From d0e4444555df79978aed5cd6c9548e2fd1c63936 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Mon, 18 Sep 2017 17:33:53 +0200
Subject: [bug] flag vpn_ready == false if cert expired

We were not renewing the vpn cert. Now the UI will trigger a cert
renewal by telling it that is the vpn is not ready if the cert is
expired.

- Resolves: #9059
---
 src/leap/bitmask/vpn/service.py | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

(limited to 'src/leap/bitmask/vpn/service.py')

diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py
index c9e1890d..1ecfa797 100644
--- a/src/leap/bitmask/vpn/service.py
+++ b/src/leap/bitmask/vpn/service.py
@@ -22,7 +22,6 @@ VPN service declaration.
 import json
 import os
 
-from time import strftime
 from twisted.internet import defer
 from twisted.logger import Logger
 
@@ -31,11 +30,14 @@ from leap.bitmask.util import merge_status
 from leap.bitmask.vpn.gateways import GatewaySelector
 from leap.bitmask.vpn.fw.firewall import FirewallManager
 from leap.bitmask.vpn.tunnel import ConfiguredTunnel
-from leap.bitmask.vpn._checks import is_service_ready, get_vpn_cert_path
+from leap.bitmask.vpn._checks import (
+    is_service_ready,
+    get_vpn_cert_path,
+    cert_expires
+)
 from leap.bitmask.vpn import privilege, helpers
 from leap.common.config import get_path_prefix
 from leap.common.files import check_and_fix_urw_only
-from leap.common.certs import get_cert_time_boundaries
 
 
 class ImproperlyConfigured(Exception):
@@ -166,7 +168,8 @@ class VPNService(HookableService):
         ret = {'installed': helpers.check()}
         if domain:
             ret['vpn_ready'] = is_service_ready(domain)
-            ret['cert_expires'] = self._cert_expires(domain)
+            expiry = cert_expires(domain).strftime('%Y-%m-%dT%H:%M:%SZ')
+            ret['cert_expires'] = expiry
         return ret
 
     @defer.inlineCallbacks
@@ -270,15 +273,6 @@ class VPNService(HookableService):
             provider, remotes, cert_path, key_path, ca_path, extra_flags)
         self._firewall = FirewallManager(remotes)
 
-    def _cert_expires(self, provider):
-        path = os.path.join(
-            self._basepath, "leap", "providers", provider,
-            "keys", "client", "openvpn.pem")
-        with open(path, 'r') as f:
-            cert = f.read()
-        _, to = get_cert_time_boundaries(cert)
-        return strftime('%Y-%m-%dT%H:%M:%SZ', to)
-
     def _write_last(self, domain):
         path = os.path.join(self._basepath, self._last_vpn_path)
         with open(path, 'w') as f:
-- 
cgit v1.2.3