summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/application.py1
-rw-r--r--service/pixelated/bitmask_libraries/certs.py7
-rw-r--r--service/pixelated/bitmask_libraries/nicknym.py4
-rw-r--r--service/pixelated/bitmask_libraries/provider.py9
-rw-r--r--service/pixelated/bitmask_libraries/smtp.py8
-rw-r--r--service/pixelated/bitmask_libraries/soledad.py5
-rw-r--r--service/pixelated/register.py4
-rw-r--r--service/test/unit/bitmask_libraries/test_certs.py12
-rw-r--r--service/test/unit/bitmask_libraries/test_provider.py8
9 files changed, 29 insertions, 29 deletions
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 55946a5e..67990661 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -15,7 +15,6 @@
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
import sys
-
from twisted.internet import reactor
from twisted.internet.threads import deferToThread
from twisted.internet import defer
diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py
index 3ca55469..3d567e53 100644
--- a/service/pixelated/bitmask_libraries/certs.py
+++ b/service/pixelated/bitmask_libraries/certs.py
@@ -34,10 +34,6 @@ def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint):
LEAP_CERT = False
-def which_api_CA_bundle(provider):
- return str(LeapCertificate(provider).api_ca_bundle())
-
-
def which_bootstrap_cert_fingerprint():
return LEAP_FINGERPRINT
@@ -59,6 +55,9 @@ class LeapCertificate(object):
self._provider = provider
def auto_detect_bootstrap_ca_bundle(self):
+ if LEAP_CERT is not None:
+ return LEAP_CERT
+
if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
local_cert = self._local_bootstrap_server_cert()
if local_cert:
diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py
index bee90897..d7c9c7af 100644
--- a/service/pixelated/bitmask_libraries/nicknym.py
+++ b/service/pixelated/bitmask_libraries/nicknym.py
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
from leap.keymanager import KeyManager, openpgp, KeyNotFound
-from .certs import which_api_CA_bundle
+from .certs import LeapCertificate
class NickNym(object):
@@ -23,7 +23,7 @@ class NickNym(object):
self._email = '%s@%s' % (username, provider.domain)
self.keymanager = KeyManager('%s@%s' % (username, provider.domain), nicknym_url,
soledad_session.soledad,
- token, which_api_CA_bundle(provider), provider.api_uri,
+ token, LeapCertificate(provider).api_ca_bundle(), provider.api_uri,
provider.api_version,
uuid, config.gpg_binary)
diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py
index 1564c974..afad66e3 100644
--- a/service/pixelated/bitmask_libraries/provider.py
+++ b/service/pixelated/bitmask_libraries/provider.py
@@ -17,7 +17,8 @@ import json
from leap.common.certs import get_digest
import requests
-from .certs import which_bootstrap_CA_bundle, which_api_CA_bundle, which_bootstrap_cert_fingerprint
+from .certs import which_bootstrap_cert_fingerprint
+from .certs import LeapCertificate
from pixelated.support.tls_adapter import EnforceTLSv1Adapter
@@ -100,7 +101,7 @@ class LeapProvider(object):
session = requests.session()
try:
session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint()))
- response = session.get(url, verify=which_bootstrap_CA_bundle(self), timeout=self.config.timeout_in_s)
+ response = session.get(url, verify=LeapCertificate(self).auto_detect_bootstrap_ca_bundle(), timeout=self.config.timeout_in_s)
response.raise_for_status()
return response
finally:
@@ -115,14 +116,14 @@ class LeapProvider(object):
def fetch_soledad_json(self):
service_url = "%s/%s/config/soledad-service.json" % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s)
response.raise_for_status()
return json.loads(response.content)
def fetch_smtp_json(self):
service_url = '%s/%s/config/smtp-service.json' % (
self.api_uri, self.api_version)
- response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s)
+ response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s)
response.raise_for_status()
return json.loads(response.content)
diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py
index c22601d2..4b6ec719 100644
--- a/service/pixelated/bitmask_libraries/smtp.py
+++ b/service/pixelated/bitmask_libraries/smtp.py
@@ -17,8 +17,8 @@ import logging
import os
import requests
import random
-from .certs import which_api_CA_bundle
from leap.mail.smtp import setup_smtp_gateway
+from pixelated.bitmask_libraries.certs import LeapCertificate
logger = logging.getLogger(__name__)
@@ -59,7 +59,11 @@ class LeapSmtp(object):
cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version)
cookies = {"_session_id": self.session_id}
- response = requests.get(cert_url, verify=which_api_CA_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s)
+ response = requests.get(
+ cert_url,
+ verify=LeapCertificate(self._provider).api_ca_bundle(),
+ cookies=cookies,
+ timeout=self._provider.config.timeout_in_s)
response.raise_for_status()
client_cert = response.content
diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py
index f3fca95a..207b3e73 100644
--- a/service/pixelated/bitmask_libraries/soledad.py
