diff options
author | Ivan Alejandro <ivanalejandro0@gmail.com> | 2013-07-25 14:57:31 -0300 |
---|---|---|
committer | Ivan Alejandro <ivanalejandro0@gmail.com> | 2013-07-25 14:57:31 -0300 |
commit | 6b7d885a43808f4351c9e581d1a1e53fbd7b3edd (patch) | |
tree | 4d1afc6ee45ee86602766f176fe43f712b21c280 /src/leap/services/eip | |
parent | c715e5fbd3f48f9a3555be659ccfe859f97c9d7c (diff) |
Add validation using provider's ca . Closes #3227.
Diffstat (limited to 'src/leap/services/eip')
-rw-r--r-- | src/leap/services/eip/providerbootstrapper.py | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py index 0be997b2..723475b8 100644 --- a/src/leap/services/eip/providerbootstrapper.py +++ b/src/leap/services/eip/providerbootstrapper.py @@ -132,21 +132,31 @@ class ProviderBootstrapper(AbstractBootstrapper): logger.debug("Downloading provider info for %s" % (self._domain)) headers = {} - mtime = get_mtime(os.path.join(ProviderConfig() - .get_path_prefix(), - "leap", - "providers", - self._domain, - "provider.json")) + + provider_json = os.path.join( + ProviderConfig().get_path_prefix(), "leap", "providers", + self._domain, "provider.json") + mtime = get_mtime(provider_json) + if self._download_if_needed and mtime: headers['if-modified-since'] = mtime - res = self._session.get("https://%s/%s" % (self._domain, - "provider.json"), - headers=headers, - verify=not self._bypass_checks, - timeout=REQUEST_TIMEOUT) + uri = "https://%s/%s" % (self._domain, "provider.json") + verify = not self._bypass_checks + + if mtime: # the provider.json exists + provider_config = ProviderConfig() + provider_config.load(provider_json) + uri = provider_config.get_api_uri() + '/provider.json' + verify = provider_config.get_ca_cert_path() + + logger.debug("Requesting for provider.json... " + "uri: {0}, verify: {1}, headers: {2}".format( + uri, verify, headers)) + res = self._session.get(uri, verify=verify, + headers=headers, timeout=REQUEST_TIMEOUT) res.raise_for_status() + logger.debug("Request status code: {0}".format(res.status_code)) # Not modified if res.status_code == 304: |