diff options
author | Leonardo Schäffer <leonardo.schaffer@gmail.com> | 2015-06-25 11:20:44 -0300 |
---|---|---|
committer | Leonardo Schäffer <leonardo.schaffer@gmail.com> | 2015-06-25 11:20:44 -0300 |
commit | 42f31aa607750eb7c00224e7c1c353b27cbd7519 (patch) | |
tree | 4bbfae731c8427c526f22bacb9136e5ed3e69d8c /service/pixelated/bitmask_libraries/certs.py | |
parent | 7f349abe67b8e1a71798478f6c26b08773f2d869 (diff) | |
parent | 0b179c61043a9854fa23b8fd40fd252864ecd021 (diff) |
Merge branch 'master' into floatlabel_for_compose
Diffstat (limited to 'service/pixelated/bitmask_libraries/certs.py')
-rw-r--r-- | service/pixelated/bitmask_libraries/certs.py | 104 |
1 files changed, 19 insertions, 85 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index a321e00e..9d543672 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -14,108 +14,42 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import os -import requests -import json -from leap.common import ca_bundle -from .config import AUTO_DETECT_CA_BUNDLE -LEAP_CERT = None -LEAP_FINGERPRINT = None -PACKAGED_CERTS_HOME = os.path.abspath(os.path.join(os.path.abspath(__file__), "..", "..", "certificates")) - - -def which_api_CA_bundle(provider): - return str(LeapCertificate(provider).api_ca_bundle()) - - -def which_bootstrap_cert_fingerprint(): - return LEAP_FINGERPRINT - - -def which_bootstrap_CA_bundle(provider): - if LEAP_CERT is not None: - return LEAP_CERT - return str(LeapCertificate(provider).auto_detect_bootstrap_ca_bundle()) - - -def refresh_ca_bundle(provider): - LeapCertificate(provider).refresh_ca_bundle() +class LeapCertificate(object): + LEAP_CERT = None + LEAP_FINGERPRINT = None -class LeapCertificate(object): def __init__(self, provider): self._config = provider.config self._server_name = provider.server_name self._provider = provider - def auto_detect_bootstrap_ca_bundle(self): - if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE: - local_cert = self._local_bootstrap_server_cert() - if local_cert: - return local_cert - else: - return ca_bundle.where() + @staticmethod + def set_cert_and_fingerprint(cert_file=None, cert_fingerprint=None): + if cert_fingerprint is None: + LeapCertificate.LEAP_CERT = str(cert_file) if cert_file else True + LeapCertificate.LEAP_FINGERPRINT = None else: - return self._config.bootstrap_ca_cert_bundle - - def api_ca_bundle(self): - if self._provider.config.ca_cert_bundle: - return self._provider.config.ca_cert_bundle - - cert_file = self._api_cert_file() - - if not os.path.isfile(cert_file): - self._download_server_cert(cert_file) + LeapCertificate.LEAP_FINGERPRINT = cert_fingerprint + LeapCertificate.LEAP_CERT = False - return cert_file + @property + def provider_web_cert(self): + return self.LEAP_CERT - def refresh_ca_bundle(self): - cert_file = self._api_cert_file() - self._download_server_cert(cert_file) + @property + def provider_api_cert(self): + return str(os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem')) - def _api_cert_file(self): - certs_root = self._api_certs_root_path() - return os.path.join(certs_root, 'api.pem') - - def _api_certs_root_path(self): + def setup_ca_bundle(self): path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client') if not os.path.isdir(path): os.makedirs(path, 0700) - return path - - def _local_bootstrap_server_cert(self): - cert_file = self._bootstrap_certs_cert_file() - if os.path.isfile(cert_file): - return cert_file - - cert_file = os.path.join(PACKAGED_CERTS_HOME, '%s.ca.crt' % self._server_name) - if os.path.exists(cert_file): - return cert_file - - # else download the file - cert_file = self._bootstrap_certs_cert_file() - response = requests.get('https://%s/provider.json' % self._server_name) - provider_data = json.loads(response.content) - ca_cert_uri = str(provider_data['ca_cert_uri']) - - response = requests.get(ca_cert_uri) - with open(cert_file, 'w') as file: - file.write(response.content) - - return cert_file - - def _bootstrap_certs_cert_file(self): - path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name) - if not os.path.isdir(path): - os.makedirs(path, 0700) + self._download_cert(self.provider_api_cert) - file_path = os.path.join(path, '%s.ca.crt' % self._server_name) - - return file_path - - def _download_server_cert(self, cert_file_name): + def _download_cert(self, cert_file_name): cert = self._provider.fetch_valid_certificate() - with open(cert_file_name, 'w') as file: file.write(cert) |