diff options
Diffstat (limited to 'src/leap/bitmask/backend')
-rw-r--r-- | src/leap/bitmask/backend/backend_proxy.py | 3 | ||||
-rw-r--r-- | src/leap/bitmask/backend/utils.py | 26 |
2 files changed, 28 insertions, 1 deletions
diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py index 9de3501e..3e79289f 100644 --- a/src/leap/bitmask/backend/backend_proxy.py +++ b/src/leap/bitmask/backend/backend_proxy.py @@ -28,6 +28,7 @@ import time import zmq from leap.bitmask.backend.api import API, STOP_REQUEST, PING_REQUEST +from leap.bitmask.backend.utils import generate_zmq_certificates_if_needed from leap.bitmask.backend.utils import get_backend_certificates import logging @@ -49,6 +50,8 @@ class BackendProxy(object): PING_INTERVAL = 2 # secs def __init__(self): + generate_zmq_certificates_if_needed() + self._socket = None # initialize ZMQ stuff: diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py index 65bf6753..18e70743 100644 --- a/src/leap/bitmask/backend/utils.py +++ b/src/leap/bitmask/backend/utils.py @@ -17,6 +17,7 @@ """ Backend utilities to handle ZMQ certificates. """ +import logging import os import shutil import stat @@ -26,10 +27,12 @@ import zmq.auth from leap.bitmask.util import get_path_prefix from leap.common.files import mkdir_p +logger = logging.getLogger(__name__) + KEYS_DIR = os.path.join(get_path_prefix(), 'leap', 'zmq_certificates') -def generate_certificates(): +def generate_zmq_certificates(): """ Generate client and server CURVE certificate files. """ @@ -62,3 +65,24 @@ def get_backend_certificates(base_dir='.'): backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret") public, secret = zmq.auth.load_certificate(backend_secret_file) return public, secret + + +def _certificates_exist(): + """ + Return whether there are certificates in place or not. + + :rtype: bool + """ + frontend_secret_file = os.path.join(KEYS_DIR, "frontend.key_secret") + backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret") + return os.path.isfile(frontend_secret_file) and \ + os.path.isfile(backend_secret_file) + + +def generate_zmq_certificates_if_needed(): + """ + Generate the needed ZMQ certificates for backend/frontend communication if + needed. + """ + if not _certificates_exist(): + generate_zmq_certificates() |