summaryrefslogtreecommitdiff
path: root/src/leap/keymanager/__init__.py
diff options
context:
space:
mode:
authorFolker Bernitt <fbernitt@thoughtworks.com>2015-09-18 17:03:14 +0200
committerFolker Bernitt <fbernitt@thoughtworks.com>2015-09-18 17:26:04 +0200
commit9546348c3603f390fdd6d5a119414142e9bd02ea (patch)
treea1b5223033795c9d659f86e96e1c0f51ad536eb5 /src/leap/keymanager/__init__.py
parent0b9f64faef0ba9c5cf2a9efe485794ef9b999fab (diff)
[feature] Use ca_bundle when fetching keys by url
This is necessary as a fetch by url will talk to remote sites or, for providers with a commercial cert, with a cert that had not been signed with the provider CA. - support lookup of local keys by url for providers with a commercial cert - combine ca_bundle with ca_cert_path if specified - close soledad after each test
Diffstat (limited to 'src/leap/keymanager/__init__.py')
-rw-r--r--src/leap/keymanager/__init__.py42
1 files changed, 40 insertions, 2 deletions
diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index cf430043..1220402a 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -18,7 +18,10 @@
Key Manager is a Nicknym agent for LEAP client.
"""
# let's do a little sanity check to see if we're using the wrong gnupg
+import fileinput
import sys
+import tempfile
+from leap.common import ca_bundle
from ._version import get_versions
try:
@@ -134,12 +137,30 @@ class KeyManager(object):
}
# the following are used to perform https requests
self._fetcher = requests
- self._session = self._fetcher.session()
+ self._combined_ca_bundle = self._create_combined_bundle_file()
#
# utilities
#
+ def _create_combined_bundle_file(self):
+ leap_ca_bundle = ca_bundle.where()
+
+ if self._ca_cert_path == leap_ca_bundle:
+ return self._ca_cert_path # don't merge file with itself
+ elif self._ca_cert_path is None:
+ return leap_ca_bundle
+
+ tmp_file = tempfile.NamedTemporaryFile(delete=True) # file is auto deleted when python process ends
+
+ with open(tmp_file.name, 'w') as fout:
+ fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path))
+ for line in fin:
+ fout.write(line)
+ fin.close()
+
+ return tmp_file.name
+
def _key_class_from_type(self, ktype):
"""
Return key class from string representation of key type.
@@ -176,6 +197,23 @@ class KeyManager(object):
# 'Content-type is not JSON.')
return res
+ def _get_with_combined_ca_bundle(self, uri, data=None):
+ """
+ Send a GET request to C{uri} containing C{data}.
+
+ Instead of using the ca_cert provided on construction time, this version also uses
+ the default certificates shipped with leap.common
+
+ :param uri: The URI of the request.
+ :type uri: str
+ :param data: The body of the request.
+ :type data: dict, str or file
+
+ :return: The response to the request.
+ :rtype: requests.Response
+ """
+ return self._fetcher.get(uri, data=data, verify=self._combined_ca_bundle)
+
def _put(self, uri, data=None):
"""
Send a PUT request to C{uri} containing C{data}.
@@ -780,7 +818,7 @@ class KeyManager(object):
self._assert_supported_key_type(ktype)
logger.info("Fetch key for %s from %s" % (address, uri))
- res = self._get(uri)
+ res = self._get_with_combined_ca_bundle(uri)
if not res.ok:
return defer.fail(KeyNotFound(uri))