From d0e4444555df79978aed5cd6c9548e2fd1c63936 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Mon, 18 Sep 2017 17:33:53 +0200 Subject: [bug] flag vpn_ready == false if cert expired We were not renewing the vpn cert. Now the UI will trigger a cert renewal by telling it that is the vpn is not ready if the cert is expired. - Resolves: #9059 --- src/leap/bitmask/vpn/_checks.py | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'src/leap/bitmask/vpn/_checks.py') diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py index 3921d03..6c08962 100644 --- a/src/leap/bitmask/vpn/_checks.py +++ b/src/leap/bitmask/vpn/_checks.py @@ -1,5 +1,9 @@ import os +from datetime import datetime +from time import mktime + +from leap.common.certs import get_cert_time_boundaries from leap.common.config import get_path_prefix @@ -11,10 +15,21 @@ class ImproperlyConfigured(Exception): def is_service_ready(provider): - _has_valid_cert(provider) + if not _has_valid_cert(provider): + raise ImproperlyConfigured('Missing VPN certificate') + return True +def cert_expires(provider): + path = get_vpn_cert_path(provider) + with open(path, 'r') as f: + cert = f.read() + _, to = get_cert_time_boundaries(cert) + expiry_date = datetime.fromtimestamp(mktime(to)) + return expiry_date + + def get_vpn_cert_path(provider): return os.path.join(get_path_prefix(), 'leap', 'providers', provider, @@ -25,4 +40,10 @@ def _has_valid_cert(provider): cert_path = get_vpn_cert_path(provider) has_file = os.path.isfile(cert_path) if not has_file: - raise ImproperlyConfigured('Missing VPN certificate') + return False + + expiry = cert_expires(provider) + if datetime.now() > expiry: + return False + + return True -- cgit v1.2.3