summaryrefslogtreecommitdiff
path: root/service/pixelated
diff options
context:
space:
mode:
Diffstat (limited to 'service/pixelated')
-rw-r--r--service/pixelated/application.py3
-rw-r--r--service/pixelated/bitmask_libraries/certs.py6
-rw-r--r--service/pixelated/bitmask_libraries/keymanager.py (renamed from service/pixelated/bitmask_libraries/nicknym.py)13
-rw-r--r--service/pixelated/bitmask_libraries/provider.py35
-rw-r--r--service/pixelated/bitmask_libraries/soledad.py46
-rw-r--r--service/pixelated/config/leap.py17
-rw-r--r--service/pixelated/config/leap_config.py (renamed from service/pixelated/bitmask_libraries/config.py)16
-rw-r--r--service/pixelated/config/services.py8
-rw-r--r--service/pixelated/config/sessions.py (renamed from service/pixelated/bitmask_libraries/session.py)315
-rw-r--r--service/pixelated/register.py5
10 files changed, 205 insertions, 259 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 65e974b6..178726ef 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -144,10 +144,9 @@ def _start_in_multi_user_mode(args, root_resource, services_factory):
def _setup_multi_user(args, root_resource, services_factory):
if args.provider is None:
raise ValueError('Multi-user mode: provider name is required')
-
init_monkeypatches()
events_server.ensure_server()
- config, provider = initialize_leap_provider(args.provider, args.leap_provider_cert, args.leap_provider_cert_fingerprint, args.leap_home)
+ provider = initialize_leap_provider(args.provider, args.leap_provider_cert, args.leap_provider_cert_fingerprint, args.leap_home)
protected_resource = set_up_protected_resources(root_resource, provider, services_factory, banner=args.banner)
return protected_resource
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 9d543672..e3466d05 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
import os
+from pixelated.config import leap_config
class LeapCertificate(object):
@@ -22,7 +23,6 @@ class LeapCertificate(object):
LEAP_FINGERPRINT = None
def __init__(self, provider):
- self._config = provider.config
self._server_name = provider.server_name
self._provider = provider
@@ -41,10 +41,10 @@ class LeapCertificate(object):
@property
def provider_api_cert(self):
- return str(os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem'))
+ return str(os.path.join(leap_config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem'))
def setup_ca_bundle(self):
- path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client')
+ path = os.path.join(leap_config.leap_home, 'providers', self._server_name, 'keys', 'client')
if not os.path.isdir(path):
os.makedirs(path, 0700)
self._download_cert(self.provider_api_cert)
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/keymanager.py
index aeedab2c..78d6e935 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/keymanager.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from leap.keymanager import KeyManager, KeyNotFound
+from pixelated.config import leap_config
from .certs import LeapCertificate
from twisted.internet import defer
import logging
@@ -21,15 +22,15 @@ import logging
logger = logging.getLogger(__name__)
-class NickNym(object):
- def __init__(self, provider, config, soledad, email_address, token, uuid):
- nicknym_url = _discover_nicknym_server(provider)
+class Keymanager(object):
+ def __init__(self, provider, soledad, email_address, token, uuid):
+ nicknym_url = provider._discover_nicknym_server()
self._email = email_address
self.keymanager = KeyManager(self._email, nicknym_url,
soledad,
token=token, ca_cert_path=LeapCertificate(provider).provider_api_cert, api_uri=provider.api_uri,
api_version=provider.api_version,
- uid=uuid, gpgbinary=config.gpg_binary)
+ uid=uuid, gpgbinary=leap_config.gpg_binary)
@defer.inlineCallbacks
def generate_openpgp_key(self):
@@ -55,7 +56,3 @@ class NickNym(object):
def _send_key_to_leap(self):
return self.keymanager.send_key()
-
-
-def _discover_nicknym_server(provider):
- return 'https://nicknym.%s:6425/' % provider.domain
