct TAKServerConfig: View {
 		.navigationTitle("TAK Server")
 		.fileImporter(
 			isPresented: $showingFileImporter,
-			allowedContentTypes: [.item],
+			allowedContentTypes: importType == .p12 ? [UTType(filenameExtension: "p12")!, .pkcs12] : [UTType(filenameExtension: "pem")!],
 			allowsMultipleSelection: false
 		) { result in
 			switch importType {