5 files changed, 35 insertions, 11 deletions

diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py
index ef156671..9056d2a6 100644
--- a/src/leap/bitmask/app.py
+++ b/src/leap/bitmask/app.py
@@ -45,7 +45,6 @@ import sys
 
 
 from leap.bitmask.backend.backend_proxy import BackendProxy
-from leap.bitmask.backend.utils import generate_certificates
 
 from leap.bitmask import __version__ as VERSION
 from leap.bitmask.config import flags
@@ -179,14 +178,9 @@ def start_app():
 
     logger.info('Starting app')
 
-    backend = BackendProxy()
-    backend_running = backend.check_online()
-
+    backend_running = BackendProxy().check_online()
     logger.debug("Backend online: {0}".format(backend_running))
 
-    if not backend_running:
-        generate_certificates()
-
     flags_dict = flags_to_dict()
 
     backend_pid = None
diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py
index 9de3501e..3e79289f 100644
--- a/src/leap/bitmask/backend/backend_proxy.py
+++ b/src/leap/bitmask/backend/backend_proxy.py
@@ -28,6 +28,7 @@ import time
 import zmq
 
 from leap.bitmask.backend.api import API, STOP_REQUEST, PING_REQUEST
+from leap.bitmask.backend.utils import generate_zmq_certificates_if_needed
 from leap.bitmask.backend.utils import get_backend_certificates
 
 import logging
@@ -49,6 +50,8 @@ class BackendProxy(object):
     PING_INTERVAL = 2  # secs
 
     def __init__(self):
+        generate_zmq_certificates_if_needed()
+
         self._socket = None
 
         # initialize ZMQ stuff:
diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py
index 65bf6753..18e70743 100644
--- a/src/leap/bitmask/backend/utils.py
+++ b/src/leap/bitmask/backend/utils.py
@@ -17,6 +17,7 @@
 """
 Backend utilities to handle ZMQ certificates.
 """
+import logging
 import os
 import shutil
 import stat
@@ -26,10 +27,12 @@ import zmq.auth
 from leap.bitmask.util import get_path_prefix
 from leap.common.files import mkdir_p
 
+logger = logging.getLogger(__name__)
+
 KEYS_DIR = os.path.join(get_path_prefix(), 'leap', 'zmq_certificates')
 
 
-def generate_certificates():
+def generate_zmq_certificates():
     """
     Generate client and server CURVE certificate files.
     """
@@ -62,3 +65,24 @@ def get_backend_certificates(base_dir='.'):
     backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret")
     public, secret = zmq.auth.load_certificate(backend_secret_file)
     return public, secret
+
+
+def _certificates_exist():
+    """
+    Return whether there are certificates in place or not.
+
+    :rtype: bool
+    """
+    frontend_secret_file = os.path.join(KEYS_DIR, "frontend.key_secret")
+    backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret")
+    return os.path.isfile(frontend_secret_file) and \
+        os.path.isfile(backend_secret_file)
+
+
+def generate_zmq_certificates_if_needed():
+    """
+    Generate the needed ZMQ certificates for backend/frontend communication if
+    needed.
+    """
+    if not _certificates_exist():
+        generate_zmq_certificates()
diff --git a/src/leap/bitmask/backend_app.py b/src/leap/bitmask/backend_app.py
index ce75dc80..286b04f7 100644
--- a/src/leap/bitmask/backend_app.py
+++ b/src/leap/bitmask/backend_app.py
@@ -22,7 +22,7 @@ import multiprocessing
 import signal
 
 from leap.bitmask.backend.leapbackend import LeapBackend
-from leap.bitmask.backend.utils import generate_certificates
+from leap.bitmask.backend.utils import generate_zmq_certificates
 from leap.bitmask.logs.utils import create_logger
 from leap.bitmask.util import dict_to_flags
 
@@ -55,6 +55,10 @@ def run_backend(bypass_checks=False, flags_dict=None, frontend_pid=None):
     :param flags_dict: a dict containing the flag values set on app start.
     :type flags_dict: dict
     """
+    # The backend is the one who always creates the certificates. Either if it
+    # is run separately or in a process in the same app as the frontend.
+    generate_zmq_certificates()
+
     # ignore SIGINT since app.py takes care of signaling SIGTERM to us.
     signal.signal(signal.SIGINT, signal.SIG_IGN)
     signal.signal(signal.SIGTERM, signal_handler)
@@ -69,5 +73,4 @@ def run_backend(bypass_checks=False, flags_dict=None, frontend_pid=None):
 
 if __name__ == '__main__':
     logger = create_logger(debug=True)
-    generate_certificates()
     run_backend()
diff --git a/src/leap/bitmask/gui/mainwindow.py b/src/leap/bitmask/gui/mainwindow.py
index c41c5fc2..7d55a5d5 100644
--- a/src/leap/bitmask/gui/mainwindow.py
+++ b/src/leap/bitmask/gui/mainwindow.py
@@ -288,7 +288,7 @@ class MainWindow(QtGui.QMainWindow, SignalTracker):
 
         if self._first_run():
             self._wizard_firstrun = True
-            self._disconnect_and_untrack()
+            self.disconnect_and_untrack()
             self._wizard = Wizard(backend=self._backend,
                                   leap_signaler=self._leap_signaler)
             # Give this window time to finish init and then show the wizard