summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/crypto
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2015-09-02 16:04:06 -0400
committerKali Kaneko <kali@leap.se>2015-09-21 16:59:36 -0400
commitce63b5a0277b3ff062d04a17af9e9a927b7d9b87 (patch)
tree35b30325c6e450d18e9a653fae4e83719df490e2 /src/leap/bitmask/crypto
parent262a9a750a573ae6003ebf19d5a1867bc19d28c0 (diff)
[feature] retrieve specific smtp certificate. Closes: #4284
Diffstat (limited to 'src/leap/bitmask/crypto')
-rw-r--r--src/leap/bitmask/crypto/certs.py38
1 files changed, 25 insertions, 13 deletions
diff --git a/src/leap/bitmask/crypto/certs.py b/src/leap/bitmask/crypto/certs.py
index 4b669376..017af144 100644
--- a/src/leap/bitmask/crypto/certs.py
+++ b/src/leap/bitmask/crypto/certs.py
@@ -30,7 +30,7 @@ from leap.common import certs as leap_certs
logger = get_logger()
-def download_client_cert(provider_config, path, session):
+def download_client_cert(provider_config, path, session, kind="vpn"):
"""
Downloads the client certificate for each service.
@@ -41,32 +41,45 @@ def download_client_cert(provider_config, path, session):
:param session: a fetcher.session instance. For the moment we only
support requests.sessions
:type session: requests.sessions.Session
+ :param kind: the kind of certificate being requested. Valid values are
+ "vpn" or "smtp".
+ :type kind: string
"""
- # TODO we should implement the @with_srp_auth decorator
- # again.
srp_auth = SRPAuth(provider_config)
session_id = srp_auth.get_session_id()
token = srp_auth.get_token()
cookies = None
if session_id is not None:
cookies = {"_session_id": session_id}
- cert_uri = "%s/%s/cert" % (
+
+ if kind == "vpn":
+ cert_uri_template = "%s/%s/cert"
+ method = 'get'
+ params = {}
+ elif kind == 'smtp':
+ cert_uri_template = "%s/%s/smtp_cert"
+ method = 'post'
+ params = {'address': srp_auth.get_username()}
+ else:
+ raise ValueError("Incorrect value passed to kind parameter")
+
+ cert_uri = cert_uri_template % (
provider_config.get_api_uri(),
provider_config.get_api_version())
- logger.debug('getting cert from uri: %s' % cert_uri)
+
+ logger.debug('getting %s cert from uri: %s' % (kind, cert_uri))
headers = {}
# API v2 will only support token auth, but in v1 we can send both
if token is not None:
- headers["Authorization"] = 'Token token="{0}"'.format(token)
+ headers["Authorization"] = 'Token token={0}'.format(token)
- res = session.get(cert_uri,
- verify=provider_config
- .get_ca_cert_path(),
- cookies=cookies,
- timeout=REQUEST_TIMEOUT,
- headers=headers)
+ call = getattr(session, method)
+ res = call(cert_uri, verify=provider_config.get_ca_cert_path(),
+ cookies=cookies, params=params,
+ timeout=REQUEST_TIMEOUT,
+ headers=headers, data=params)
res.raise_for_status()
client_cert = res.content
@@ -74,7 +87,6 @@ def download_client_cert(provider_config, path, session):
# XXX raise more specific exception.
raise Exception("The downloaded certificate is not a "
"valid PEM file")
-
mkdir_p(os.path.dirname(path))
try: