Ejemplo n.º 1
0
    def test_fetch_uses_combined_ca_bundle_otherwise(self):
        with tempfile.NamedTemporaryFile() as tmp_input, \
                tempfile.NamedTemporaryFile(delete=False) as tmp_output:
            ca_content = pkg_resources.resource_string('leap.common.testing',
                                                       'cacert.pem')
            ca_cert_path = tmp_input.name
            self._dump_to_file(ca_cert_path, ca_content)

            pth = 'leap.bitmask.keymanager.tempfile.NamedTemporaryFile'
            with mock.patch(pth) as mocked:
                mocked.return_value = tmp_output
                km = self._key_manager(ca_cert_path=ca_cert_path)
                get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)

                yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL)

                # assert that combined bundle file is passed to get call
                get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')

                # assert that files got appended
                expected = self._slurp_file(ca_bundle.where()) + ca_content
                self.assertEqual(expected, self._slurp_file(tmp_output.name))

            del km  # force km out of scope
            self.assertFalse(path.exists(tmp_output.name))
Ejemplo n.º 2
0
    def test_fetch_key_use_default_ca_bundle_if_set_as_ca_cert_path(self):
        ca_cert_path = ca_bundle.where()
        km = self._key_manager(ca_cert_path=ca_cert_path)
        get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)

        yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL)

        get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
Ejemplo n.º 3
0
    def test_fetch_key_use_default_ca_bundle_if_set_as_ca_cert_path(self):
        ca_cert_path = ca_bundle.where()
        km = self._key_manager(ca_cert_path=ca_cert_path)
        get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)

        yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL, OpenPGPKey)

        get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
Ejemplo n.º 4
0
 def __del__(self):
     try:
         created_tmp_combined_ca_bundle = self._combined_ca_bundle not in \
             [ca_bundle.where(), self._ca_cert_path]
         if created_tmp_combined_ca_bundle:
             os.remove(self._combined_ca_bundle)
     except OSError:
         pass
Ejemplo n.º 5
0
 def __del__(self):
     try:
         created_tmp_combined_ca_bundle = self._combined_ca_bundle not in \
             [ca_bundle.where(), self._ca_cert_path]
         if created_tmp_combined_ca_bundle:
             os.remove(self._combined_ca_bundle)
     except OSError:
         pass
Ejemplo n.º 6
0
 def auto_detect_ca_bundle(self):
     if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
         local_cert = self._local_server_cert()
         if local_cert:
             return local_cert
         else:
             return ca_bundle.where()
     else:
         return self._config.ca_cert_bundle
Ejemplo n.º 7
0
 def auto_detect_ca_bundle(self):
     if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
         local_cert = self._local_server_cert()
         if local_cert:
             return local_cert
         else:
             return ca_bundle.where()
     else:
         return self._config.ca_cert_bundle
    def verify(self):
        """
        Verify parameter for requests.

        :returns: either False, if checks are skipped, or the
                  path to the ca bundle.
        :rtype: bool or str
        """
        if self._bypass_checks:
            verify = False
        else:
            verify = ca_bundle.where()
        return verify
Ejemplo n.º 9
0
def getCertifiTrustRoot():
    try:
        import certifi
        bundle = certifi.where()
    except ImportError:
        log.warn("certifi was not found. Using leap.common bundle")
        bundle = ca_bundle.where()
    if bundle is None:
        log.error("Cannot find an usable cacert bundle. "
                  "Certificate verification will fail")
        return None
    cacerts = certsFromBundle(bundle)
    return trustRootFromCertificates(cacerts)
Ejemplo n.º 10
0
def getCertifiTrustRoot():
    try:
        import certifi
        bundle = certifi.where()
    except ImportError:
        log.warn("certifi was not found. Using leap.common bundle")
        bundle = ca_bundle.where()
    if bundle is None:
        log.error("Cannot find an usable cacert bundle. "
                  "Certificate verification will fail")
        return None
    cacerts = certsFromBundle(bundle)
    return trustRootFromCertificates(cacerts)
Ejemplo n.º 11
0
    def create_combined_bundle_file(self):
        leap_ca_bundle = ca_bundle.where()

        if self.provider_api_cert == leap_ca_bundle:
            return self.provider_api_cert
        elif not self.provider_api_cert:
            return leap_ca_bundle

        with open(self.combined_cerfificates_path, 'w') as fout:
            fin = fileinput.input(files=(leap_ca_bundle,
                                         self.provider_api_cert))
            for line in fin:
                fout.write(line)
            fin.close()
Ejemplo n.º 12
0
    def _create_combined_bundle_file(self):
        leap_ca_bundle = ca_bundle.where()

        if self._ca_cert_path == leap_ca_bundle:
            return self._ca_cert_path  # don't merge file with itself
        elif not self._ca_cert_path:
            return leap_ca_bundle

        tmp_file = tempfile.NamedTemporaryFile(delete=False)

        with open(tmp_file.name, 'w') as fout:
            fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path))
            for line in fin:
                fout.write(line)
            fin.close()

        return tmp_file.name
Ejemplo n.º 13
0
    def _create_combined_bundle_file(self):
        leap_ca_bundle = ca_bundle.where()

        if self._ca_cert_path == leap_ca_bundle:
            return self._ca_cert_path   # don't merge file with itself
        elif not self._ca_cert_path:
            return leap_ca_bundle

        tmp_file = tempfile.NamedTemporaryFile(delete=False)

        with open(tmp_file.name, 'w') as fout:
            fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path))
            for line in fin:
                fout.write(line)
            fin.close()

        return tmp_file.name
Ejemplo n.º 14
0
    def verify(self):
        """
        Verify parameter for requests.

        :returns: either False, if checks are skipped, or the
                  path to the ca bundle.
        :rtype: bool or str
        """
        if self._bypass_checks:
            return False

        cert = flags.CA_CERT_FILE
        if cert is not None:
            verify = cert
        else:
            verify = ca_bundle.where()

        return verify
Ejemplo n.º 15
0
    def verify(self):
        """
        Verify parameter for requests.

        :returns: either False, if checks are skipped, or the
                  path to the ca bundle.
        :rtype: bool or str
        """
        if self._bypass_checks:
            return False

        cert = flags.CA_CERT_FILE
        if cert is not None:
            verify = cert
        else:
            verify = ca_bundle.where()

        return verify
Ejemplo n.º 16
0
    def test_fetch_uses_combined_ca_bundle_otherwise(self):
        with tempfile.NamedTemporaryFile() as tmp_input, \
                tempfile.NamedTemporaryFile(delete=False) as tmp_output:
            ca_content = pkg_resources.resource_string('leap.common.testing',
                                                       'cacert.pem')
            ca_cert_path = tmp_input.name
            self._dump_to_file(ca_cert_path, ca_content)

            with patch('leap.keymanager.tempfile.NamedTemporaryFile') as mock:
                mock.return_value = tmp_output
                km = self._key_manager(ca_cert_path=ca_cert_path)
                get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)

                yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL, OpenPGPKey)

                # assert that combined bundle file is passed to get call
                get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')

                # assert that files got appended
                expected = self._slurp_file(ca_bundle.where()) + ca_content
                self.assertEqual(expected, self._slurp_file(tmp_output.name))

            del km  # force km out of scope
            self.assertFalse(path.exists(tmp_output.name))