blob: b4fadb7890482252d2ec4f7499c03ec4e9f5b24f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
import os
from datetime import datetime
from time import mktime
from twisted.logger import Logger
from leap.bitmask.system import IS_LINUX
from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable
from leap.common.certs import get_cert_time_boundaries
from leap.common.config import get_path_prefix
log = Logger()
class ImproperlyConfigured(Exception):
pass
def get_failure_for(provider):
if IS_LINUX and not is_pkexec_in_system():
raise NoPkexecAvailable()
if not _has_valid_cert(provider):
raise ImproperlyConfigured('Missing VPN certificate')
def is_service_ready(provider):
if not _has_valid_cert(provider):
return False
if os.getuid() == 0:
# it's your problem if you run as root, not mine.
return True
if IS_LINUX and not is_pkexec_in_system():
log.warn('System has no pkexec')
return False
return True
def cert_expires(provider):
path = get_vpn_cert_path(provider)
try:
with open(path, 'r') as f:
cert = f.read()
except IOError:
return None
_, to = get_cert_time_boundaries(cert)
expiry_date = datetime.fromtimestamp(mktime(to))
return expiry_date
def get_vpn_cert_path(provider):
return os.path.join(get_path_prefix(),
'leap', 'providers', provider,
'keys', 'client', 'openvpn.pem')
def _has_valid_cert(provider):
cert_path = get_vpn_cert_path(provider)
has_file = os.path.isfile(cert_path)
if not has_file:
log.warn("VPN cert not present for %s" % (provider,))
return False
expiry = cert_expires(provider)
if datetime.now() > expiry:
log.warn("VPN cert expired for %s" % (provider,))
return False
return True
|