summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
Diffstat (limited to 'service')
-rw-r--r--service/.gitignore1
-rw-r--r--service/app/bitmask_libraries/__init__.py1
-rw-r--r--service/app/bitmask_libraries/auth.py22
-rw-r--r--service/app/bitmask_libraries/certs.py33
-rw-r--r--service/app/bitmask_libraries/config.py66
-rw-r--r--service/app/bitmask_libraries/leap_srp.py105
-rw-r--r--service/app/bitmask_libraries/nicknym.py18
-rw-r--r--service/app/bitmask_libraries/provider.py112
-rw-r--r--service/app/bitmask_libraries/session.py153
-rw-r--r--service/app/bitmask_libraries/smtp.py77
-rw-r--r--service/app/bitmask_libraries/soledad.py95
-rw-r--r--service/app/leap/client.py25
-rwxr-xr-xservice/go2
-rw-r--r--service/requirements.txt14
-rwxr-xr-xservice/runtests3
-rw-r--r--service/test/bitmask_libraries/__init__.py0
-rw-r--r--service/test/bitmask_libraries/abstract_leap_test.py26
-rw-r--r--service/test/bitmask_libraries/leap_srp_test.py106
-rw-r--r--service/test/bitmask_libraries/nicknym_test.py19
-rw-r--r--service/test/bitmask_libraries/provider_test.py170
-rw-r--r--service/test/bitmask_libraries/session_test.py49
-rw-r--r--service/test/bitmask_libraries/smtp_test.py77
-rw-r--r--service/test/bitmask_libraries/soledad_test.py54
-rw-r--r--service/test/search/test_search_query.py2
24 files changed, 1221 insertions, 9 deletions
diff --git a/service/.gitignore b/service/.gitignore
new file mode 100644
index 00000000..a21a0f95
--- /dev/null
+++ b/service/.gitignore
@@ -0,0 +1 @@
+.virtualenv
diff --git a/service/app/bitmask_libraries/__init__.py b/service/app/bitmask_libraries/__init__.py
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/service/app/bitmask_libraries/__init__.py
@@ -0,0 +1 @@
+
diff --git a/service/app/bitmask_libraries/auth.py b/service/app/bitmask_libraries/auth.py
new file mode 100644
index 00000000..4958c586
--- /dev/null
+++ b/service/app/bitmask_libraries/auth.py
@@ -0,0 +1,22 @@
+from .leap_srp import LeapSecureRemotePassword
+from .certs import which_bundle
+
+USE_PASSWORD = None
+
+
+class LeapCredentials(object):
+ def __init__(self, user_name, password, db_passphrase=USE_PASSWORD):
+ self.user_name = user_name
+ self.password = password
+ self.db_passphrase = db_passphrase if db_passphrase is not None else password
+
+
+class LeapAuthenticator(object):
+ def __init__(self, provider):
+ self._provider = provider
+
+ def authenticate(self, credentials):
+ config = self._provider.config
+ srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s)
+ srp_session = srp.authenticate(self._provider.api_uri, credentials.user_name, credentials.password)
+ return srp_session
diff --git a/service/app/bitmask_libraries/certs.py b/service/app/bitmask_libraries/certs.py
new file mode 100644
index 00000000..a814ec82
--- /dev/null
+++ b/service/app/bitmask_libraries/certs.py
@@ -0,0 +1,33 @@
+import os
+
+from leap.common import ca_bundle
+
+from .config import AUTO_DETECT_CA_BUNDLE
+
+
+def which_bundle(provider):
+ return LeapCertificate(provider).auto_detect_ca_bundle()
+
+
+class LeapCertificate(object):
+ def __init__(self, provider):
+ self._config = provider.config
+ self._server_name = provider.server_name
+ self._leap_home = self._config.leap_home
+
+ def auto_detect_ca_bundle(self):
+ if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
+ local_cert = self._local_server_cert()
+ if local_cert:
+ return local_cert
+ else:
+ return ca_bundle.where()
+ else:
+ return self._config.ca_cert_bundle
+
+ def _local_server_cert(self):
+ cert_file = os.path.join(self._leap_home, '%s.ca.crt' % self._server_name)
+ if os.path.isfile(cert_file):
+ return cert_file
+ else:
+ return None
diff --git a/service/app/bitmask_libraries/config.py b/service/app/bitmask_libraries/config.py
new file mode 100644
index 00000000..5baa7808
--- /dev/null
+++ b/service/app/bitmask_libraries/config.py
@@ -0,0 +1,66 @@
+import os
+from os.path import expanduser
+from distutils.spawn import find_executable
+
+
+def discover_gpg_binary():
+ path = find_executable('gpg')
+ if path is None:
+ raise Exception('Did not find a gpg executable!')
+
+ if os.path.islink(path):
+ path = os.path.realpath(path)
+
+ return path
+
+
+DEFAULT_LEAP_HOME = os.path.join(expanduser("~"), '.leap')
+
+SYSTEM_CA_BUNDLE = True
+AUTO_DETECT_CA_BUNDLE = None
+
+
+class LeapConfig(object):
+ """
+ LEAP client configuration
+
+ """
+
+ def __init__(self, leap_home=DEFAULT_LEAP_HOME, ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, verify_ssl=True,
+ fetch_interval_in_s=30,
+ timeout_in_s=15, start_background_jobs=True, gpg_binary=discover_gpg_binary()):
+ """
+ Constructor.
+
+ :param server_name: The LEAP server name, e.g. demo.leap.se
+ :type server_name: str
+
+ :param user_name: The LEAP account user name, normally the first part of your email, e.g. foobar for foobar@demo.leap.se
+ :type user_name: str
+
+ :param user_password: The LEAP account password
+ :type user_password: str
+
+ :param db_passphrase: The passphrase used to encrypt the local soledad database
+ :type db_passphrase: str
+
+ :param verify_ssl: Set to false to disable strict SSL certificate validation
+ :type verify_ssl: bool
+
+ :param fetch_interval_in_s: Polling interval for fetching incoming mail from LEAP server
+ :type fetch_interval_in_s: int
+
+ :param timeout_in_s: Timeout for network operations, e.g. HTTP calls
+ :type timeout_in_s: int
+
+ :param gpg_binary: Path to the GPG binary (must not be a symlink)
+ :type gpg_binary: str
+
+ """
+ self.leap_home = leap_home
+ self.ca_cert_bundle = ca_cert_bundle
+ self.verify_ssl = verify_ssl
+ self.timeout_in_s = timeout_in_s
+ self.start_background_jobs = start_background_jobs
+ self.gpg_binary = gpg_binary
+ self.fetch_interval_in_s = fetch_interval_in_s
diff --git a/service/app/bitmask_libraries/leap_srp.py b/service/app/bitmask_libraries/leap_srp.py
new file mode 100644
index 00000000..a1de7de3
--- /dev/null
+++ b/service/app/bitmask_libraries/leap_srp.py
@@ -0,0 +1,105 @@
+import binascii
+import json
+
+from requests import Session
+from srp import User, srp
+from requests.exceptions import HTTPError, SSLError, Timeout
+from config import SYSTEM_CA_BUNDLE
+
+
+class LeapAuthException(Exception):
+ def __init__(self, *args, **kwargs):
+ super(LeapAuthException, self).__init__(*args, **kwargs)
+
+
+class LeapSRPSession(object):
+ def __init__(self, user_name, api_server_name, uuid, token, session_id, api_version='1'):
+ self.user_name = user_name
+ self.api_server_name = api_server_name
+ self.uuid = uuid
+ self.token = token
+ self.session_id = session_id
+ self.api_version = api_version
+
+ def __str__(self):
+ return 'LeapSRPSession(%s, %s, %s, %s, %s, %s)' % (self.user_name, self.api_server_name, self.uuid, self.token, self.session_id, self.api_version)
+
+
+class LeapSecureRemotePassword(object):
+ def __init__(self, hash_alg=srp.SHA256, ng_type=srp.NG_1024, ca_bundle=SYSTEM_CA_BUNDLE, timeout_in_s=15,
+ leap_api_version='1'):
+
+ self.hash_alg = hash_alg
+ self.ng_type = ng_type
+ self.timeout_in_s = timeout_in_s
+ self.ca_bundle = ca_bundle
+ self.leap_api_version = leap_api_version
+
+ def authenticate(self, api_uri, username, password):
+ session = Session()
+ try:
+ return self._authenticate_with_session(session, api_uri, username, password)
+ except Timeout, e:
+ raise LeapAuthException(e)
+ finally:
+ session.close()
+
+ def _authenticate_with_session(self, http_session, api_uri, username, password):
+ try:
+ srp_user = User(username.encode('utf-8'), password.encode('utf-8'), self.hash_alg, self.ng_type)
+
+ salt, B_challenge = self._begin_authentication(srp_user, http_session, api_uri)
+ M2_verfication_code, leap_session = self._process_challenge(srp_user, http_session, api_uri, salt,
+ B_challenge)
+ self._verify_session(srp_user, M2_verfication_code)
+
+ return leap_session
+ except (HTTPError, SSLError), e:
+ raise LeapAuthException(e)
+
+ def _begin_authentication(self, user, session, api_uri):
+ _, A = user.start_authentication()
+
+ auth_data = {
+ "login": user.get_username(),
+ "A": binascii.hexlify(A)
+ }
+ session_url = '%s/%s/sessions' % (api_uri, self.leap_api_version)
+ response = session.post(session_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s)
+ response.raise_for_status()
+ json_content = json.loads(response.content)
+
+ salt = _safe_unhexlify(json_content.get('salt'))
+ B = _safe_unhexlify(json_content.get('B'))
+
+ return salt, B
+
+ def _process_challenge(self, user, session, api_uri, salt, B):
+ M = user.process_challenge(salt, B)
+
+ auth_data = {
+ "client_auth": binascii.hexlify(M)
+ }
+
+ auth_url = '%s/%s/sessions/%s' % (api_uri, self.leap_api_version, user.get_username())
+ response = session.put(auth_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s)
+ response.raise_for_status()
+ auth_json = json.loads(response.content)
+
+ M2 = _safe_unhexlify(auth_json.get('M2'))
+ uuid = auth_json.get('id')
+ token = auth_json.get('token')
+ session_id = response.cookies.get('_session_id')
+
+ return M2, LeapSRPSession(user.get_username(), api_uri, uuid, token, session_id)
+
+ def _verify_session(self, user, M2):
+ user.verify_session(M2)
+ if not user.authenticated():
+ raise LeapAuthException()
+
+
+def _safe_unhexlify(hex_str):
+ return binascii.unhexlify(hex_str) \
+ if (len(hex_str) % 2 == 0) else binascii.unhexlify('0' + hex_str)
+
diff --git a/service/app/bitmask_libraries/nicknym.py b/service/app/bitmask_libraries/nicknym.py
new file mode 100644
index 00000000..5d9c5308
--- /dev/null
+++ b/service/app/bitmask_libraries/nicknym.py
@@ -0,0 +1,18 @@
+from leap.keymanager import KeyManager
+from .certs import which_bundle
+
+SOLEDAD_CERT = '/tmp/ca.crt'
+
+
+class NickNym(object):
+
+ def __init__(self, provider, config, soledad_session, srp_session):
+ nicknym_url = _discover_nicknym_server(provider)
+ self.keymanager = KeyManager('%s@%s' % (srp_session.user_name, provider.domain), nicknym_url, soledad_session.soledad,
+ srp_session.session_id, which_bundle(provider), provider.api_uri,
+ provider.api_version,
+ srp_session.uuid, config.gpg_binary)
+
+
+def _discover_nicknym_server(provider):
+ return 'https://nicknym.%s:6425/' % provider.domain
diff --git a/service/app/bitmask_libraries/provider.py b/service/app/bitmask_libraries/provider.py
new file mode 100644
