def register(
server_name,
username,
password,
leap_home,
provider_cert,
provider_cert_fingerprint):
try:
validate_username(username)
except ValueError:
print('Only lowercase letters, digits, . - and _ allowed.')
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def test_set_cert_and_fingerprint_sets_fingerprint(self):
LeapCertificate.set_cert_and_fingerprint(None, 'fingerprint')
certs = LeapCertificate(self.provider)
self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT)
self.assertFalse(certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_cert(self):
LeapCertificate.set_cert_and_fingerprint('some cert', None)
certs = LeapCertificate(self.provider)
self.assertIsNone(certs.LEAP_FINGERPRINT)
self.assertEqual('some cert', certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_fingerprint(self):
LeapCertificate.set_cert_and_fingerprint(None, "fingerprint")
certs = LeapCertificate(self.provider)
self.assertEqual("fingerprint", LeapCertificate.LEAP_FINGERPRINT)
self.assertFalse(certs.provider_web_cert)
def test_set_cert_and_fingerprint_when_none_are_passed(self):
LeapCertificate.set_cert_and_fingerprint(None, None)
certs = LeapCertificate(self.provider)
self.assertIsNone(certs.LEAP_FINGERPRINT)
self.assertEqual(True, certs.provider_web_cert)
def test_set_cert_and_fingerprint_when_none_are_passed(self):
LeapCertificate.set_cert_and_fingerprint(None, None)
certs = LeapCertificate(self.provider)
self.assertIsNone(certs.LEAP_FINGERPRINT)
self.assertEqual(True, certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_cert(self):
LeapCertificate.set_cert_and_fingerprint("some cert", None)
certs = LeapCertificate(self.provider)
self.assertIsNone(certs.LEAP_FINGERPRINT)
self.assertEqual("some cert", certs.provider_web_cert)
def initialize_leap(leap_provider_cert,
leap_provider_cert_fingerprint,
credentials_file,
organization_mode,
leap_home,
initial_sync=True):
init_monkeypatches()
events_server.ensure_server()
register(events.KEYMANAGER_FINISHED_KEY_GENERATION,
set_fresh_account)
provider, username, password = credentials.read(organization_mode,
credentials_file)
LeapCertificate.set_cert_and_fingerprint(leap_provider_cert,
leap_provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider, config)
LeapCertificate(provider).setup_ca_bundle()
leap_session = LeapSessionFactory(provider).create(username, password)
if initial_sync:
leap_session = yield leap_session.initial_sync()
global fresh_account
if fresh_account:
add_welcome_mail(leap_session.mail_store)
defer.returnValue(leap_session)
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.setup_ca()
provider.download_settings()
return provider
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider_hostname, config)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
return config, provider
def initialize_leap_provider(provider_hostname, provider_cert,
provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.setup_ca()
provider.download_settings()
return provider
def _set_provider(provider_cert, provider_cert_fingerprint, server_name, leap_home=None):
if leap_home:
leap_config.set_leap_home(leap_home)
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
provider = LeapProvider(server_name)
provider.setup_ca()
provider.download_settings()
return provider
def initialize_leap_provider(provider_hostname, provider_cert,
provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
provider.download_soledad_json()
return provider
def initialize_leap_provider(provider_hostname, provider_cert,
provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider_hostname, config)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
return config, provider
def test_that_leap_fingerprint_is_validated(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
LeapCertificate.set_cert_and_fingerprint(None, 'some fingerprint')
with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15)
session.mount.assert_called_with('https://', ANY)
def test_that_leap_fingerprint_is_validated(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
LeapCertificate.set_cert_and_fingerprint(None, 'some fingerprint')
with patch('pixelated.bitmask_libraries.provider.requests.session',
new=session_func):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt',
verify=False,
timeout=15)
session.mount.assert_called_with('https://', ANY)
def _create_new_session(self, username, password, auth):
account_email = self._provider.address_for(username)
self._create_database_dir(auth.uuid)
api_cert = LeapCertificate(self._provider).provider_api_cert
soledad = yield self.setup_soledad(auth.token, auth.uuid, password,
api_cert)
mail_store = LeapMailStore(soledad)
keymanager = yield self.setup_keymanager(self._provider, soledad,
account_email, auth.token,
auth.uuid)
smtp_client_cert = self._download_smtp_cert(auth)
smtp_host, smtp_port = self._provider.smtp_info()
smtp_config = LeapSMTPConfig(account_email, smtp_client_cert,
smtp_host, smtp_port)
leap_session = LeapSession(self._provider, auth, mail_store, soledad,
keymanager, smtp_config)
defer.returnValue(leap_session)
def initialize_leap(leap_provider_cert,
leap_provider_cert_fingerprint,
credentials_file,
organization_mode,
leap_home):
init_monkeypatches()
events_server.ensure_server(random.randrange(8000, 11999))
provider, username, password = credentials.read(organization_mode, credentials_file)
LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider, config)
LeapCertificate(provider).setup_ca_bundle()
leap_session = LeapSessionFactory(provider).create(username, password)
return leap_session
def _create_new_session(self, username, password, auth=None):
self._create_dir(self._provider.config.leap_home)
self._provider.download_certificate()
auth = auth or self._auth_leap(username, password)
account_email = self._provider.address_for(username)
self._create_database_dir(auth.uuid)
soledad = SoledadFactory.create(auth.token,
auth.uuid,
password,
self._secrets_path(auth.uuid),
self._local_db_path(auth.uuid),
self._provider.discover_soledad_server(auth.uuid),
LeapCertificate(self._provider).provider_api_cert)
mail_store = LeapMailStore(soledad)
nicknym = self._create_nicknym(account_email, auth.token, auth.uuid, soledad)
smtp_client_cert = self._download_smtp_cert(auth)
smtp_host, smtp_port = self._provider.smtp_info()
smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port)
return LeapSession(self._provider, auth, mail_store, soledad, nicknym, smtp_config)
def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint,
credentials_file, organization_mode, leap_home):
init_monkeypatches()
events_server.ensure_server()
provider, username, password = credentials.read(organization_mode,
credentials_file)
LeapCertificate.set_cert_and_fingerprint(leap_provider_cert,
leap_provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider, config)
LeapCertificate(provider).setup_ca_bundle()
leap_session = LeapSessionFactory(provider).create(username, password)
yield leap_session.initial_sync()
defer.returnValue(leap_session)
def register(server_name, username, password, leap_home, provider_cert,
provider_cert_fingerprint):
try:
validate_username(username)
except ValueError:
print('Only lowercase letters, digits, . - and _ allowed.')
