summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/services/soledad
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/services/soledad')
-rw-r--r--src/leap/bitmask/services/soledad/__init__.py0
-rw-r--r--src/leap/bitmask/services/soledad/soledadbootstrapper.py265
-rw-r--r--src/leap/bitmask/services/soledad/soledadconfig.py49
-rw-r--r--src/leap/bitmask/services/soledad/soledadspec.py76
4 files changed, 390 insertions, 0 deletions
diff --git a/src/leap/bitmask/services/soledad/__init__.py b/src/leap/bitmask/services/soledad/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/src/leap/bitmask/services/soledad/__init__.py
diff --git a/src/leap/bitmask/services/soledad/soledadbootstrapper.py b/src/leap/bitmask/services/soledad/soledadbootstrapper.py
new file mode 100644
index 00000000..fba74d60
--- /dev/null
+++ b/src/leap/bitmask/services/soledad/soledadbootstrapper.py
@@ -0,0 +1,265 @@
+# -*- coding: utf-8 -*-
+# soledadbootstrapper.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Soledad bootstrapping
+"""
+
+import logging
+import os
+
+from PySide import QtCore
+from u1db import errors as u1db_errors
+
+from leap.bitmask.config.providerconfig import ProviderConfig
+from leap.bitmask.crypto.srpauth import SRPAuth
+from leap.bitmask.services.abstractbootstrapper import AbstractBootstrapper
+from leap.bitmask.services.soledad.soledadconfig import SoledadConfig
+from leap.bitmask.util.request_helpers import get_content
+from leap.common.check import leap_assert, leap_assert_type
+from leap.common.files import get_mtime
+from leap.keymanager import KeyManager, openpgp
+from leap.keymanager.errors import KeyNotFound
+from leap.soledad import Soledad
+
+logger = logging.getLogger(__name__)
+
+
+class SoledadBootstrapper(AbstractBootstrapper):
+ """
+ Soledad init procedure
+ """
+
+ SOLEDAD_KEY = "soledad"
+ KEYMANAGER_KEY = "keymanager"
+
+ PUBKEY_KEY = "user[public_key]"
+
+ # All dicts returned are of the form
+ # {"passed": bool, "error": str}
+ download_config = QtCore.Signal(dict)
+ gen_key = QtCore.Signal(dict)
+
+ def __init__(self):
+ AbstractBootstrapper.__init__(self)
+
+ self._provider_config = None
+ self._soledad_config = None
+ self._keymanager = None
+ self._download_if_needed = False
+ self._user = ""
+ self._password = ""
+ self._soledad = None
+
+ @property
+ def keymanager(self):
+ return self._keymanager
+
+ @property
+ def soledad(self):
+ return self._soledad
+
+ def _load_and_sync_soledad(self, srp_auth):
+ """
+ Once everthing is in the right place, we instantiate and sync
+ Soledad
+
+ :param srp_auth: SRPAuth object used
+ :type srp_auth: SRPAuth
+ """
+ uuid = srp_auth.get_uid()
+
+ prefix = os.path.join(self._soledad_config.get_path_prefix(),
+ "leap", "soledad")
+ secrets_path = "%s/%s.secret" % (prefix, uuid)
+ local_db_path = "%s/%s.db" % (prefix, uuid)
+
+ # TODO: Select server based on timezone (issue #3308)
+ server_dict = self._soledad_config.get_hosts()
+
+ if server_dict.keys():
+ selected_server = server_dict[server_dict.keys()[0]]
+ server_url = "https://%s:%s/user-%s" % (
+ selected_server["hostname"],
+ selected_server["port"],
+ uuid)
+
+ logger.debug("Using soledad server url: %s" % (server_url,))
+
+ cert_file = self._provider_config.get_ca_cert_path()
+
+ # TODO: If selected server fails, retry with another host
+ # (issue #3309)
+ try:
+ self._soledad = Soledad(
+ uuid,
+ self._password.encode("utf-8"),
+ secrets_path=secrets_path,
+ local_db_path=local_db_path,
+ server_url=server_url,
+ cert_file=cert_file,
+ auth_token=srp_auth.get_token())
+ self._soledad.sync()
+ except u1db_errors.Unauthorized:
+ logger.error("Error while initializing soledad.")