index 00000000..1bfd69fb
--- /dev/null
+++ b/service/app/bitmask_libraries/provider.py
@@ -0,0 +1,112 @@
+import json
+
+from leap.common.certs import get_digest
+import requests
+
+from .certs import which_bundle
+
+
+class LeapProvider(object):
+ def __init__(self, server_name, config):
+ self.server_name = server_name
+ self.config = config
+
+ self.provider_json = self.fetch_provider_json()
+
+ @property
+ def api_uri(self):
+ return self.provider_json.get('api_uri')
+
+ @property
+ def ca_cert_fingerprint(self):
+ return self.provider_json.get('ca_cert_fingerprint')
+
+ @property
+ def ca_cert_uri(self):
+ return self.provider_json.get('ca_cert_uri')
+
+ @property
+ def api_version(self):
+ return self.provider_json.get('api_version')
+
+ @property
+ def domain(self):
+ return self.provider_json.get('domain')
+
+ @property
+ def services(self):
+ return self.provider_json.get('services')
+
+ def __hash__(self):
+ return hash(self.server_name)
+
+ def __eq__(self, other):
+ return self.server_name == other.server_name
+
+ def ensure_supports_mx(self):
+ if not 'mx' in self.services:
+ raise Exception
+
+ def download_certificate_to(self, filename):
+ """
+ Downloads the server certificate, validates it against the provided fingerprint and stores it to file
+ """
+ cert = self.fetch_valid_certificate()
+ with open(filename, 'w') as out:
+ out.write(cert)
+
+ def fetch_valid_certificate(self):
+ cert = self._fetch_certificate()
+ self.validate_certificate(cert)
+ return cert
+
+ def _fetch_certificate(self):
+ session = requests.session()
+ try:
+ cert_url = '%s/ca.crt' % self._provider_base_url()
+ response = session.get(cert_url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response.raise_for_status()
+
+ cert_data = response.content
+ return cert_data
+ finally:
+ session.close()
+
+ def validate_certificate(self, cert_data=None):
+ if cert_data is None:
+ cert_data = self._fetch_certificate()
+
+ parts = str(self.ca_cert_fingerprint).split(':')
+ method = parts[0].strip()
+ fingerprint = parts[1].strip()
+
+ digest = get_digest(cert_data, method)
+
+ if fingerprint.strip() != digest:
+ raise Exception('Certificate fingerprints don\'t match')
+
+ def fetch_provider_json(self):
+
+ url = '%s/provider.json' % self._provider_base_url()
+ response = requests.get(url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response.raise_for_status()
+
+ json_data = json.loads(response.content)
+ return json_data
+
+ def fetch_soledad_json(self):
+ service_url = "%s/%s/config/soledad-service.json" % (
+ self.api_uri, self.api_version)
+ response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response.raise_for_status()
+ return json.loads(response.content)
+
+ def fetch_smtp_json(self):
+ service_url = '%s/%s/config/smtp-service.json' % (
+ self.api_uri, self.api_version)
+ response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s)
+ response.raise_for_status()
+ return json.loads(response.content)
+
+ def _provider_base_url(self):
+ return 'https://%s' % self.server_name
diff --git a/service/app/bitmask_libraries/session.py b/service/app/bitmask_libraries/session.py
new file mode 100644
index 00000000..66e4fcab
--- /dev/null
+++ b/service/app/bitmask_libraries/session.py
@@ -0,0 +1,153 @@
+import os
+import errno
+import traceback
+from leap.mail.imap.fetch import LeapIncomingMail
+from leap.mail.imap.server import SoledadBackedAccount
+import sys
+from twisted.internet import reactor
+from .nicknym import NickNym
+
+from .auth import LeapAuthenticator
+from .soledad import SoledadSessionFactory, SoledadSession
+from .smtp import LeapSmtp
+
+SESSIONS = {}
+
+
+class LeapSession(object):
+ """
+ A LEAP session.
+
+
+ Properties:
+
+ - ``leap_config`` the configuration for this session (LeapClientConfig).
+
+ - ``srp_session`` the secure remote password session to authenticate with LEAP. See http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol (LeapSecureRemotePassword)
+
+ - ``soledad_session`` the soledad session. See https://leap.se/soledad (LeapSecureRemotePassword)
+
+ - ``nicknym`` the nicknym instance. See https://leap.se/nicknym (NickNym)
+
+ - ``account`` the actual leap mail account. Implements Twisted imap4.IAccount and imap4.INamespacePresenter (SoledadBackedAccount)
+
+ - ``incoming_mail_fetcher`` Background job for fetching incoming mails from LEAP server (LeapIncomingMail)
+ """
+
+ def __init__(self, provider, srp_session, soledad_session, nicknym, soledad_account, incoming_mail_fetcher):
+ """
+ Constructor.
+
+ :param leap_config: The config for this LEAP session
+ :type leap_config: LeapConfig
+
+ """
+ self.config = provider.config
+ self.provider = provider
+ self.srp_session = srp_session
+ self.soledad_session = soledad_session
+ self.nicknym = nicknym
+ self.account = soledad_account
+ self.incoming_mail_fetcher = incoming_mail_fetcher
+
+ if self.config.start_background_jobs:
+ self.start_background_jobs()
+
+ def account_email(self):
+ domain = self.provider.domain
+ name = self.srp_session.user_name
+ return '%s@%s' % (name, domain)
+
+ def close(self):
+ self.stop_background_jobs()
+
+ def start_background_jobs(self):
+ reactor.callFromThread(self.incoming_mail_fetcher.start_loop)
+
+ def stop_background_jobs(self):
+ reactor.callFromThread(self.incoming_mail_fetcher.stop)
+
+ def sync(self):
+ try:
+ self.soledad_session.sync()
+ except:
+ traceback.print_exc(file=sys.stderr)
+ raise
+
+
+class LeapSessionFactory(object):
+ def __init__(self, provider):
+ self._provider = provider
+ self._config = provider.config
+
+ def create(self, credentials):
+ key = self._session_key(credentials)
