summaryrefslogtreecommitdiff
path: root/service/pixelated
diff options
context:
space:
mode:
Diffstat (limited to 'service/pixelated')
-rw-r--r--service/pixelated/bitmask_libraries/auth.py6
-rw-r--r--service/pixelated/bitmask_libraries/certs.py24
-rw-r--r--service/pixelated/bitmask_libraries/nicknym.py4
-rw-r--r--service/pixelated/bitmask_libraries/provider.py10
-rw-r--r--service/pixelated/bitmask_libraries/smtp.py4
-rw-r--r--service/pixelated/bitmask_libraries/soledad.py4
6 files changed, 25 insertions, 27 deletions
diff --git a/service/pixelated/bitmask_libraries/auth.py b/service/pixelated/bitmask_libraries/auth.py
index 0b13cb64..9a2fdcb2 100644
--- a/service/pixelated/bitmask_libraries/auth.py
+++ b/service/pixelated/bitmask_libraries/auth.py
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from .leap_srp import LeapSecureRemotePassword
-from .certs import which_bundle
+from .certs import which_api_CA_bundle
USE_PASSWORD = None
@@ -32,11 +32,11 @@ class LeapAuthenticator(object):
def authenticate(self, credentials):
config = self._provider.config
- srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s)
+ srp = LeapSecureRemotePassword(ca_bundle=which_api_CA_bundle(self._provider), timeout_in_s=config.timeout_in_s)
srp_session = srp.authenticate(self._provider.api_uri, credentials.user_name, credentials.password)
return srp_session
def register(self, credentials):
config = self._provider.config
- srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s)
+ srp = LeapSecureRemotePassword(ca_bundle=which_api_CA_bundle(self._provider), timeout_in_s=config.timeout_in_s)
srp.register(self._provider.api_uri, credentials.user_name, credentials.password)
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index ed09e4a3..31e68d1c 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -14,8 +14,6 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
import os
-import requests
-import json
from leap.common import ca_bundle
@@ -25,15 +23,15 @@ LEAP_CERT = None
LEAP_FINGERPRINT = None
-def which_bundle(provider):
- return str(LeapCertificate(provider).provider_ca_bundle())
+def which_api_CA_bundle(provider):
+ return str(LeapCertificate(provider).api_ca_bundle())
-def which_bootstrap_fingerprint(provider):
+def which_bootstrap_cert_fingerprint():
return LEAP_FINGERPRINT
-def which_bootstrap_bundle(provider):
+def which_bootstrap_CA_bundle(provider):
if LEAP_CERT is not None:
return LEAP_CERT
return str(LeapCertificate(provider).auto_detect_bootstrap_ca_bundle())
@@ -60,11 +58,11 @@ class LeapCertificate(object):
else:
return self._config.bootstrap_ca_cert_bundle
- def provider_ca_bundle(self):
+ def api_ca_bundle(self):
if self._provider.config.ca_cert_bundle:
return self._provider.config.ca_cert_bundle
- cert_file = self._provider_cert_file()
+ cert_file = self._api_cert_file()
if not os.path.isfile(cert_file):
self._download_server_cert(cert_file)
@@ -72,14 +70,14 @@ class LeapCertificate(object):
return cert_file
def refresh_ca_bundle(self):
- cert_file = self._provider_cert_file()
+ cert_file = self._api_cert_file()
self._download_server_cert(cert_file)
- def _provider_cert_file(self):
- certs_root = self._provider_certs_root_path()
- return os.path.join(certs_root, 'provider.pem')
+ def _api_cert_file(self):
+ certs_root = self._api_certs_root_path()
+ return os.path.join(certs_root, 'api.pem')
- def _provider_certs_root_path(self):
+ def _api_certs_root_path(self):
path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client')
if not os.path.isdir(path):
os.makedirs(path, 0700)
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py
index 362167b6..ef846bba 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/nicknym.py
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from leap.keymanager import KeyManager, openpgp, KeyNotFound
-from .certs import which_bundle
+from .certs import which_api_CA_bundle
class NickNym(object):
@@ -23,7 +23,7 @@ class NickNym(object):
self._email = '%s@%s' % (srp_session.user_name, provider.domain)
self.keymanager = KeyManager('%s@%s' % (srp_session.user_name, provider.domain), nicknym_url,
soledad_session.soledad,
- srp_session.token, which_bundle(provider), provider.api_uri,
+ srp_session.token, which_api_CA_bundle(provider), provider.api_uri,
provider.api_version,
srp_session.uuid, config.gpg_binary)
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 34e426d7..a0bf4843 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -17,7 +17,7 @@ import json
from leap.common.certs import get_digest
import requests
-from .certs import which_bootstrap_bundle, which_bundle, which_bootstrap_fingerprint
+from .certs import which_bootstrap_CA_bundle, which_api_CA_bundle, which_bootstrap_cert_fingerprint
from pixelated.support.tls_adapter import EnforceTLSv1Adapter
@@ -97,8 +97,8 @@ class LeapProvider(object):
def _validated_get(self, url):
session = requests.session()
try:
- session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_fingerprint(self)))
- response = session.get(url, verify=which_bootstrap_bundle(self), timeout=self.config.timeout_in_s)
+ session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint()))
+ response = session.get(url, verify=which_bootstrap_CA_bundle(self), timeout=self.config.timeout_in_s)
response.raise_for_status()
return response
finally:
@@ -113,14 +113,14 @@ class LeapProvider(object):
def fetch_soledad_json(self):
service_url = "%s/%s/config/soledad-service.json" % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
response.raise_for_status()
return json.loads(response.content)
def fetch_smtp_json(self):
service_url = '%s/%s/config/smtp-service.json' % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
response.raise_for_status()
return json.loads(response.content)
diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py
index d4f68f94..ba5e7102 100644
--- a/service/pixelated/bitmask_libraries/smtp.py
+++ b/service/pixelated/bitmask_libraries/smtp.py
@@ -16,7 +16,7 @@
import logging
import os
import requests
-from .certs import which_bundle
+from .certs import which_api_CA_bundle
from leap.mail.smtp import setup_smtp_gateway
@@ -58,7 +58,7 @@ class LeapSmtp(object):
cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version)
cookies = {"_session_id": self._srp_session.session_id}
- response = requests.get(cert_url, verify=which_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s)
+ response = requests.get(cert_url, verify=which_api_CA_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s)
response.raise_for_status()
client_cert = response.content
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
index 1c46f2ab..83a8caa9 100644
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ b/service/pixelated/bitmask_libraries/soledad.py
@@ -19,7 +19,7 @@ import os
from leap.keymanager import KeyManager
from leap.soledad.client import Soledad
from leap.soledad.common.crypto import WrongMac, UnknownMacMethod
-from .certs import which_bundle
+from .certs import which_api_CA_bundle
SOLEDAD_TIMEOUT = 120
@@ -67,7 +67,7 @@ class SoledadSession(object):
local_db = self._local_db_path()
return Soledad(self.leap_srp_session.uuid, unicode(encryption_passphrase), secrets,
- local_db, server_url, which_bundle(self.provider), self.leap_srp_session.token, defer_encryption=False)
+ local_db, server_url, which_api_CA_bundle(self.provider), self.leap_srp_session.token, defer_encryption=False)
except (WrongMac, UnknownMacMethod), e:
raise SoledadWrongPassphraseException(e)