diff options
| -rw-r--r-- | src/leap/crypto/certs.py | 15 | ||||
| -rw-r--r-- | src/leap/eip/checks.py | 13 | ||||
| -rwxr-xr-x | src/leap/gui/firstrun/tests/integration/fake_provider.py | 6 | 
3 files changed, 19 insertions, 15 deletions
| diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py index c2835878..cbb5725a 100644 --- a/src/leap/crypto/certs.py +++ b/src/leap/crypto/certs.py @@ -2,7 +2,9 @@ import logging  import os  from StringIO import StringIO  import ssl +import time +from dateutil.parser import parse  from OpenSSL import crypto  from leap.util.misc import null_check @@ -33,7 +35,7 @@ def get_https_cert_from_domain(domain, port=443):  def get_cert_from_file(_file):      null_check(_file, "pem file") -    if isinstance(_file, str): +    if isinstance(_file, (str, unicode)):          if not os.path.isfile(_file):              raise NoCertError          with open(_file) as f: @@ -97,3 +99,14 @@ def get_cert_fingerprint(domain=None, port=443, filepath=None,          cert = get_cert_from_file(filepath)      hex_fpr = cert.digest(hash_type)      return hex_fpr + + +def get_time_boundaries(certfile): +    cert = get_cert_from_file(certfile) +    null_check(cert, 'certificate') + +    fromts, tots = (cert.get_notBefore(), cert.get_notAfter()) +    from_, to_ = map( +        lambda ts: time.gmtime(time.mktime(parse(ts).timetuple())), +        (fromts, tots)) +    return from_, to_ diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index de738de6..9a34a428 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -1,13 +1,8 @@  import logging -#import ssl -#import platform  import time  import os  import sys -import gnutls.crypto -#import netifaces -#import ping  import requests  from leap import __branding as BRANDING @@ -24,7 +19,6 @@ from leap.eip import specs as eipspecs  from leap.util.certs import get_mac_cabundle  from leap.util.fileutil import mkdir_p  from leap.util.web import get_https_domain_and_port -from leap.util.misc import null_check  logger = logging.getLogger(name=__name__) @@ -276,11 +270,8 @@ class ProviderCertChecker(object):      def is_cert_not_expired(self, certfile=None, now=time.gmtime):          if certfile is None:              certfile = self._get_client_cert_path() -        with open(certfile) as cf: -            cert_s = cf.read() -        cert = gnutls.crypto.X509Certificate(cert_s) -        from_ = time.gmtime(cert.activation_time) -        to_ = time.gmtime(cert.expiration_time) +        from_, to_ = certs.get_time_boundaries(certfile) +          return from_ < now() < to_      def is_valid_pemfile(self, cert_s=None): diff --git a/src/leap/gui/firstrun/tests/integration/fake_provider.py b/src/leap/gui/firstrun/tests/integration/fake_provider.py index 445b4487..668db5d1 100755 --- a/src/leap/gui/firstrun/tests/integration/fake_provider.py +++ b/src/leap/gui/firstrun/tests/integration/fake_provider.py @@ -25,9 +25,9 @@ import sys  import srp  # GnuTLS Example -- is not working as expected -from gnutls import crypto -from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL -from gnutls.interfaces.twisted import X509Credentials +#from gnutls import crypto +#from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL +#from gnutls.interfaces.twisted import X509Credentials  # Going with OpenSSL as a workaround instead  # But we DO NOT want to introduce this dependency. | 
