From 1fbf6db1276c5bca41c4cfbcc90818d9605c1938 Mon Sep 17 00:00:00 2001
From: Tomas Touceda <chiiph@leap.se>
Date: Fri, 12 Apr 2013 14:07:15 -0300
Subject: Add --danger option to not validate the first hop of certificates
This is intended to be used while testing, not in production
---
src/leap/app.py | 3 ++-
src/leap/gui/mainwindow.py | 17 +++++++++++++----
src/leap/gui/wizard.py | 7 +++++--
src/leap/services/eip/providerbootstrapper.py | 19 +++++++++++++++----
src/leap/util/leap_argparse.py | 2 ++
5 files changed, 37 insertions(+), 11 deletions(-)
(limited to 'src')
diff --git a/src/leap/app.py b/src/leap/app.py
index c4a3156e..bb8add0d 100644
--- a/src/leap/app.py
+++ b/src/leap/app.py
@@ -57,6 +57,7 @@ def main():
_, opts = leap_argparse.init_leapc_args()
debug = opts.debug
standalone = opts.standalone
+ bypass_checks = opts.danger
# TODO: get severity from command line args
if debug:
@@ -118,7 +119,7 @@ def main():
timer.start(500)
timer.timeout.connect(lambda: None)
- window = MainWindow(standalone)
+ window = MainWindow(standalone, bypass_checks)
window.show()
sigint_window = partial(sigint_handler, window, logger=logger)
diff --git a/src/leap/gui/mainwindow.py b/src/leap/gui/mainwindow.py
index bf8491d0..c9743f95 100644
--- a/src/leap/gui/mainwindow.py
+++ b/src/leap/gui/mainwindow.py
@@ -68,13 +68,16 @@ class MainWindow(QtGui.QMainWindow):
new_updates = QtCore.Signal(object)
raise_window = QtCore.Signal([])
- def __init__(self, standalone=False):
+ def __init__(self, standalone=False, bypass_checks=False):
"""
Constructor for the client main window
@param standalone: Set to true if the app should use configs
inside its pwd
@type standalone: bool
+ @param bypass_checks: Set to true if the app should bypass
+ first round of checks for CA certificates at bootstrap
+ @type bypass_checks: bool
"""
QtGui.QMainWindow.__init__(self)
@@ -136,7 +139,7 @@ class MainWindow(QtGui.QMainWindow):
# This thread is always running, although it's quite
# lightweight when it's done setting up provider
# configuration and certificate.
- self._provider_bootstrapper = ProviderBootstrapper()
+ self._provider_bootstrapper = ProviderBootstrapper(bypass_checks)
# Intermediate stages, only do something if there was an error
self._provider_bootstrapper.name_resolution.connect(
@@ -237,9 +240,14 @@ class MainWindow(QtGui.QMainWindow):
self._wizard = None
self._wizard_firstrun = False
+
+ self._bypass_checks = bypass_checks
+
if self._first_run():
self._wizard_firstrun = True
- self._wizard = Wizard(self._checker_thread, standalone=standalone)
+ self._wizard = Wizard(self._checker_thread,
+ standalone=standalone,
+ bypass_checks=bypass_checks)
# Give this window time to finish init and then show the wizard
QtCore.QTimer.singleShot(1, self._launch_wizard)
self._wizard.accepted.connect(self._finish_init)
@@ -256,7 +264,8 @@ class MainWindow(QtGui.QMainWindow):
def _launch_wizard(self):
if self._wizard is None:
- self._wizard = Wizard(self._checker_thread)
+ self._wizard = Wizard(self._checker_thread,
+ bypass_checks=self._bypass_checks)
self._wizard.exec_()
self._wizard = None
diff --git a/src/leap/gui/wizard.py b/src/leap/gui/wizard.py
index 4da4c815..33c3ed0c 100644
--- a/src/leap/gui/wizard.py
+++ b/src/leap/gui/wizard.py
@@ -51,7 +51,7 @@ class Wizard(QtGui.QWizard):
BARE_USERNAME_REGEX = r"^[A-Za-z\d_]+$"
- def __init__(self, checker, standalone=False):
+ def __init__(self, checker, standalone=False, bypass_checks=False):
"""
Constructor for the main Wizard.
