#333 Implemented downlload ca.crt when pixelated-user-agent doesn't find a cert file to connect on LEAP provider

1 files changed, 16 insertions, 4 deletions

diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index ed597ca8..4ee28a19 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -14,6 +14,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 import os
+import requests
+import json
 
 from leap.common import ca_bundle
 
@@ -46,7 +48,17 @@ class LeapCertificate(object):
 
     def _local_server_cert(self):
         cert_file = os.path.join(self._certs_home, '%s.ca.crt' % self._server_name)
-        if os.path.isfile(cert_file):
-            return cert_file
-        else:
-            return None
+        if not os.path.isfile(cert_file):
+            self._download_server_cert(cert_file)
+
+        return cert_file
+
+    def _download_server_cert(self, cert_file_name):
+        response = requests.get('https://%s/provider.json' % self._server_name)
+        provider_data = json.loads(response.content)
+        ca_cert_uri = str(provider_data['ca_cert_uri'])
+
+        response = requests.get(ca_cert_uri)
+        with open(cert_file_name, 'w') as file:
+            file.write(response.content)
+            file.close