Redownload SMTP certficates if necessary

- Issue #591
- using leaps should_redownload for check

2 files changed, 21 insertions, 10 deletions

diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py
index ef41fe6a..9e908ce5 100644
--- a/service/pixelated/bitmask_libraries/session.py
+++ b/service/pixelated/bitmask_libraries/session.py
@@ -29,6 +29,7 @@ from leap.auth import SRPAuth
 from .nicknym import NickNym
 from .smtp import LeapSMTPConfig
 from .soledad import SoledadFactory
+import leap.common.certs as leap_certs
 
 from leap.common.events import (
     register, unregister,
@@ -127,7 +128,7 @@ class SmtpClientCertificate(object):
         self._user_path = user_path
 
     def cert_path(self):
-        if not self._is_cert_already_downloaded():
+        if not self._is_cert_already_downloaded() or self._should_redownload():
             self._download_smtp_cert()
 
         return self._smtp_client_cert_path()
@@ -135,6 +136,9 @@ class SmtpClientCertificate(object):
     def _is_cert_already_downloaded(self):
         return os.path.exists(self._smtp_client_cert_path())
 
+    def _should_redownload(self):
+        return leap_certs.should_redownload(self._smtp_client_cert_path())
+
     def _download_smtp_cert(self):
         cert_path = self._smtp_client_cert_path()
 
diff --git a/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py b/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py
index 1a57487a..155f46e9 100644
--- a/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py
+++ b/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py
@@ -18,6 +18,7 @@ import unittest
 import tempdir
 from pixelated.bitmask_libraries import session
 from leap.srp_session import SRPSession
+import leap.common.certs as certs
 from mockito import mock, unstub, when, verify, never, any as ANY
 
 from pixelated.bitmask_libraries.session import SmtpClientCertificate
@@ -31,29 +32,35 @@ class TestSmtpClientCertificate(unittest.TestCase):
         self.provider.domain = 'some-provider.tld'
         self.auth = SRPSession('username', 'token', 'uuid', 'session_id')
         self.pem_path = os.path.join(self.tmp_dir.name, 'providers', 'some-provider.tld', 'keys', 'client', 'smtp.pem')
+        self.downloader = mock()
+        when(session).SmtpCertDownloader(self.provider, self.auth).thenReturn(self.downloader)
 
     def tearDown(self):
         self.tmp_dir.dissolve()
         unstub()
 
     def test_download_certificate(self):
-        downloader = mock()
-        when(session).SmtpCertDownloader(self.provider, self.auth).thenReturn(downloader)
-
         cert = SmtpClientCertificate(self.provider, self.auth, self.tmp_dir.name)
         result = cert.cert_path()
 
         self.assertEqual(self.pem_path, result)
-        verify(downloader).download_to(self.pem_path)
-
-    def test_skip_download_if_already_downloaded(self):
+        verify(self.downloader).download_to(self.pem_path)
 
-        downloader = mock()
-        when(session).SmtpCertDownloader(self.provider, self.auth).thenReturn(downloader)
+    def test_download_certificate_if_redownload_necessary(self):
         when(os.path).exists(self.pem_path).thenReturn(True)
+        when(certs).should_redownload(self.pem_path).thenReturn(True)
+
+        cert = SmtpClientCertificate(self.provider, self.auth, self.tmp_dir.name)
+        result = cert.cert_path()
+
+        self.assertEqual(self.pem_path, result)
+        verify(self.downloader).download_to(self.pem_path)
 
+    def test_skip_download_if_already_downloaded_and_still_valid(self):
+        when(os.path).exists(self.pem_path).thenReturn(True)
+        when(certs).should_redownload(ANY()).thenReturn(False)
         cert = SmtpClientCertificate(self.provider, self.auth, self.tmp_dir.name)
         result = cert.cert_path()
 
         self.assertEqual(self.pem_path, result)
-        verify(downloader, never).download_to(ANY())
+        verify(self.downloader, never).download_to(ANY())