def test_should_redownload_if_invalid_pem(self):
        cert_path = self.get_tempfile('test_pem_file.pem')

        with open(cert_path, 'w') as f:
            f.write('this is some invalid data for the pem file')

        self.assertTrue(certs.should_redownload(cert_path))
    def _download_client_certificates(self, *args):
        """
        Downloads the EIP client certificate for the given provider
        """
        leap_assert(self._provider_config, "We need a provider configuration!")
        leap_assert(self._eip_config, "We need an eip configuration!")

        logger.debug("Downloading EIP client certificate for %s" %
                     (self._provider_config.get_domain(),))

        client_cert_path = self._eip_config.\
            get_client_cert_path(self._provider_config,
                                 about_to_download=True)

        # For re-download if something is wrong with the cert
        self._download_if_needed = self._download_if_needed and \
            not leap_certs.should_redownload(client_cert_path)

        if self._download_if_needed and \
                os.path.isfile(client_cert_path):
            check_and_fix_urw_only(client_cert_path)
            return

        download_client_cert(
            self._provider_config,
            client_cert_path,
            self._session)
Exemple #3
0
    def test_should_redownload_if_invalid_pem(self):
        cert_path = self.get_tempfile('test_pem_file.pem')

        with open(cert_path, 'w') as f:
            f.write('this is some invalid data for the pem file')

        self.assertTrue(certs.should_redownload(cert_path))
    def _download_client_certificates(self, *args):
        """
        Downloads the EIP client certificate for the given provider
        """
        leap_assert(self._provider_config, "We need a provider configuration!")
        leap_assert(self._eip_config, "We need an eip configuration!")

        logger.debug("Downloading EIP client certificate for %s" %
                     (self._provider_config.get_domain(), ))

        client_cert_path = self._eip_config.\
            get_client_cert_path(self._provider_config,
                                 about_to_download=True)

        # For re-download if something is wrong with the cert
        self._download_if_needed = self._download_if_needed and \
            not leap_certs.should_redownload(client_cert_path)

        if self._download_if_needed and \
                os.path.isfile(client_cert_path):
            check_and_fix_urw_only(client_cert_path)
            return

        download_client_cert(self._provider_config, client_cert_path,
                             self._session)
    def _download_client_certificates(self, *args):
        """
        Downloads the SMTP client certificate for the given provider

        We actually are downloading the certificate for the same uri as
        for the EIP config, but we duplicate these bits to allow mail
        service to be working in a provider that does not offer EIP.
        """
        # TODO factor out with eipboostrapper.download_client_certificates
        # TODO this shouldn't be a private method, it's called from
        # mainwindow.
        leap_assert(self._provider_config, "We need a provider configuration!")
        leap_assert(self._smtp_config, "We need an smtp configuration!")

        logger.debug("Downloading SMTP client certificate for %s" %
                     (self._provider_config.get_domain(),))

        client_cert_path = self._smtp_config.\
            get_client_cert_path(self._provider_config,
                                 about_to_download=True)

        # For re-download if something is wrong with the cert
        self._download_if_needed = self._download_if_needed and \
            not leap_certs.should_redownload(client_cert_path)

        if self._download_if_needed and \
                os.path.isfile(client_cert_path):
            check_and_fix_urw_only(client_cert_path)
            return

        download_client_cert(self._provider_config,
                             client_cert_path,
                             self._session)
    def _download_config_and_cert(self):
        """
        Downloads the SMTP config and cert for the given provider.
        """
        leap_assert(self._provider_config,
                    "We need a provider configuration!")

        logger.debug("Downloading SMTP config for %s" %
                     (self._provider_config.get_domain(),))

        download_service_config(
            self._provider_config,
            self._smtp_config,
            self._session,
            self._download_if_needed)

        hosts = self._smtp_config.get_hosts()

        if len(hosts) == 0:
            raise NoSMTPHosts()

        # TODO handle more than one host and define how to choose
        hostname = hosts.keys()[0]
        logger.debug("Using hostname %s for SMTP" % (hostname,))

        client_cert_path = self._smtp_config.get_client_cert_path(
            self._userid, self._provider_config, about_to_download=True)

        needs_download = leap_certs.should_redownload(client_cert_path)

        if needs_download:
            # For re-download if something is wrong with the cert
            # FIXME this doesn't read well. should reword the logic here.
            self._download_if_needed = (
                self._download_if_needed and not needs_download)

            if self._download_if_needed and os.path.isfile(client_cert_path):
                check_and_fix_urw_only(client_cert_path)
                return

            try:
                download_client_cert(self._provider_config,
                                     client_cert_path,
                                     self._session, kind="smtp")
            except HTTPError as exc:
                if exc.message.startswith('403 Client Error'):
                    logger.debug(
                        'Auth problem downloading smtp certificate... '
                        'It might be a provider problem, will try '
                        'fetching from vpn pool')
                    warnings.warn(
                        'Compatibility hack for platform 0.7 not fully '
                        'supporting smtp certificates. Will be deprecated in '
                        'bitmask 0.10')
                    download_client_cert(self._provider_config,
                                         client_cert_path,
                                         self._session, kind="vpn")
                else:
                    raise
    def _download_config_and_cert(self):
        """
        Downloads the SMTP config and cert for the given provider.
        """
        leap_assert(self._provider_config, "We need a provider configuration!")

