summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/services/eip/providerbootstrapper.py6
-rw-r--r--src/leap/util/certs.py39
2 files changed, 41 insertions, 4 deletions
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index df56110e..dc87a1bd 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -23,9 +23,7 @@ import requests
import logging
import socket
import os
-import errno
-from OpenSSL import crypto
from PySide import QtGui, QtCore
from leap.config.providerconfig import ProviderConfig
@@ -33,6 +31,7 @@ from leap.util.check import leap_assert, leap_assert_type
from leap.util.checkerthread import CheckerThread
from leap.util.files import check_and_fix_urw_only, get_mtime, mkdir_p
from leap.util.request_helpers import get_content
+from leap.util.certs import get_digest
logger = logging.getLogger(__name__)
@@ -324,8 +323,7 @@ class ProviderBootstrapper(QtCore.QObject):
leap_assert(len(cert_data) > 0, "Could not read certificate data")
- x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
- digest = x509.digest(method).replace(":", "").lower()
+ digest = get_digest(cert_data, method)
leap_assert(digest == fingerprint,
"Downloaded certificate has a different fingerprint!")
diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py
new file mode 100644
index 00000000..7cbd7519
--- /dev/null
+++ b/src/leap/util/certs.py
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+# certs.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Implements cert checks and helpers
+"""
+
+from OpenSSL import crypto
+
+
+def get_digest(cert_data, method):
+ """
+ Returns the digest for the cert_data using the method specified
+
+ @param cert_data: certificate data in string form
+ @type cert_data: str
+ @param method: method to be used for digest
+ @type method: str
+
+ @rtype: str
+ """
+ x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
+ digest = x509.digest(method).replace(":", "").lower()
+
+ return digest