+ else:
+ raise Exception("No soledad server found")
+
+ def _download_config(self):
+ """
+ Downloads the Soledad config for the given provider
+ """
+
+ leap_assert(self._provider_config,
+ "We need a provider configuration!")
+
+ logger.debug("Downloading Soledad config for %s" %
+ (self._provider_config.get_domain(),))
+
+ self._soledad_config = SoledadConfig()
+
+ headers = {}
+ mtime = get_mtime(
+ os.path.join(
+ self._soledad_config.get_path_prefix(),
+ "leap", "providers",
+ self._provider_config.get_domain(),
+ "soledad-service.json"))
+
+ if self._download_if_needed and mtime:
+ headers['if-modified-since'] = mtime
+
+ api_version = self._provider_config.get_api_version()
+
+ # there is some confusion with this uri,
+ config_uri = "%s/%s/config/soledad-service.json" % (
+ self._provider_config.get_api_uri(),
+ api_version)
+ logger.debug('Downloading soledad config from: %s' % config_uri)
+
+ srp_auth = SRPAuth(self._provider_config)
+ session_id = srp_auth.get_session_id()
+ cookies = None
+ if session_id:
+ cookies = {"_session_id": session_id}
+
+ res = self._session.get(config_uri,
+ verify=self._provider_config
+ .get_ca_cert_path(),
+ headers=headers,
+ cookies=cookies)
+ res.raise_for_status()
+
+ self._soledad_config.set_api_version(api_version)
+
+ # Not modified
+ if res.status_code == 304:
+ logger.debug("Soledad definition has not been modified")
+ self._soledad_config.load(
+ os.path.join(
+ "leap", "providers",
+ self._provider_config.get_domain(),
+ "soledad-service.json"))
+ else:
+ soledad_definition, mtime = get_content(res)
+
+ self._soledad_config.load(data=soledad_definition, mtime=mtime)
+ self._soledad_config.save(["leap",
+ "providers",
+ self._provider_config.get_domain(),
+ "soledad-service.json"])
+
+ self._load_and_sync_soledad(srp_auth)
+
+ def _gen_key(self, _):
+ """
+ Generates the key pair if needed, uploads it to the webapp and
+ nickserver
+ """
+ leap_assert(self._provider_config,
+ "We need a provider configuration!")
+
+ address = "%s@%s" % (self._user, self._provider_config.get_domain())
+
+ logger.debug("Retrieving key for %s" % (address,))
+
+ srp_auth = SRPAuth(self._provider_config)
+
+ # TODO: Fix for Windows
+ gpgbin = "/usr/bin/gpg"
+
+ if self._standalone:
+ gpgbin = os.path.join(self._provider_config.get_path_prefix(),
+ "..", "apps", "mail", "gpg")
+
+ self._keymanager = KeyManager(
+ address,
+ "https://nicknym.%s:6425" % (self._provider_config.get_domain(),),
+ self._soledad,
+ #token=srp_auth.get_token(), # TODO: enable token usage
+ session_id=srp_auth.get_session_id(),
+ ca_cert_path=self._provider_config.get_ca_cert_path(),
+ api_uri=self._provider_config.get_api_uri(),
+ api_version=self._provider_config.get_api_version(),
+ uid=srp_auth.get_uid(),
+ gpgbinary=gpgbin)
+ try:
+ self._keymanager.get_key(address, openpgp.OpenPGPKey,
+ private=True, fetch_remote=False)
+ except KeyNotFound:
+ logger.debug("Key not found. Generating key for %s" % (address,))
+ self._keymanager.gen_key(openpgp.OpenPGPKey)
+ self._keymanager.send_key(openpgp.OpenPGPKey)
+ logger.debug("Key generated successfully.")
