diff options
Diffstat (limited to 'service/pixelated')
-rw-r--r-- | service/pixelated/bitmask_libraries/auth.py | 6 | ||||
-rw-r--r-- | service/pixelated/bitmask_libraries/certs.py | 24 | ||||
-rw-r--r-- | service/pixelated/bitmask_libraries/nicknym.py | 4 | ||||
-rw-r--r-- | service/pixelated/bitmask_libraries/provider.py | 10 | ||||
-rw-r--r-- | service/pixelated/bitmask_libraries/smtp.py | 4 | ||||
-rw-r--r-- | service/pixelated/bitmask_libraries/soledad.py | 4 |
6 files changed, 25 insertions, 27 deletions
diff --git a/service/pixelated/bitmask_libraries/auth.py b/service/pixelated/bitmask_libraries/auth.py index 0b13cb64..9a2fdcb2 100644 --- a/service/pixelated/bitmask_libraries/auth.py +++ b/service/pixelated/bitmask_libraries/auth.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. from .leap_srp import LeapSecureRemotePassword -from .certs import which_bundle +from .certs import which_api_CA_bundle USE_PASSWORD = None @@ -32,11 +32,11 @@ class LeapAuthenticator(object): def authenticate(self, credentials): config = self._provider.config - srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) + srp = LeapSecureRemotePassword(ca_bundle=which_api_CA_bundle(self._provider), timeout_in_s=config.timeout_in_s) srp_session = srp.authenticate(self._provider.api_uri, credentials.user_name, credentials.password) return srp_session def register(self, credentials): config = self._provider.config - srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) + srp = LeapSecureRemotePassword(ca_bundle=which_api_CA_bundle(self._provider), timeout_in_s=config.timeout_in_s) srp.register(self._provider.api_uri, credentials.user_name, credentials.password) diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index ed09e4a3..31e68d1c 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import os -import requests -import json from leap.common import ca_bundle @@ -25,15 +23,15 @@ LEAP_CERT = None LEAP_FINGERPRINT = None -def which_bundle(provider): - return str(LeapCertificate(provider).provider_ca_bundle()) +def which_api_CA_bundle(provider): + return str(LeapCertificate(provider).api_ca_bundle()) -def which_bootstrap_fingerprint(provider): +def which_bootstrap_cert_fingerprint(): return LEAP_FINGERPRINT -def which_bootstrap_bundle(provider): +def which_bootstrap_CA_bundle(provider): if LEAP_CERT is not None: return LEAP_CERT return str(LeapCertificate(provider).auto_detect_bootstrap_ca_bundle()) @@ -60,11 +58,11 @@ class LeapCertificate(object): else: return self._config.bootstrap_ca_cert_bundle - def provider_ca_bundle(self): + def api_ca_bundle(self): if self._provider.config.ca_cert_bundle: return self._provider.config.ca_cert_bundle - cert_file = self._provider_cert_file() + cert_file = self._api_cert_file() if not os.path.isfile(cert_file): self._download_server_cert(cert_file) @@ -72,14 +70,14 @@ class LeapCertificate(object): return cert_file def refresh_ca_bundle(self): - cert_file = self._provider_cert_file() + cert_file = self._api_cert_file() self._download_server_cert(cert_file) - def _provider_cert_file(self): - certs_root = self._provider_certs_root_path() - return os.path.join(certs_root, 'provider.pem') + def _api_cert_file(self): + certs_root = self._api_certs_root_path() + return os.path.join(certs_root, 'api.pem') - def _provider_certs_root_path(self): + def _api_certs_root_path(self): path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client') if not os.path.isdir(path): os.makedirs(path, 0700) diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py index 362167b6..ef846bba 100644 --- a/service/pixelated/bitmask_libraries/nicknym.py +++ b/service/pixelated/bitmask_libraries/nicknym.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. from leap.keymanager import KeyManager, openpgp, KeyNotFound -from .certs import which_bundle +from .certs import which_api_CA_bundle class NickNym(object): @@ -23,7 +23,7 @@ class NickNym(object): self._email = '%s@%s' % (srp_session.user_name, provider.domain) self.keymanager = KeyManager('%s@%s' % (srp_session.user_name, provider.domain), nicknym_url, soledad_session.soledad, - srp_session.token, which_bundle(provider), provider.api_uri, + srp_session.token, which_api_CA_bundle(provider), provider.api_uri, provider.api_version, srp_session.uuid, config.gpg_binary) diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index 34e426d7..a0bf4843 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -17,7 +17,7 @@ import json from leap.common.certs import get_digest import requests -from .certs import which_bootstrap_bundle, which_bundle, which_bootstrap_fingerprint +from .certs import which_bootstrap_CA_bundle, which_api_CA_bundle, which_bootstrap_cert_fingerprint from pixelated.support.tls_adapter import EnforceTLSv1Adapter @@ -97,8 +97,8 @@ class LeapProvider(object): def _validated_get(self, url): session = requests.session() try: - session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_fingerprint(self))) - response = session.get(url, verify=which_bootstrap_bundle(self), timeout=self.config.timeout_in_s) + session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint())) + response = session.get(url, verify=which_bootstrap_CA_bundle(self), timeout=self.config.timeout_in_s) response.raise_for_status() return response finally: @@ -113,14 +113,14 @@ class LeapProvider(object): def fetch_soledad_json(self): service_url = "%s/%s/config/soledad-service.json" % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) def fetch_smtp_json(self): service_url = '%s/%s/config/smtp-service.json' % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py index d4f68f94..ba5e7102 100644 --- a/service/pixelated/bitmask_libraries/smtp.py +++ b/service/pixelated/bitmask_libraries/smtp.py @@ -16,7 +16,7 @@ import logging import os import requests -from .certs import which_bundle +from .certs import which_api_CA_bundle from leap.mail.smtp import setup_smtp_gateway @@ -58,7 +58,7 @@ class LeapSmtp(object): cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) cookies = {"_session_id": self._srp_session.session_id} - response = requests.get(cert_url, verify=which_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s) + response = requests.get(cert_url, verify=which_api_CA_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s) response.raise_for_status() client_cert = response.content diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py index 1c46f2ab..83a8caa9 100644 --- a/service/pixelated/bitmask_libraries/soledad.py +++ b/service/pixelated/bitmask_libraries/soledad.py @@ -19,7 +19,7 @@ import os from leap.keymanager import KeyManager from leap.soledad.client import Soledad from leap.soledad.common.crypto import WrongMac, UnknownMacMethod -from .certs import which_bundle +from .certs import which_api_CA_bundle SOLEDAD_TIMEOUT = 120 @@ -67,7 +67,7 @@ class SoledadSession(object): local_db = self._local_db_path() return Soledad(self.leap_srp_session.uuid, unicode(encryption_passphrase), secrets, - local_db, server_url, which_bundle(self.provider), self.leap_srp_session.token, defer_encryption=False) + local_db, server_url, which_api_CA_bundle(self.provider), self.leap_srp_session.token, defer_encryption=False) except (WrongMac, UnknownMacMethod), e: raise SoledadWrongPassphraseException(e) |