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 9c889287..07791624 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -19,16 +19,18 @@ import os
from leap.common.certs import get_digest
import requests
from .certs import LeapCertificate
+from pixelated.config import leap_config
from pixelated.support.tls_adapter import EnforceTLSv1Adapter
-from pixelated.bitmask_libraries.soledad import SoledadDiscoverException
+
+REQUESTS_TIMEOUT = 15
class LeapProvider(object):
- def __init__(self, server_name, config):
+ def __init__(self, server_name):
self.server_name = server_name
- self.config = config
- self.local_ca_crt = '%s/ca.crt' % self.config.leap_home
+ self.local_ca_crt = '%s/ca.crt' % leap_config.leap_home
self.provider_json = self.fetch_provider_json()
+ self.soledad_json = self.fetch_soledad_json()
@property
def api_uri(self):
@@ -119,7 +121,7 @@ class LeapProvider(object):
session = requests.session()
try:
session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT))
- response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=self.config.timeout_in_s)
+ response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=REQUESTS_TIMEOUT)
response.raise_for_status()
return response
finally:
@@ -134,14 +136,14 @@ class LeapProvider(object):
def fetch_soledad_json(self):
service_url = "%s/%s/config/soledad-service.json" % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT)
response.raise_for_status()
return json.loads(response.content)
def fetch_smtp_json(self):
service_url = '%s/%s/config/smtp-service.json' % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=REQUESTS_TIMEOUT)
response.raise_for_status()
return json.loads(response.content)
@@ -152,14 +154,11 @@ class LeapProvider(object):
return '%s@%s' % (username, self.domain)
def discover_soledad_server(self, user_uuid):
- try:
- json_data = self.fetch_soledad_json()
-
- hosts = json_data['hosts']
- host = hosts.keys()[0]
- server_url = 'https://%s:%d/user-%s' % \
- (hosts[host]['hostname'], hosts[host]['port'],
- user_uuid)
- return server_url
- except Exception, e:
- raise SoledadDiscoverException(e)
+ hosts = self.soledad_json['hosts']
+ host = hosts.keys()[0]
+ server_url = 'https://%s:%d/user-%s' % \
+ (hosts[host]['hostname'], hosts[host]['port'], user_uuid)
+ return server_url
+
+ def _discover_nicknym_server(self):
+ return 'https://nicknym.%s:6425/' % self.domain
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
deleted file mode 100644
index 406e9fc1..00000000
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# Copyright (c) 2014 ThoughtWorks, Inc.
-#
-# Pixelated is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Pixelated is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-from leap.soledad.client import Soledad
-from leap.soledad.common.crypto import WrongMacError, UnknownMacMethodError
-
-
-class SoledadDiscoverException(Exception):
- def __init__(self, *args, **kwargs):
- super(SoledadDiscoverException, self).__init__(*args, **kwargs)
-
-
-class SoledadWrongPassphraseException(Exception):
- def __init__(self, *args, **kwargs):
- super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
-
-
-class SoledadFactory(object):
-
- @classmethod
- def create(cls, user_token, user_uuid, encryption_passphrase, secrets, local_db, server_url, api_cert):
- try:
- return Soledad(user_uuid,
- passphrase=unicode(encryption_passphrase),
- secrets_path=secrets,
- local_db_path=local_db,
- server_url=server_url,
- cert_file=api_cert,
- shared_db=None,
- auth_token=user_token,
- defer_encryption=False)
-
- except (WrongMacError, UnknownMacMethodError), e:
- raise SoledadWrongPassphraseException(e)
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 9d0a35c4..b14aacc7 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -6,10 +6,10 @@ from leap.soledad.common.errors import InvalidAuthTokenError
from leap.auth import SRPAuth
from pixelated.config import credentials
-from pixelated.bitmask_libraries.config import LeapConfig
