From 3e902a70b94d31458c159c641720d38152bbb267 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Mon, 8 Jun 2015 18:54:27 -0300 Subject: Moved initialization, fingerprint and cert inside LeapCertificate class --- service/pixelated/bitmask_libraries/certs.py | 42 +++++++++---------------- service/pixelated/bitmask_libraries/provider.py | 3 +- service/pixelated/bitmask_libraries/session.py | 4 +-- service/pixelated/config/leap.py | 4 +-- 4 files changed, 19 insertions(+), 34 deletions(-) (limited to 'service/pixelated') diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index 16319d83..2535b747 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -20,37 +20,29 @@ from leap.common import ca_bundle from .config import AUTO_DETECT_CA_BUNDLE -LEAP_CERT = None -LEAP_FINGERPRINT = None -PACKAGED_CERTS_HOME = os.path.abspath(os.path.join(os.path.abspath(__file__), "..", "..", "certificates")) +class LeapCertificate(object): -def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint): - if leap_provider_cert_fingerprint is None: - LEAP_CERT = leap_provider_cert or True - LEAP_FINGERPRINT = None - else: - LEAP_FINGERPRINT = leap_provider_cert_fingerprint - LEAP_CERT = False - - -def which_bootstrap_cert_fingerprint(): - return LEAP_FINGERPRINT - - -def refresh_ca_bundle(provider): - LeapCertificate(provider).refresh_ca_bundle() - + LEAP_CERT = None + LEAP_FINGERPRINT = None -class LeapCertificate(object): def __init__(self, provider): self._config = provider.config self._server_name = provider.server_name self._provider = provider + @staticmethod + def set_cert_and_fingerprint(cert_file=None, cert_fingerprint=None): + if cert_fingerprint is None: + LeapCertificate.LEAP_CERT = cert_file or True + LeapCertificate.LEAP_FINGERPRINT = None + else: + LeapCertificate.LEAP_FINGERPRINT = cert_fingerprint + LeapCertificate.LEAP_CERT = False + def auto_detect_bootstrap_ca_bundle(self): - if LEAP_CERT is not None: - return LEAP_CERT + if self.LEAP_CERT is not None: + return self.LEAP_CERT if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE: local_cert = self._local_bootstrap_server_cert() @@ -91,12 +83,6 @@ class LeapCertificate(object): if os.path.isfile(cert_file): return cert_file - cert_file = os.path.join(PACKAGED_CERTS_HOME, '%s.ca.crt' % self._server_name) - if os.path.exists(cert_file): - return cert_file - - # else download the file - cert_file = self._bootstrap_certs_cert_file() response = requests.get('https://%s/provider.json' % self._server_name) provider_data = json.loads(response.content) ca_cert_uri = str(provider_data['ca_cert_uri']) diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index afad66e3..38df504e 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -17,7 +17,6 @@ import json from leap.common.certs import get_digest import requests -from .certs import which_bootstrap_cert_fingerprint from .certs import LeapCertificate from pixelated.support.tls_adapter import EnforceTLSv1Adapter @@ -100,7 +99,7 @@ class LeapProvider(object): def _validated_get(self, url): session = requests.session() try: - session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint())) + session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=LeapCertificate.LEAP_FINGERPRINT)) response = session.get(url, verify=LeapCertificate(self).auto_detect_bootstrap_ca_bundle(), timeout=self.config.timeout_in_s) response.raise_for_status() return response diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py index 12cbd91b..09bf277d 100644 --- a/service/pixelated/bitmask_libraries/session.py +++ b/service/pixelated/bitmask_libraries/session.py @@ -24,7 +24,7 @@ from leap.mail.imap.memorystore import MemoryStore from leap.mail.imap.soledadstore import SoledadStore from pixelated.bitmask_libraries.config import LeapConfig from pixelated.bitmask_libraries.provider import LeapProvider -from pixelated.bitmask_libraries.certs import refresh_ca_bundle +from pixelated.bitmask_libraries.certs import LeapCertificate from twisted.internet import reactor from .nicknym import NickNym from leap.auth import SRPAuth @@ -39,7 +39,7 @@ SESSIONS = {} def open_leap_session(username, password, server_name, leap_home=DEFAULT_LEAP_HOME): config = LeapConfig(leap_home=leap_home) provider = LeapProvider(server_name, config) - refresh_ca_bundle(provider) + LeapCertificate(provider).refresh_ca_bundle() session = LeapSessionFactory(provider).create(username, password) return session diff --git a/service/pixelated/config/leap.py b/service/pixelated/config/leap.py index 0248a46f..7a383b17 100644 --- a/service/pixelated/config/leap.py +++ b/service/pixelated/config/leap.py @@ -2,7 +2,7 @@ from __future__ import absolute_import import random from pixelated.config import credentials from leap.common.events import server as events_server -from pixelated.bitmask_libraries import certs +from pixelated.bitmask_libraries.certs import LeapCertificate from pixelated.bitmask_libraries.session import open_leap_session @@ -13,7 +13,7 @@ def initialize_leap(leap_provider_cert, leap_home): init_monkeypatches() provider, user, password = credentials.read(organization_mode, credentials_file) - certs.init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint) + LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint) events_server.ensure_server(random.randrange(8000, 11999)) leap_session = create_leap_session(provider, user, password, leap_home) leap_session.start_background_jobs() -- cgit v1.2.3