+++ b/service/pixelated/bitmask_libraries/soledad.py
@@ -19,8 +19,7 @@ import os
from leap.keymanager import KeyManager
from leap.soledad.client import Soledad
from leap.soledad.common.crypto import WrongMac, UnknownMacMethod
-from .certs import which_api_CA_bundle
-
+from pixelated.bitmask_libraries.certs import LeapCertificate
SOLEDAD_TIMEOUT = 120
SOLEDAD_CERT = '/tmp/ca.crt'
@@ -68,7 +67,7 @@ class SoledadSession(object):
local_db = self._local_db_path()
return Soledad(self.user_uuid, unicode(encryption_passphrase), secrets,
- local_db, server_url, which_api_CA_bundle(self.provider), self.user_token, defer_encryption=False)
+ local_db, server_url, LeapCertificate(self.provider).api_ca_bundle(), self.user_token, defer_encryption=False)
except (WrongMac, UnknownMacMethod), e:
raise SoledadWrongPassphraseException(e)
diff --git a/service/pixelated/register.py b/service/pixelated/register.py
index 0eac97a7..576c069d 100644
--- a/service/pixelated/register.py
+++ b/service/pixelated/register.py
@@ -20,7 +20,7 @@ import logging
from pixelated.bitmask_libraries import session as leap_session
from pixelated.config import arguments
from pixelated.config import logger as logger_config
-from pixelated.bitmask_libraries.certs import which_api_CA_bundle
+from pixelated.bitmask_libraries.certs import LeapCertificate
from pixelated.bitmask_libraries.config import LeapConfig
from pixelated.bitmask_libraries.provider import LeapProvider
from leap.auth import SRPAuth
@@ -37,7 +37,7 @@ def register(server_name, username):
config = LeapConfig()
provider = LeapProvider(server_name, config)
password = getpass.getpass('Please enter password for %s: ' % username)
- srp_auth = SRPAuth(provider.api_uri, which_api_CA_bundle(provider))
+ srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).api_ca_bundle())
if srp_auth.register(username, password):
session = leap_session.open_leap_session(username, password, server_name)
diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py
index 4a06649d..814f083f 100644
--- a/service/test/unit/bitmask_libraries/test_certs.py
+++ b/service/test/unit/bitmask_libraries/test_certs.py
@@ -1,6 +1,6 @@
import unittest
-from pixelated.bitmask_libraries.certs import which_bootstrap_CA_bundle, which_api_CA_bundle
+from pixelated.bitmask_libraries.certs import LeapCertificate
from pixelated.bitmask_libraries.config import AUTO_DETECT_CA_BUNDLE
from mock import MagicMock, patch
@@ -9,27 +9,25 @@ class CertsTest(unittest.TestCase):
@patch('pixelated.bitmask_libraries.certs.os.path.isfile')
@patch('pixelated.bitmask_libraries.certs.os.path.isdir')
- def test_that_which_bootstrap_cert_bundle_returns_byte_string(self, mock_isdir, mock_isfile):
+ def test_that_which_bootstrap_cert_bundle_returns_string(self, mock_isdir, mock_isfile):
mock_isfile.return_value = True
mock_isdir.return_value = True
config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, leap_home='/leap/home')
provider = MagicMock(server_name=u'test.leap.net', config=config)
- bundle = which_bootstrap_CA_bundle(provider)
+ bundle = LeapCertificate(provider).auto_detect_bootstrap_ca_bundle()
self.assertEqual('/leap/home/providers/test.leap.net/test.leap.net.ca.crt', bundle)
- self.assertEqual(str, type(bundle))
@patch('pixelated.bitmask_libraries.certs.os.path.isfile')
@patch('pixelated.bitmask_libraries.certs.os.path.isdir')
- def test_that_which_bundle_returns_byte_string(self, mock_isdir, mock_isfile):
+ def test_that_which_bundle_returns_string(self, mock_isdir, mock_isfile):
mock_isfile.return_value = True
mock_isdir.return_value = True
config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, ca_cert_bundle=None, leap_home='/some/leap/home')
provider = MagicMock(server_name=u'test.leap.net', config=config)
- bundle = which_api_CA_bundle(provider)
+ bundle = LeapCertificate(provider).api_ca_bundle()
self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', bundle)
- self.assertEqual(str, type(bundle))
diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py
index 0771c7cc..5b5c2034 100644
--- a/service/test/unit/bitmask_libraries/test_provider.py
+++ b/service/test/unit/bitmask_libraries/test_provider.py
@@ -220,11 +220,11 @@ class LeapProviderTest(AbstractLeapTest):
session_func = MagicMock(return_value=session)
with patch('pixelated.bitmask_libraries.provider.which_bootstrap_cert_fingerprint', return_value='some fingerprint'):
- with patch('pixelated.bitmask_libraries.provider.which_bootstrap_CA_bundle', return_value=False):
with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
- with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
- provider = LeapProvider('some-provider.test', self.config)
- provider.fetch_valid_certificate()
+ with patch('pixelated.bitmask_libraries.certs.LeapCertificate.auto_detect_bootstrap_ca_bundle', return_value=False):
+ with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
+ provider = LeapProvider('some-provider.test', self.config)
+ provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15)
session.mount.assert_called_with('https://', ANY)