+from pixelated.config import leap_config
from pixelated.bitmask_libraries.certs import LeapCertificate
from pixelated.bitmask_libraries.provider import LeapProvider
-from pixelated.bitmask_libraries.session import LeapSessionFactory
+from pixelated.config.sessions import LeapSessionFactory
log = logging.getLogger(__name__)
@@ -17,13 +17,12 @@ log = logging.getLogger(__name__)
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
-
- config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
- provider = LeapProvider(provider_hostname, config)
+ leap_config.set_leap_home(leap_home)
+ provider = LeapProvider(provider_hostname)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
- return config, provider
+ return provider
@defer.inlineCallbacks
@@ -40,16 +39,16 @@ def initialize_leap_multi_user(provider_hostname,
@defer.inlineCallbacks
def create_leap_session(provider, username, password, auth=None):
- leap_session = LeapSessionFactory(provider).create(username, password, auth)
+ leap_session = yield LeapSessionFactory(provider).create(username, password, auth)
try:
- yield leap_session.initial_sync()
+ yield leap_session.first_required_sync()
except InvalidAuthTokenError:
try:
leap_session.close()
except Exception, e:
log.error(e)
leap_session = LeapSessionFactory(provider).create(username, password, auth)
- yield leap_session.initial_sync()
+ yield leap_session.first_required_sync()
defer.returnValue(leap_session)
diff --git a/service/pixelated/bitmask_libraries/config.py b/service/pixelated/config/leap_config.py
index c521a093..324edc5e 100644
--- a/service/pixelated/bitmask_libraries/config.py
+++ b/service/pixelated/config/leap_config.py
@@ -30,17 +30,13 @@ def discover_gpg_binary():
SYSTEM_CA_BUNDLE = True
+leap_home = '~/.leap/'
+gpg_binary = discover_gpg_binary()
-class LeapConfig(object):
+def set_leap_home(new_home):
+ leap_home = new_home
- def __init__(self,
- leap_home=None,
- timeout_in_s=15,
- start_background_jobs=False,
- gpg_binary=discover_gpg_binary()):
- self.leap_home = leap_home
- self.timeout_in_s = timeout_in_s
- self.start_background_jobs = start_background_jobs
- self.gpg_binary = gpg_binary
+def set_gpg_binary(new_binary):
+ gpg_binary = binary
diff --git a/service/pixelated/config/services.py b/service/pixelated/config/services.py
index a49e1df9..494be703 100644
--- a/service/pixelated/config/services.py
+++ b/service/pixelated/config/services.py
@@ -12,14 +12,14 @@ from pixelated.adapter.listeners.mailbox_indexer_listener import listen_all_mail
from twisted.internet import defer, reactor
from pixelated.adapter.search.index_storage_key import SearchIndexStorageKey
from pixelated.adapter.services.feedback_service import FeedbackService
-
+from pixelated.config import leap_config
logger = logging.getLogger(__name__)
class Services(object):
def __init__(self, leap_session):
- self._leap_home = leap_session.config.leap_home
+ self._leap_home = leap_config.leap_home
self._leap_session = leap_session
@defer.inlineCallbacks
@@ -33,7 +33,7 @@ class Services(object):
self.mail_service = self._setup_mail_service(self.search_engine)
- self.keymanager = self._leap_session.nicknym
+ self.keymanager = self._leap_session.keymanager
self.draft_service = self._setup_draft_service(self._leap_session.mail_store)
self.feedback_service = self._setup_feedback_service()
@@ -61,7 +61,7 @@ class Services(object):
self.search_engine = search_engine
def _setup_mail_service(self, search_engine):
- pixelated_mail_sender = MailSender(self._leap_session.smtp_config, self._leap_session.nicknym.keymanager)
+ pixelated_mail_sender = MailSender(self._leap_session.smtp_config, self._leap_session.keymanager.keymanager)
return MailService(
pixelated_mail_sender,
diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/config/sessions.py
index 72ad8520..ed492ea9 100644
--- a/service/pixelated/bitmask_libraries/session.py
+++ b/service/pixelated/config/sessions.py
@@ -1,81 +1,160 @@
-#
-# Copyright (c) 2014 ThoughtWorks, Inc.
