diff options
author | Tomás Touceda <chiiph@leap.se> | 2013-03-13 10:38:25 -0300 |
---|---|---|
committer | Tomás Touceda <chiiph@leap.se> | 2013-03-13 10:38:25 -0300 |
commit | a12906958e4d117daaf45bd42e7383d2344ea463 (patch) | |
tree | 7e9029c7bf4cc71c0d76d0a242c073f56663c660 /src | |
parent | 5e3c49e57cd87ba6cdd11cb9ef59333fbfe4d49b (diff) |
Add util.certs and abstract digest there
Diffstat (limited to 'src')
-rw-r--r-- | src/leap/services/eip/providerbootstrapper.py | 6 | ||||
-rw-r--r-- | src/leap/util/certs.py | 39 |
2 files changed, 41 insertions, 4 deletions
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py index df56110e..dc87a1bd 100644 --- a/src/leap/services/eip/providerbootstrapper.py +++ b/src/leap/services/eip/providerbootstrapper.py @@ -23,9 +23,7 @@ import requests import logging import socket import os -import errno -from OpenSSL import crypto from PySide import QtGui, QtCore from leap.config.providerconfig import ProviderConfig @@ -33,6 +31,7 @@ from leap.util.check import leap_assert, leap_assert_type from leap.util.checkerthread import CheckerThread from leap.util.files import check_and_fix_urw_only, get_mtime, mkdir_p from leap.util.request_helpers import get_content +from leap.util.certs import get_digest logger = logging.getLogger(__name__) @@ -324,8 +323,7 @@ class ProviderBootstrapper(QtCore.QObject): leap_assert(len(cert_data) > 0, "Could not read certificate data") - x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data) - digest = x509.digest(method).replace(":", "").lower() + digest = get_digest(cert_data, method) leap_assert(digest == fingerprint, "Downloaded certificate has a different fingerprint!") diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py new file mode 100644 index 00000000..7cbd7519 --- /dev/null +++ b/src/leap/util/certs.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# certs.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Implements cert checks and helpers +""" + +from OpenSSL import crypto + + +def get_digest(cert_data, method): + """ + Returns the digest for the cert_data using the method specified + + @param cert_data: certificate data in string form + @type cert_data: str + @param method: method to be used for digest + @type method: str + + @rtype: str + """ + x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data) + digest = x509.digest(method).replace(":", "").lower() + + return digest |