From 2da60cd0f78378fdcb8f6364a798720281b34b4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Tue, 12 Mar 2013 09:56:05 -0300
Subject: Check and try to fix certificate permissions
---
src/leap/services/eip/eipbootstrapper.py | 12 ++++++++++--
src/leap/services/eip/providerbootstrapper.py | 14 ++++++++++++--
2 files changed, 22 insertions(+), 4 deletions(-)
(limited to 'src/leap/services')
diff --git a/src/leap/services/eip/eipbootstrapper.py b/src/leap/services/eip/eipbootstrapper.py
index bd6ab715..79ff28d6 100644
--- a/src/leap/services/eip/eipbootstrapper.py
+++ b/src/leap/services/eip/eipbootstrapper.py
@@ -30,6 +30,7 @@ from leap.config.providerconfig import ProviderConfig
from leap.services.eip.eipconfig import EIPConfig
from leap.util.check import leap_assert, leap_assert_type
from leap.util.checkerthread import CheckerThread
+from leap.util.files import check_and_fix_urw_only
logger = logging.getLogger(__name__)
@@ -147,9 +148,14 @@ class EIPBootstrapper(QtCore.QObject):
if self._download_if_needed and \
os.path.exists(client_cert_path):
- download_cert[self.PASSED_KEY] = True
+ try:
+ check_and_fix_urw_only(client_cert_path)
+ download_cert[self.PASSED_KEY] = True
+ except Exception as e:
+ download_cert[self.PASSED_KEY] = False
+ download_cert[self.ERROR_KEY] = "%s" % (e,)
self.download_client_certificate.emit(download_cert)
- return True
+ return download_cert[self.PASSED_KEY]
try:
res = self._session.get("%s/%s/%s/" %
@@ -176,6 +182,8 @@ class EIPBootstrapper(QtCore.QObject):
with open(client_cert_path, "w") as f:
f.write(client_cert)
+ check_and_fix_urw_only(client_cert_path)
+
download_cert[self.PASSED_KEY] = True
except Exception as e:
download_cert[self.ERROR_KEY] = "%s" % (e,)
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index ecdc4e07..0e9f8563 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -31,6 +31,7 @@ from PySide import QtGui, QtCore
from leap.config.providerconfig import ProviderConfig
from leap.util.check import leap_assert, leap_assert_type
from leap.util.checkerthread import CheckerThread
+from leap.util.files import check_and_fix_urw_only
logger = logging.getLogger(__name__)
@@ -258,9 +259,16 @@ class ProviderBootstrapper(QtCore.QObject):
}
if not self._should_proceed_cert():
- download_ca_cert_data[self.PASSED_KEY] = True
+ try:
+ check_and_fix_urw_only(
+ self._provider_config
+ .get_ca_cert_path(about_to_download=True))
+ download_ca_cert_data[self.PASSED_KEY] = True
+ except Exception as e:
+ download_ca_cert_data[self.PASSED_KEY] = False
+ download_ca_cert_data[self.ERROR_KEY] = "%s" % (e,)
self.download_ca_cert.emit(download_ca_cert_data)
- return True
+ return download_ca_cert_data[self.PASSED_KEY]
try:
res = self._session.get(self._provider_config.get_ca_cert_uri())
@@ -282,6 +290,8 @@ class ProviderBootstrapper(QtCore.QObject):
with open(cert_path, "w") as f:
f.write(res.content)
+ check_and_fix_urw_only(cert_path)
+
download_ca_cert_data[self.PASSED_KEY] = True
except Exception as e:
download_ca_cert_data[self.ERROR_KEY] = "%s" % (e,)
--
cgit v1.2.3