-#
-# Pixelated is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Pixelated is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-import errno
-import traceback
-import sys
+from __future__ import absolute_import
+
import os
+import errno
import requests
import logging
-
-from twisted.internet import reactor, defer
-from pixelated.bitmask_libraries.certs import LeapCertificate
-from pixelated.adapter.mailstore import LeapMailStore
+from twisted.internet import defer, threads, reactor
+from leap.soledad.common.crypto import WrongMacError, UnknownMacMethodError
+from leap.soledad.client import Soledad
+from pixelated.bitmask_libraries.keymanager import Keymanager
from leap.mail.incoming.service import IncomingMail
from leap.mail.mail import Account
-from leap.auth import SRPAuth
-from .nicknym import NickNym
-from .smtp import LeapSMTPConfig
-from .soledad import SoledadFactory
import leap.common.certs as leap_certs
-
from leap.common.events import (
register, unregister,
catalog as events
)
+from pixelated.adapter.mailstore import LeapMailStore
+from pixelated.config import leap_config
+from pixelated.bitmask_libraries.certs import LeapCertificate
+from pixelated.bitmask_libraries.smtp import LeapSMTPConfig
+
+logger = logging.getLogger(__name__)
+
+
+class LeapSessionFactory(object):
+ def __init__(self, provider):
+ self._provider = provider
+
+ @defer.inlineCallbacks
+ def create(self, username, password, auth):
+ key = SessionCache.session_key(self._provider, username)
+ session = SessionCache.lookup_session(key)
+ if not session:
+ session = yield self._create_new_session(username, password, auth)
+ SessionCache.remember_session(key, session)
+ defer.returnValue(session)
+
+ @defer.inlineCallbacks
+ def _create_new_session(self, username, password, auth):
+ account_email = self._provider.address_for(username)
+
+ self._create_database_dir(auth.uuid)
+
+ api_cert = LeapCertificate(self._provider).provider_api_cert
+
+ soledad = yield self.setup_soledad(auth.token, auth.uuid, password, api_cert)
+
+ mail_store = LeapMailStore(soledad)
+
+ keymanager = yield self.setup_keymanager(self._provider, soledad, account_email, auth.token, auth.uuid)
+
+ smtp_client_cert = self._download_smtp_cert(auth)
+ smtp_host, smtp_port = self._provider.smtp_info()
+ smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port)
+
+ leap_session = LeapSession(self._provider, auth, mail_store, soledad, keymanager, smtp_config)
+
+ defer.returnValue(leap_session)
+
+ @defer.inlineCallbacks
+ def setup_soledad(self,
+ user_token,
+ user_uuid,
+ password,
+ api_cert):
+ secrets = self._secrets_path(user_uuid)
+ local_db = self._local_db_path(user_uuid)
+ server_url = self._provider.discover_soledad_server(user_uuid)
+ try:
+ soledad = yield threads.deferToThread(Soledad,
+ user_uuid,
+ passphrase=unicode(password),
+ secrets_path=secrets,
+ local_db_path=local_db,
+ server_url=server_url,
+ cert_file=api_cert,
+ shared_db=None,
+ auth_token=user_token,
+ defer_encryption=False)
+ defer.returnValue(soledad)
+ except (WrongMacError, UnknownMacMethodError), e:
+ raise SoledadWrongPassphraseException(e)
+
+ @defer.inlineCallbacks
+ def setup_keymanager(self, provider, soledad, account_email, token, uuid):
+ keymanager = yield threads.deferToThread(Keymanager,
+ provider,
+ soledad,
+ account_email,
+ token,
+ uuid)
+ defer.returnValue(keymanager)
+
+ def _download_smtp_cert(self, auth):
+ cert = SmtpClientCertificate(self._provider, auth, self._user_path(auth.uuid))
+ return cert.cert_path()
+
+ def _create_dir(self, path):
+ try:
+ os.makedirs(path)
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(path):
+ pass
+ else:
+ raise
+
+ def _user_path(self, user_uuid):
+ return os.path.join(leap_config.leap_home, user_uuid)
+
+ def _soledad_path(self, user_uuid):
+ return os.path.join(leap_config.leap_home, user_uuid, 'soledad')
+
+ def _secrets_path(self, user_uuid):
+ return os.path.join(self._soledad_path(user_uuid), 'secrets')
+
+ def _local_db_path(self, user_uuid):
+ return os.path.join(self._soledad_path(user_uuid), 'soledad.db')
-log = logging.getLogger(__name__)
