From b66f7f6c8b778e4166c7489c1ff418af9e35e7c8 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Tue, 15 Dec 2020 21:24:21 -0600
Subject: [PATCH] Don't persist the server cert until pairing is successful

Fixes #484
---
 app/backend/nvpairingmanager.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/backend/nvpairingmanager.cpp b/app/backend/nvpairingmanager.cpp
index a8a97509..eba7e1f0 100644
--- a/app/backend/nvpairingmanager.cpp
+++ b/app/backend/nvpairingmanager.cpp
@@ -238,17 +238,18 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
         return PairState::ALREADY_IN_PROGRESS;
     }
 
-    serverCert = QSslCertificate(serverCertStr);
-    if (serverCert.isNull()) {
-        Q_ASSERT(!serverCert.isNull());
+    QSslCertificate unverifiedServerCert = QSslCertificate(serverCertStr);
+    if (unverifiedServerCert.isNull()) {
+        Q_ASSERT(!unverifiedServerCert.isNull());
 
         qCritical() << "Failed to parse plaincert";
         m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
         return PairState::FAILED;
     }
 
-    // Pin this cert for TLS
-    m_Http.setServerCert(serverCert);
+    // Pin this cert for TLS until pairing is complete. If successful, we will propagate
+    // the cert into the NvComputer object and persist it.
+    m_Http.setServerCert(unverifiedServerCert);
 
     QByteArray randomChallenge = generateRandomBytes(16);
     QByteArray encryptedChallenge = encrypt(randomChallenge, aesKey);
@@ -353,5 +354,6 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC
         return PairState::FAILED;
     }
 
+    serverCert = std::move(unverifiedServerCert);
     return PairState::PAIRED;
 }