summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFolker Bernitt <fbernitt@thoughtworks.com>2015-03-30 13:18:02 +0200
committerFolker Bernitt <fbernitt@thoughtworks.com>2015-03-30 13:18:02 +0200
commitf73a010925338f149410172c33df113947c371fc (patch)
tree71ab71a12ecc8eaf74ab09cb95adffa9b0541363
parent2ec7bcfd32c2151e2e42ae7b19631dcc4018f93e (diff)
Auto refresh provider certificate on start.
- Issue #333
-rw-r--r--service/pixelated/bitmask_libraries/certs.py15
-rw-r--r--service/pixelated/bitmask_libraries/session.py2
2 files changed, 15 insertions, 2 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index bafc809d..6b12bce4 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -36,6 +36,10 @@ def which_bootstrap_bundle(provider):
return str(LeapCertificate(provider).auto_detect_bootstrap_ca_bundle())
+def refresh_ca_bundle(provider):
+ LeapCertificate(provider).refresh_ca_bundle()
+
+
class LeapCertificate(object):
def __init__(self, provider):
self._config = provider.config
@@ -57,14 +61,21 @@ class LeapCertificate(object):
if self._provider.config.ca_cert_bundle:
return self._provider.config.ca_cert_bundle
- certs_root = self._provider_certs_root_path()
- cert_file = os.path.join(certs_root, 'provider.pem')
+ cert_file = self._provider_cert_file()
if not os.path.isfile(cert_file):
self._download_server_cert(cert_file)
return cert_file
+ def refresh_ca_bundle(self):
+ cert_file = self._provider_cert_file()
+ self._download_server_cert(cert_file)
+
+ def _provider_cert_file(self):
+ certs_root = self._provider_certs_root_path()
+ return os.path.join(certs_root, 'provider.pem')
+
def _provider_certs_root_path(self):
path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client')
if not os.path.isdir(path):
diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py
index b23d964f..c0c8f712 100644
--- a/service/pixelated/bitmask_libraries/session.py
+++ b/service/pixelated/bitmask_libraries/session.py
@@ -24,6 +24,7 @@ from leap.mail.imap.memorystore import MemoryStore
from leap.mail.imap.soledadstore import SoledadStore
from pixelated.bitmask_libraries.config import LeapConfig
from pixelated.bitmask_libraries.provider import LeapProvider
+from pixelated.bitmask_libraries.certs import refresh_ca_bundle
from twisted.internet import reactor
from .nicknym import NickNym
from .auth import LeapAuthenticator, LeapCredentials
@@ -40,6 +41,7 @@ def open(username, password, server_name, leap_home=DEFAULT_LEAP_HOME):
config = LeapConfig(leap_home=leap_home, certs_home=certs_home)
provider = LeapProvider(server_name, config)
+ refresh_ca_bundle(provider)
session = LeapSessionFactory(provider).create(LeapCredentials(username, password))
return session