From 031ebd58fd97bebae81e4e17cd7c4a4ed5a493d0 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Wed, 10 Jun 2015 08:56:39 -0300 Subject: Provider web certificate will always be bytestring now, requests complains otherwise --- service/pixelated/bitmask_libraries/certs.py | 12 +++++++---- service/pixelated/bitmask_libraries/nicknym.py | 2 +- service/pixelated/bitmask_libraries/provider.py | 6 +++--- service/pixelated/bitmask_libraries/smtp.py | 2 +- service/pixelated/bitmask_libraries/soledad.py | 10 +--------- service/pixelated/register.py | 2 +- service/test/unit/bitmask_libraries/test_certs.py | 23 +++++++++++++--------- .../test/unit/bitmask_libraries/test_nicknym.py | 2 +- .../test/unit/bitmask_libraries/test_provider.py | 16 +++++++-------- 9 files changed, 38 insertions(+), 37 deletions(-) diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index 935c252a..874ab246 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -29,21 +29,25 @@ class LeapCertificate(object): @staticmethod def set_cert_and_fingerprint(cert_file=None, cert_fingerprint=None): if cert_fingerprint is None: - LeapCertificate.LEAP_CERT = cert_file or True + LeapCertificate.LEAP_CERT = str(cert_file) or True LeapCertificate.LEAP_FINGERPRINT = None else: LeapCertificate.LEAP_FINGERPRINT = cert_fingerprint LeapCertificate.LEAP_CERT = False @property - def api_ca_bundle(self): - return os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem') + def provider_web_cert(self): + return self.LEAP_CERT + + @property + def provider_api_cert(self): + return str(os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client', 'api.pem')) def setup_ca_bundle(self): path = os.path.join(self._provider.config.leap_home, 'providers', self._server_name, 'keys', 'client') if not os.path.isdir(path): os.makedirs(path, 0700) - self._download_cert(self.api_ca_bundle) + self._download_cert(self.provider_api_cert) def _download_cert(self, cert_file_name): cert = self._provider.fetch_valid_certificate() diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py index bb278cdc..220d75e5 100644 --- a/service/pixelated/bitmask_libraries/nicknym.py +++ b/service/pixelated/bitmask_libraries/nicknym.py @@ -23,7 +23,7 @@ class NickNym(object): self._email = email_address self.keymanager = KeyManager(self._email, nicknym_url, soledad_session.soledad, - token, LeapCertificate(provider).api_ca_bundle, provider.api_uri, + token, LeapCertificate(provider).provider_api_cert, provider.api_uri, provider.api_version, uuid, config.gpg_binary) diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index 0a22cf4d..e08bfb43 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -100,7 +100,7 @@ class LeapProvider(object): session = requests.session() try: session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT)) - response = session.get(url, verify=LeapCertificate.LEAP_CERT, timeout=self.config.timeout_in_s) + response = session.get(url, verify=LeapCertificate(self).provider_web_cert, timeout=self.config.timeout_in_s) response.raise_for_status() return response finally: @@ -115,14 +115,14 @@ class LeapProvider(object): def fetch_soledad_json(self): service_url = "%s/%s/config/soledad-service.json" % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle, timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) def fetch_smtp_json(self): service_url = '%s/%s/config/smtp-service.json' % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle, timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=LeapCertificate(self).provider_api_cert, timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py index 745d88ef..759a2920 100644 --- a/service/pixelated/bitmask_libraries/smtp.py +++ b/service/pixelated/bitmask_libraries/smtp.py @@ -61,7 +61,7 @@ class LeapSmtp(object): response = requests.get( cert_url, - verify=LeapCertificate(self._provider).api_ca_bundle, + verify=LeapCertificate(self._provider).provider_api_cert, cookies=cookies, timeout=self._provider.config.timeout_in_s) response.raise_for_status() diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py index 2e0219da..3700cd67 100644 --- a/service/pixelated/bitmask_libraries/soledad.py +++ b/service/pixelated/bitmask_libraries/soledad.py @@ -35,14 +35,6 @@ class SoledadWrongPassphraseException(Exception): super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs) -class LeapKeyManager(object): - def __init__(self, soledad, leap_session, nicknym_url): - provider = leap_session.provider - self.keymanager = KeyManager(leap_session.account_email(), nicknym_url, soledad, - leap_session.session_id, leap_session.leap_home + '/ca.crt', provider.api_uri, leap_session.api_version, - leap_session.uuid, leap_session.leap_config.gpg_binary) - - class SoledadSessionFactory(object): @classmethod def create(cls, provider, user_token, user_uuid, encryption_passphrase): @@ -67,7 +59,7 @@ class SoledadSession(object): local_db = self._local_db_path() return Soledad(self.user_uuid, unicode(encryption_passphrase), secrets, - local_db, server_url, LeapCertificate(self.provider).api_ca_bundle, self.user_token, defer_encryption=False) + local_db, server_url, LeapCertificate(self.provider).provider_api_cert, self.user_token, defer_encryption=False) except (WrongMac, UnknownMacMethod), e: raise SoledadWrongPassphraseException(e) diff --git a/service/pixelated/register.py b/service/pixelated/register.py index 9fa98137..47c9c3f5 100644 --- a/service/pixelated/register.py +++ b/service/pixelated/register.py @@ -37,7 +37,7 @@ def register(server_name, username): config = LeapConfig() provider = LeapProvider(server_name, config) password = getpass.getpass('Please enter password for %s: ' % username) - srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).api_ca_bundle) + srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert) if srp_auth.register(username, password): session = leap_session.open_leap_session(username, password, server_name) diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py index 150a1f14..f1e643c4 100644 --- a/service/test/unit/bitmask_libraries/test_certs.py +++ b/service/test/unit/bitmask_libraries/test_certs.py @@ -6,22 +6,27 @@ from mock import MagicMock, patch class CertsTest(unittest.TestCase): + def setUp(self): + config = MagicMock(leap_home='/some/leap/home') + self.provider = MagicMock(server_name=u'test.leap.net', config=config) + def test_set_cert_and_fingerprint_sets_cert(self): LeapCertificate.set_cert_and_fingerprint('some cert', None) - self.assertIsNone(LeapCertificate.LEAP_FINGERPRINT) - self.assertEqual('some cert', LeapCertificate.LEAP_CERT) + certs = LeapCertificate(self.provider) + + self.assertIsNone(certs.LEAP_FINGERPRINT) + self.assertEqual('some cert', certs.provider_web_cert) def test_set_cert_and_fingerprint_sets_fingerprint(self): LeapCertificate.set_cert_and_fingerprint(None, 'fingerprint') - self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT) - self.assertFalse(LeapCertificate.LEAP_CERT) + certs = LeapCertificate(self.provider) - def test_api_ca_bundle(self): - config = MagicMock(leap_home='/some/leap/home') - provider = MagicMock(server_name=u'test.leap.net', config=config) + self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT) + self.assertFalse(certs.provider_web_cert) - cert = LeapCertificate(provider).api_ca_bundle + def test_provider_api_cert(self): + certs = LeapCertificate(self.provider).provider_api_cert - self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', cert) + self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', certs) diff --git a/service/test/unit/bitmask_libraries/test_nicknym.py b/service/test/unit/bitmask_libraries/test_nicknym.py index 7e6518b9..ca3b348d 100644 --- a/service/test/unit/bitmask_libraries/test_nicknym.py +++ b/service/test/unit/bitmask_libraries/test_nicknym.py @@ -25,7 +25,7 @@ class NickNymTest(AbstractLeapTest): @patch('pixelated.bitmask_libraries.nicknym.KeyManager.__init__', return_value=None) def test_that_keymanager_is_created(self, keymanager_init_mock): # given - LeapCertificate.api_ca_bundle = '/some/path/to/provider_ca_cert' + LeapCertificate.provider_api_cert = '/some/path/to/provider_ca_cert' # when NickNym(self.provider, self.config, diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py index 320fece2..fabf5f87 100644 --- a/service/test/unit/bitmask_libraries/test_provider.py +++ b/service/test/unit/bitmask_libraries/test_provider.py @@ -134,14 +134,14 @@ VeJ6 """ -CA_CERT = '/tmp/ca.crt' -BOOTSTRAP_CA_CERT = '/tmp/bootstrap-ca.crt' +PROVIDER_API_CERT = '/tmp/ca.crt' +PROVIDER_WEB_CERT = '/tmp/bootstrap-ca.crt' class LeapProviderTest(AbstractLeapTest): def setUp(self): self.config = LeapConfig(leap_home='/tmp/foobar') - LeapCertificate.set_cert_and_fingerprint(BOOTSTRAP_CA_CERT, None) + LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None) def test_provider_fetches_provider_json(self): with HTTMock(provider_json_mock): @@ -197,7 +197,7 @@ class LeapProviderTest(AbstractLeapTest): session = MagicMock(wraps=requests.session()) session_func = MagicMock(return_value=session) get_func = MagicMock(wraps=requests.get) - LeapCertificate.LEAP_CERT = BOOTSTRAP_CA_CERT + LeapCertificate.LEAP_CERT = PROVIDER_WEB_CERT with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func): with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func): @@ -205,18 +205,18 @@ class LeapProviderTest(AbstractLeapTest): provider = LeapProvider('some-provider.test', self.config) provider.fetch_valid_certificate() - session.get.assert_any_call('https://some-provider.test/ca.crt', verify=BOOTSTRAP_CA_CERT, timeout=15) - session.get.assert_any_call('https://some-provider.test/provider.json', verify=BOOTSTRAP_CA_CERT, timeout=15) + session.get.assert_any_call('https://some-provider.test/ca.crt', verify=PROVIDER_WEB_CERT, timeout=15) + session.get.assert_any_call('https://some-provider.test/provider.json', verify=PROVIDER_WEB_CERT, timeout=15) def test_that_provider_cert_is_used_to_fetch_soledad_json(self): get_func = MagicMock(wraps=requests.get) - LeapCertificate.api_ca_bundle = CA_CERT + LeapCertificate.provider_api_cert = PROVIDER_API_CERT with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func): with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock): provider = LeapProvider('some-provider.test', self.config) provider.fetch_soledad_json() - get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=CA_CERT, timeout=15) + get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=PROVIDER_API_CERT, timeout=15) def test_that_leap_fingerprint_is_validated(self): session = MagicMock(wraps=requests.session()) -- cgit v1.2.3