From 7b1af2ede753a63c9f584ccf37691917714e9655 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Mon, 8 Jun 2015 18:27:09 -0300 Subject: Fixed certificates initialization and removed which_api_bundle --- service/pixelated/application.py | 1 - service/pixelated/bitmask_libraries/certs.py | 7 +++---- service/pixelated/bitmask_libraries/nicknym.py | 4 ++-- service/pixelated/bitmask_libraries/provider.py | 9 +++++---- service/pixelated/bitmask_libraries/smtp.py | 8 ++++++-- service/pixelated/bitmask_libraries/soledad.py | 5 ++--- service/pixelated/register.py | 4 ++-- service/test/unit/bitmask_libraries/test_certs.py | 12 +++++------- service/test/unit/bitmask_libraries/test_provider.py | 8 ++++---- 9 files changed, 29 insertions(+), 29 deletions(-) (limited to 'service') diff --git a/service/pixelated/application.py b/service/pixelated/application.py index 55946a5e..67990661 100644 --- a/service/pixelated/application.py +++ b/service/pixelated/application.py @@ -15,7 +15,6 @@ # along with Pixelated. If not, see . import sys - from twisted.internet import reactor from twisted.internet.threads import deferToThread from twisted.internet import defer diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py index 3ca55469..3d567e53 100644 --- a/service/pixelated/bitmask_libraries/certs.py +++ b/service/pixelated/bitmask_libraries/certs.py @@ -34,10 +34,6 @@ def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint): LEAP_CERT = False -def which_api_CA_bundle(provider): - return str(LeapCertificate(provider).api_ca_bundle()) - - def which_bootstrap_cert_fingerprint(): return LEAP_FINGERPRINT @@ -59,6 +55,9 @@ class LeapCertificate(object): self._provider = provider def auto_detect_bootstrap_ca_bundle(self): + if LEAP_CERT is not None: + return LEAP_CERT + if self._config.bootstrap_ca_cert_bundle == AUTO_DETECT_CA_BUNDLE: local_cert = self._local_bootstrap_server_cert() if local_cert: diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py index bee90897..d7c9c7af 100644 --- a/service/pixelated/bitmask_libraries/nicknym.py +++ b/service/pixelated/bitmask_libraries/nicknym.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see . from leap.keymanager import KeyManager, openpgp, KeyNotFound -from .certs import which_api_CA_bundle +from .certs import LeapCertificate class NickNym(object): @@ -23,7 +23,7 @@ class NickNym(object): self._email = '%s@%s' % (username, provider.domain) self.keymanager = KeyManager('%s@%s' % (username, provider.domain), nicknym_url, soledad_session.soledad, - token, which_api_CA_bundle(provider), provider.api_uri, + token, LeapCertificate(provider).api_ca_bundle(), provider.api_uri, provider.api_version, uuid, config.gpg_binary) diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py index 1564c974..afad66e3 100644 --- a/service/pixelated/bitmask_libraries/provider.py +++ b/service/pixelated/bitmask_libraries/provider.py @@ -17,7 +17,8 @@ import json from leap.common.certs import get_digest import requests -from .certs import which_bootstrap_CA_bundle, which_api_CA_bundle, which_bootstrap_cert_fingerprint +from .certs import which_bootstrap_cert_fingerprint +from .certs import LeapCertificate from pixelated.support.tls_adapter import EnforceTLSv1Adapter @@ -100,7 +101,7 @@ class LeapProvider(object): session = requests.session() try: session.mount('https://', EnforceTLSv1Adapter(assert_fingerprint=which_bootstrap_cert_fingerprint())) - response = session.get(url, verify=which_bootstrap_CA_bundle(self), timeout=self.config.timeout_in_s) + response = session.get(url, verify=LeapCertificate(self).auto_detect_bootstrap_ca_bundle(), timeout=self.config.timeout_in_s) response.raise_for_status() return response finally: @@ -115,14 +116,14 @@ class LeapProvider(object): def fetch_soledad_json(self): service_url = "%s/%s/config/soledad-service.json" % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) def fetch_smtp_json(self): service_url = '%s/%s/config/smtp-service.json' % ( self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_api_CA_bundle(self), timeout=self.config.timeout_in_s) + response = requests.get(service_url, verify=LeapCertificate(self).api_ca_bundle(), timeout=self.config.timeout_in_s) response.raise_for_status() return json.loads(response.content) diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py index c22601d2..4b6ec719 100644 --- a/service/pixelated/bitmask_libraries/smtp.py +++ b/service/pixelated/bitmask_libraries/smtp.py @@ -17,8 +17,8 @@ import logging import os import requests import random -from .certs import which_api_CA_bundle from leap.mail.smtp import setup_smtp_gateway +from pixelated.bitmask_libraries.certs import LeapCertificate logger = logging.getLogger(__name__) @@ -59,7 +59,11 @@ class LeapSmtp(object): cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) cookies = {"_session_id": self.session_id} - response = requests.get(cert_url, verify=which_api_CA_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s) + response = requests.get( + cert_url, + verify=LeapCertificate(self._provider).api_ca_bundle(), + cookies=cookies, + timeout=self._provider.config.timeout_in_s) response.raise_for_status() client_cert = response.content diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py index f3fca95a..207b3e73 100644 --- a/service/pixelated/bitmask_libraries/soledad.py +++ b/service/pixelated/bitmask_libraries/soledad.py @@ -19,8 +19,7 @@ import os from leap.keymanager import KeyManager from leap.soledad.client import Soledad from leap.soledad.common.crypto import WrongMac, UnknownMacMethod -from .certs import which_api_CA_bundle - +from pixelated.bitmask_libraries.certs import LeapCertificate SOLEDAD_TIMEOUT = 120 SOLEDAD_CERT = '/tmp/ca.crt' @@ -68,7 +67,7 @@ class SoledadSession(object): local_db = self._local_db_path() return Soledad(self.user_uuid, unicode(encryption_passphrase), secrets, - local_db, server_url, which_api_CA_bundle(self.provider), self.user_token, defer_encryption=False) + local_db, server_url, LeapCertificate(self.provider).api_ca_bundle(), self.user_token, defer_encryption=False) except (WrongMac, UnknownMacMethod), e: raise SoledadWrongPassphraseException(e) diff --git a/service/pixelated/register.py b/service/pixelated/register.py index 0eac97a7..576c069d 100644 --- a/service/pixelated/register.py +++ b/service/pixelated/register.py @@ -20,7 +20,7 @@ import logging from pixelated.bitmask_libraries import session as leap_session from pixelated.config import arguments from pixelated.config import logger as logger_config -from pixelated.bitmask_libraries.certs import which_api_CA_bundle +from pixelated.bitmask_libraries.certs import LeapCertificate from pixelated.bitmask_libraries.config import LeapConfig from pixelated.bitmask_libraries.provider import LeapProvider from leap.auth import SRPAuth @@ -37,7 +37,7 @@ def register(server_name, username): config = LeapConfig() provider = LeapProvider(server_name, config) password = getpass.getpass('Please enter password for %s: ' % username) - srp_auth = SRPAuth(provider.api_uri, which_api_CA_bundle(provider)) + srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).api_ca_bundle()) if srp_auth.register(username, password): session = leap_session.open_leap_session(username, password, server_name) diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py index 4a06649d..814f083f 100644 --- a/service/test/unit/bitmask_libraries/test_certs.py +++ b/service/test/unit/bitmask_libraries/test_certs.py @@ -1,6 +1,6 @@ import unittest -from pixelated.bitmask_libraries.certs import which_bootstrap_CA_bundle, which_api_CA_bundle +from pixelated.bitmask_libraries.certs import LeapCertificate from pixelated.bitmask_libraries.config import AUTO_DETECT_CA_BUNDLE from mock import MagicMock, patch @@ -9,27 +9,25 @@ class CertsTest(unittest.TestCase): @patch('pixelated.bitmask_libraries.certs.os.path.isfile') @patch('pixelated.bitmask_libraries.certs.os.path.isdir') - def test_that_which_bootstrap_cert_bundle_returns_byte_string(self, mock_isdir, mock_isfile): + def test_that_which_bootstrap_cert_bundle_returns_string(self, mock_isdir, mock_isfile): mock_isfile.return_value = True mock_isdir.return_value = True config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, leap_home='/leap/home') provider = MagicMock(server_name=u'test.leap.net', config=config) - bundle = which_bootstrap_CA_bundle(provider) + bundle = LeapCertificate(provider).auto_detect_bootstrap_ca_bundle() self.assertEqual('/leap/home/providers/test.leap.net/test.leap.net.ca.crt', bundle) - self.assertEqual(str, type(bundle)) @patch('pixelated.bitmask_libraries.certs.os.path.isfile') @patch('pixelated.bitmask_libraries.certs.os.path.isdir') - def test_that_which_bundle_returns_byte_string(self, mock_isdir, mock_isfile): + def test_that_which_bundle_returns_string(self, mock_isdir, mock_isfile): mock_isfile.return_value = True mock_isdir.return_value = True config = MagicMock(bootstrap_ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, ca_cert_bundle=None, leap_home='/some/leap/home') provider = MagicMock(server_name=u'test.leap.net', config=config) - bundle = which_api_CA_bundle(provider) + bundle = LeapCertificate(provider).api_ca_bundle() self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', bundle) - self.assertEqual(str, type(bundle)) diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py index 0771c7cc..5b5c2034 100644 --- a/service/test/unit/bitmask_libraries/test_provider.py +++ b/service/test/unit/bitmask_libraries/test_provider.py @@ -220,11 +220,11 @@ class LeapProviderTest(AbstractLeapTest): session_func = MagicMock(return_value=session) with patch('pixelated.bitmask_libraries.provider.which_bootstrap_cert_fingerprint', return_value='some fingerprint'): - with patch('pixelated.bitmask_libraries.provider.which_bootstrap_CA_bundle', return_value=False): with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func): - with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock): - provider = LeapProvider('some-provider.test', self.config) - provider.fetch_valid_certificate() + with patch('pixelated.bitmask_libraries.certs.LeapCertificate.auto_detect_bootstrap_ca_bundle', return_value=False): + with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + provider.fetch_valid_certificate() session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15) session.mount.assert_called_with('https://', ANY) -- cgit v1.2.3