7 files changed, 97 insertions, 35 deletions

diff --git a/src/leap/base/auth.py b/src/leap/base/auth.py
index 50533278..73856bb0 100644
--- a/src/leap/base/auth.py
+++ b/src/leap/base/auth.py
@@ -10,6 +10,7 @@ from PyQt4 import QtCore
 
 from leap.base import constants as baseconstants
 from leap.crypto import leapkeyring
+from leap.util.misc import null_check
 from leap.util.web import get_https_domain_and_port
 
 logger = logging.getLogger(__name__)
@@ -26,11 +27,6 @@ one if not.
 """
 
 
-class ImproperlyConfigured(Exception):
-    """
-    """
-
-
 class SRPAuthenticationError(Exception):
     """
     exception raised
@@ -38,14 +34,6 @@ class SRPAuthenticationError(Exception):
     """
 
 
-def null_check(value, value_name):
-    try:
-        assert value is not None
-    except AssertionError:
-        raise ImproperlyConfigured(
-            "%s parameter cannot be None" % value_name)
-
-
 safe_unhexlify = lambda x: binascii.unhexlify(x) \
     if (len(x) % 2 == 0) else binascii.unhexlify('0' + x)
 
@@ -64,7 +52,7 @@ class LeapSRPRegister(object):
                  hashfun=srp.SHA256,
                  ng_constant=srp.NG_1024):
 
-        null_check(provider, provider)
+        null_check(provider, "provider")
 
         self.schema = schema
 
diff --git a/src/leap/base/network.py b/src/leap/base/network.py
index 3aba3f61..765d8ea0 100644
--- a/src/leap/base/network.py
+++ b/src/leap/base/network.py
@@ -3,10 +3,11 @@ from __future__ import (print_function)
 import logging
 import threading
 
-from leap.eip.config import get_eip_gateway
+from leap.eip import config as eipconfig
 from leap.base.checks import LeapNetworkChecker
 from leap.base.constants import ROUTE_CHECK_INTERVAL
 from leap.base.exceptions import TunnelNotDefaultRouteError
+from leap.util.misc import null_check
 from leap.util.coroutines import (launch_thread, process_events)
 
 from time import sleep
@@ -27,11 +28,20 @@ class NetworkCheckerThread(object):
             lambda exc: logger.error("%s", exc.message))
         self.shutdown = threading.Event()
 
-        # XXX get provider_gateway and pass it to checker
-        # see in eip.config for function
-        # #718
+        # XXX get provider passed here
+        provider = kwargs.pop('provider', None)
+        null_check(provider, 'provider')
+
+        eipconf = eipconfig.EIPConfig(domain=provider)
+        eipconf.load()
+        eipserviceconf = eipconfig.EIPServiceConfig(domain=provider)
+        eipserviceconf.load()
+
+        gw = eipconfig.get_eip_gateway(
+            eipconfig=eipconf,
+            eipserviceconfig=eipserviceconf)
         self.checker = LeapNetworkChecker(
-            provider_gw=get_eip_gateway())
+            provider_gw=gw)
 
     def start(self):
         self.process_handle = self._launch_recurrent_network_checks(
diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py
index 8d61bf5c..65c30bff 100644
--- a/src/leap/baseapp/mainwindow.py
+++ b/src/leap/baseapp/mainwindow.py
@@ -61,10 +61,15 @@ class LeapWindow(QtGui.QMainWindow,
         logger.debug('provider: %s', self.provider_domain)
         logger.debug('eip_username: %s', self.eip_username)
 
+        provider = self.provider_domain
         EIPConductorAppMixin.__init__(
-            self, opts=opts, provider=self.provider_domain)
+            self, opts=opts, provider=provider)
         StatusAwareTrayIconMixin.__init__(self)
-        NetworkCheckerAppMixin.__init__(self)
+
+        # XXX network checker should probably not
+        # trigger run_checks on init... but wait
+        # for ready signal instead...
+        NetworkCheckerAppMixin.__init__(self, provider=provider)
         MainWindowMixin.__init__(self)
 
         geom_key = "DebugGeometry" if self.debugmode else "Geometry"
diff --git a/src/leap/baseapp/network.py b/src/leap/baseapp/network.py
index 077d5164..3e57490d 100644
--- a/src/leap/baseapp/network.py
+++ b/src/leap/baseapp/network.py
@@ -17,11 +17,14 @@ class NetworkCheckerAppMixin(object):
     """
 
     def __init__(self, *args, **kwargs):
+        provider = kwargs.pop('provider', None)
         self.network_checker = NetworkCheckerThread(
             error_cb=self.networkError.emit,
-            debug=self.debugmode)
+            debug=self.debugmode,
+            provider=provider)
 
-        # XXX move run_checks to slot
+        # XXX move run_checks to slot -- this definitely
+        # cannot start on init!!!
         self.network_checker.run_checks()
 
