summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/bitmask_libraries/certs.py42
-rw-r--r--service/pixelated/bitmask_libraries/provider.py3
-rw-r--r--service/pixelated/bitmask_libraries/session.py4
-rw-r--r--service/pixelated/config/leap.py4
-rw-r--r--service/test/unit/bitmask_libraries/test_provider.py2
5 files changed, 20 insertions, 35 deletions
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 16319d83..2535b747 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -20,37 +20,29 @@ from leap.common import ca_bundle
from .config import AUTO_DETECT_CA_BUNDLE
-LEAP_CERT = None
-LEAP_FINGERPRINT = None
-PACKAGED_CERTS_HOME = os.path.abspath(os.path.join(os.path.abspath(__file__), "..", "..", "certificates"))
+class LeapCertificate(object):
-def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint):
- if leap_provider_cert_fingerprint is None:
- LEAP_CERT = leap_provider_cert or True
- LEAP_FINGERPRINT = None
- else:
- LEAP_FINGERPRINT = leap_provider_cert_fingerprint
- LEAP_CERT = False
-
-
-def which_bootstrap_cert_fingerprint():
- return LEAP_FINGERPRINT
-
-
-def refresh_ca_bundle(provider):
- LeapCertificate(provider).refresh_ca_bundle()
-
+ LEAP_CERT = None
+ LEAP_FINGERPRINT = None
-class LeapCertificate(object):
def __init__(self, provider):
self._config = provider.config
self._server_name = provider.server_name
self._provider = provider
+ @staticmethod
+ def set_cert_and_fingerprint(cert_file=None, cert_fingerprint=None):
+ if cert_fingerprint is None:
+ LeapCertificate.LEAP_CERT = cert_file or True
+ LeapCertificate.LEAP_FINGERPRINT = None
+ else:
+ LeapCertificate.LEAP_FINGERPRINT = cert_fingerprint
+ LeapCertificate.LEAP_CERT = False
+
def auto_detect_bootstrap_ca_bundle(self):
- if LEAP_CERT is not None:
- return LEAP_CERT
+ if self.LEAP_CERT is not None:
+ return self.LEAP_CERT
if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
local_cert = self._local_bootstrap_server_cert()
@@ -91,12 +83,6 @@ class LeapCertificate(object):
if os.path.isfile(cert_file):
return cert_file
- cert_file = os.path.join(PACKAGED_CERTS_HOME, '%s.ca.crt' % self._server_name)
- if os.path.exists(cert_file):
- return cert_file
-
- # else download the file
- cert_file = self._bootstrap_certs_cert_file()
response = requests.get('https://%s/provider.json' % self._server_name)
provider_data = json.loads(response.content)
ca_cert_uri = str(provider_data['ca_cert_uri'])
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index afad66e3..38df504e 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -17,7 +17,6 @@ import json
from leap.common.certs import get_digest
import requests
-from .certs import which_bootstrap_cert_fingerprint
from .certs import LeapCertificate
from pixelated.support.tls_adapter import EnforceTLSv1Adapter
@@ -100,7 +99,7 @@ class LeapProvider(object):
def _validated_get(self, url):
session = requests.session()
try:
- session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint()))
+ session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT))
response = session.get(url, verify=LeapCertificate(self).auto_detect_bootstrap_ca_bundle(), timeout=self.config.timeout_in_s)
response.raise_for_status()
return response
diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py
index 12cbd91b..09bf277d 100644
--- a/service/pixelated/bitmask_libraries/session.py
+++ b/service/pixelated/bitmask_libraries/session.py
@@ -24,7 +24,7 @@ from leap.mail.imap.memorystore import MemoryStore
from leap.mail.imap.soledadstore import SoledadStore
from pixelated.bitmask_libraries.config import LeapConfig
from pixelated.bitmask_libraries.provider import LeapProvider
-from pixelated.bitmask_libraries.certs import refresh_ca_bundle
+from pixelated.bitmask_libraries.certs import LeapCertificate
from twisted.internet import reactor
from .nicknym import NickNym
from leap.auth import SRPAuth
@@ -39,7 +39,7 @@ SESSIONS = {}
def open_leap_session(username, password, server_name, leap_home=DEFAULT_LEAP_HOME):
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
- refresh_ca_bundle(provider)
+ LeapCertificate(provider).refresh_ca_bundle()
session = LeapSessionFactory(provider).create(username, password)
return session
diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py
index 0248a46f..7a383b17 100644
--- a/service/pixelated/config/leap.py
+++ b/service/pixelated/config/leap.py
@@ -2,7 +2,7 @@ from __future__ import absolute_import
import random
from pixelated.config import credentials
from leap.common.events import server as events_server
-from pixelated.bitmask_libraries import certs
+from pixelated.bitmask_libraries.certs import LeapCertificate
from pixelated.bitmask_libraries.session import open_leap_session
@@ -13,7 +13,7 @@ def initialize_leap(leap_provider_cert,
leap_home):
init_monkeypatches()
provider, user, password = credentials.read(organization_mode, credentials_file)
- certs.init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint)
+ LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint)
events_server.ensure_server(random.randrange(8000, 11999))
leap_session = create_leap_session(provider, user, password, leap_home)
leap_session.start_background_jobs()
diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py
index 5b5c2034..49627565 100644
--- a/service/test/unit/bitmask_libraries/test_provider.py
+++ b/service/test/unit/bitmask_libraries/test_provider.py
@@ -219,7 +219,7 @@ class LeapProviderTest(AbstractLeapTest):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
- with patch('pixelated.bitmask_libraries.provider.which_bootstrap_cert_fingerprint', return_value='some fingerprint'):
+ with patch('pixelated.bitmask_libraries.certs.LeapCertificate.LEAP_FINGERPRINT', return_value='some fingerprint'):
with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
with patch('pixelated.bitmask_libraries.certs.LeapCertificate.auto_detect_bootstrap_ca_bundle', return_value=False):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):