3 files changed, 33 insertions, 8 deletions

diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 635308bb..b335b857 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -319,7 +319,6 @@ class ProviderCertChecker(object):
         return "https://%s/1/cert" % self.domain
 
     def _get_client_cert_path(self):
-        # MVS+ : get provider path
         return eipspecs.client_cert_path(domain=self.domain)
 
     def _get_ca_cert_path(self, domain):
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index ef0f52b4..1ce4a54e 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -78,8 +78,15 @@ def get_eip_gateway():
         return placeholder
     if len(gateways) > 0:
         for gw in gateways:
-            if gw['name'] == primary_gateway:
-                hosts = gw['hosts']
+            name = gw.get('name', None)
+            if not name:
+                return
+
+            if name == primary_gateway:
+                hosts = gw.get('hosts', None)
+                if not hosts:
+                    logger.error('no hosts')
+                    return
                 if len(hosts) > 0:
                     return hosts[0]
                 else:
diff --git a/src/leap/gui/firstrunwizard.py b/src/leap/gui/firstrunwizard.py
index 68cd4253..287332cd 100755
--- a/src/leap/gui/firstrunwizard.py
+++ b/src/leap/gui/firstrunwizard.py
@@ -47,6 +47,7 @@ class FirstRunWizard(QtGui.QWizard):
             self, parent=None, providers=None,
             success_cb=None, is_provider_setup=False,
             is_previously_registered=False,
+            trusted_certs=None,
             netchecker=basechecks.LeapNetworkChecker,
             providercertchecker=eipchecks.ProviderCertChecker,
             eipconfigchecker=eipchecks.EIPConfigChecker):
@@ -69,6 +70,10 @@ class FirstRunWizard(QtGui.QWizard):
         # if True, jumps to LogIn page.
         self.is_previously_registered = is_previously_registered
 
+        # a dict with trusted fingerprints
+        # in the form {'nospacesfingerprint': ['host1', 'host2']}
+        self.trusted_certs = trusted_certs
+
         # Checkers
         self.netchecker = netchecker
         self.providercertchecker = providercertchecker
@@ -415,10 +420,17 @@ class SelectProviderPage(QtGui.QWizardPage):
                 self.set_validation_status(exc.usermessage)
                 fingerprint = certs.get_cert_fingerprint(
                     domain=domain, sep=" ")
-                self.add_cert_info(fingerprint)
-                self.did_cert_check = True
-                self.completeChanged.emit()
-                return False
+
+                # it's ok if we've trusted this fgprt before
+                trustedcrts = self.wizard().trusted_certs
+                if trustedcrts and fingerprint.replace(' ', '') in trustedcrts:
+                    pass
+                else:
+                    # let your user face panick :P
+                    self.add_cert_info(fingerprint)
+                    self.did_cert_check = True
+                    self.completeChanged.emit()
+                    return False
 
         except baseexceptions.LeapException as exc:
             self.set_validation_status(exc.usermessage)
@@ -1044,6 +1056,13 @@ if __name__ == '__main__':
     logger.setLevel(logging.DEBUG)
 
     app = QtGui.QApplication(sys.argv)
-    wizard = FirstRunWizard()  # providers=('springbok',))
+
+    trusted_certs = {
+        "3DF83F316BFA0186"
+        "0A11A5C9C7FC24B9"
+        "18C62B941192CC1A"
+        "49AE62218B2A4B7C": ['springbok']}
+
+    wizard = FirstRunWizard(trusted_certs=trusted_certs)
     wizard.show()
     sys.exit(app.exec_())