diff options
Diffstat (limited to 'src/leap/gui/firstrun/providersetup.py')
-rw-r--r-- | src/leap/gui/firstrun/providersetup.py | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py new file mode 100644 index 00000000..3fb9a19b --- /dev/null +++ b/src/leap/gui/firstrun/providersetup.py @@ -0,0 +1,171 @@ +""" +Provider Setup Validation Page, +used if First Run Wizard +""" +import logging + +from PyQt4 import QtGui + +from leap.base import auth +from leap.gui.progress import ValidationPage + +from leap.gui.constants import APP_LOGO, pause_for_user + +logger = logging.getLogger(__name__) + + +class ProviderSetupValidationPage(ValidationPage): + def __init__(self, parent=None): + super(ProviderSetupValidationPage, self).__init__(parent) + is_signup = self.field("is_signup") + self.is_signup = is_signup + + self.setTitle("Setting up provider") + #self.setSubTitle( + #"auto configuring provider...") + + self.setPixmap( + QtGui.QWizard.LogoPixmap, + QtGui.QPixmap(APP_LOGO)) + + def _do_checks(self, update_signal=None): + """ + executes actual checks in a separate thread + """ + full_domain = self.field('provider_domain') + wizard = self.wizard() + pconfig = wizard.providerconfig + + #pCertChecker = wizard.providercertchecker + #certchecker = pCertChecker(domain=full_domain) + pCertChecker = wizard.providercertchecker( + domain=full_domain) + + update_signal.emit('head_sentinel', 0) + + ###################################### + if not self.is_signup: + # We come from login page. + # We try a call to an authenticated + # page here as a mean to catch + # srp authentication errors while + # we are still at one page's reach + # of the login credentials input page. + # (so we're able to go back an correct) + + step = "fetch_eipcert" + update_signal.emit('validating credentials', 20) + + unamek = 'login_userName' + passwk = 'login_userPassword' + + username = self.field(unamek) + password = self.field(passwk) + credentials = username, password + + ################# + # FIXME #BUG #638 + verify = False + + try: + pCertChecker.download_new_client_cert( + credentials=credentials, + verify=verify) + + except auth.SRPAuthenticationError as exc: + self.set_error( + step, + "Authentication error: %s" % exc.message) + return False + + pause_for_user() + + ####################################### + + update_signal.emit('Fetching CA certificate', 30) + pause_for_user() + + if pconfig: + ca_cert_uri = pconfig.get('ca_cert_uri').geturl() + else: + ca_cert_uri = None + + # XXX check scheme == "https" + # XXX passing verify == False because + # we have trusted right before. + # We should check it's the same domain!!! + # (Check with the trusted fingerprints dict + # or something smart) + + pCertChecker.download_ca_cert( + uri=ca_cert_uri, + verify=False) + pause_for_user() + + update_signal.emit('Checking CA fingerprint', 66) + #ca_cert_fingerprint = pconfig.get('ca_cert_fingerprint', None) + + # XXX get fingerprint dict (types) + #sha256_fpr = ca_cert_fingerprint.split('=')[1] + + #validate_fpr = pCertChecker.check_ca_cert_fingerprint( + #fingerprint=sha256_fpr) + #if not validate_fpr: + # XXX update validationMsg + # should catch exception + #return False + + update_signal.emit('Validating api certificate', 90) + + #api_uri = pconfig.get('api_uri', None) + #try: + #api_cert_verified = pCertChecker.verify_api_https(api_uri) + #except requests.exceptions.SSLError as exc: + #logger.error('BUG #638. %s' % exc.message) + # XXX RAISE! See #638 + # bypassing until the hostname is fixed. + # We probably should raise yet-another-warning + # here saying user that the hostname "XX.XX.XX.XX' does not + # match 'foo.bar.baz' + #api_cert_verified = True + + #if not api_cert_verified: + # XXX update validationMsg + # should catch exception + #return False + pause_for_user() + #ca_cert_path = checker.ca_cert_path + + update_signal.emit('end_sentinel', 100) + pause_for_user() + + def _do_validation(self): + """ + called after _do_checks has finished + (connected to checker thread finished signal) + """ + prevpage = "providerselection" if self.is_signup else "login" + wizard = self.wizard() + + if self.errors: + logger.debug('going back with errors') + name, first_error = self.pop_first_error() + wizard.set_validation_error( + prevpage, + first_error) + self.go_back() + else: + logger.debug('going next') + self.go_next() + + def nextId(self): + wizard = self.wizard() + if not wizard: + return + is_signup = self.field('is_signup') + if is_signup is True: + next_ = 'signup' + if is_signup is False: + # XXX bad name. change to connect again. + next_ = 'signupvalidation' + return wizard.get_page_index(next_) |