        logger.debug("Downloading SMTP config for %s" %
                     (self._provider_config.get_domain(), ))

        download_service_config(self._provider_config, self._smtp_config,
                                self._session, self._download_if_needed)

        hosts = self._smtp_config.get_hosts()

        if len(hosts) == 0:
            raise NoSMTPHosts()

        # TODO handle more than one host and define how to choose
        hostname = hosts.keys()[0]
        logger.debug("Using hostname %s for SMTP" % (hostname, ))

        client_cert_path = self._smtp_config.get_client_cert_path(
            self._userid, self._provider_config, about_to_download=True)

        needs_download = leap_certs.should_redownload(client_cert_path)

        if needs_download:
            # For re-download if something is wrong with the cert
            # FIXME this doesn't read well. should reword the logic here.
            self._download_if_needed = (self._download_if_needed
                                        and not needs_download)

            if self._download_if_needed and os.path.isfile(client_cert_path):
                check_and_fix_urw_only(client_cert_path)
                return

            try:
                download_client_cert(self._provider_config,
                                     client_cert_path,
                                     self._session,
                                     kind="smtp")
            except HTTPError as exc:
                if exc.message.startswith('403 Client Error'):
                    logger.debug(
                        'Auth problem downloading smtp certificate... '
                        'It might be a provider problem, will try '
                        'fetching from vpn pool')
                    warnings.warn(
                        'Compatibility hack for platform 0.7 not fully '
                        'supporting smtp certificates. Will be deprecated in '
                        'bitmask 0.10')
                    download_client_cert(self._provider_config,
                                         client_cert_path,
                                         self._session,
                                         kind="vpn")
                else:
                    raise
    def _download_client_certificates(self, *args):
        """
        Downloads the EIP client certificate for the given provider
        """
        leap_assert(self._provider_config, "We need a provider configuration!")
        leap_assert(self._eip_config, "We need an eip configuration!")

        logger.debug("Downloading EIP client certificate for %s" %
                     (self._provider_config.get_domain(),))

        client_cert_path = self._eip_config.\
            get_client_cert_path(self._provider_config,
                                 about_to_download=True)

        # For re-download if something is wrong with the cert
        self._download_if_needed = self._download_if_needed and \
            not certs.should_redownload(client_cert_path)

        if self._download_if_needed and \
                os.path.exists(client_cert_path):
            check_and_fix_urw_only(client_cert_path)
            return

        srp_auth = SRPAuth(self._provider_config)
        session_id = srp_auth.get_session_id()
        cookies = None
        if session_id:
            cookies = {"_session_id": session_id}
        cert_uri = "%s/%s/cert" % (
            self._provider_config.get_api_uri(),
            self._provider_config.get_api_version())
        logger.debug('getting cert from uri: %s' % cert_uri)
        res = self._session.get(cert_uri,
                                verify=self._provider_config
                                .get_ca_cert_path(),
                                cookies=cookies,
                                timeout=REQUEST_TIMEOUT)
        res.raise_for_status()
        client_cert = res.content

        if not certs.is_valid_pemfile(client_cert):
            raise Exception(self.tr("The downloaded certificate is not a "
                                    "valid PEM file"))

        mkdir_p(os.path.dirname(client_cert_path))

        with open(client_cert_path, "w") as f:
            f.write(client_cert)

        check_and_fix_urw_only(client_cert_path)
    def _can_start(self, domain):
        """
        Returns True if it has everything that is needed to run EIP,
        False otherwise

        :param domain: the domain for the provider to check
        :type domain: str
        """
        if IS_LINUX and not LinuxPolicyChecker.is_up():
            logger.error("No polkit agent running.")
            return False

        provider_config = ProviderConfig.get_provider_config(domain)
        if EIP_SERVICE not in provider_config.get_services():
            return False
        eip_config = eipconfig.EIPConfig()

        api_version = provider_config.get_api_version()
        eip_config.set_api_version(api_version)
        eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))

        launcher = get_vpn_launcher()
        ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
        if not os.path.isfile(ovpn_path):
            logger.error("Cannot start OpenVPN, binary not found: %s" %
                         (ovpn_path,))
            return False

        # check for other problems
        if not eip_loaded or provider_config is None:
            logger.error("Cannot load provider and eip config, cannot "
                         "autostart")
            return False

        client_cert_path = eip_config.\
            get_client_cert_path(provider_config, about_to_download=True)

        if leap_certs.should_redownload(client_cert_path):
            logger.error("The client should redownload the certificate,"
                         " cannot autostart")
            return False

        if not os.path.isfile(client_cert_path):
            logger.error("Can't find the certificate, cannot autostart")
            return False

        return True
    def _can_start(self, domain):
        """
        Returns True if it has everything that is needed to run EIP,
        False otherwise

