diff options
-rw-r--r-- | src/leap/services/eip/providerbootstrapper.py | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py index 15609620..0be997b2 100644 --- a/src/leap/services/eip/providerbootstrapper.py +++ b/src/leap/services/eip/providerbootstrapper.py @@ -28,7 +28,7 @@ from PySide import QtCore from leap.common.certs import get_digest from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p -from leap.common.check import leap_assert, leap_assert_type +from leap.common.check import leap_assert, leap_assert_type, leap_check from leap.config.providerconfig import ProviderConfig from leap.util.request_helpers import get_content from leap.util.constants import REQUEST_TIMEOUT @@ -46,6 +46,13 @@ class UnsupportedProviderAPI(Exception): pass +class WrongFingerprint(Exception): + """ + Raised when a fingerprint comparison does not match. + """ + pass + + class ProviderBootstrapper(AbstractBootstrapper): """ Given a provider URL performs a series of checks and emits signals @@ -252,7 +259,9 @@ class ProviderBootstrapper(AbstractBootstrapper): return parts = self._provider_config.get_ca_cert_fingerprint().split(":") - leap_assert(len(parts) == 2, "Wrong fingerprint format") + + error_msg = "Wrong fingerprint format" + leap_check(len(parts) == 2, error_msg, WrongFingerprint) method = parts[0].strip() fingerprint = parts[1].strip() @@ -262,8 +271,9 @@ class ProviderBootstrapper(AbstractBootstrapper): leap_assert(len(cert_data) > 0, "Could not read certificate data") digest = get_digest(cert_data, method) - leap_assert(digest == fingerprint, - "Downloaded certificate has a different fingerprint!") + + error_msg = "Downloaded certificate has a different fingerprint!" + leap_check(digest == fingerprint, error_msg, WrongFingerprint) def _check_api_certificate(self, *args): """ |