     @QtCore.pyqtSlot(object)
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 116c535e..a876eea1 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -427,6 +427,7 @@ class EIPConfigChecker(object):
         return True
 
     def fetch_definition(self, skip_download=False,
+                         force_download=False,
                          config=None, uri=None,
                          domain=None):
         """
@@ -459,6 +460,7 @@ class EIPConfigChecker(object):
         self.defaultprovider.save()
 
     def fetch_eip_service_config(self, skip_download=False,
+                                 force_download=False,
                                  config=None, uri=None, domain=None):
         if skip_download:
             return True
@@ -469,7 +471,10 @@ class EIPConfigChecker(object):
                 domain = self.domain or config.get('provider', None)
             uri = self._get_eip_service_uri(domain=domain)
 
-        self.eipserviceconfig.load(from_uri=uri, fetcher=self.fetcher)
+        self.eipserviceconfig.load(
+            from_uri=uri,
+            fetcher=self.fetcher,
+            force_download=force_download)
         self.eipserviceconfig.save()
 
     def check_complete_eip_config(self, config=None):
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 8e687bda..1fe0530a 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -5,6 +5,7 @@ import tempfile
 
 from leap import __branding as BRANDING
 from leap import certs
+from leap.util.misc import null_check
 from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only)
 
 from leap.base import config as baseconfig
@@ -57,30 +58,30 @@ def get_socket_path():
     return socket_path
 
 
-def get_eip_gateway(provider=None):
+def get_eip_gateway(eipconfig=None, eipserviceconfig=None):
     """
     return the first host in eip service config
     that matches the name defined in the eip.json config
     file.
     """
-    placeholder = "testprovider.example.org"
-    # XXX check for null on provider??
+    null_check(eipconfig, "eipconfig")
+    null_check(eipserviceconfig, "eipserviceconfig")
+
+    PLACEHOLDER = "testprovider.example.org"
 
-    eipconfig = EIPConfig(domain=provider)
-    eipconfig.load()
     conf = eipconfig.config
+    eipsconf = eipserviceconfig.config
 
     primary_gateway = conf.get('primary_gateway', None)
     if not primary_gateway:
-        return placeholder
+        return PLACEHOLDER
 
-    eipserviceconfig = EIPServiceConfig(domain=provider)
-    eipserviceconfig.load()
-    eipsconf = eipserviceconfig.get_config()
     gateways = eipsconf.get('gateways', None)
+
     if not gateways:
         logger.error('missing gateways in eip service config')
-        return placeholder
+        return PLACEHOLDER
+
     if len(gateways) > 0:
         for gw in gateways:
             name = gw.get('name', None)
@@ -100,6 +101,26 @@ def get_eip_gateway(provider=None):
                  'gateway list')
 
 
+def get_cipher_options(eipserviceconfig=None):
+    """
+    gathers optional cipher options from eip-service config.
+    :param eipserviceconfig: EIPServiceConfig instance
+    """
+    null_check(eipserviceconfig, 'eipserviceconfig')
+    eipsconf = eipserviceconfig.get_config()
+
+    ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
+    opts = []
+    if 'openvpn_configuration' in eipsconf:
+        config = eipserviceconfig.openvpn_configuration
+        for key, value in config.items():
+            if key in ALLOWED_KEYS and value is not None:
+                # I humbly think we should sanitize this
+                # input against `valid` openvpn settings. -- kali.
+                opts.append(['--%s' % key, value])
+    return opts
+
+
 def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     """
     build a list of options
@@ -116,6 +137,10 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     # things from there if present.
 
     provider = kwargs.pop('provider', None)
+    eipconfig = EIPConfig(domain=provider)
+    eipconfig.load()
+    eipserviceconfig = EIPServiceConfig(domain=provider)
+    eipserviceconfig.load()
 
     # get user/group name
     # also from config.
@@ -139,9 +164,19 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
 
     # remote
     opts.append('--remote')
-    gw = get_eip_gateway(provider=provider)
+
+    gw = get_eip_gateway(eipconfig=eipconfig,
+                         eipserviceconfig=eipserviceconfig)
     logger.debug('setting eip gateway to %s', gw)
     opts.append(str(gw))
+
+    # get ciphers
+    ciphers = get_cipher_options(
+        eipserviceconfig=eipserviceconfig)
+    for cipheropt in ciphers:
+        opts.append(str(cipheropt))
+
+    # get port/protocol from eipservice too
     opts.append('1194')
     #opts.append('80')
     opts.append('udp')
diff --git a/src/leap/util/misc.py b/src/leap/util/misc.py
new file mode 100644
index 00000000..3c26892b
--- /dev/null
+++ b/src/leap/util/misc.py
@@ -0,0 +1,16 @@
+"""
+misc utils
+"""
+
+
+class ImproperlyConfigured(Exception):
+    """
+    """
+
+
+def null_check(value, value_name):
+    try:
+        assert value is not None
+    except AssertionError:
+        raise ImproperlyConfigured(
+            "%s parameter cannot be None" % value_name)