diff options
Diffstat (limited to 'service/pixelated/config')
-rw-r--r-- | service/pixelated/config/__init__.py | 59 | ||||
-rw-r--r-- | service/pixelated/config/app_factory.py | 35 | ||||
-rw-r--r-- | service/pixelated/config/args.py | 4 | ||||
-rw-r--r-- | service/pixelated/config/events_server.py | 21 | ||||
-rw-r--r-- | service/pixelated/config/initialize_leap.py | 26 | ||||
-rw-r--r-- | service/pixelated/config/loading_page.py | 4 | ||||
-rw-r--r-- | service/pixelated/config/soledad.py | 29 |
7 files changed, 71 insertions, 107 deletions
diff --git a/service/pixelated/config/__init__.py b/service/pixelated/config/__init__.py index 871a7925..125ee1cb 100644 --- a/service/pixelated/config/__init__.py +++ b/service/pixelated/config/__init__.py @@ -19,51 +19,54 @@ import sys from pixelated.config import app_factory from pixelated.config.args import parse_user_agent_args -from pixelated.config.events_server import init_events_server -from pixelated.config.loading_page import loading +from pixelated.config.loading_page import LoadingResource from pixelated.config.register import register from pixelated.config.logging_setup import init_logging -from pixelated.config.soledad import init_soledad_and_user_key from twisted.internet import reactor from twisted.internet.threads import deferToThread -from pixelated.support.error_handler import error_handler +from twisted.internet import defer +from twisted.web.server import Site from pixelated.config.initialize_leap import initialize_leap +@defer.inlineCallbacks +def start_user_agent(loading_app, host, port, sslkey, sslcert, leap_home, leap_session): + yield loading_app.stopListening() + + app_factory.create_app(leap_home, + leap_session, + host, + port, + sslkey=sslkey, + sslcert=sslcert) + + def initialize(): args = parse_user_agent_args() init_logging(debug=args.debug) - app = initialize_leap(args.leap_provider_cert, - args.leap_provider_cert_fingerprint, - args.config, - args.dispatcher, - args.dispatcher_stdin) - if args.register: register(*args.register) sys.exit(0) - init_events_server() - - def load_app(): - # welcome to deferred hell. Or maybe you'll be welcomed later, who knows. - loading_app = loading(args) - - def init_soledad(): - return init_soledad_and_user_key(app, args.home) - - def stop_loading_app(leap_session): - d = loading_app.stopListening() - d.addCallback(partial(start_user_agent_app, leap_session)) + loading_app = reactor.listenTCP(args.port, Site(LoadingResource()), interface=args.host) - def start_user_agent_app(leap_session, _): - app_factory.create_app(app, args, leap_session) + deferred = deferToThread( + lambda: initialize_leap(args.leap_provider_cert, + args.leap_provider_cert_fingerprint, + args.config_file, + args.dispatcher, + args.dispatcher_stdin, + args.leap_home)) - d = deferToThread(init_soledad) - d.addCallback(stop_loading_app) - d.addErrback(error_handler) + deferred.addCallback( + lambda leap_session: start_user_agent(loading_app, + args.host, + args.port, + args.sslkey, + args.sslcert, + args.leap_home, + leap_session)) - reactor.callWhenRunning(load_app) reactor.run() diff --git a/service/pixelated/config/app_factory.py b/service/pixelated/config/app_factory.py index d02472ec..c74a46f7 100644 --- a/service/pixelated/config/app_factory.py +++ b/service/pixelated/config/app_factory.py @@ -93,7 +93,7 @@ def stop_incoming_mail_fetcher(reactor_stop_function, leap_session): return wrapper -def init_app(app, leap_home, leap_session): +def init_app(resource, leap_home, leap_session): leap_session.start_background_jobs() keymanager = leap_session.nicknym.keymanager @@ -110,7 +110,7 @@ def init_app(app, leap_home, leap_session): MailboxIndexerListener.SEARCH_ENGINE = search_engine InputMail.FROM_EMAIL_ADDRESS = leap_session.account_email() - app.resource.initialize(soledad_querier, keymanager, search_engine, mail_service, draft_service) + resource.initialize(soledad_querier, keymanager, search_engine, mail_service, draft_service) register(signal=proto.SOLEDAD_DONE_DATA_SYNC, uid=INIT_INDEX_AND_REMOVE_DUPES_CALLBACK, @@ -130,33 +130,36 @@ def init_app(app, leap_home, leap_session): reactor.stop = stop_incoming_mail_fetcher(reactor.stop, leap_session) -def create_app(app, args, leap_session): - app.resource = RootResource() - init_app(app, args.home, leap_session) - if args.sslkey and args.sslcert: - listen_with_ssl(app, args) +def create_app(leap_home, leap_session, host, port, sslkey=None, sslcert=None): + resource = RootResource() + init_app(resource, leap_home, leap_session) + if sslkey and sslcert: + listen_with_ssl(resource, host, port, sslkey, sslcert) else: - listen_without_ssl(app, args) + listen_without_ssl(resource, host, port) -def listen_without_ssl(app, args): - reactor.listenTCP(args.port, Site(app.resource), interface=args.host) +def listen_without_ssl(resource, host, port): + reactor.listenTCP(port, Site(resource), interface=host) -def _ssl_options(args): - with open(args.sslkey) as keyfile: +def _ssl_options(sslkey, sslcert): + with open(sslkey) as keyfile: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, keyfile.read()) - with open(args.sslcert) as certfile: + with open(sslcert) as certfile: cert = crypto.load_certificate(crypto.FILETYPE_PEM, certfile.read()) + acceptable = ssl.AcceptableCiphers.fromOpenSSLCipherString( u'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH') - options = ssl.CertificateOptions(privateKey=pkey, certificate=cert, method=SSL.TLSv1_2_METHOD, + options = ssl.CertificateOptions(privateKey=pkey, + certificate=cert, + method=SSL.TLSv1_2_METHOD, acceptableCiphers=acceptable) return options -def listen_with_ssl(app, args): - reactor.listenSSL(args.port, Site(app.resource), _ssl_options(args), interface=args.host) +def listen_with_ssl(resource, host, port, sslkey, sslcert): + reactor.listenSSL(port, Site(resource), _ssl_options(sslkey, sslcert), interface=host) class RedirectToSSL(resource.Resource): diff --git a/service/pixelated/config/args.py b/service/pixelated/config/args.py index f3549df1..dd3b715d 100644 --- a/service/pixelated/config/args.py +++ b/service/pixelated/config/args.py @@ -51,7 +51,7 @@ def parser_add_default_arguments(parser): parser.add_argument('--debug', action='store_true', help='DEBUG mode.') parser.add_argument('--dispatcher', help='run in organization mode, the credentials will be read from specified file', metavar='file') parser.add_argument('--dispatcher-stdin', help='run in organization mode, the credentials will be read from stdin', default=False, action='store_true', dest='dispatcher_stdin') - parser.add_argument('-c', '--config', metavar='<configfile>', default=None, help='use specified file for credentials (for test purposes only)') - parser.add_argument('--home', help='The folder where the user agent stores its data. Defaults to ~/.leap', default=DEFAULT_LEAP_HOME) + parser.add_argument('-c', '--config', dest='config_file', metavar='<configfile>', default=None, help='use specified file for credentials (for test purposes only)') + parser.add_argument('--leap-home', help='The folder where the user agent stores its data. Defaults to ~/.leap', dest='leap_home', default=DEFAULT_LEAP_HOME) parser.add_argument('-lc', '--leap-provider-cert', metavar='<leap-provider.crt>', default=None, help='use specified file for LEAP provider cert authority certificate (url https://<LEAP-provider-domain>/ca.crt)') parser.add_argument('-lf', '--leap-provider-cert-fingerprint', metavar='<leap provider certificate fingerprint>', default=None, help='use specified fingerprint to validate connection with LEAP provider', dest='leap_provider_cert_fingerprint') diff --git a/service/pixelated/config/events_server.py b/service/pixelated/config/events_server.py deleted file mode 100644 index 121ebcab..00000000 --- a/service/pixelated/config/events_server.py +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. - -from leap.common.events import server as events_server - - -def init_events_server(): - events_server.ensure_server(port=8090) diff --git a/service/pixelated/config/initialize_leap.py b/service/pixelated/config/initialize_leap.py index df7b8412..a4610622 100644 --- a/service/pixelated/config/initialize_leap.py +++ b/service/pixelated/config/initialize_leap.py @@ -1,6 +1,7 @@ from pixelated.config.config import Config from pixelated.config.config_ua import config_user_agent from pixelated.config.dispatcher import config_dispatcher +from leap.common.events import server as events_server import pixelated.bitmask_libraries.certs as certs from pixelated.bitmask_libraries.session import open_leap_session @@ -9,7 +10,8 @@ def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint, config_file, dispatcher, - dispatcher_stdin): + dispatcher_stdin, + leap_home): init_monkeypatches() @@ -17,14 +19,13 @@ def initialize_leap(leap_provider_cert, dispatcher_stdin, config_file) - config = Config() - config.provider = provider - config.username = user - config.password = password - init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint) - return config + events_server.ensure_server(port=8090) + + leap_session = create_leap_session(provider, user, password, leap_home) + + return leap_session def gather_credentials(dispatcher, dispatcher_stdin, config_file): @@ -34,6 +35,17 @@ def gather_credentials(dispatcher, dispatcher_stdin, config_file): return config_user_agent(config_file) +def create_leap_session(provider, username, password, leap_home): + leap_session = open_leap_session(username, + password, + provider, + leap_home) + + leap_session.soledad_session.soledad.sync(defer_decryption=False) + leap_session.nicknym.generate_openpgp_key() + return leap_session + + def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint): if leap_provider_cert_fingerprint is None: certs.LEAP_CERT = leap_provider_cert or True diff --git a/service/pixelated/config/loading_page.py b/service/pixelated/config/loading_page.py index b8a95f57..473f675e 100644 --- a/service/pixelated/config/loading_page.py +++ b/service/pixelated/config/loading_page.py @@ -48,7 +48,3 @@ class LoadingResource(Resource): if path == '': return self return Resource.getChild(self, path, request) - - -def loading(args): - return reactor.listenTCP(args.port, Site(LoadingResource()), interface=args.host) diff --git a/service/pixelated/config/soledad.py b/service/pixelated/config/soledad.py deleted file mode 100644 index 6f03d02b..00000000 --- a/service/pixelated/config/soledad.py +++ /dev/null @@ -1,29 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. - -from pixelated.bitmask_libraries.session import open as open_leap_session - - -def init_soledad_and_user_key(config, leap_home): - leap_session = open_leap_session(config.username, - config.password, - config.provider, - leap_home) - - soledad = leap_session.soledad_session.soledad - soledad.sync(defer_decryption=False) - leap_session.nicknym.generate_openpgp_key() - return leap_session |