Provider web certificate will always be bytestring now, requests complains otherwise

author: Bruno Wagner <bwgpro@gmail.com> 2015-06-10 08:56:39 -0300
committer: Bruno Wagner <bwgpro@gmail.com> 2015-06-10 08:56:39 -0300
commit: 031ebd58fd97bebae81e4e17cd7c4a4ed5a493d0 (patch)
tree: c3449e056499c9e9f000e46a14194ca1bd9364fe
parent: 4bb8e1becefe5a07ee5ec6fbabb44959d85e3a62 (diff)
9 files changed, 38 insertions, 37 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 935c252a..874ab246 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -29,21 +29,25 @@ class LeapCertificate(object):
     @staticmethod
     def set_cert_and_fingerprint(cert_file=None, cert_fingerprint=None):
         if cert_fingerprint is None:
-            LeapCertificate.LEAP_CERT = cert_file or True
+            LeapCertificate.LEAP_CERT = str(cert_file) or True
             LeapCertificate.LEAP_FINGERPRINT = None
         else:
             LeapCertificate.LEAP_FINGERPRINT = cert_fingerprint
             LeapCertificate.LEAP_CERT = False
 
     @property
-    def api_ca_bundle(self):
-        return os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem')
+    def provider_web_cert(self):
+        return self.LEAP_CERT
+
+    @property
+    def provider_api_cert(self):
+        return str(os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem'))
 
     def setup_ca_bundle(self):
         path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client')
         if not os.path.isdir(path):
             os.makedirs(path, 0700)
-        self._download_cert(self.api_ca_bundle)
+        self._download_cert(self.provider_api_cert)
 
     def _download_cert(self, cert_file_name):
         cert = self._provider.fetch_valid_certificate()
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py
index bb278cdc..220d75e5 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/nicknym.py
@@ -23,7 +23,7 @@ class NickNym(object):
         self._email = email_address
         self.keymanager = KeyManager(self._email, nicknym_url,
                                      soledad_session.soledad,
-                                     token, LeapCertificate(provider).api_ca_bundle, provider.api_uri,
+                                     token, LeapCertificate(provider).provider_api_cert, provider.api_uri,
                                      provider.api_version,
                                      uuid, config.gpg_binary)
 
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 0a22cf4d..e08bfb43 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -100,7 +100,7 @@ class LeapProvider(object):
         session = requests.session()
         try:
             session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT))
-            response = session.get(url, verify=LeapCertificate.LEAP_CERT, timeout=self.config.timeout_in_s)
+            response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=self.config.timeout_in_s)
             response.raise_for_status()
             return response
         finally:
@@ -115,14 +115,14 @@ class LeapProvider(object):
     def fetch_soledad_json(self):
         service_url = "%s/%s/config/soledad-service.json" % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle, timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
         response.raise_for_status()
         return json.loads(response.content)
 
     def fetch_smtp_json(self):
         service_url = '%s/%s/config/smtp-service.json' % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle, timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
         response.raise_for_status()
         return json.loads(response.content)
 
diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py
index 745d88ef..759a2920 100644
--- a/service/pixelated/bitmask_libraries/smtp.py
+++ b/service/pixelated/bitmask_libraries/smtp.py
@@ -61,7 +61,7 @@ class LeapSmtp(object):
 
         response = requests.get(
             cert_url,
-            verify=LeapCertificate(self._provider).api_ca_bundle,
+            verify=LeapCertificate(self._provider).provider_api_cert,
             cookies=cookies,
             timeout=self._provider.config.timeout_in_s)
         response.raise_for_status()
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
index 2e0219da..3700cd67 100644
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ b/service/pixelated/bitmask_libraries/soledad.py
@@ -35,14 +35,6 @@ class SoledadWrongPassphraseException(Exception):
         super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
 
 
-class LeapKeyManager(object):
-    def __init__(self, soledad, leap_session, nicknym_url):
-        provider = leap_session.provider
-        self.keymanager = KeyManager(leap_session.account_email(), nicknym_url, soledad,
-                                     leap_session.session_id, leap_session.leap_home + '/ca.crt', provider.api_uri, leap_session.api_version,
-                                     leap_session.uuid, leap_session.leap_config.gpg_binary)
-
-
 class SoledadSessionFactory(object):
     @classmethod
     def create(cls, provider, user_token, user_uuid, encryption_passphrase):
@@ -67,7 +59,7 @@ class SoledadSession(object):
             local_db = self._local_db_path()
 
             return Soledad(self.user_uuid, unicode(encryption_passphrase), secrets,
-                           local_db, server_url, LeapCertificate(self.provider).api_ca_bundle, self.user_token, defer_encryption=False)
+                           local_db, server_url, LeapCertificate(self.provider).provider_api_cert, self.user_token, defer_encryption=False)
 
         except (WrongMac, UnknownMacMethod), e:
             raise SoledadWrongPassphraseException(e)
diff --git a/service/pixelated/register.py b/service/pixelated/register.py
index 9fa98137..47c9c3f5 100644
--- a/service/pixelated/register.py
+++ b/service/pixelated/register.py
@@ -37,7 +37,7 @@ def register(server_name, username):
     config = LeapConfig()
     provider = LeapProvider(server_name, config)
     password = getpass.getpass('Please enter password for %s: ' % username)
-    srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).api_ca_bundle)
+    srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert)
 
     if srp_auth.register(username, password):
         session = leap_session.open_leap_session(username, password, server_name)
diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py
index 150a1f14..f1e643c4 100644
--- a/service/test/unit/bitmask_libraries/test_certs.py
+++ b/service/test/unit/bitmask_libraries/test_certs.py
@@ -6,22 +6,27 @@ from mock import MagicMock, patch
 
 class CertsTest(unittest.TestCase):
 
