diff options
Diffstat (limited to 'service/pixelated/bitmask_libraries/provider.py')
-rw-r--r-- | service/pixelated/bitmask_libraries/provider.py | 51 |
1 files changed, 48 insertions, 3 deletions
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index 02318ec2..97becac8 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -15,9 +15,12 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import json import os +import fileinput +import tempfile +import requests from leap.common.certs import get_digest -import requests +from leap.common import ca_bundle from .certs import LeapCertificate from pixelated.config import leap_config from pixelated.support.tls_adapter import EnforceTLSv1Adapter @@ -32,6 +35,10 @@ class LeapProvider(object): self.provider_json = self.fetch_provider_json() @property + def provider_api_cert(self): + return str(os.path.join(leap_config.leap_home, 'providers', self.server_name, 'keys', 'client', 'api.pem')) + + @property def api_uri(self): return self.provider_json.get('api_uri') @@ -140,14 +147,14 @@ class LeapProvider(object): def fetch_soledad_json(self): service_url = "%s/%s/config/soledad-service.json" % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT) + response = requests.get(service_url, verify=self.provider_api_cert, timeout=REQUESTS_TIMEOUT) response.raise_for_status() return json.loads(response.content) def fetch_smtp_json(self): service_url = '%s/%s/config/smtp-service.json' % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT) + response = requests.get(service_url, verify=self.provider_api_cert, timeout=REQUESTS_TIMEOUT) response.raise_for_status() return json.loads(response.content) @@ -166,3 +173,41 @@ class LeapProvider(object): def _discover_nicknym_server(self): return 'https://nicknym.%s:6425/' % self.domain + + def create_combined_bundle_file(self): + leap_ca_bundle = ca_bundle.where() + + if self.provider_api_cert == leap_ca_bundle: + return self.provider_api_cert + elif not self.provider_api_cert: + return leap_ca_bundle + + tmp_file = tempfile.NamedTemporaryFile(delete=False) + + with open(tmp_file.name, 'w') as fout: + fin = fileinput.input(files=(leap_ca_bundle, self.provider_api_cert)) + for line in fin: + fout.write(line) + fin.close() + + self.combined_ca_bundle = tmp_file.name + + def setup_ca_bundle(self): + path = os.path.join(leap_config.leap_home, 'providers', self.server_name, 'keys', 'client') + if not os.path.isdir(path): + os.makedirs(path, 0700) + self._download_cert(self.provider_api_cert) + + def _download_cert(self, cert_file_name): + cert = self.fetch_valid_certificate() + with open(cert_file_name, 'w') as file: + file.write(cert) + + def setup_ca(self): + self.download_certificate() + self.setup_ca_bundle() + self.create_combined_bundle_file() + + def download_settings(self): + self.download_soledad_json() + self.download_smtp_json() |