summaryrefslogtreecommitdiff
path: root/src/leap/gui/firstrun/providersetup.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/gui/firstrun/providersetup.py')
-rw-r--r--src/leap/gui/firstrun/providersetup.py171
1 files changed, 171 insertions, 0 deletions
diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py
new file mode 100644
index 00000000..3fb9a19b
--- /dev/null
+++ b/src/leap/gui/firstrun/providersetup.py
@@ -0,0 +1,171 @@
+"""
+Provider Setup Validation Page,
+used if First Run Wizard
+"""
+import logging
+
+from PyQt4 import QtGui
+
+from leap.base import auth
+from leap.gui.progress import ValidationPage
+
+from leap.gui.constants import APP_LOGO, pause_for_user
+
+logger = logging.getLogger(__name__)
+
+
+class ProviderSetupValidationPage(ValidationPage):
+ def __init__(self, parent=None):
+ super(ProviderSetupValidationPage, self).__init__(parent)
+ is_signup = self.field("is_signup")
+ self.is_signup = is_signup
+
+ self.setTitle("Setting up provider")
+ #self.setSubTitle(
+ #"auto configuring provider...")
+
+ self.setPixmap(
+ QtGui.QWizard.LogoPixmap,
+ QtGui.QPixmap(APP_LOGO))
+
+ def _do_checks(self, update_signal=None):
+ """
+ executes actual checks in a separate thread
+ """
+ full_domain = self.field('provider_domain')
+ wizard = self.wizard()
+ pconfig = wizard.providerconfig
+
+ #pCertChecker = wizard.providercertchecker
+ #certchecker = pCertChecker(domain=full_domain)
+ pCertChecker = wizard.providercertchecker(
+ domain=full_domain)
+
+ update_signal.emit('head_sentinel', 0)
+
+ ######################################
+ if not self.is_signup:
+ # We come from login page.
+ # We try a call to an authenticated
+ # page here as a mean to catch
+ # srp authentication errors while
+ # we are still at one page's reach
+ # of the login credentials input page.
+ # (so we're able to go back an correct)
+
+ step = "fetch_eipcert"
+ update_signal.emit('validating credentials', 20)
+
+ unamek = 'login_userName'
+ passwk = 'login_userPassword'
+
+ username = self.field(unamek)
+ password = self.field(passwk)
+ credentials = username, password
+
+ #################
+ # FIXME #BUG #638
+ verify = False
+
+ try:
+ pCertChecker.download_new_client_cert(
+ credentials=credentials,
+ verify=verify)
+
+ except auth.SRPAuthenticationError as exc:
+ self.set_error(
+ step,
+ "Authentication error: %s" % exc.message)
+ return False
+
+ pause_for_user()
+
+ #######################################
+
+ update_signal.emit('Fetching CA certificate', 30)
+ pause_for_user()
+
+ if pconfig:
+ ca_cert_uri = pconfig.get('ca_cert_uri').geturl()
+ else:
+ ca_cert_uri = None
+
+ # XXX check scheme == "https"
+ # XXX passing verify == False because
+ # we have trusted right before.
+ # We should check it's the same domain!!!
+ # (Check with the trusted fingerprints dict
+ # or something smart)
+
+ pCertChecker.download_ca_cert(
+ uri=ca_cert_uri,
+ verify=False)
+ pause_for_user()
+
+ update_signal.emit('Checking CA fingerprint', 66)
+ #ca_cert_fingerprint = pconfig.get('ca_cert_fingerprint', None)
+
+ # XXX get fingerprint dict (types)
+ #sha256_fpr = ca_cert_fingerprint.split('=')[1]
+
+ #validate_fpr = pCertChecker.check_ca_cert_fingerprint(
+ #fingerprint=sha256_fpr)
+ #if not validate_fpr:
+ # XXX update validationMsg
+ # should catch exception
+ #return False
+
+ update_signal.emit('Validating api certificate', 90)
+
+ #api_uri = pconfig.get('api_uri', None)
+ #try:
+ #api_cert_verified = pCertChecker.verify_api_https(api_uri)
+ #except requests.exceptions.SSLError as exc:
+ #logger.error('BUG #638. %s' % exc.message)
+ # XXX RAISE! See #638
+ # bypassing until the hostname is fixed.
+ # We probably should raise yet-another-warning
+ # here saying user that the hostname "XX.XX.XX.XX' does not
+ # match 'foo.bar.baz'
+ #api_cert_verified = True
+
+ #if not api_cert_verified:
+ # XXX update validationMsg
+ # should catch exception
+ #return False
+ pause_for_user()
+ #ca_cert_path = checker.ca_cert_path
+
+ update_signal.emit('end_sentinel', 100)
+ pause_for_user()
+
+ def _do_validation(self):
+ """
+ called after _do_checks has finished
+ (connected to checker thread finished signal)
+ """
+ prevpage = "providerselection" if self.is_signup else "login"
+ wizard = self.wizard()
+
+ if self.errors:
+ logger.debug('going back with errors')
+ name, first_error = self.pop_first_error()
+ wizard.set_validation_error(
+ prevpage,
+ first_error)
+ self.go_back()
+ else:
+ logger.debug('going next')
+ self.go_next()
+
+ def nextId(self):
+ wizard = self.wizard()
+ if not wizard:
+ return
+ is_signup = self.field('is_signup')
+ if is_signup is True:
+ next_ = 'signup'
+ if is_signup is False:
+ # XXX bad name. change to connect again.
+ next_ = 'signupvalidation'
+ return wizard.get_page_index(next_)