+ session = self._lookup_session(key)
+ if not session:
+ session = self._create_new_session(credentials)
+ self._remember_session(key, session)
+
+ return session
+
+ def _create_new_session(self, credentials):
+ self._create_dir(self._provider.config.leap_home)
+ self._provider.download_certificate_to('%s/ca.crt' % self._provider.config.leap_home)
+
+ auth = LeapAuthenticator(self._provider).authenticate(credentials)
+ soledad = SoledadSessionFactory.create(self._provider, auth, credentials.db_passphrase)
+
+ nicknym = self._create_nicknym(auth, soledad)
+ account = self._create_account(auth, soledad)
+ incoming_mail_fetcher = self._create_incoming_mail_fetcher(nicknym, soledad,
+ account, auth)
+
+ smtp = self._create_smtp_service(nicknym, auth)
+ smtp.start()
+
+ session = LeapSession(self._provider, auth, soledad, nicknym, account, incoming_mail_fetcher)
+
+ return session
+
+ def _lookup_session(self, key):
+ global SESSIONS
+ if key in SESSIONS:
+ return SESSIONS[key]
+ else:
+ return None
+
+ def _remember_session(self, key, session):
+ global SESSIONS
+ SESSIONS[key] = session
+
+ def _session_key(self, credentials):
+ return hash((self._provider, credentials.user_name))
+
+ def _create_dir(self, path):
+ try:
+ os.makedirs(path)
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(path):
+ pass
+ else:
+ raise
+
+ def _create_soledad_session(self, srp_session, db_passphrase):
+ return SoledadSession(self._provider, db_passphrase, srp_session)
+
+ def _create_nicknym(self, srp_session, soledad_session):
+ return NickNym(self._provider, self._config, soledad_session, srp_session)
+
+ def _create_account(self, srp_session, soledad_session):
+ return SoledadBackedAccount(srp_session.uuid, soledad_session.soledad)
+
+ def _create_incoming_mail_fetcher(self, nicknym, soledad_session, account, auth):
+ return LeapIncomingMail(nicknym.keymanager, soledad_session.soledad, account,
+ self._config.fetch_interval_in_s, self._account_email(auth))
+
+ def _create_smtp_service(self, nicknym, auth):
+ return LeapSmtp(self._provider, nicknym.keymanager, auth)
+
+ def _account_email(self, auth):
+ domain = self._provider.domain
+ name = auth.user_name
+ return '%s@%s' % (name, domain)
diff --git a/service/app/bitmask_libraries/smtp.py b/service/app/bitmask_libraries/smtp.py
new file mode 100644
index 00000000..0315b40a
--- /dev/null
+++ b/service/app/bitmask_libraries/smtp.py
@@ -0,0 +1,77 @@
+import os
+import requests
+from .certs import which_bundle
+from leap.mail.smtp import setup_smtp_gateway
+
+class LeapSmtp(object):
+
+ SMTP_PORT = 2014
+
+ def __init__(self, provider, keymanager=None, leap_srp_session=None):
+ self._provider = provider
+ self._keymanager = keymanager
+ self._srp_session = leap_srp_session
+ self._hostname, self._port = self._discover_smtp_server()
+ self._smtp_port = None
+ self._smtp_service = None
+
+ def smtp_info(self):
+ return ('localhost', LeapSmtp.SMTP_PORT)
+
+ def _discover_smtp_server(self):
+ json_data = self._provider.fetch_smtp_json()
+ hosts = json_data['hosts']
+ hostname = hosts.keys()[0]
+ host = hosts[hostname]
+
+ hostname = host['hostname']
+ port = host['port']
+
+ return hostname, port
+
+ def _download_client_certificates(self):
+ cert_path = self._client_cert_path()
+
+ if not os.path.exists(os.path.dirname(cert_path)):
+ os.makedirs(os.path.dirname(cert_path))
+
+ session = requests.session()
+ cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version)
+ cookies = { "_session_id": self._srp_session.session_id }
+
+ response = requests.get(cert_url, verify=which_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s)
+ response.raise_for_status()
+
+ client_cert = response.content
+
+ with open(cert_path, 'w') as f:
+ f.write(client_cert)
+
+ def _client_cert_path(self):
+ return os.path.join(self._provider.config.leap_home,
+ "providers",
+ self._provider.domain,
+ "keys", "client", "smtp.pem")
+
+ def start(self):
+ self._download_client_certificates()
+ cert_path = self._client_cert_path()
+ email = '%s@%s' % (self._srp_session.user_name, self._provider.domain)
+
+ self._smtp_service, self._smtp_port = setup_smtp_gateway(
+ port=LeapSmtp.SMTP_PORT,
+ userid=email,
+ keymanager=self._keymanager,
+ smtp_host=self._hostname.encode('UTF-8'),
+ smtp_port=self._port,
+ smtp_cert=cert_path,
+ smtp_key=cert_path,
+ encrypted_only=False)
+
+ def stop(self):
+ if self._smtp_service is not None:
+ self._smtp_port.stopListening()
+ self._smtp_service.doStop()
+ self._smtp_port = None
+ self._smtp_service = None
+
diff --git a/service/app/bitmask_libraries/soledad.py b/service/app/bitmask_libraries/soledad.py
new file mode 100644
index 00000000..132e671f
--- /dev/null
+++ b/service/app/bitmask_libraries/soledad.py
@@ -0,0 +1,95 @@
+import json
+import os
+import errno
+from leap.keymanager import KeyManager
+from leap.soledad.client import Soledad
+from leap.soledad.common.crypto import WrongMac, UnknownMacMethod, MacMethods
+import requests
+import sys
+import time
+from .certs import which_bundle
+
+SOLEDAD_TIMEOUT = 120
+SOLEDAD_CERT = '/tmp/ca.crt'
+
+
+class SoledadDiscoverException(Exception):
+ def __init__(self, *args, **kwargs):
+ super(SoledadDiscoverException, self).__init__(*args, **kwargs)
+
+
+class SoledadWrongPassphraseException(Exception):
+ def __init__(self, *args, **kwargs):
+ super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs)
+
+
+class LeapKeyManager(object):
+ def __init__(self, soledad, leap_session, nicknym_url):
+ provider = leap_session.provider
+ self.keymanager = KeyManager(leap_session.account_email(), nicknym_url, soledad,
+ leap_session.session_id, leap_session.leap_home + '/ca.crt', provider.api_uri, leap_session.api_version,
