summaryrefslogtreecommitdiff
path: root/src/leap/eip
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip')
-rw-r--r--src/leap/eip/checks.py20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index e925e11c..1c29dab1 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -10,10 +10,11 @@ import gnutls.crypto
import requests
from leap import __branding as BRANDING
-from leap import certs
+from leap import certs as leapcerts
from leap.base import config as baseconfig
from leap.base import constants as baseconstants
from leap.base import providers
+from leap.crypto import certs
from leap.eip import config as eipconfig
from leap.eip import constants as eipconstants
from leap.eip import exceptions as eipexceptions
@@ -46,7 +47,7 @@ reachable and testable as a whole.
def get_ca_cert():
ca_file = BRANDING.get('provider_ca_file')
if ca_file:
- return certs.where(ca_file)
+ return leapcerts.where(ca_file)
class ProviderCertChecker(object):
@@ -97,7 +98,18 @@ class ProviderCertChecker(object):
def check_ca_cert_fingerprint(
self, hash_type="SHA256",
fingerprint=None):
- pass
+ ca_cert_path = self.ca_cert_path
+ ca_cert_fpr = certs.get_cert_fingerprint(
+ filepath=ca_cert_path)
+ return ca_cert_fpr == fingerprint
+
+ def verify_api_https(self, uri):
+ assert uri.startswith('https://')
+ cacert = self.ca_cert_path
+ verify = cacert and cacert or True
+ req = self.fetcher.get(uri, verify=verify)
+ req.raise_for_status()
+ return True
def download_ca_signature(self):
# MVS+
@@ -268,7 +280,7 @@ class ProviderCertChecker(object):
@property
def ca_cert_path(self):
- return self._get_ca_cert_path()
+ return self._get_ca_cert_path(self.domain)
def _get_root_uri(self):
return u"https://%s/" % baseconstants.DEFAULT_PROVIDER