+
+ def run_soledad_setup_checks(self,
+ provider_config,
+ user,
+ password,
+ download_if_needed=False,
+ standalone=False):
+ """
+ Starts the checks needed for a new soledad setup
+
+ :param provider_config: Provider configuration
+ :type provider_config: ProviderConfig
+ :param user: User's login
+ :type user: str
+ :param password: User's password
+ :type password: str
+ :param download_if_needed: If True, it will only download
+ files if the have changed since the
+ time it was previously downloaded.
+ :type download_if_needed: bool
+ :param standalone: If True, it'll look for paths inside the
+ bundle (like for gpg)
+ :type standalone: bool
+ """
+ leap_assert_type(provider_config, ProviderConfig)
+
+ self._provider_config = provider_config
+ self._download_if_needed = download_if_needed
+ self._user = user
+ self._password = password
+ self._standalone = standalone
+
+ cb_chain = [
+ (self._download_config, self.download_config),
+ (self._gen_key, self.gen_key)
+ ]
+
+ self.addCallbackChain(cb_chain)
diff --git a/src/leap/bitmask/services/soledad/soledadconfig.py b/src/leap/bitmask/services/soledad/soledadconfig.py
new file mode 100644
index 00000000..7ed21f77
--- /dev/null
+++ b/src/leap/bitmask/services/soledad/soledadconfig.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+# soledadconfig.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Soledad configuration
+"""
+import logging
+
+from leap.bitmask.services.soledad.soledadspec import get_schema
+from leap.common.config.baseconfig import BaseConfig
+
+logger = logging.getLogger(__name__)
+
+
+class SoledadConfig(BaseConfig):
+ """
+ Soledad configuration abstraction class
+ """
+
+ def __init__(self):
+ BaseConfig.__init__(self)
+
+ def _get_schema(self):
+ """
+ Returns the schema corresponding to the version given.
+
+ :rtype: dict or None if the version is not supported.
+ """
+ return get_schema(self._api_version)
+
+ def get_hosts(self):
+ return self._safe_get_value("hosts")
+
+ def get_locations(self):
+ return self._safe_get_value("locations")
diff --git a/src/leap/bitmask/services/soledad/soledadspec.py b/src/leap/bitmask/services/soledad/soledadspec.py
new file mode 100644
index 00000000..111175dd
--- /dev/null
+++ b/src/leap/bitmask/services/soledad/soledadspec.py
@@ -0,0 +1,76 @@
+# -*- coding: utf-8 -*-
+# soledadspec.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Schemas dict
+# To add a schema for a version you should follow the form:
+# { '1': schema_v1, '2': schema_v2, ... etc }
+# so for instance, to add the '2' version, you should do:
+# soledad_config_spec['2'] = schema_v2
+soledad_config_spec = {}
+
+soledad_config_spec['1'] = {
+ 'description': 'sample soledad service config',
+ 'type': 'object',
+ 'properties': {
+ 'serial': {
+ 'type': int,
+ 'default': 1,
+ 'required': ["True"]
+ },
+ 'version': {
+ 'type': int,
+ 'default': 1,
+ 'required': ["True"]
+ },
+ 'hosts': {
+ 'type': dict,
+ 'default': {
+ "python": {
+ "hostname": "someprovider",
+ "ip_address": "1.1.1.1",
+ "location": "loc",
+ "port": 1111
+ },
+ },
+ },
+ 'locations': {
+ 'type': dict,
+ 'default': {
+ "locations": {
+ "ankara": {
+ "country_code": "TR",
+ "hemisphere": "N",
+ "name": "loc",
+ "timezone": "+0"
+ }
+ }
+ }
+ }
+ }
+}
+
+
+def get_schema(version):
+ """
+ Returns the schema corresponding to the version given.
+
+ :param version: the version of the schema to get.
+ :type version: str
+ :rtype: dict or None if the version is not supported.
+ """
+ schema = soledad_config_spec.get(version, None)
+ return schema