+ leap_session.uuid, leap_session.leap_config.gpg_binary)
+
+
+class SoledadSessionFactory(object):
+ @classmethod
+ def create(cls, provider, srp_session, encryption_passphrase):
+ return SoledadSession(provider, encryption_passphrase, srp_session)
+
+
+class SoledadSession(object):
+ def __init__(self, provider, encryption_passphrase, leap_srp_session):
+ self.provider = provider
+ self.config = provider.config
+ self.leap_srp_session = leap_srp_session
+
+ self.soledad = self._init_soledad(encryption_passphrase)
+
+ def _init_soledad(self, encryption_passphrase):
+ try:
+ server_url = self._discover_soledad_server()
+
+ self._create_database_dir()
+ secrets = self._secrets_path()
+ local_db = self._local_db_path()
+
+ return Soledad(self.leap_srp_session.uuid, unicode(encryption_passphrase), secrets,
+ local_db, server_url, which_bundle(self.provider), self.leap_srp_session.token)
+
+ except (WrongMac, UnknownMacMethod, MacMethods), e:
+ raise SoledadWrongPassphraseException(e)
+
+ def _leap_path(self):
+ return "%s/soledad" % self.config.leap_home
+
+ def _secrets_path(self):
+ return "%s/%s.secret" % (self._leap_path(), self.leap_srp_session.uuid)
+
+ def _local_db_path(self):
+ return "%s/%s.db" % (self._leap_path(), self.leap_srp_session.uuid)
+
+ def _create_database_dir(self):
+ try:
+ os.makedirs(self._leap_path())
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(self._leap_path()):
+ pass
+ else:
+ raise
+
+ def sync(self):
+ if self.soledad.need_sync(self.soledad.server_url):
+ self.soledad.sync()
+
+ def _discover_soledad_server(self):
+ try:
+ json_data = self.provider.fetch_soledad_json()
+
+ hosts = json_data['hosts']
+ host = hosts.keys()[0]
+ server_url = 'https://%s:%d/user-%s' % \
+ (hosts[host]['hostname'], hosts[host]['port'],
+ self.leap_srp_session.uuid)
+ return server_url
+ except Exception, e:
+ raise SoledadDiscoverException(e)
diff --git a/service/app/leap/client.py b/service/app/leap/client.py
index 5f9020fd..031f7526 100644
--- a/service/app/leap/client.py
+++ b/service/app/leap/client.py
@@ -1,8 +1,24 @@
+
class Client:
+ def __init__(self, config, username, password, server_name, mailbox_name):
+ try:
+ self.username = username
+ self.password = password
+ self.server_name = server_name
+ self.mailbox_name = mailbox_name
+ self.leapdir = '%s/leap' % config.workdir
+
+ self._open_leap_session()
+ except:
+ traceback.print_exc(file=sys.stdout)
+ raise
+
+ def _open_leap_session(self):
+ self.leap_config = LeapConfig(leap_home=self.leapdir)
+ self.provider = LeapProvider(self.server_name, self.leap_config)
+ self.leap_session = LeapSessionFactory(self.provider).create(LeapCredentials(self.username, self.password))
+ self.mbx = self.leap_session.account.getMailbox(self.mailbox_name)
- def __init__(self, account):
- pass
-
def mails(self, query):
raise NotImplementedError()
@@ -58,6 +74,3 @@ class Client:
def all_contacts(self, query):
raise NotImplementedError()
-
-
-
diff --git a/service/go b/service/go
index b4de3424..dd404a5b 100755
--- a/service/go
+++ b/service/go
@@ -1,4 +1,4 @@
#!/bin/bash
export PIXELATED_UA_CFG=../config/pixelated_ua.cfg
-python app/pixelated_usar_agent.py
+python app/pixelated_user_agent.py
diff --git a/service/requirements.txt b/service/requirements.txt
index e1ec3242..468be9d4 100644
--- a/service/requirements.txt
+++ b/service/requirements.txt
@@ -2,3 +2,17 @@ Twisted==12.2.0
flask==0.10.1
scanner==0.0.5
requests==2.3.0
+pytest==2.6.0
+#requirements for bitmask libraries
+mock==1.0.1
+httmock==1.2.2
+srp==1.0.4
+--allow-external dirspec
+--allow-unverified dirspec
+dirspec==13.10
+--allow-external u1db
+--allow-unverified u1db
+u1db==13.10
+leap.keymanager==0.3.8
+leap.soledad.common==0.5.0
+leap.mail==0.3.8
diff --git a/service/runtests b/service/runtests
index 64316a29..6b10459a 100755
--- a/service/runtests
+++ b/service/runtests
@@ -1 +1,2 @@
-APP_ROOT=`pwd`/app py.test test/
+#!/bin/bash
+APP_ROOT=`pwd` py.test test/
diff --git a/service/test/bitmask_libraries/__init__.py b/service/test/bitmask_libraries/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/service/test/bitmask_libraries/__init__.py
diff --git a/service/test/bitmask_libraries/abstract_leap_test.py b/service/test/bitmask_libraries/abstract_leap_test.py
new file mode 100644
index 00000000..007fe06a
--- /dev/null
+++ b/service/test/bitmask_libraries/abstract_leap_test.py
@@ -0,0 +1,26 @@
+import os
+import tempfile
+import unittest
+from uuid import uuid4
+from mock import Mock, MagicMock
+
+
+class AbstractLeapTest(unittest.TestCase):
+ uuid = str(uuid4())
+ session_id = str(uuid4())
+ token = str(uuid4())
+
+ leap_home = os.path.join(tempfile.mkdtemp(), 'leap')
+
+ config = Mock(leap_home=leap_home, ca_cert_bundle='/some/path/to/ca_cert', gpg_binary='/path/to/gpg')
+ provider = Mock(config=config, server_name='some-server.test', domain='some-server.test',
+ api_uri='https://api.some-server.test:4430', api_version='1')
+ soledad = Mock()
+ soledad_session = Mock(soledad=soledad)
+ srp_session = Mock(user_name='test_user', api_server_name='some-server.test', uuid=uuid, session_id=session_id, token=token)
+
+ nicknym = MagicMock()
+
+ soledad_account = MagicMock()
+
+ mail_fetcher_mock = MagicMock()
diff --git a/service/test/bitmask_libraries/leap_srp_test.py b/service/test/bitmask_libraries/leap_srp_test.py
new file mode 100644
index 00000000..a8b5b3fb
--- /dev/null
+++ b/service/test/bitmask_libraries/leap_srp_test.py
@@ -0,0 +1,106 @@
+import sys
+import os
+sys.path.insert(0, os.environ['APP_ROOT'])
+
+import json
+import unittest
+import binascii
+from urlparse import parse_qs
+
