From 5ffa0c1710ce4038b94a026a58daf8f12aef2ec4 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Wed, 10 Jan 2018 12:31:17 +0100
Subject: [feat] support anonymous vpn

honor the anonymous certificate for the providers that offer it.
this still needs a change in bonafide, in which if provider supports
anonymous access we still have to download eip-service.json

for testing, I assume this has been already manually downloaded.
---
 src/leap/bitmask/bonafide/config.py | 41 +++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 13 deletions(-)

(limited to 'src/leap/bitmask/bonafide/config.py')

diff --git a/src/leap/bitmask/bonafide/config.py b/src/leap/bitmask/bonafide/config.py
index 222726b7..fe40f277 100644
--- a/src/leap/bitmask/bonafide/config.py
+++ b/src/leap/bitmask/bonafide/config.py
@@ -31,13 +31,15 @@ from cryptography.hazmat.primitives import hashes
 from cryptography.x509 import load_pem_x509_certificate
 from urlparse import urlparse
 
+from twisted.cred.credentials import Anonymous
 from twisted.internet import defer
 from twisted.logger import Logger
 from twisted.web.client import downloadPage
 
 from leap.bitmask.bonafide._http import httpRequest
-from leap.bitmask.bonafide.provider import Discovery
 from leap.bitmask.bonafide.errors import NotConfiguredError, NetworkError
+from leap.bitmask.bonafide.provider import Discovery
+from leap.bitmask.bonafide.session import Session
 from leap.bitmask.util import here, STANDALONE
 
 from leap.common.check import leap_assert
@@ -266,6 +268,10 @@ class Provider(object):
         self.log.debug('Bootstrapping provider %s' % domain)
 
         def first_bootstrap_done(ignored):
+            if self._allows_anonymous:
+                # we continue bootstrapping, we do not
+                # need to wait for authentication.
+                return
             try:
                 self.first_bootstrap.callback('got config')
             except defer.AlreadyCalledError:
@@ -282,6 +288,14 @@ class Provider(object):
         d.addCallback(self.maybe_download_services_config)
         self.ongoing_bootstrap = d
 
+    def _allows_anonymous(self):
+        try:
+            anon = self._provider_config.get(
+                'service').get('allows_anonymous')
+        except ValueError:
+            anon = False
+        return anon
+
     def callWhenMainConfigReady(self, cb, *args, **kw):
         d = self.first_bootstrap
         d.addCallback(lambda _: cb(*args, **kw))
@@ -388,17 +402,23 @@ class Provider(object):
         return os.path.isfile(self._get_configs_path())
 
     def maybe_download_services_config(self, ignored):
-
         # TODO --- currently, some providers (mail.bitmask.net) raise 401
         # UNAUTHENTICATED if we try to get the services
         # See: # https://leap.se/code/issues/7906
 
+        def first_bootstrap_done(ignored):
+            try:
+                self.first_bootstrap.callback('got config')
+            except defer.AlreadyCalledError:
+                pass
+
         uri, met, path = self._get_configs_download_params()
         d = httpRequest(
             self._http._agent, uri, method=met, saveto=path)
         d.addCallback(lambda _: self._load_provider_json())
         d.addCallback(
             lambda _: self._get_config_for_all_services(session=None))
+        d.addCallback(first_bootstrap_done)
         d.addErrback(lambda _: 'ok for now')
         return d
 
@@ -499,6 +519,10 @@ class Provider(object):
             self._disco.netloc = parsed.netloc
 
     def _get_config_for_all_services(self, session):
+        if session is None:
+            provider_cert = self._get_ca_cert_path()
+            session = Session(Anonymous(), self.api_uri, provider_cert)
+
         services_dict = self._load_provider_configs()
         configs_path = self._get_configs_path()
         with open(configs_path) as jsonf:
@@ -510,12 +534,8 @@ class Provider(object):
                 for subservice in self.SERVICES_MAP[service]:
                     uri = base + str(services_dict[subservice])
                     path = self._get_service_config_path(subservice)
-                    if session:
-                        d = session.fetch_provider_configs(
-                            uri, path, method='GET')
-                    else:
-                        d = self._fetch_provider_configs_unauthenticated(
-                            uri, path, method='GET')
+                    d = session.fetch_provider_configs(
+                        uri, path, method='GET')
                     pending.append(d)
         return defer.gatherResults(pending)
 
@@ -525,11 +545,6 @@ class Provider(object):
             services_dict = Record(**json.load(jsonf)).services
         return services_dict
 
-    def _fetch_provider_configs_unauthenticated(self, uri, path):
-        self.log.info('Downloading config for %s...' % uri)
-        return httpRequest(
-            self._http._agent, uri, saveto=path)
-
 
 class Record(object):
     def __init__(self, **kw):
-- 
cgit v1.2.3