summaryrefslogtreecommitdiff
path: root/src/leap/services/eip
diff options
context:
space:
mode:
authorIvan Alejandro <ivanalejandro0@gmail.com>2013-07-25 14:57:31 -0300
committerIvan Alejandro <ivanalejandro0@gmail.com>2013-07-25 14:57:31 -0300
commit6b7d885a43808f4351c9e581d1a1e53fbd7b3edd (patch)
tree4d1afc6ee45ee86602766f176fe43f712b21c280 /src/leap/services/eip
parentc715e5fbd3f48f9a3555be659ccfe859f97c9d7c (diff)
Add validation using provider's ca . Closes #3227.
Diffstat (limited to 'src/leap/services/eip')
-rw-r--r--src/leap/services/eip/providerbootstrapper.py32
1 files changed, 21 insertions, 11 deletions
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index 0be997b2..723475b8 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -132,21 +132,31 @@ class ProviderBootstrapper(AbstractBootstrapper):
logger.debug("Downloading provider info for %s" % (self._domain))
headers = {}
- mtime = get_mtime(os.path.join(ProviderConfig()
- .get_path_prefix(),
- "leap",
- "providers",
- self._domain,
- "provider.json"))
+
+ provider_json = os.path.join(
+ ProviderConfig().get_path_prefix(), "leap", "providers",
+ self._domain, "provider.json")
+ mtime = get_mtime(provider_json)
+
if self._download_if_needed and mtime:
headers['if-modified-since'] = mtime
- res = self._session.get("https://%s/%s" % (self._domain,
- "provider.json"),
- headers=headers,
- verify=not self._bypass_checks,
- timeout=REQUEST_TIMEOUT)
+ uri = "https://%s/%s" % (self._domain, "provider.json")
+ verify = not self._bypass_checks
+
+ if mtime: # the provider.json exists
+ provider_config = ProviderConfig()
+ provider_config.load(provider_json)
+ uri = provider_config.get_api_uri() + '/provider.json'
+ verify = provider_config.get_ca_cert_path()
+
+ logger.debug("Requesting for provider.json... "
+ "uri: {0}, verify: {1}, headers: {2}".format(
+ uri, verify, headers))
+ res = self._session.get(uri, verify=verify,
+ headers=headers, timeout=REQUEST_TIMEOUT)
res.raise_for_status()
+ logger.debug("Request status code: {0}".format(res.status_code))
# Not modified
if res.status_code == 304: