From a1fc37326a79b95cdb056a100b321586f1c1fb7b Mon Sep 17 00:00:00 2001
From: Folker Bernitt <fbernitt@thoughtworks.com>
Date: Tue, 31 Mar 2015 13:50:43 +0200
Subject: Added support for ssl fingerprint validation.

- Issue #333
- Needed to patch urrlib3 for older requests versions
- Use --leap-cert-fingerprint <SHA1> to validate fingerprint
---
 service/pixelated/config/__init__.py  | 1 +
 service/pixelated/config/args.py      | 1 +
 service/pixelated/config/leap_cert.py | 7 ++++++-
 3 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'service/pixelated/config')

diff --git a/service/pixelated/config/__init__.py b/service/pixelated/config/__init__.py
index 2045354e..af264c77 100644
--- a/service/pixelated/config/__init__.py
+++ b/service/pixelated/config/__init__.py
@@ -37,6 +37,7 @@ import pixelated.support.ext_sqlcipher
 import pixelated.support.ext_esmtp_sender_factory
 import pixelated.support.ext_fetch
 import pixelated.support.ext_keymanager_fetch_key
+import pixelated.support.ext_requests_urllib3
 
 
 def initialize():
diff --git a/service/pixelated/config/args.py b/service/pixelated/config/args.py
index 48f7b6df..d3284fab 100644
--- a/service/pixelated/config/args.py
+++ b/service/pixelated/config/args.py
@@ -30,6 +30,7 @@ def parse():
     parser.add_argument('-sk', '--sslkey', metavar='<server.key>', default=None, help='use specified file as web server\'s SSL key (when using the user-agent together with the pixelated-dispatcher)')
     parser.add_argument('-sc', '--sslcert', metavar='<server.crt>', default=None, help='use specified file as web server\'s SSL certificate (when using the user-agent together with the pixelated-dispatcher)')
     parser.add_argument('-lc', '--leap-cert', metavar='<leap.crt>', default=None, help='use specified file for LEAP cert authority certificate (url https://<provider-domain>/ca.crt)')
+    parser.add_argument('--leap-cert-fingerprint', metavar='<leap certificate fingerprint>', default=None, help='use specified fingerprint to validate connection with leap provider', dest='leap_cert_fingerprint')
     parser.add_argument('--register', metavar=('provider', 'username'),
                         nargs=2, help='register a new username on the desired provider')
     args = parser.parse_args()
diff --git a/service/pixelated/config/leap_cert.py b/service/pixelated/config/leap_cert.py
index 9e6dfc01..3172c953 100644
--- a/service/pixelated/config/leap_cert.py
+++ b/service/pixelated/config/leap_cert.py
@@ -18,4 +18,9 @@ import pixelated.bitmask_libraries.certs as certs
 
 
 def init_leap_cert(args):
-    certs.LEAP_CERT = args.leap_cert
+    if args.leap_cert_fingerprint is None:
+        certs.LEAP_CERT = args.leap_cert
+        certs.LEAP_FINGERPRINT = None
+    else:
+        certs.LEAP_FINGERPRINT = args.leap_cert_fingerprint
+        certs.LEAP_CERT = False
-- 
cgit v1.2.3