summaryrefslogtreecommitdiff
path: root/src/leap/eip/checks.py
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-10-19 09:05:14 +0900
committerkali <kali@leap.se>2012-10-19 09:05:14 +0900
commit634030e5bba3fe7c2ea3632fff252a60b471487a (patch)
treeaea7b41368d54bf306ff99635e1de59bccd6893f /src/leap/eip/checks.py
parent2a01c969e0f8dff575007043996c3b0489e20e75 (diff)
ca cert fingerprint check + api cert verification
Diffstat (limited to 'src/leap/eip/checks.py')
-rw-r--r--src/leap/eip/checks.py20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index e925e11c..1c29dab1 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -10,10 +10,11 @@ import gnutls.crypto
import requests
from leap import __branding as BRANDING
-from leap import certs
+from leap import certs as leapcerts
from leap.base import config as baseconfig
from leap.base import constants as baseconstants
from leap.base import providers
+from leap.crypto import certs
from leap.eip import config as eipconfig
from leap.eip import constants as eipconstants
from leap.eip import exceptions as eipexceptions
@@ -46,7 +47,7 @@ reachable and testable as a whole.
def get_ca_cert():
ca_file = BRANDING.get('provider_ca_file')
if ca_file:
- return certs.where(ca_file)
+ return leapcerts.where(ca_file)
class ProviderCertChecker(object):
@@ -97,7 +98,18 @@ class ProviderCertChecker(object):
def check_ca_cert_fingerprint(
self, hash_type="SHA256",
fingerprint=None):
- pass
+ ca_cert_path = self.ca_cert_path
+ ca_cert_fpr = certs.get_cert_fingerprint(
+ filepath=ca_cert_path)
+ return ca_cert_fpr == fingerprint
+
+ def verify_api_https(self, uri):
+ assert uri.startswith('https://')
+ cacert = self.ca_cert_path
+ verify = cacert and cacert or True
+ req = self.fetcher.get(uri, verify=verify)
+ req.raise_for_status()
+ return True
def download_ca_signature(self):
# MVS+
@@ -268,7 +280,7 @@ class ProviderCertChecker(object):
@property
def ca_cert_path(self):
- return self._get_ca_cert_path()
+ return self._get_ca_cert_path(self.domain)
def _get_root_uri(self):
return u"https://%s/" % baseconstants.DEFAULT_PROVIDER