+from httmock import urlmatch, all_requests, HTTMock, response
+from requests.exceptions import Timeout
+import srp
+
+from app.bitmask_libraries.leap_srp import LeapSecureRemotePassword, LeapAuthException
+
+
+
+(salt_bytes, verification_key_bytes) = srp.create_salted_verification_key('username', 'password', hash_alg=srp.SHA256, ng_type=srp.NG_1024)
+verifier = None
+
+
+@all_requests
+def not_found_mock(url, request):
+ return {'status_code': 404,
+ 'content': 'foobar'}
+
+
+@all_requests
+def timeout_mock(url, request):
+ raise Timeout()
+
+@urlmatch(netloc=r'(.*\.)?leap\.local$')
+def srp_login_server_simulator_mock(url, request):
+ global verifier
+
+ data = parse_qs(request.body)
+ if 'login' in data:
+ # SRP Authentication Step 1
+ A = binascii.unhexlify(data.get('A')[0])
+
+ verifier = srp.Verifier('username', salt_bytes, verification_key_bytes, A, hash_alg=srp.SHA256, ng_type=srp.NG_1024)
+ (salt, B) = verifier.get_challenge()
+
+ content = {
+ 'salt': binascii.hexlify(salt),
+ 'B': binascii.hexlify(B)
+ }
+
+ return {'status_code': 200,
+ 'content': json.dumps(content)}
+
+ else:
+ # SRP Authentication Step 2
+ data = parse_qs(request.body)
+ client_auth = binascii.unhexlify(data.get('client_auth')[0])
+
+ M2 = verifier.verify_session(client_auth)
+
+ if not verifier.authenticated():
+ return {'status_code': 404,
+ 'content': ''}
+
+ content = {
+ 'M2': binascii.hexlify(M2),
+ 'id': 'some id',
+ 'token': 'some token'
+ }
+ headers = {
+ 'Content-Type': 'application/json',
+ 'Set-Cookie': '_session_id=some_session_id;'}
+ return response(200, content, headers, None, 5, request)
+
+
+class LeapSRPTest(unittest.TestCase):
+
+ def test_status_code_is_checked(self):
+ with HTTMock(not_found_mock):
+ lsrp = LeapSecureRemotePassword()
+ self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'username', 'password')
+
+ def test_invalid_username(self):
+ with HTTMock(srp_login_server_simulator_mock):
+ lsrp = LeapSecureRemotePassword()
+ self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'invalid_user', 'password')
+
+ def test_invalid_password(self):
+ with HTTMock(srp_login_server_simulator_mock):
+ lsrp = LeapSecureRemotePassword()
+ self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'username', 'invalid')
+
+ def test_login(self):
+ with HTTMock(srp_login_server_simulator_mock):
+ lsrp = LeapSecureRemotePassword()
+ leap_session = lsrp.authenticate('https://api.leap.local', 'username', 'password')
+
+ self.assertIsNotNone(leap_session)
+ self.assertEqual('username', leap_session.user_name)
+ self.assertEqual('1', leap_session.api_version)
+ self.assertEqual('https://api.leap.local', leap_session.api_server_name)
+ self.assertEqual('some token', leap_session.token)
+ self.assertEqual('some_session_id', leap_session.session_id)
+
+ def test_timeout(self):
+ with HTTMock(timeout_mock):
+ lrsp = LeapSecureRemotePassword()
+ self.assertRaises(LeapAuthException, lrsp.authenticate, 'https://api.leap.local', 'username', 'password')
diff --git a/service/test/bitmask_libraries/nicknym_test.py b/service/test/bitmask_libraries/nicknym_test.py
new file mode 100644
index 00000000..a087874a
--- /dev/null
+++ b/service/test/bitmask_libraries/nicknym_test.py
@@ -0,0 +1,19 @@
+from mock import patch
+
+from app.bitmask_libraries.nicknym import NickNym
+from abstract_leap_test import AbstractLeapTest
+
+
+class NickNymTest(AbstractLeapTest):
+ @patch('app.bitmask_libraries.nicknym.KeyManager.__init__', return_value=None)
+ def test_that_keymanager_is_created(self, init_mock):
+ #given
+
+ #when
+ NickNym(self.provider, self.config, self.soledad_session, self.srp_session)
+
+ #then
+ init_mock.assert_called_with('test_user@some-server.test', 'https://nicknym.some-server.test:6425/',
+ self.soledad, self.session_id, '/some/path/to/ca_cert',
+ 'https://api.some-server.test:4430', '1', self.uuid,
+ '/path/to/gpg')
diff --git a/service/test/bitmask_libraries/provider_test.py b/service/test/bitmask_libraries/provider_test.py
new file mode 100644
index 00000000..16abbd0d
--- /dev/null
+++ b/service/test/bitmask_libraries/provider_test.py
@@ -0,0 +1,170 @@
+import json
+
+from httmock import all_requests, HTTMock, urlmatch
+from requests import HTTPError
+
+from app.bitmask_libraries.config import LeapConfig
+from app.bitmask_libraries.provider import LeapProvider
+from abstract_leap_test import AbstractLeapTest
+
+
+@all_requests
+def not_found_mock(url, request):
+ return {'status_code': 404,
+ 'content': 'foobar'}
+
+@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/provider.json')
+def provider_json_mock(url, request):
+ return provider_json_response("SHA256: 06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d")
+
+
+@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/provider.json')
+def provider_json_invalid_fingerprint_mock(url, request):
+ return provider_json_response("SHA256: 0123456789012345678901234567890123456789012345678901234567890123")
+
+
+def provider_json_response(fingerprint):
+ content = {
+ "api_uri": "https://api.some-provider.test:4430",
+ "api_version": "1",
+ "ca_cert_fingerprint": fingerprint,
+ "ca_cert_uri": "https://some-provider.test/ca.crt",
+ "domain": "some-provider.test",
+ "services": [
+ "mx"
+ ]
+ }
+ return {
+ "status_code": 200,
+ "content": json.dumps(content)
+ }
+
+
+@urlmatch(netloc=r'api\.some-provider\.test:4430$', path='/1/config/soledad-service.json')
+def soledad_json_mock(url, request):
+ content = {
+ "some key": "some value",
+ }
+ return {
+ "status_code": 200,
+ "content": json.dumps(content)
+ }
+
+@urlmatch(netloc=r'api\.some-provider\.test:4430$', path='/1/config/smtp-service.json')
+def smtp_json_mock(url, request):