+ def _create_database_dir(self, user_uuid):
+ try:
+ os.makedirs(self._soledad_path(user_uuid))
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(self._soledad_path(user_uuid)):
+ pass
+ else:
+ raise
class LeapSession(object):
- def __init__(self, provider, user_auth, mail_store, soledad, nicknym, smtp_config):
+ def __init__(self, provider, user_auth, mail_store, soledad, keymanager, smtp_config):
self.smtp_config = smtp_config
- self.config = provider.config
self.provider = provider
self.user_auth = user_auth
self.mail_store = mail_store
self.soledad = soledad
- self.nicknym = nicknym
+ self.keymanager = keymanager
self.fresh_account = False
self.incoming_mail_fetcher = None
self.account = None
self._has_been_initially_synced = False
- self._sem_intial_sync = defer.DeferredLock()
self._is_closed = False
register(events.KEYMANAGER_FINISHED_KEY_GENERATION, self._set_fresh_account, uid=self.account_email())
@defer.inlineCallbacks
- def initial_sync(self):
- yield self._sem_intial_sync.acquire()
- try:
- yield self.sync()
- if not self._has_been_initially_synced:
- yield self.after_first_sync()
- self._has_been_initially_synced = True
- finally:
- yield self._sem_intial_sync.release()
- defer.returnValue(self)
+ def first_required_sync(self):
+ yield self.sync()
+ yield self.finish_bootstrap()
@defer.inlineCallbacks
- def after_first_sync(self):
- yield self.nicknym.generate_openpgp_key()
+ def finish_bootstrap(self):
+ yield self.keymanager.generate_openpgp_key()
yield self._create_account(self.soledad, self.user_auth.uuid)
self.incoming_mail_fetcher = yield self._create_incoming_mail_fetcher(
- self.nicknym,
+ self.keymanager,
self.soledad,
self.account,
self.account_email())
@@ -86,7 +165,7 @@ class LeapSession(object):
return self.account.deferred_initialization
def _set_fresh_account(self, event, email_address):
- log.debug('Key for email %s has been generated' % email_address)
+ logger.debug('Key for email %s has been generated' % email_address)
if email_address == self.account_email():
self.fresh_account = True
@@ -115,9 +194,9 @@ class LeapSession(object):
SessionCache.remove_session(key)
@defer.inlineCallbacks
- def _create_incoming_mail_fetcher(self, nicknym, soledad, account, user_mail):
+ def _create_incoming_mail_fetcher(self, keymanager, soledad, account, user_mail):
inbox = yield account.callWhenReady(lambda _: account.get_collection_by_mailbox('INBOX'))
- defer.returnValue(IncomingMail(nicknym.keymanager,
+ defer.returnValue(IncomingMail(keymanager.keymanager,
soledad,
inbox,
user_mail))
@@ -135,6 +214,33 @@ class LeapSession(object):
raise
+class SessionCache(object):
+
+ sessions = {}
+
+ @staticmethod
+ def lookup_session(key):
+ session = SessionCache.sessions.get(key, None)
+ if session is not None and session.is_closed:
+ SessionCache.remove_session(key)
+ return None
+ else:
+ return session
+
+ @staticmethod
+ def remember_session(key, session):
+ SessionCache.sessions[key] = session
+
+ @staticmethod
+ def remove_session(key):
+ if key in SessionCache.sessions:
+ del SessionCache.sessions[key]
+
+ @staticmethod
+ def session_key(provider, username):
+ return hash((provider, username))
+
+
class SmtpClientCertificate(object):
def __init__(self, provider, auth, user_path):
self._provider = provider
@@ -159,7 +265,7 @@ class SmtpClientCertificate(object):
if not os.path.exists(os.path.dirname(cert_path)):
os.makedirs(os.path.dirname(cert_path))
- SmtpCertDownloader(self._provider, self._auth).download_to(cert_path)
+ self.download_to(cert_path)
def _smtp_client_cert_path(self):
return os.path.join(
@@ -168,13 +274,6 @@ class SmtpClientCertificate(object):
self._provider.domain,
"keys", "client", "smtp.pem")
-
-class SmtpCertDownloader(object):
-
- def __init__(self, provider, auth):
- self._provider = provider
- self._auth = auth
-
def download(self):
cert_url = '%s/%s/smtp_cert' % (self._provider.api_uri, self._provider.api_version)
headers = {}
@@ -185,7 +284,7 @@ class SmtpCertDownloader(object):
params=params,
data=params,
verify=LeapCertificate(self._provider).provider_api_cert,
- timeout=self._provider.config.timeout_in_s,
+ timeout=15,