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri,
LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def download(self):
cert_url = '%s/%s/cert' % (self._provider.api_uri,
self._provider.api_version)
cookies = {"_session_id": self._auth.session_id}
headers = {}
headers["Authorization"] = 'Token token="{0}"'.format(self._auth.token)
response = requests.get(cert_url,
verify=LeapCertificate(
self._provider).provider_api_cert,
cookies=cookies,
timeout=self._provider.config.timeout_in_s,
headers=headers)
response.raise_for_status()
client_cert = response.content
return client_cert
def download(self):
cert_url = '%s/%s/smtp_cert' % (self._provider.api_uri,
self._provider.api_version)
headers = {}
headers["Authorization"] = 'Token token="{0}"'.format(self._auth.token)
params = {'address': self._auth.username}
response = requests.post(cert_url,
params=params,
data=params,
verify=LeapCertificate(
self._provider).provider_api_cert,
timeout=self._provider.config.timeout_in_s,
headers=headers)
response.raise_for_status()
client_cert = response.content
return client_cert
def _init_soledad(self, encryption_passphrase):
try:
server_url = self._discover_soledad_server()
self._create_database_dir()
secrets = self._secrets_path()
local_db = self._local_db_path()
return Soledad(self.user_uuid,
passphrase=unicode(encryption_passphrase),
secrets_path=secrets,
local_db_path=local_db, server_url=server_url,
cert_file=LeapCertificate(self.provider).provider_api_cert,
shared_db=None,
auth_token=self.user_token,
defer_encryption=False)
except (WrongMacError, UnknownMacMethodError), e:
raise SoledadWrongPassphraseException(e)
def test_that_soledad_is_created_with_required_params(self, soledad_mock):
soledad_mock.return_value = None
# when
SoledadSession(self.provider, 'any-passphrase', self.auth.token,
self.auth.uuid)
# then
soledad_mock.assert_called_with(
self.auth.uuid,
passphrase=u'any-passphrase',
secrets_path='%s/soledad/%s.secret' %
(self.leap_home, self.auth.uuid),
local_db_path='%s/soledad/%s.db' %
(self.leap_home, self.auth.uuid),
server_url='https://couch1.some-server.test:1234/user-%s' %
self.auth.uuid,
cert_file=LeapCertificate(self.provider).provider_api_cert,
shared_db=None,
auth_token=self.auth.token,
defer_encryption=False)
def _download_client_certificates(self):
cert_path = self._client_cert_path()
if not os.path.exists(os.path.dirname(cert_path)):
os.makedirs(os.path.dirname(cert_path))
cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version)
cookies = {"_session_id": self.session_id}
headers = {}
headers["Authorization"] = 'Token token="{0}"'.format(self.user_token)
response = requests.get(
cert_url,
verify=LeapCertificate(self._provider).provider_api_cert,
cookies=cookies,
timeout=self._provider.config.timeout_in_s,
headers=headers)
response.raise_for_status()
client_cert = response.content
with open(cert_path, 'w') as f:
f.write(client_cert)
leap_home,
provider_cert,
provider_cert_fingerprint):
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
try:
validate_username(username)
validate_password(password)
except ValueError, e:
print(e.message)
sys.exit(1)
events_server.ensure_server()
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def validate_username(username):
accepted_characters = '^[a-z0-9\-\_\.]*$'
if (not re.match(accepted_characters, username)):
raise ValueError('Only lowercase letters, digits, . - and _ allowed.')
def register(server_name, username, password, leap_home, provider_cert,
provider_cert_fingerprint):
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
try:
validate_username(username)
validate_password(password)
except ValueError, e:
print(e.message)
sys.exit(1)
events_server.ensure_server()
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri,
LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def validate_username(username):
accepted_characters = '^[a-z0-9\-\_\.]*$'
if (not re.match(accepted_characters, username)):
def setUp(self):
self.config = LeapConfig(leap_home='/tmp/foobar')
LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
def test_provider_api_cert(self):
certs = LeapCertificate(self.provider).provider_api_cert
self.assertEqual(
'/some/leap/home/providers/test.leap.net/keys/client/api.pem',
certs)
def setUp(self):
leap_config.leap_home = '/tmp/foobar'
LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
def setUp(self):
self.config = LeapConfig(leap_home='/tmp/foobar')
LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
def setUp(self):
leap_config.set_leap_home('/tmp/foobar')
LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)