From ce5cd2d49dac5f89deb0c10dee96160656fe2055 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Tue, 5 Dec 2017 11:55:02 +0100
Subject: [feat] add provider pinning

Pin the provider.json and the ca cert for the public providers.

- Resolves: #9074
---
 src/leap/bitmask/bonafide/_protocol.py | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'src/leap/bitmask/bonafide/_protocol.py')

diff --git a/src/leap/bitmask/bonafide/_protocol.py b/src/leap/bitmask/bonafide/_protocol.py
index 04c5d451..e044875f 100644
--- a/src/leap/bitmask/bonafide/_protocol.py
+++ b/src/leap/bitmask/bonafide/_protocol.py
@@ -17,7 +17,7 @@
 """
 Bonafide protocol.
 """
-import os
+import os.path
 from collections import defaultdict
 
 from leap.bitmask.bonafide import config
@@ -31,7 +31,7 @@ from twisted.logger import Logger
 
 
 COMMANDS = 'signup', 'authenticate', 'logout', 'stats'
-_preffix = get_path_prefix()
+_preffix = os.path.join(get_path_prefix(), 'leap')
 
 
 class BonafideProtocol(object):
@@ -60,7 +60,7 @@ class BonafideProtocol(object):
         username, provider_id = config.get_username_and_provider(full_id)
         credentials = UsernamePassword(username, password)
         api = self._get_api(provider)
-        provider_pem = _get_provider_ca_path(provider_id)
+        provider_pem = config.get_ca_cert_path(_preffix, provider_id)
         session = Session(credentials, api, provider_pem)
         self._sessions[full_id] = session
         return session
@@ -192,8 +192,3 @@ class BonafideProtocol(object):
     def do_update_user(self):
         # FIXME to be implemented
         pass
-
-
-def _get_provider_ca_path(provider_id):
-    return os.path.join(
-        _preffix, 'leap', 'providers', provider_id, 'keys', 'ca', 'cacert.pem')
-- 
cgit v1.2.3