+    def setUp(self):
+        config = MagicMock(leap_home='/some/leap/home')
+        self.provider = MagicMock(server_name=u'test.leap.net', config=config)
+
     def test_set_cert_and_fingerprint_sets_cert(self):
         LeapCertificate.set_cert_and_fingerprint('some cert', None)
 
-        self.assertIsNone(LeapCertificate.LEAP_FINGERPRINT)
-        self.assertEqual('some cert', LeapCertificate.LEAP_CERT)
+        certs = LeapCertificate(self.provider)
+
+        self.assertIsNone(certs.LEAP_FINGERPRINT)
+        self.assertEqual('some cert', certs.provider_web_cert)
 
     def test_set_cert_and_fingerprint_sets_fingerprint(self):
         LeapCertificate.set_cert_and_fingerprint(None, 'fingerprint')
 
-        self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT)
-        self.assertFalse(LeapCertificate.LEAP_CERT)
+        certs = LeapCertificate(self.provider)
 
-    def test_api_ca_bundle(self):
-        config = MagicMock(leap_home='/some/leap/home')
-        provider = MagicMock(server_name=u'test.leap.net', config=config)
+        self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT)
+        self.assertFalse(certs.provider_web_cert)
 
-        cert = LeapCertificate(provider).api_ca_bundle
+    def test_provider_api_cert(self):
+        certs = LeapCertificate(self.provider).provider_api_cert
 
-        self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', cert)
+        self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', certs)
diff --git a/service/test/unit/bitmask_libraries/test_nicknym.py b/service/test/unit/bitmask_libraries/test_nicknym.py
index 7e6518b9..ca3b348d 100644
--- a/service/test/unit/bitmask_libraries/test_nicknym.py
+++ b/service/test/unit/bitmask_libraries/test_nicknym.py
@@ -25,7 +25,7 @@ class NickNymTest(AbstractLeapTest):
     @patch('pixelated.bitmask_libraries.nicknym.KeyManager.__init__', return_value=None)
     def test_that_keymanager_is_created(self, keymanager_init_mock):
         # given
-        LeapCertificate.api_ca_bundle = '/some/path/to/provider_ca_cert'
+        LeapCertificate.provider_api_cert = '/some/path/to/provider_ca_cert'
         # when
         NickNym(self.provider,
                 self.config,
diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py
index 320fece2..fabf5f87 100644
--- a/service/test/unit/bitmask_libraries/test_provider.py
+++ b/service/test/unit/bitmask_libraries/test_provider.py
@@ -134,14 +134,14 @@ VeJ6
 """
 
 
-CA_CERT = '/tmp/ca.crt'
-BOOTSTRAP_CA_CERT = '/tmp/bootstrap-ca.crt'
+PROVIDER_API_CERT = '/tmp/ca.crt'
+PROVIDER_WEB_CERT = '/tmp/bootstrap-ca.crt'
 
 
 class LeapProviderTest(AbstractLeapTest):
     def setUp(self):
         self.config = LeapConfig(leap_home='/tmp/foobar')
-        LeapCertificate.set_cert_and_fingerprint(BOOTSTRAP_CA_CERT, None)
+        LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
 
     def test_provider_fetches_provider_json(self):
         with HTTMock(provider_json_mock):
@@ -197,7 +197,7 @@ class LeapProviderTest(AbstractLeapTest):
         session = MagicMock(wraps=requests.session())
         session_func = MagicMock(return_value=session)
         get_func = MagicMock(wraps=requests.get)
-        LeapCertificate.LEAP_CERT = BOOTSTRAP_CA_CERT
+        LeapCertificate.LEAP_CERT = PROVIDER_WEB_CERT
 
         with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
             with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func):
@@ -205,18 +205,18 @@ class LeapProviderTest(AbstractLeapTest):
                     provider = LeapProvider('some-provider.test', self.config)
                     provider.fetch_valid_certificate()
 
-        session.get.assert_any_call('https://some-provider.test/ca.crt', verify=BOOTSTRAP_CA_CERT, timeout=15)
-        session.get.assert_any_call('https://some-provider.test/provider.json', verify=BOOTSTRAP_CA_CERT, timeout=15)
+        session.get.assert_any_call('https://some-provider.test/ca.crt', verify=PROVIDER_WEB_CERT, timeout=15)
+        session.get.assert_any_call('https://some-provider.test/provider.json', verify=PROVIDER_WEB_CERT, timeout=15)
 
     def test_that_provider_cert_is_used_to_fetch_soledad_json(self):
         get_func = MagicMock(wraps=requests.get)
-        LeapCertificate.api_ca_bundle = CA_CERT
+        LeapCertificate.provider_api_cert = PROVIDER_API_CERT
 
         with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func):
             with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
                 provider = LeapProvider('some-provider.test', self.config)
                 provider.fetch_soledad_json()
-        get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=CA_CERT, timeout=15)
+        get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=PROVIDER_API_CERT, timeout=15)
 
     def test_that_leap_fingerprint_is_validated(self):
         session = MagicMock(wraps=requests.session())
author	Bruno Wagner <bwgpro@gmail.com>	2015-06-10 08:56:39 -0300
committer	Bruno Wagner <bwgpro@gmail.com>	2015-06-10 08:56:39 -0300
commit	031ebd58fd97bebae81e4e17cd7c4a4ed5a493d0 (patch)
tree	c3449e056499c9e9f000e46a14194ca1bd9364fe
parent	4bb8e1becefe5a07ee5ec6fbabb44959d85e3a62 (diff)