summaryrefslogtreecommitdiff
path: root/src/leap
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-10-20 07:13:22 +0900
committerkali <kali@leap.se>2012-10-20 07:13:22 +0900
commita85e488ed323ba35b9d12c5cc344bf06337a9a00 (patch)
tree548caec9f0e8c66e88bf5a67cf36ba2254e3e0f1 /src/leap
parentf791a83ce57cef7010da819d61e7f5132fa4611e (diff)
add bypass for already trusted fingerprints
Diffstat (limited to 'src/leap')
-rw-r--r--src/leap/eip/checks.py1
-rw-r--r--src/leap/eip/config.py11
-rwxr-xr-xsrc/leap/gui/firstrunwizard.py29
3 files changed, 33 insertions, 8 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 635308bb..b335b857 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -319,7 +319,6 @@ class ProviderCertChecker(object):
return "https://%s/1/cert" % self.domain
def _get_client_cert_path(self):
- # MVS+ : get provider path
return eipspecs.client_cert_path(domain=self.domain)
def _get_ca_cert_path(self, domain):
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index ef0f52b4..1ce4a54e 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -78,8 +78,15 @@ def get_eip_gateway():
return placeholder
if len(gateways) > 0:
for gw in gateways:
- if gw['name'] == primary_gateway:
- hosts = gw['hosts']
+ name = gw.get('name', None)
+ if not name:
+ return
+
+ if name == primary_gateway:
+ hosts = gw.get('hosts', None)
+ if not hosts:
+ logger.error('no hosts')
+ return
if len(hosts) > 0:
return hosts[0]
else:
diff --git a/src/leap/gui/firstrunwizard.py b/src/leap/gui/firstrunwizard.py
index 68cd4253..287332cd 100755
--- a/src/leap/gui/firstrunwizard.py
+++ b/src/leap/gui/firstrunwizard.py
@@ -47,6 +47,7 @@ class FirstRunWizard(QtGui.QWizard):
self, parent=None, providers=None,
success_cb=None, is_provider_setup=False,
is_previously_registered=False,
+ trusted_certs=None,
netchecker=basechecks.LeapNetworkChecker,
providercertchecker=eipchecks.ProviderCertChecker,
eipconfigchecker=eipchecks.EIPConfigChecker):
@@ -69,6 +70,10 @@ class FirstRunWizard(QtGui.QWizard):
# if True, jumps to LogIn page.
self.is_previously_registered = is_previously_registered
+ # a dict with trusted fingerprints
+ # in the form {'nospacesfingerprint': ['host1', 'host2']}
+ self.trusted_certs = trusted_certs
+
# Checkers
self.netchecker = netchecker
self.providercertchecker = providercertchecker
@@ -415,10 +420,17 @@ class SelectProviderPage(QtGui.QWizardPage):
self.set_validation_status(exc.usermessage)
fingerprint = certs.get_cert_fingerprint(
domain=domain, sep=" ")
- self.add_cert_info(fingerprint)
- self.did_cert_check = True
- self.completeChanged.emit()
- return False
+
+ # it's ok if we've trusted this fgprt before
+ trustedcrts = self.wizard().trusted_certs
+ if trustedcrts and fingerprint.replace(' ', '') in trustedcrts:
+ pass
+ else:
+ # let your user face panick :P
+ self.add_cert_info(fingerprint)
+ self.did_cert_check = True
+ self.completeChanged.emit()
+ return False
except baseexceptions.LeapException as exc:
self.set_validation_status(exc.usermessage)
@@ -1044,6 +1056,13 @@ if __name__ == '__main__':
logger.setLevel(logging.DEBUG)
app = QtGui.QApplication(sys.argv)
- wizard = FirstRunWizard() # providers=('springbok',))
+
+ trusted_certs = {
+ "3DF83F316BFA0186"
+ "0A11A5C9C7FC24B9"
+ "18C62B941192CC1A"
+ "49AE62218B2A4B7C": ['springbok']}
+
+ wizard = FirstRunWizard(trusted_certs=trusted_certs)
wizard.show()
sys.exit(app.exec_())