summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-12-15 02:25:12 +0900
committerkali <kali@leap.se>2012-12-15 02:25:12 +0900
commit914a07aaf8ef52b2eaf88f1bf01fb6f72adcac5a (patch)
tree1540883cdc002930210365c4d2e975a93b2a7989
parentd71e05fdefa7cb9699804bc93adba97921ca923f (diff)
use gnutls to parse pemfiles
-rw-r--r--src/leap/base/auth.py8
-rw-r--r--src/leap/base/tests/test_providers.py6
-rw-r--r--src/leap/crypto/certs.py42
-rw-r--r--src/leap/crypto/tests/__init__.py0
-rw-r--r--src/leap/crypto/tests/test_certs.py11
5 files changed, 60 insertions, 7 deletions
diff --git a/src/leap/base/auth.py b/src/leap/base/auth.py
index 56b7cf96..c6bd3518 100644
--- a/src/leap/base/auth.py
+++ b/src/leap/base/auth.py
@@ -255,6 +255,7 @@ class SRPAuth(requests.auth.AuthBase):
try:
assert self.srp_usr.authenticated()
logger.debug('user is authenticated!')
+ print 'user is authenticated!'
except (AssertionError):
raise SRPAuthenticationError(
"Auth verification failed.")
@@ -355,8 +356,11 @@ if __name__ == "__main__":
req.raise_for_status
return req
- req = test_srp_protected_get('https://localhost:8443/1/cert')
- print 'cert :', req.content[:200] + "..."
+ #req = test_srp_protected_get('https://localhost:8443/1/cert')
+ req = test_srp_protected_get('%s/1/cert' % SERVER)
+ import ipdb;ipdb.set_trace()
+ #print 'cert :', req.content[:200] + "..."
+ print 'cert :', req.content
sys.exit(0)
if action == "add":
diff --git a/src/leap/base/tests/test_providers.py b/src/leap/base/tests/test_providers.py
index d9604fab..8801a3eb 100644
--- a/src/leap/base/tests/test_providers.py
+++ b/src/leap/base/tests/test_providers.py
@@ -16,10 +16,12 @@ from leap.base import providers
EXPECTED_DEFAULT_CONFIG = {
u"api_version": u"0.1.0",
u"description": {u'en': u"Test provider"},
- u"display_name": {u'en': u"Test Provider"},
+ u"default_language": u"en",
+ #u"display_name": {u'en': u"Test Provider"},
u"domain": u"testprovider.example.org",
+ u'name': {u'en': u'Test Provider'},
u"enrollment_policy": u"open",
- u"serial": 1,
+ #u"serial": 1,
u"services": [
u"eip"
],
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index 8908865d..45d7326d 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -1,10 +1,14 @@
import ctypes
+from StringIO import StringIO
+import re
import socket
import gnutls.connection
import gnutls.crypto
import gnutls.library
+from leap.util.misc import null_check
+
def get_https_cert_from_domain(domain):
"""
@@ -20,12 +24,44 @@ def get_https_cert_from_domain(domain):
return cert
-def get_cert_from_file(filepath):
- with open(filepath) as f:
- cert = gnutls.crypto.X509Certificate(f.read())
+def get_cert_from_file(_file):
+ getcert = lambda f: gnutls.crypto.X509Certificate(f.read())
+ if isinstance(_file, str):
+ with open(_file) as f:
+ cert = getcert(f)
+ else:
+ cert = getcert(_file)
return cert
+def get_pkey_from_file(_file):
+ getkey = lambda f: gnutls.crypto.X509PrivateKey(f.read())
+ if isinstance(_file, str):
+ with open(_file) as f:
+ key = getkey(f)
+ else:
+ key = getkey(_file)
+ return key
+
+
+def can_load_cert_and_pkey(string):
+ try:
+ f = StringIO(string)
+ cert = get_cert_from_file(f)
+
+ f = StringIO(string)
+ key = get_pkey_from_file(f)
+
+ null_check(cert, 'certificate')
+ null_check(key, 'private key')
+ except:
+ # XXX catch GNUTLSError
+ raise
+ return False
+ else:
+ return True
+
+
def get_cert_fingerprint(domain=None, filepath=None,
hash_type="SHA256", sep=":"):
"""
diff --git a/src/leap/crypto/tests/__init__.py b/src/leap/crypto/tests/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/src/leap/crypto/tests/__init__.py
diff --git a/src/leap/crypto/tests/test_certs.py b/src/leap/crypto/tests/test_certs.py
new file mode 100644
index 00000000..4d167c51
--- /dev/null
+++ b/src/leap/crypto/tests/test_certs.py
@@ -0,0 +1,11 @@
+import unittest
+
+
+class CertTestCase(unittest.TestCase):
+
+ def test_load_client_and_pkey(self):
+ self.fail('not implemented')
+
+
+if __name__ == "__main__":
+ unittest.main()