        :param domain: the domain for the provider to check
        :type domain: str
        """
        if not LinuxPolicyChecker.is_up():
            logger.error("No polkit agent running.")
            return False

        eip_config = eipconfig.EIPConfig()
        provider_config = ProviderConfig.get_provider_config(domain)

        api_version = provider_config.get_api_version()
        eip_config.set_api_version(api_version)
        eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))

        launcher = get_vpn_launcher()
        ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
        if not os.path.isfile(ovpn_path):
            logger.error("Cannot start OpenVPN, binary not found: %s" %
                         (ovpn_path, ))
            return False

        # check for other problems
        if not eip_loaded or provider_config is None:
            logger.error("Cannot load provider and eip config, cannot "
                         "autostart")
            return False

        client_cert_path = eip_config.\
            get_client_cert_path(provider_config, about_to_download=True)

        if leap_certs.should_redownload(client_cert_path):
            logger.error("The client should redownload the certificate,"
                         " cannot autostart")
            return False

        if not os.path.isfile(client_cert_path):
            logger.error("Can't find the certificate, cannot autostart")
            return False

        return True
    def _download_config_and_cert(self):
        """
        Downloads the SMTP config and cert for the given provider.
        """
        leap_assert(self._provider_config,
                    "We need a provider configuration!")

        logger.debug("Downloading SMTP config for %s" %
                     (self._provider_config.get_domain(),))

        download_service_config(
            self._provider_config,
            self._smtp_config,
            self._session,
            self._download_if_needed)

        hosts = self._smtp_config.get_hosts()

        if len(hosts) == 0:
            raise NoSMTPHosts()

        # TODO handle more than one host and define how to choose
        hostname = hosts.keys()[0]
        logger.debug("Using hostname %s for SMTP" % (hostname,))

        client_cert_path = self._smtp_config.get_client_cert_path(
            self._provider_config, about_to_download=True)

        if not is_file(client_cert_path):
            # For re-download if something is wrong with the cert
            self._download_if_needed = (
                self._download_if_needed and
                not leap_certs.should_redownload(client_cert_path))

            if self._download_if_needed and os.path.isfile(client_cert_path):
                check_and_fix_urw_only(client_cert_path)
                return

            download_client_cert(self._provider_config,
                                 client_cert_path,
                                 self._session)
Exemple #12
0
    def _download_config_and_cert(self):
        """
        Downloads the SMTP config and cert for the given provider.
        """
        leap_assert(self._provider_config, "We need a provider configuration!")

        logger.debug("Downloading SMTP config for %s" %
                     (self._provider_config.get_domain(), ))

        download_service_config(self._provider_config, self._smtp_config,
                                self._session, self._download_if_needed)

        hosts = self._smtp_config.get_hosts()

        if len(hosts) == 0:
            raise NoSMTPHosts()

        # TODO handle more than one host and define how to choose
        hostname = hosts.keys()[0]
        logger.debug("Using hostname %s for SMTP" % (hostname, ))

        client_cert_path = self._smtp_config.get_client_cert_path(
            self._provider_config, about_to_download=True)

        if not is_file(client_cert_path):
            # For re-download if something is wrong with the cert
            self._download_if_needed = (
                self._download_if_needed
                and not leap_certs.should_redownload(client_cert_path))

            if self._download_if_needed and os.path.isfile(client_cert_path):
                check_and_fix_urw_only(client_cert_path)
                return

            download_client_cert(self._provider_config, client_cert_path,
                                 self._session)
Exemple #13
0
 def test_not_should_redownload(self):
     self.assertFalse(certs.should_redownload(TEST_CERT_PEM))
 def _should_redownload(self):
     return leap_certs.should_redownload(self._smtp_client_cert_path())
Exemple #15
0
 def test_should_redownload_if_no_cert(self):
     self.assertTrue(certs.should_redownload(certfile=""))
Exemple #16
0
 def test_not_should_redownload(self):
     self.assertFalse(certs.should_redownload(TEST_CERT_PEM))
Exemple #17
0
 def test_should_redownload_if_after(self):
     new_now = lambda: time.struct_time(CERT_NOT_AFTER)
     self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
Exemple #18
0
 def test_should_redownload_if_before(self):
     new_now = lambda: time.struct_time(CERT_NOT_BEFORE)
     self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
Exemple #19
0
    def test_should_redownload_if_before(self):
        def new_now():
            time.struct_time(CERT_NOT_BEFORE)

        self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
Exemple #20
0
 def test_should_redownload_if_no_cert(self):
     self.assertTrue(certs.should_redownload(certfile=""))
 def _should_redownload(self):
     return leap_certs.should_redownload(self._smtp_client_cert_path())
Exemple #22
0
    def test_should_redownload_if_after(self):
        def new_now():
            time.struct_time(CERT_NOT_AFTER)

        self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))