+ content = {
+ "hosts": {
+ "leap-mx": {
+ "hostname": "mx.some-provider.test",
+ "ip_address": "0.0.0.0",
+ "port": 465
+ }
+ },
+ "locations": {
+ },
+ "serial": 1,
+ "version": 1
+ }
+ return {
+ "status_code": 200,
+ "content": json.dumps(content)
+ }
+
+
+@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/ca.crt')
+def ca_cert_mock(url, request):
+ return {
+ "status_code": 200,
+ "content": ca_crt
+ }
+
+
+ca_crt = """
+-----BEGIN CERTIFICATE-----
+MIIFbzCCA1egAwIBAgIBATANBgkqhkiG9w0BAQ0FADBKMREwDwYDVQQKDAhXYXpv
+a2F6aTEaMBgGA1UECwwRaHR0cHM6Ly9kZmkubG9jYWwxGTAXBgNVBAMMEFdhem9r
+YXppIFJvb3QgQ0EwHhcNMTQwMzI1MDAwMDAwWhcNMjQwMzI1MDAwMDAwWjBKMREw
+DwYDVQQKDAhXYXpva2F6aTEaMBgGA1UECwwRaHR0cHM6Ly9kZmkubG9jYWwxGTAX
+BgNVBAMMEFdhem9rYXppIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDSPyaslC6SNVsKpGoXllInPXbjiq7rJaV08Xg+64FJU/257BZZEJ/j
+r33r0xlt2kj85PcbPySLKy0omXAQt9bs273hwAQXExdY41FxMD3wP/dmLqd55KYa
+LDV4GUw0QPZ0QUyWVrRHkrdCDyjpRG+6GbowmtygJKLflYmUFC1PYQ3492esr0jC
++Q6L6+/D2+hBiH3NPI22Yk0kQmuPfnu2pvo+EYQ3It81qZE0Jo8u/BqOMgN2f9DS
+GvSNfZcKAP18A41/VRrYFa/WUcdDxt/uP5nO1dm2vfLorje3wcMGtGRcDKG/+GAm
+S0nYKKQeWYc6z5SDvPM1VlNdn1gOejhAoggT3Hr5Dq8kxW/lQZbOz+HLbz15qGjz
+gL4KHKuDE6hOuqxpHdMTY4WZBBQ8/6ICBxaXH9587/nNDdZiom+XukVD4mrSMJS7
+PRr14Hw57433AJDJcZRwZNRRAGgDPNsCoR2caKB6/Uwkp+dWVndj5Ad8MEjyM1yV
++fYU6PSQWNig7qqN5VhNY+zUCcez5gL6volMuW00iOkXISW4lBrcZmEAQTTcWT1D
+U7EkLlwITQce63LcuvK7ZWsEm5XCqD+yUz9oQfugmIhxAlTdqt3De9FA0WT9WxGt
+zLeswCNKjnMpRgTerq6elwB03EBJVc7k1QRn4+s6C30sXR12dYnEMwIDAQABo2Aw
+XjAdBgNVHQ4EFgQU8ItSdI5pSqMDjgRjgYI3Nj0SwxQwDgYDVR0PAQH/BAQDAgIE
+MAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAU8ItSdI5pSqMDjgRjgYI3Nj0SwxQw
+DQYJKoZIhvcNAQENBQADggIBALdSPUrIqyIlSMr4R7pWd6Ep0BZH5RztVUcoXtei
+x2MFi/rsw7aL9qZqACYIE8Gkkh6Z6GQph0fIqhAlNFvJXKkguL3ri5xh0XmPfbv/
+OLIvaUAixATivdm8ro/IqYQWdL3P6mDZOv4O6POdBEJ9JLc9RXUt1LiQ5Xb9QiLs
+l/yOthhp5dJHqC8s6CDEUHRe3s9Q/4cwNB4td47I+mkLsNtVNXqi4lOzuQamqiFt
+cFIqOLTFtBJ7G3k9iaDuN6RPS6LMRbqabwg4gafQTmJ+roHpnsaiHkfomI4MZOVi
+TLQKOAJ3/pRGm5cGzkzQ+z4sUiCSQxtIWs7EnQCCE8agqpef6zArAvKEO+139+f2
+u1BhWOm/aHT5a3INnJEbuFr8V9MlbZSxSzU3UH7hby+9PxWKYesc6KUAu6Icooci
+gEQqrVhVKmfaYMLL7UZHhw56yv/6B10SSmeAMiJhtTExjjrTRLSCaKCPa2ISAUDB
+aPR3t8ZoUESWRAFQGj5NvWOomTaXfyE8Or2WfNemvdlWsKvlLeVsjts+iaTgQRU9
+VXcrUhrHhaXhYXeWrWkDDcl8VUlDWXzoUGV9SczOGwr6hONJWMn1HNxNV7ywFWf0
+QXH1g3LBW7qNgRaGhbIX4a1WoNQDmbbKaLgKWs74atZ8o4A2aUEjomclgZWPsc5l
+VeJ6
+-----END CERTIFICATE-----
+"""
+
+
+class LeapProviderTest(AbstractLeapTest):
+ def setUp(self):
+ self.config = LeapConfig(verify_ssl=False, leap_home='/tmp/foobar', ca_cert_bundle='/tmp/ca.crt')
+
+ def test_provider_fetches_provider_json(self):
+ with HTTMock(provider_json_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+
+ self.assertEqual("1", provider.api_version)
+ self.assertEqual("some-provider.test", provider.domain)
+ self.assertEqual("https://api.some-provider.test:4430", provider.api_uri)
+ self.assertEqual("https://some-provider.test/ca.crt", provider.ca_cert_uri)
+ self.assertEqual("SHA256: 06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d",
+ provider.ca_cert_fingerprint)
+ self.assertEqual(["mx"], provider.services)
+
+ def test_provider_json_throws_exception_on_status_code(self):
+ with HTTMock(not_found_mock):
+ self.assertRaises(HTTPError, LeapProvider, 'some-provider.test', self.config)
+
+ def test_fetch_soledad_json(self):
+ with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ soledad = provider.fetch_soledad_json()
+
+ self.assertEqual("some value", soledad.get('some key'))
+
+ def test_throw_exception_for_fetch_soledad_status_code(self):
+ with HTTMock(provider_json_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+
+ self.assertRaises(HTTPError, provider.fetch_soledad_json)
+
+ def test_fetch_smtp_json(self):
+ with HTTMock(provider_json_mock, smtp_json_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ smtp = provider.fetch_smtp_json()
+ self.assertEqual('mx.some-provider.test', smtp.get('hosts').get('leap-mx').get('hostname'))
+
+ def test_throw_exception_for_fetch_smtp_status_code(self):
+ with HTTMock(provider_json_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ self.assertRaises(HTTPError, provider.fetch_smtp_json)
+
+ def test_fetch_valid_certificate(self):
+ with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ provider.fetch_valid_certificate()
+
+ def test_throw_exception_for_invalid_certificate(self):
+ with HTTMock(provider_json_invalid_fingerprint_mock, ca_cert_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ self.assertRaises(Exception, provider.fetch_valid_certificate)
diff --git a/service/test/bitmask_libraries/session_test.py b/service/test/bitmask_libraries/session_test.py
new file mode 100644
index 00000000..aa5f012d
--- /dev/null
+++ b/service/test/bitmask_libraries/session_test.py
@@ -0,0 +1,49 @@
+from mock import patch
+
+from app.bitmask_libraries.session import LeapSession
+from abstract_leap_test import AbstractLeapTest
+
+
+class SessionTest(AbstractLeapTest):
+ def test_background_jobs_are_started(self):
+ self.config.start_background_jobs = True
+
+ with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _:
+ self._create_session()
+
+ self.mail_fetcher_mock.start_loop.assert_called_once_with()
+
+ def test_background_jobs_are_not_started(self):
+ self.config.start_background_jobs = False
+
+ with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _:
+ self._create_session()
+
+ self.assertFalse(self.mail_fetcher_mock.start_loop.called)
+
+ def test_that_close_stops_background_jobs(self):
+ with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _:
+ session = self._create_session()
+
+ session.close()
