From 0a0bdc9abbca1d07c1af781567e3a51c529c0447 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Tue, 27 Sep 2016 15:48:29 -0500 Subject: [feat] Fetch smtp cert automatically if missing It's missing dealing with expired certs. I remove get_smtp_certificate core command. - Closes: #8486 --- src/leap/bitmask/core/dispatcher.py | 25 ------------------------- src/leap/bitmask/core/mail_services.py | 25 +++++++++++++++++++++---- src/leap/bitmask/core/service.py | 1 + 3 files changed, 22 insertions(+), 29 deletions(-) (limited to 'src/leap/bitmask/core') diff --git a/src/leap/bitmask/core/dispatcher.py b/src/leap/bitmask/core/dispatcher.py index 2950896a..4c885ce7 100644 --- a/src/leap/bitmask/core/dispatcher.py +++ b/src/leap/bitmask/core/dispatcher.py @@ -182,31 +182,6 @@ class MailCmd(SubCommand): d = mail.get_token() return d - @register_method('dict') - def do_GET_SMTP_CERTIFICATE(self, mail, *parts, **kw): - # TODO move to mail service - # TODO should ask for confirmation? like --force or something, - # if we already have a valid one. or better just refuse if cert - # exists. - # TODO how should we pass the userid?? - # - Keep an 'active' user in bonafide (last authenticated) - # (doing it now) - # - Get active user from Mail Service (maybe preferred?) - # - Have a command/method to set 'active' user. - - @defer.inlineCallbacks - def save_cert(cert_data): - userid, cert_str = cert_data - cert_path = yield mail.do_get_smtp_cert_path(userid) - with open(cert_path, 'w') as outf: - outf.write(cert_str) - defer.returnValue('certificate saved to %s' % cert_path) - - bonafide = kw['bonafide'] - d = bonafide.do_get_smtp_cert() - d.addCallback(save_cert) - return d - class WebUICmd(SubCommand): diff --git a/src/leap/bitmask/core/mail_services.py b/src/leap/bitmask/core/mail_services.py index a3cf692e..91d8fcaa 100644 --- a/src/leap/bitmask/core/mail_services.py +++ b/src/leap/bitmask/core/mail_services.py @@ -35,6 +35,7 @@ from twisted.python import log # TODO move to bitmask.common from leap.common.service_hooks import HookableService +from leap.common.files import check_and_fix_urw_only from leap.bitmask.bonafide import config from leap.bitmask.keymanager import KeyManager from leap.bitmask.keymanager.errors import KeyNotFound @@ -488,6 +489,26 @@ class StandardMailService(service.MultiService, HookableService): # TODO --- only start instance if "autostart" is True. self.startInstance(userid, soledad, keymanager) + @defer.inlineCallbacks + def hook_on_bonafide_auth(self, **kw): + # TODO: if it's expired we should renew it + userid = kw['username'] + username, provider = userid.split('@') + cert_path = _get_smtp_client_cert_path(self._basedir, provider, + username) + if os.path.exists(cert_path): + return + + bonafide = self.parent.getServiceNamed("bonafide") + _, cert_str = yield bonafide.do_get_smtp_cert(userid) + + cert_dir = os.path.dirname(cert_path) + if not os.path.exists(cert_dir): + os.makedirs(cert_dir, mode=0700) + with open(cert_path, 'w') as outf: + outf.write(cert_str) + check_and_fix_urw_only(cert_path) + # commands def do_status(self): @@ -501,10 +522,6 @@ class StandardMailService(service.MultiService, HookableService): token = self._service_tokens.get(active_user) return defer.succeed({'user': active_user, 'token': token}) - def do_get_smtp_cert_path(self, userid): - username, provider = userid.split('@') - return _get_smtp_client_cert_path(self._basedir, provider, username) - # access to containers def get_soledad_session(self, userid): diff --git a/src/leap/bitmask/core/service.py b/src/leap/bitmask/core/service.py index bfcf0f2d..27853c09 100644 --- a/src/leap/bitmask/core/service.py +++ b/src/leap/bitmask/core/service.py @@ -90,6 +90,7 @@ class BitmaskBackend(configurable.ConfigurableService): bf.register_hook('on_passphrase_entry', listener='soledad') bf.register_hook('on_bonafide_auth', listener='soledad') bf.register_hook('on_bonafide_auth', listener='keymanager') + bf.register_hook('on_bonafide_auth', listener='mail') def init_soledad(self): service = mail_services.SoledadService -- cgit v1.2.3