Fixed certificates initialization and removed which_api_bundle

author: Bruno Wagner <bwgpro@gmail.com> 2015-06-08 18:27:09 -0300
committer: Bruno Wagner <bwgpro@gmail.com> 2015-06-08 18:27:09 -0300
commit: 7b1af2ede753a63c9f584ccf37691917714e9655 (patch)
tree: bc40f8275a802e4072a9dc7a1679f83bf0ff7b6e /service/pixelated/bitmask_libraries
parent: 8b0e4f05b142b73a5ca13f4706fcb6ececbb6911 (diff)
5 files changed, 18 insertions, 15 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 3ca55469..3d567e53 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -34,10 +34,6 @@ def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint):
         LEAP_CERT = False
 
 
-def which_api_CA_bundle(provider):
-    return str(LeapCertificate(provider).api_ca_bundle())
-
-
 def which_bootstrap_cert_fingerprint():
     return LEAP_FINGERPRINT
 
@@ -59,6 +55,9 @@ class LeapCertificate(object):
         self._provider = provider
 
     def auto_detect_bootstrap_ca_bundle(self):
+        if LEAP_CERT is not None:
+            return LEAP_CERT
+
         if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
             local_cert = self._local_bootstrap_server_cert()
             if local_cert:
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py
index bee90897..d7c9c7af 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/nicknym.py
@@ -14,7 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 from leap.keymanager import KeyManager, openpgp, KeyNotFound
-from .certs import which_api_CA_bundle
+from .certs import LeapCertificate
 
 
 class NickNym(object):
@@ -23,7 +23,7 @@ class NickNym(object):
         self._email = '%s@%s' % (username, provider.domain)
         self.keymanager = KeyManager('%s@%s' % (username, provider.domain), nicknym_url,
                                      soledad_session.soledad,
-                                     token, which_api_CA_bundle(provider), provider.api_uri,
+                                     token, LeapCertificate(provider).api_ca_bundle(), provider.api_uri,
                                      provider.api_version,
                                      uuid, config.gpg_binary)
 
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 1564c974..afad66e3 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -17,7 +17,8 @@ import json
 
 from leap.common.certs import get_digest
 import requests
-from .certs import which_bootstrap_CA_bundle, which_api_CA_bundle, which_bootstrap_cert_fingerprint
+from .certs import which_bootstrap_cert_fingerprint
+from .certs import LeapCertificate
 from pixelated.support.tls_adapter import EnforceTLSv1Adapter
 
 
@@ -100,7 +101,7 @@ class LeapProvider(object):
         session = requests.session()
         try:
             session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint()))
-            response = session.get(url, verify=which_bootstrap_CA_bundle(self), timeout=self.config.timeout_in_s)
+            response = session.get(url, verify=LeapCertificate(self).auto_detect_bootstrap_ca_bundle(), timeout=self.config.timeout_in_s)
             response.raise_for_status()
             return response
         finally:
@@ -115,14 +116,14 @@ class LeapProvider(object):
     def fetch_soledad_json(self):
         service_url = "%s/%s/config/soledad-service.json" % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s)
         response.raise_for_status()
         return json.loads(response.content)
 
     def fetch_smtp_json(self):
         service_url = '%s/%s/config/smtp-service.json' % (
             self.api_uri, self.api_version)
-        response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
+        response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s)
         response.raise_for_status()
         return json.loads(response.content)
 
diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py
index c22601d2..4b6ec719 100644
--- a/service/pixelated/bitmask_libraries/smtp.py
+++ b/service/pixelated/bitmask_libraries/smtp.py
@@ -17,8 +17,8 @@ import logging
 import os
 import requests
 import random
-from .certs import which_api_CA_bundle
 from leap.mail.smtp import setup_smtp_gateway
+from pixelated.bitmask_libraries.certs import LeapCertificate
 
 
 logger = logging.getLogger(__name__)
@@ -59,7 +59,11 @@ class LeapSmtp(object):
         cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version)
         cookies = {"_session_id": self.session_id}
 
-        response = requests.get(cert_url, verify=which_api_CA_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s)
+        response = requests.get(
+            cert_url,
+            verify=LeapCertificate(self._provider).api_ca_bundle(),
+            cookies=cookies,
+            timeout=self._provider.config.timeout_in_s)
         response.raise_for_status()
 
         client_cert = response.content
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
index f3fca95a..207b3e73 100644
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ b/service/pixelated/bitmask_libraries/soledad.py
@@ -19,8 +19,7 @@ import os
 from leap.keymanager import KeyManager
 from leap.soledad.client import Soledad
 from leap.soledad.common.crypto import WrongMac, UnknownMacMethod
-from .certs import which_api_CA_bundle
-
+from pixelated.bitmask_libraries.certs import LeapCertificate
 
 SOLEDAD_TIMEOUT = 120
 SOLEDAD_CERT = '/tmp/ca.crt'
@@ -68,7 +67,7 @@ class SoledadSession(object):
             local_db = self._local_db_path()
 
             return Soledad(self.user_uuid, unicode(encryption_passphrase), secrets,
-                           local_db, server_url, which_api_CA_bundle(self.provider), self.user_token, defer_encryption=False)
+                           local_db, server_url, LeapCertificate(self.provider).api_ca_bundle(), self.user_token, defer_encryption=False)
 
         except (WrongMac, UnknownMacMethod), e:
             raise SoledadWrongPassphraseException(e)
author	Bruno Wagner <bwgpro@gmail.com>	2015-06-08 18:27:09 -0300
committer	Bruno Wagner <bwgpro@gmail.com>	2015-06-08 18:27:09 -0300
commit	7b1af2ede753a63c9f584ccf37691917714e9655 (patch)
tree	bc40f8275a802e4072a9dc7a1679f83bf0ff7b6e /service/pixelated/bitmask_libraries
parent	8b0e4f05b142b73a5ca13f4706fcb6ececbb6911 (diff)