headers=headers)
response.raise_for_status()
@@ -200,102 +299,6 @@ class SmtpCertDownloader(object):
f.write(client_cert)
-class LeapSessionFactory(object):
- def __init__(self, provider):
- self._provider = provider
- self._config = provider.config
-
- def create(self, username, password, auth):
- key = SessionCache.session_key(self._provider, username)
- session = SessionCache.lookup_session(key)
- if not session:
- session = self._create_new_session(username, password, auth)
- SessionCache.remember_session(key, session)
-
- return session
-
- def _create_new_session(self, username, password, auth):
- account_email = self._provider.address_for(username)
-
- self._create_database_dir(auth.uuid)
-
- soledad = SoledadFactory.create(auth.token,
- auth.uuid,
- password,
- self._secrets_path(auth.uuid),
- self._local_db_path(auth.uuid),
- self._provider.discover_soledad_server(auth.uuid),
- LeapCertificate(self._provider).provider_api_cert)
-
- mail_store = LeapMailStore(soledad)
- nicknym = self._create_nicknym(account_email, auth.token, auth.uuid, soledad)
-
- smtp_client_cert = self._download_smtp_cert(auth)
- smtp_host, smtp_port = self._provider.smtp_info()
- smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port)
-
- return LeapSession(self._provider, auth, mail_store, soledad, nicknym, smtp_config)
-
- def _download_smtp_cert(self, auth):
- cert = SmtpClientCertificate(self._provider, auth, self._user_path(auth.uuid))
- return cert.cert_path()
-
- def _create_dir(self, path):
- try:
- os.makedirs(path)
- except OSError as exc:
- if exc.errno == errno.EEXIST and os.path.isdir(path):
- pass
- else:
- raise
-
- def _create_nicknym(self, email_address, token, uuid, soledad):
- return NickNym(self._provider, self._config, soledad, email_address, token, uuid)
-
- def _user_path(self, user_uuid):
- return os.path.join(self._config.leap_home, user_uuid)
-
- def _soledad_path(self, user_uuid):
- return os.path.join(self._config.leap_home, user_uuid, 'soledad')
-
- def _secrets_path(self, user_uuid):
- return os.path.join(self._soledad_path(user_uuid), 'secrets')
-
- def _local_db_path(self, user_uuid):
- return os.path.join(self._soledad_path(user_uuid), 'soledad.db')
-
- def _create_database_dir(self, user_uuid):
- try:
- os.makedirs(self._soledad_path(user_uuid))
- except OSError as exc:
- if exc.errno == errno.EEXIST and os.path.isdir(self._soledad_path(user_uuid)):
- pass
- else:
- raise
-
-
-class SessionCache(object):
-
- sessions = {}
-
- @staticmethod
- def lookup_session(key):
- session = SessionCache.sessions.get(key, None)
- if session is not None and session.is_closed:
- SessionCache.remove_session(key)
- return None
- else:
- return session
-
- @staticmethod
- def remember_session(key, session):
- SessionCache.sessions[key] = session
-
- @staticmethod
- def remove_session(key):
- if key in SessionCache.sessions:
- del SessionCache.sessions[key]
-
- @staticmethod
- def session_key(provider, username):
- return hash((provider, username))
+class SoledadWrongPassphraseException(Exception):
+ def __init__(self, *args, **kwargs):
+ super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
diff --git a/service/pixelated/register.py b/service/pixelated/register.py
index 2bdbb27b..93b55872 100644
--- a/service/pixelated/register.py
+++ b/service/pixelated/register.py
@@ -21,9 +21,8 @@ import sys
from pixelated.config import arguments
from pixelated.config import logger as logger_config
from pixelated.bitmask_libraries.certs import LeapCertificate
-from pixelated.bitmask_libraries.config import LeapConfig
from pixelated.bitmask_libraries.provider import LeapProvider
-from pixelated.bitmask_libraries.session import LeapSessionFactory
+from pixelated.config.sessions import LeapSessionFactory
from leap.auth import SRPAuth
from leap.common.events import server as events_server
import pixelated.extensions.shared_db
@@ -53,7 +52,7 @@ def register(
events_server.ensure_server()
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
- provider = LeapProvider(server_name, config)
+ provider = LeapProvider(server_name)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert)