diff options
| author | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-04-02 13:31:25 +0200 |
|---|---|---|
| committer | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-04-02 13:31:25 +0200 |
| commit | 47c2a0e71d1d0e46fc9fcdc01f22557bfbfc3794 (patch) | |
| tree | ba37a0c18e2e0d57fe1b473e8406c5ccd083aa97 /service/pixelated/bitmask_libraries/certs.py | |
| parent | 2afbf19730d5810c61b8b478ff228bef88fca968 (diff) | |
Don't try to write certs to installation folder.
- User running the agent might not have the rights to do this
Diffstat (limited to 'service/pixelated/bitmask_libraries/certs.py')
| -rw-r--r-- | service/pixelated/bitmask_libraries/certs.py | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index 6d3c4c2a..61771cec 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -22,6 +22,7 @@ from .config import AUTO_DETECT_CA_BUNDLE LEAP_CERT = None LEAP_FINGERPRINT = None +PACKAGED_CERTS_HOME = os.path.abspath(os.path.join(os.path.abspath(__file__), "..", "..", "certificates")) def which_api_CA_bundle(provider): @@ -85,18 +86,35 @@ class LeapCertificate(object): return path def _local_bootstrap_server_cert(self): - cert_file = os.path.join(self._certs_home, '%s.ca.crt' % self._server_name) - if not os.path.isfile(cert_file): - response = requests.get('https://%s/provider.json' % self._server_name) - provider_data = json.loads(response.content) - ca_cert_uri = str(provider_data['ca_cert_uri']) + cert_file = self._bootstrap_certs_cert_file() + if os.path.isfile(cert_file): + return cert_file + + cert_file = os.path.join(PACKAGED_CERTS_HOME, '%s.ca.crt' % self._server_name) + if os.path.exists(cert_file): + return cert_file - response = requests.get(ca_cert_uri) - with open(cert_file, 'w') as file: - file.write(response.content) + # else download the file + cert_file = self._bootstrap_certs_cert_file() + response = requests.get('https://%s/provider.json' % self._server_name) + provider_data = json.loads(response.content) + ca_cert_uri = str(provider_data['ca_cert_uri']) + + response = requests.get(ca_cert_uri) + with open(cert_file, 'w') as file: + file.write(response.content) return cert_file + def _bootstrap_certs_cert_file(self): + path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name) + if not os.path.isdir(path): + os.makedirs(path, 0700) + + file_path = os.path.join(path, '%s.ca.crt' % self._server_name) + + return file_path + def _download_server_cert(self, cert_file_name): cert = self._provider.fetch_valid_certificate() |