diff options
author | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-04-02 13:31:25 +0200 |
---|---|---|
committer | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-04-02 13:31:25 +0200 |
commit | 47c2a0e71d1d0e46fc9fcdc01f22557bfbfc3794 (patch) | |
tree | ba37a0c18e2e0d57fe1b473e8406c5ccd083aa97 | |
parent | 2afbf19730d5810c61b8b478ff228bef88fca968 (diff) |
Don't try to write certs to installation folder.
- User running the agent might not have the rights to do this
-rw-r--r-- | service/pixelated/bitmask_libraries/certs.py | 34 | ||||
-rw-r--r-- | service/test/unit/bitmask_libraries/test_certs.py | 4 |
2 files changed, 28 insertions, 10 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index 6d3c4c2a..61771cec 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -22,6 +22,7 @@ from .config import AUTO_DETECT_CA_BUNDLE LEAP_CERT = None LEAP_FINGERPRINT = None +PACKAGED_CERTS_HOME = os.path.abspath(os.path.join(os.path.abspath(__file__), "..", "..", "certificates")) def which_api_CA_bundle(provider): @@ -85,18 +86,35 @@ class LeapCertificate(object): return path def _local_bootstrap_server_cert(self): - cert_file = os.path.join(self._certs_home, '%s.ca.crt' % self._server_name) - if not os.path.isfile(cert_file): - response = requests.get('https://%s/provider.json' % self._server_name) - provider_data = json.loads(response.content) - ca_cert_uri = str(provider_data['ca_cert_uri']) + cert_file = self._bootstrap_certs_cert_file() + if os.path.isfile(cert_file): + return cert_file + + cert_file = os.path.join(PACKAGED_CERTS_HOME, '%s.ca.crt' % self._server_name) + if os.path.exists(cert_file): + return cert_file - response = requests.get(ca_cert_uri) - with open(cert_file, 'w') as file: - file.write(response.content) + # else download the file + cert_file = self._bootstrap_certs_cert_file() + response = requests.get('https://%s/provider.json' % self._server_name) + provider_data = json.loads(response.content) + ca_cert_uri = str(provider_data['ca_cert_uri']) + + response = requests.get(ca_cert_uri) + with open(cert_file, 'w') as file: + file.write(response.content) return cert_file + def _bootstrap_certs_cert_file(self): + path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name) + if not os.path.isdir(path): + os.makedirs(path, 0700) + + file_path = os.path.join(path, '%s.ca.crt' % self._server_name) + + return file_path + def _download_server_cert(self, cert_file_name): cert = self._provider.fetch_valid_certificate() diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py index ba56d5c2..17daa69b 100644 --- a/service/test/unit/bitmask_libraries/test_certs.py +++ b/service/test/unit/bitmask_libraries/test_certs.py @@ -12,12 +12,12 @@ class CertsTest(unittest.TestCase): def test_that_which_bootstrap_cert_bundle_returns_byte_string(self, mock_isdir, mock_isfile): mock_isfile.return_value = True mock_isdir.return_value = True - config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, certs_home='/some/path') + config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, leap_home='/leap/home', certs_home='/some/path') provider = MagicMock(server_name=u'test.leap.net', config=config) bundle = which_bootstrap_CA_bundle(provider) - self.assertEqual('/some/path/test.leap.net.ca.crt', bundle) + self.assertEqual('/leap/home/providers/test.leap.net/test.leap.net.ca.crt', bundle) self.assertEqual(str, type(bundle)) @patch('pixelated.bitmask_libraries.certs.os.path.isfile') |