def _background(meta, oauth, dialog, builder, lets_connect):
try:
cert, key = create_keypair(oauth, meta.api_base_uri)
meta.cert = cert
meta.key = key
meta.config = get_profile_config(oauth, meta.api_base_uri,
meta.profile_id)
ovpn_text = format_like_ovpn(meta.config, meta.cert, meta.key)
config_dict = parse_ovpn(ovpn_text)
if meta.two_factor:
GLib.idle_add(lambda: two_auth_step(builder,
oauth,
meta,
config_dict=config_dict,
lets_connect=lets_connect))
else:
GLib.idle_add(lambda: finalizing_step(meta=meta,
builder=builder,
config_dict=config_dict,
lets_connect=lets_connect))
GLib.idle_add(lambda: dialog.hide())
except Exception as e:
error = e
GLib.idle_add(lambda: error_helper(
dialog, "can't finalize configuration", "{}: {}".format(
type(error).__name__, str(error))))
GLib.idle_add(lambda: dialog.hide())
raise
def refresh():
"""
Refreshes an active configuration. The token is refreshed if expired, and a new token is obtained if the token
is invalid.
"""
uuid, auth_url, metadata = get_storage(check=True)
token, token_endpoint, auth_endpoint, api_url, display_name, support_contact, profile_id, con_type, country_id, _, _ = metadata
oauth = OAuth2Session(client_id=CLIENT_ID,
token=token,
auto_refresh_url=token_endpoint)
try:
token = oauth.refresh_token(token_url=token_endpoint)
except InvalidGrantError as e:
_logger.warning(f"token invalid: {e}")
oauth = oauth2.run_challenge(token_endpoint, auth_endpoint)
api_base_uri, token_endpoint, auth_endpoint = get_info(auth_url)
client = get_client()
try:
cert, key = get_cert_key(client, uuid)
except IOError:
# probably the NM connection was deleted
cert = None
if not cert or not check_certificate(oauth, api_base_uri, cert):
key, cert = create_keypair(oauth, api_base_uri)
config = get_config(oauth, api_base_uri, profile_id)
save_connection_with_mainloop(config, key, cert)
update_token(token)
def _background(meta, oauth, dialog, builder):
try:
cert, key = create_keypair(oauth, meta.api_base_uri)
meta.cert = cert
meta.key = key
meta.config = get_profile_config(oauth, meta.api_base_uri,
meta.profile_id)
except Exception as e:
GLib.idle_add(
lambda: error_helper(dialog, "can't finalize configuration",
"{}: {}".format(type(e).__name__, str(e))))
GLib.idle_add(lambda: dialog.hide())
raise
else:
try:
uuid = store_provider(meta)
monitor_vpn(
uuid=uuid,
callback=lambda *args, **kwargs: vpn_change(builder=builder))
GLib.idle_add(
lambda: notify("eduVPN provider added", "added provider '{}'".
format(meta.display_name)))
except Exception as e:
GLib.idle_add(
lambda: error_helper(dialog, "can't store configuration",
"{} {}".format(type(e).__name__, str(e))))
GLib.idle_add(lambda: dialog.hide())
raise
else:
GLib.idle_add(lambda: dialog.hide())
GLib.idle_add(lambda: update_providers(builder))
def activate_connection(meta, builder):
"""do the actual connecting action"""
logger.info("Connecting to {}".format(meta.display_name))
notify("eduVPN connecting...", "Connecting to '{}'".format(meta.display_name))
try:
if not meta.token:
logger.error("metadata for {} doesn't contain oauth2 token".format(meta.uuid))
else:
oauth = oauth_from_token(meta=meta)
config = get_profile_config(oauth, meta.api_base_uri, meta.profile_id)
meta.config = config
update_config_provider(meta)
if datetime.now() > datetime.fromtimestamp(meta.token['expires_at']):
logger.info("key pair is expired")
cert, key = create_keypair(oauth, meta.api_base_uri)
update_keys_provider(meta.uuid, cert, key)
connect_provider(meta.uuid)
except Exception as e:
switch = builder.get_object('connect-switch')
GLib.idle_add(switch.set_active, False)
window = builder.get_object('eduvpn-window')
error_helper(window, "can't enable connection", "{}: {}".format(type(e).__name__, str(e)))
raise
def _cert_check(meta, oauth, builder, info):
common_name = common_name_from_cert(meta.cert.encode('ascii'))
cert_valid = check_certificate(oauth, meta.api_base_uri, common_name)
if not cert_valid['is_valid']:
logger.warning('client certificate not valid, reason: {}'.format(
cert_valid['reason']))
if cert_valid['reason'] in ('certificate_missing',
'certificate_not_yet_valid',
'certificate_expired'):
logger.info('Going to try to fetch new keypair')
cert, key = create_keypair(oauth, meta.api_base_uri)
update_keys_provider(meta.uuid, cert, key)
elif cert_valid['reason'] == 'user_disabled':
raise EduvpnException('Your account has been disabled.')
else:
raise EduvpnException(
'Your client certificate is invalid ({})'.format(
cert_valid['reason']))
_fetch_updated_config(oauth, meta, builder, info)
def get_config_and_keycert(oauth: OAuth2Session, api_url: str,
profile_id: str) -> Tuple[str, str, str]:
config = get_config(oauth, api_url, profile_id)
private_key, certificate = create_keypair(oauth, api_url)
return config, private_key, certificate
def main():
logging.basicConfig(level=logging.INFO)
search_term = parse_args()
verifier = make_verifier(Ed25519_PUBLIC_KEY)
if isinstance(search_term,
str) and search_term.lower().startswith('https://'):
base_url = search_term
info_url = base_url
else:
servers = list_servers(SERVER_URI, verifier=verifier)
secure_internet = [
s for s in servers if s['server_type'] == 'secure_internet'
]
institute_access = [
s for s in servers if s['server_type'] == 'institute_access'
]
orgs = list_orgs(ORGANISATION_URI, verifier=verifier)
choice = menu(institutes=institute_access,
orgs=orgs,
search_term=search_term)
if not choice:
exit(1)
type_, base_url = choice
if type_ == 'secure_internet_home':
secure_internets = [
s for s in secure_internet if s['base_url'] == base_url
]
info_url = secure_internet_choice(secure_internets)
else:
info_url = base_url
exists = get_entry(base_url)
if exists:
token, api_base_uri, token_endpoint, authorization_endpoint = exists
oauth = OAuth2Session(client_id=CLIENT_ID,
token=token,
auto_refresh_url=token_endpoint)
else:
api_base_uri, token_endpoint, auth_endpoint = get_info(
info_url, verifier)
oauth = get_oauth(token_endpoint, auth_endpoint)
set_entry(base_url, oauth.token, api_base_uri, token_endpoint,
auth_endpoint)
oauth.refresh_token(token_url=token_endpoint)
profiles = list_profiles(oauth, api_base_uri)
profile_id = profile_choice(profiles)
config = get_config(oauth, api_base_uri, profile_id)
private_key, certificate = create_keypair(oauth, api_base_uri)
if write_to_nm_choice():
save_connection(config, private_key, certificate)
else:
target = Path('eduVPN.ovpn').resolve()
print(f"Writing configuration to {target}")
write_config(config, private_key, certificate, target)
def test_create_keypair(self):
create_keypair(oauth=self.oauth, api_base_uri='test')