@@ -60,6 +60,9 @@ class Wizard(QtGui.QWizard):
@param standalone: If True, the application is running as standalone
and the wizard should display some messages according to this.
@type standalone: bool
+ @param bypass_checks: Set to true if the app should bypass
+ first round of checks for CA certificates at bootstrap
+ @type bypass_checks: bool
"""
QtGui.QWizard.__init__(self)
@@ -98,7 +101,7 @@ class Wizard(QtGui.QWizard):
self.ui.btnCheck.clicked.connect(self._check_provider)
self.ui.lnProvider.returnPressed.connect(self._check_provider)
- self._provider_bootstrapper = ProviderBootstrapper()
+ self._provider_bootstrapper = ProviderBootstrapper(bypass_checks)
self._provider_bootstrapper.name_resolution.connect(
self._name_resolution)
self._provider_bootstrapper.https_connection.connect(
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index 778d5149..f5559143 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -58,7 +58,14 @@ class ProviderBootstrapper(QtCore.QObject):
check_ca_fingerprint = QtCore.Signal(dict)
check_api_certificate = QtCore.Signal(dict)
- def __init__(self):
+ def __init__(self, bypass_checks=False):
+ """
+ Constructor for provider bootstrapper object
+
+ @param bypass_checks: Set to true if the app should bypass
+ first round of checks for CA certificates at bootstrap
+ @type bypass_checks: bool
+ """
QtCore.QObject.__init__(self)
# **************************************************** #
@@ -71,6 +78,7 @@ class ProviderBootstrapper(QtCore.QObject):
self._domain = None
self._provider_config = None
self._download_if_needed = False
+ self._bypass_checks = bypass_checks
def _check_name_resolution(self):
"""
@@ -124,7 +132,8 @@ class ProviderBootstrapper(QtCore.QObject):
# system to work
try:
- res = self._session.get("https://%s" % (self._domain,))
+ res = self._session.get("https://%s" % (self._domain,),
+ verify=not self._bypass_checks)
res.raise_for_status()
https_data[self.PASSED_KEY] = True
except requests.exceptions.SSLError as e:
@@ -171,7 +180,8 @@ class ProviderBootstrapper(QtCore.QObject):
res = self._session.get("https://%s/%s" % (self._domain,
"provider.json"),
- headers=headers)
+ headers=headers,
+ verify=not self._bypass_checks)
res.raise_for_status()
# Not modified
@@ -270,7 +280,8 @@ class ProviderBootstrapper(QtCore.QObject):
return download_ca_cert_data[self.PASSED_KEY]
try:
- res = self._session.get(self._provider_config.get_ca_cert_uri())
+ res = self._session.get(self._provider_config.get_ca_cert_uri(),
+ verify=not self._bypass_checks)
res.raise_for_status()
cert_path = self._provider_config.get_ca_cert_path(
diff --git a/src/leap/util/leap_argparse.py b/src/leap/util/leap_argparse.py
index 66268f6f..8300e4d8 100644
--- a/src/leap/util/leap_argparse.py
+++ b/src/leap/util/leap_argparse.py
@@ -29,6 +29,8 @@ Launches the LEAP Client""", epilog=epilog)
parser.add_argument('-d', '--debug', action="store_true",
help=("Launches client in debug mode, writing debug"
"info to stdout"))
+ parser.add_argument('--danger', action="store_true",
+ help=("Bypasses the certificate check for bootstrap"))
parser.add_argument('-l', '--logfile', metavar="LOG FILE", nargs='?',
action="store", dest="log_file",
#type=argparse.FileType('w'),
--
cgit v1.2.3