summaryrefslogtreecommitdiff
path: root/src/leap/eip/checks.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip/checks.py')
-rw-r--r--src/leap/eip/checks.py48
1 files changed, 22 insertions, 26 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index b335b857..9bd96a1c 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -11,7 +11,7 @@ import requests
from leap import __branding as BRANDING
from leap import certs as leapcerts
-from leap.base.auth import srpauth_protected
+from leap.base.auth import srpauth_protected, magick_srpauth
from leap.base import config as baseconfig
from leap.base import constants as baseconstants
from leap.base import providers
@@ -45,7 +45,8 @@ reachable and testable as a whole.
"""
-def get_ca_cert():
+def get_branding_ca_cert(domain):
+ # XXX deprecated
ca_file = BRANDING.get('provider_ca_file')
if ca_file:
return leapcerts.where(ca_file)
@@ -62,7 +63,7 @@ class ProviderCertChecker(object):
self.fetcher = fetcher
self.domain = domain
- self.cacert = get_ca_cert()
+ self.cacert = eipspecs.provider_ca_path(domain)
def run_all(
self, checker=None,
@@ -84,7 +85,7 @@ class ProviderCertChecker(object):
checker.is_there_provider_ca()
# XXX FAKE IT!!!
- checker.is_https_working(verify=do_verify)
+ checker.is_https_working(verify=do_verify, autocacert=True)
checker.check_new_cert_needed(verify=do_verify)
def download_ca_cert(self, uri=None, verify=True):
@@ -136,17 +137,14 @@ class ProviderCertChecker(object):
raise NotImplementedError
def is_there_provider_ca(self):
- # XXX modify for generic build
- from leap import certs
- logger.debug('do we have provider_ca?')
- cacert_path = BRANDING.get('provider_ca_file', None)
- if not cacert_path:
- # XXX look from the domain
- logger.debug('False')
+ if not self.cacert:
return False
- self.cacert = certs.where(cacert_path)
- logger.debug('True')
- return True
+ cacert_exists = os.path.isfile(self.cacert)
+ if cacert_exists:
+ logger.debug('True')
+ return True
+ logger.debug('False!')
+ return False
def is_https_working(
self, uri=None, verify=True,
@@ -162,6 +160,7 @@ class ProviderCertChecker(object):
if autocacert and verify is True and self.cacert is not None:
logger.debug('verify cert: %s', self.cacert)
verify = self.cacert
+ #import pdb4qt; pdb4qt.set_trace()
logger.debug('is https working?')
logger.debug('uri: %s (verify:%s)', uri, verify)
try:
@@ -169,18 +168,16 @@ class ProviderCertChecker(object):
except requests.exceptions.SSLError as exc:
logger.error("SSLError")
- raise eipexceptions.HttpsBadCertError
+ # XXX RAISE! See #638
+ #raise eipexceptions.HttpsBadCertError
+ logger.warning('BUG #638 CERT VERIFICATION FAILED! '
+ '(this should be CRITICAL)')
+ logger.warning('SSLError: %s', exc.message)
except requests.exceptions.ConnectionError:
logger.error('ConnectionError')
raise eipexceptions.HttpsNotSupported
- except requests.exceptions.SSLError as exc:
- logger.warning('BUG #638 CERT VERIFICATION FAILED! '
- '(this should be CRITICAL)')
- logger.warning('SSLError: %s', exc.message)
- # XXX RAISE! See #638
- #raise eipexceptions.EIPBadCertError
else:
logger.debug('True')
return True
@@ -215,13 +212,12 @@ class ProviderCertChecker(object):
if credentials:
user, passwd = credentials
- @srpauth_protected(user, passwd)
+ @srpauth_protected(user, passwd, verify)
def getfn(*args, **kwargs):
return fgetfn(*args, **kwargs)
else:
- # XXX use magic_srpauth decorator instead,
- # merge with the branch above
+ @magick_srpauth(verify)
def getfn(*args, **kwargs):
return fgetfn(*args, **kwargs)
try:
@@ -498,7 +494,7 @@ class EIPConfigChecker(object):
def _get_provider_definition_uri(self, domain=None, path=None):
if domain is None:
- domain = baseconstants.DEFAULT_PROVIDER
+ domain = self.domain or baseconstants.DEFAULT_PROVIDER
if path is None:
path = baseconstants.DEFINITION_EXPECTED_PATH
uri = u"https://%s/%s" % (domain, path)
@@ -507,7 +503,7 @@ class EIPConfigChecker(object):
def _get_eip_service_uri(self, domain=None, path=None):
if domain is None:
- domain = baseconstants.DEFAULT_PROVIDER
+ domain = self.domain or baseconstants.DEFAULT_PROVIDER
if path is None:
path = eipconstants.EIP_SERVICE_EXPECTED_PATH
uri = "https://%s/%s" % (domain, path)