diff options
-rw-r--r-- | changes/bug-3362_check-for-cacert-existence-before-use | 1 | ||||
-rw-r--r-- | src/leap/config/providerconfig.py | 16 | ||||
-rw-r--r-- | src/leap/services/eip/providerbootstrapper.py | 10 |
3 files changed, 21 insertions, 6 deletions
diff --git a/changes/bug-3362_check-for-cacert-existence-before-use b/changes/bug-3362_check-for-cacert-existence-before-use new file mode 100644 index 00000000..5f69f193 --- /dev/null +++ b/changes/bug-3362_check-for-cacert-existence-before-use @@ -0,0 +1 @@ + o Verify cacert existence before using it. Closes bug #3362. diff --git a/src/leap/config/providerconfig.py b/src/leap/config/providerconfig.py index 744199f8..eb097034 100644 --- a/src/leap/config/providerconfig.py +++ b/src/leap/config/providerconfig.py @@ -21,13 +21,20 @@ Provider configuration import logging import os -from leap.common.check import leap_assert +from leap.common.check import leap_check from leap.common.config.baseconfig import BaseConfig, LocalizedKey from leap.config.provider_spec import leap_provider_spec logger = logging.getLogger(__name__) +class MissingCACert(Exception): + """ + Raised when a CA certificate is needed but not found. + """ + pass + + class ProviderConfig(BaseConfig): """ Provider configuration abstraction class @@ -118,6 +125,8 @@ class ProviderConfig(BaseConfig): def get_ca_cert_path(self, about_to_download=False): """ Returns the path to the certificate for the current provider. + It may raise MissingCACert if + the certificate does not exists and not about_to_download :param about_to_download: defines wether we want the path to download the cert or not. This helps avoid @@ -135,8 +144,9 @@ class ProviderConfig(BaseConfig): "cacert.pem") if not about_to_download: - leap_assert(os.path.exists(cert_path), - "You need to download the certificate first") + cert_exists = os.path.exists(cert_path) + error_msg = "You need to download the certificate first" + leap_check(cert_exists, error_msg, MissingCACert) logger.debug("Going to verify SSL against %s" % (cert_path,)) return cert_path diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py index 723475b8..bf5938dc 100644 --- a/src/leap/services/eip/providerbootstrapper.py +++ b/src/leap/services/eip/providerbootstrapper.py @@ -29,7 +29,7 @@ from PySide import QtCore from leap.common.certs import get_digest from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p from leap.common.check import leap_assert, leap_assert_type, leap_check -from leap.config.providerconfig import ProviderConfig +from leap.config.providerconfig import ProviderConfig, MissingCACert from leap.util.request_helpers import get_content from leap.util.constants import REQUEST_TIMEOUT from leap.services.abstractbootstrapper import AbstractBootstrapper @@ -147,8 +147,12 @@ class ProviderBootstrapper(AbstractBootstrapper): if mtime: # the provider.json exists provider_config = ProviderConfig() provider_config.load(provider_json) - uri = provider_config.get_api_uri() + '/provider.json' - verify = provider_config.get_ca_cert_path() + try: + verify = provider_config.get_ca_cert_path() + uri = provider_config.get_api_uri() + '/provider.json' + except MissingCACert: + # get_ca_cert_path fails if the certificate does not exists. + pass logger.debug("Requesting for provider.json... " "uri: {0}, verify: {1}, headers: {2}".format( |