diff options
Diffstat (limited to 'service/pixelated/bitmask_libraries')
| -rw-r--r-- | service/pixelated/bitmask_libraries/provider.py | 15 | ||||
| -rw-r--r-- | service/pixelated/bitmask_libraries/session.py | 39 | ||||
| -rw-r--r-- | service/pixelated/bitmask_libraries/smtp.py | 49 |
3 files changed, 49 insertions, 54 deletions
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index b7f82f8a..071b0bbf 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import json +import os from leap.common.certs import get_digest import requests @@ -95,6 +96,13 @@ class LeapProvider(object): if fingerprint.strip() != digest: raise Exception('Certificate fingerprints don\'t match! Expected [%s] but got [%s]' % (fingerprint.strip(), digest)) + def smtp_info(self): + json_data = self.fetch_smtp_json() + hosts = json_data['hosts'] + hostname = hosts.keys()[0] + host = hosts[hostname] + return host['hostname'], host['port'] + def _validated_get(self, url): session = requests.session() try: @@ -130,3 +138,10 @@ class LeapProvider(object): def address_for(self, username): return '%s@%s' % (username, self.domain) + + def _client_cert_path(self): + return os.path.join( + self.config.leap_home, + "providers", + self.domain, + "keys", "client", "smtp.pem") diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py index e13e5863..4a503628 100644 --- a/service/pixelated/bitmask_libraries/session.py +++ b/service/pixelated/bitmask_libraries/session.py @@ -16,17 +16,18 @@ import errno import traceback import sys - import os +import requests + +from twisted.internet import reactor, defer +from pixelated.bitmask_libraries.certs import LeapCertificate +from pixelated.adapter.mailstore import LeapMailStore from leap.mail.incoming.service import IncomingMail -from twisted.internet import reactor -from .nicknym import NickNym from leap.auth import SRPAuth -from pixelated.adapter.mailstore import LeapMailStore -from .soledad import SoledadSessionFactory -from .smtp import LeapSmtp from leap.mail.imap.account import IMAPAccount -from twisted.internet import defer +from .nicknym import NickNym +from .smtp import LeapSmtp +from .soledad import SoledadSessionFactory from leap.common.events import ( register, @@ -149,12 +150,36 @@ class LeapSessionFactory(object): nicknym = self._create_nicknym(account_email, auth.token, auth.uuid, soledad) + self._download_smtp_cert(auth) smtp = LeapSmtp(self._provider, auth, nicknym.keymanager) # TODO: Create the new mail sender based on what we have in available LeapSmtp, e.g. the certs return LeapSession(self._provider, auth, mail_store, soledad, nicknym, smtp) + def _download_smtp_cert(self, auth): + cert_path = self._provider._client_cert_path() + + if not os.path.exists(os.path.dirname(cert_path)): + os.makedirs(os.path.dirname(cert_path)) + + cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) + cookies = {"_session_id": auth.session_id} + headers = {} + headers["Authorization"] = 'Token token="{0}"'.format(auth.token) + response = requests.get( + cert_url, + verify=LeapCertificate(self._provider).provider_api_cert, + cookies=cookies, + timeout=self._provider.config.timeout_in_s, + headers=headers) + response.raise_for_status() + + client_cert = response.content + + with open(cert_path, 'w') as f: + f.write(client_cert) + def _lookup_session(self, key): global SESSIONS if key in SESSIONS: diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py index ff2792fb..63d2d310 100644 --- a/service/pixelated/bitmask_libraries/smtp.py +++ b/service/pixelated/bitmask_libraries/smtp.py @@ -33,57 +33,12 @@ class LeapSmtp(object): self.session_id = auth.session_id self.user_token = auth.token self._keymanager = keymanager - self._remote_hostname, self._remote_port = self._discover_remote_smtp_server() + self._remote_hostname, self._remote_port = provider.smtp_info() self._local_smtp_service_socket = None self._local_smtp_service = None - def smtp_info(self): - return ('localhost', self.local_smtp_port_number) - - def _discover_remote_smtp_server(self): - json_data = self._provider.fetch_smtp_json() - hosts = json_data['hosts'] - hostname = hosts.keys()[0] - host = hosts[hostname] - - hostname = host['hostname'] - port = host['port'] - - return hostname, port - - def _download_client_certificates(self): - cert_path = self._client_cert_path() - - if not os.path.exists(os.path.dirname(cert_path)): - os.makedirs(os.path.dirname(cert_path)) - - cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) - cookies = {"_session_id": self.session_id} - headers = {} - headers["Authorization"] = 'Token token="{0}"'.format(self.user_token) - response = requests.get( - cert_url, - verify=LeapCertificate(self._provider).provider_api_cert, - cookies=cookies, - timeout=self._provider.config.timeout_in_s, - headers=headers) - response.raise_for_status() - - client_cert = response.content - - with open(cert_path, 'w') as f: - f.write(client_cert) - - def _client_cert_path(self): - return os.path.join( - self._provider.config.leap_home, - "providers", - self._provider.domain, - "keys", "client", "smtp.pem") - def start(self): - self._download_client_certificates() - cert_path = self._client_cert_path() + cert_path = self._provider._client_cert_path() email = '%s@%s' % (self.username, self._provider.domain) self._local_smtp_service, self._local_smtp_service_socket = setup_smtp_gateway( |