From a85e488ed323ba35b9d12c5cc344bf06337a9a00 Mon Sep 17 00:00:00 2001 From: kali Date: Sat, 20 Oct 2012 07:13:22 +0900 Subject: add bypass for already trusted fingerprints --- src/leap/eip/checks.py | 1 - src/leap/eip/config.py | 11 +++++++++-- src/leap/gui/firstrunwizard.py | 29 ++++++++++++++++++++++++----- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index 635308bb..b335b857 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -319,7 +319,6 @@ class ProviderCertChecker(object): return "https://%s/1/cert" % self.domain def _get_client_cert_path(self): - # MVS+ : get provider path return eipspecs.client_cert_path(domain=self.domain) def _get_ca_cert_path(self, domain): diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index ef0f52b4..1ce4a54e 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -78,8 +78,15 @@ def get_eip_gateway(): return placeholder if len(gateways) > 0: for gw in gateways: - if gw['name'] == primary_gateway: - hosts = gw['hosts'] + name = gw.get('name', None) + if not name: + return + + if name == primary_gateway: + hosts = gw.get('hosts', None) + if not hosts: + logger.error('no hosts') + return if len(hosts) > 0: return hosts[0] else: diff --git a/src/leap/gui/firstrunwizard.py b/src/leap/gui/firstrunwizard.py index 68cd4253..287332cd 100755 --- a/src/leap/gui/firstrunwizard.py +++ b/src/leap/gui/firstrunwizard.py @@ -47,6 +47,7 @@ class FirstRunWizard(QtGui.QWizard): self, parent=None, providers=None, success_cb=None, is_provider_setup=False, is_previously_registered=False, + trusted_certs=None, netchecker=basechecks.LeapNetworkChecker, providercertchecker=eipchecks.ProviderCertChecker, eipconfigchecker=eipchecks.EIPConfigChecker): @@ -69,6 +70,10 @@ class FirstRunWizard(QtGui.QWizard): # if True, jumps to LogIn page. self.is_previously_registered = is_previously_registered + # a dict with trusted fingerprints + # in the form {'nospacesfingerprint': ['host1', 'host2']} + self.trusted_certs = trusted_certs + # Checkers self.netchecker = netchecker self.providercertchecker = providercertchecker @@ -415,10 +420,17 @@ class SelectProviderPage(QtGui.QWizardPage): self.set_validation_status(exc.usermessage) fingerprint = certs.get_cert_fingerprint( domain=domain, sep=" ") - self.add_cert_info(fingerprint) - self.did_cert_check = True - self.completeChanged.emit() - return False + + # it's ok if we've trusted this fgprt before + trustedcrts = self.wizard().trusted_certs + if trustedcrts and fingerprint.replace(' ', '') in trustedcrts: + pass + else: + # let your user face panick :P + self.add_cert_info(fingerprint) + self.did_cert_check = True + self.completeChanged.emit() + return False except baseexceptions.LeapException as exc: self.set_validation_status(exc.usermessage) @@ -1044,6 +1056,13 @@ if __name__ == '__main__': logger.setLevel(logging.DEBUG) app = QtGui.QApplication(sys.argv) - wizard = FirstRunWizard() # providers=('springbok',)) + + trusted_certs = { + "3DF83F316BFA0186" + "0A11A5C9C7FC24B9" + "18C62B941192CC1A" + "49AE62218B2A4B7C": ['springbok']} + + wizard = FirstRunWizard(trusted_certs=trusted_certs) wizard.show() sys.exit(app.exec_()) -- cgit v1.2.3