+
+ self.mail_fetcher_mock.stop.assert_called_once_with()
+
+ def test_that_sync_deferes_to_soledad(self):
+ session = self._create_session()
+
+ session.sync()
+
+ self.soledad_session.sync.assert_called_once_with()
+
+ def test_account_email(self):
+ session = self._create_session()
+ self.assertEqual('test_user@some-server.test', session.account_email())
+
+ def _create_session(self):
+ return LeapSession(self.provider, self.srp_session, self.soledad_session, self.nicknym, self.soledad_account,
+ self.mail_fetcher_mock)
+
+
+def _execute_func(func):
+ func()
diff --git a/service/test/bitmask_libraries/smtp_test.py b/service/test/bitmask_libraries/smtp_test.py
new file mode 100644
index 00000000..3982a50c
--- /dev/null
+++ b/service/test/bitmask_libraries/smtp_test.py
@@ -0,0 +1,77 @@
+from mock import MagicMock, patch
+from abstract_leap_test import AbstractLeapTest
+from app.bitmask_libraries.smtp import LeapSmtp
+from httmock import all_requests, HTTMock, urlmatch
+import os
+import sys
+
+@all_requests
+def not_found_mock(url, request):
+ sys.stderr.write('url=%s\n' % url.netloc)
+ sys.stderr.write('path=%s\n' % url.path)
+ return {'status_code': 404,
+ 'content': 'foobar'}
+
+@urlmatch(netloc='api.some-server.test:4430', path='/1/cert')
+def ca_cert_mock(url, request):
+ return {
+ "status_code": 200,
+ "content": "some content"
+ }
+
+class LeapSmtpTest(AbstractLeapTest):
+ keymanager = MagicMock()
+
+ def setUp(self):
+ self.provider.fetch_smtp_json.return_value = {
+ 'hosts': {
+ 'leap-mx': {
+ 'hostname': 'smtp.some-sever.test',
+ 'port': '1234'
+ }
+ }
+ }
+ self.config.timeout_in_s = 15
+
+ def test_that_client_cert_gets_downloaded(self):
+ smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session)
+
+ with HTTMock(ca_cert_mock, not_found_mock):
+ smtp._download_client_certificates()
+
+ path = self._client_cert_path()
+ self.assertTrue(os.path.isfile(path))
+
+ def _client_cert_path(self):
+ return os.path.join(self.leap_home, 'providers', 'some-server.test', 'keys', 'client', 'smtp.pem')
+
+ @patch('app.bitmask_libraries.smtp.setup_smtp_gateway')
+ def test_that_start_calls_setup_smtp_gateway(self, gateway_mock):
+ smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session)
+ gateway_mock.return_value = (None, None)
+ with HTTMock(ca_cert_mock, not_found_mock):
+ smtp.start()
+
+ cert_path = self._client_cert_path()
+ gateway_mock.assert_called_with(keymanager=self.keymanager, smtp_cert=cert_path, smtp_key=cert_path, userid='test_user@some-server.test', smtp_port='1234', encrypted_only=False, smtp_host='smtp.some-sever.test', port=2014)
+
+ def test_that_client_stop_does_nothing_if_not_started(self):
+ smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session)
+
+ with HTTMock(not_found_mock):
+ smtp.stop()
+
+ @patch('app.bitmask_libraries.smtp.setup_smtp_gateway')
+ def test_that_running_smtp_sevice_is_stopped(self, gateway_mock):
+ smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session)
+
+ smtp_service = MagicMock()
+ smtp_port = MagicMock()
+ gateway_mock.return_value = (smtp_service, smtp_port)
+
+ with HTTMock(ca_cert_mock, not_found_mock):
+ smtp.start()
+ smtp.stop()
+
+ smtp_port.stopListening.assert_called_with()
+ smtp_service.doStop.assert_called_with()
diff --git a/service/test/bitmask_libraries/soledad_test.py b/service/test/bitmask_libraries/soledad_test.py
new file mode 100644
index 00000000..1c1c105e
--- /dev/null
+++ b/service/test/bitmask_libraries/soledad_test.py
@@ -0,0 +1,54 @@
+from mock import patch
+from app.bitmask_libraries.soledad import SoledadSession
+from abstract_leap_test import AbstractLeapTest
+
+
+@patch('app.bitmask_libraries.soledad.Soledad')
+class SoledadSessionTest(AbstractLeapTest):
+
+ def setUp(self):
+ #given
+ self.provider.fetch_soledad_json.return_value = {'hosts': {
+ 'couch1': {
+ 'hostname': 'couch1.some-server.test',
+ 'ip_address': '192.168.1.1',
+ 'port': 1234
+ }
+ }}
+
+ @patch('app.bitmask_libraries.soledad.Soledad.__init__')
+ def test_that_soledad_is_created_with_required_params(self, soledad_mock, init_mock):
+ #when
+ SoledadSession(self.provider, 'any-passphrase', self.srp_session)
+
+ #then
+ init_mock.assert_called_with(self.uuid, 'any-passphrase', '%s/soledad/%s.secret' % (self.leap_home, self.uuid),
+ '%s/soledad/%s.db' % (self.leap_home, self.uuid),
+ 'https://couch1.some-server.test:1234/user-%s' % self.uuid,
+ '/some/path/to/ca_cert', self.token)
+
+ def test_that_sync_is_called(self, soledad_mock):
+ instance = soledad_mock.return_value
+ instance.server_url = '/foo/bar'
+ instance.need_sync.return_value = True
+ soledad_session = SoledadSession(self.provider, 'any-passphrase', self.srp_session)
+
+ #when
+ soledad_session.sync()
+
+ #then
+ instance.need_sync.assert_called_with('/foo/bar')
+ instance.sync.assert_called_with()
+
+ def test_that_sync_not_called_if_not_needed(self, mock):
+ instance = mock.return_value
+ instance.server_url = '/foo/bar'
+ instance.need_sync.return_value = False
+ soledad_session = SoledadSession(self.provider, 'any-passphrase', self.srp_session)
+
+ #when
+ soledad_session.sync()
+
+ #then
+ instance.need_sync.assert_called_with('/foo/bar')
+ self.assertFalse(instance.sync.called)
diff --git a/service/test/search/test_search_query.py b/service/test/search/test_search_query.py
index d980c3f0..85d9681d 100644
--- a/service/test/search/test_search_query.py
+++ b/service/test/search/test_search_query.py
@@ -1,7 +1,7 @@
import sys, os
sys.path.insert(0, os.environ['APP_ROOT'])
-from search import SearchQuery
+from app.search import SearchQuery
def test_one_tag():
assert SearchQuery.compile(u"in:inbox")["tags"] == ["inbox"]