def test_should_redownload_if_invalid_pem(self):
cert_path = self.get_tempfile('test_pem_file.pem')
with open(cert_path, 'w') as f:
f.write('this is some invalid data for the pem file')
self.assertTrue(certs.should_redownload(cert_path))
def _download_client_certificates(self, *args):
"""
Downloads the EIP client certificate for the given provider
"""
leap_assert(self._provider_config, "We need a provider configuration!")
leap_assert(self._eip_config, "We need an eip configuration!")
logger.debug("Downloading EIP client certificate for %s" %
(self._provider_config.get_domain(),))
client_cert_path = self._eip_config.\
get_client_cert_path(self._provider_config,
about_to_download=True)
# For re-download if something is wrong with the cert
self._download_if_needed = self._download_if_needed and \
not leap_certs.should_redownload(client_cert_path)
if self._download_if_needed and \
os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
download_client_cert(
self._provider_config,
client_cert_path,
self._session)
def test_should_redownload_if_invalid_pem(self):
cert_path = self.get_tempfile('test_pem_file.pem')
with open(cert_path, 'w') as f:
f.write('this is some invalid data for the pem file')
self.assertTrue(certs.should_redownload(cert_path))
def _download_client_certificates(self, *args):
"""
Downloads the EIP client certificate for the given provider
"""
leap_assert(self._provider_config, "We need a provider configuration!")
leap_assert(self._eip_config, "We need an eip configuration!")
logger.debug("Downloading EIP client certificate for %s" %
(self._provider_config.get_domain(), ))
client_cert_path = self._eip_config.\
get_client_cert_path(self._provider_config,
about_to_download=True)
# For re-download if something is wrong with the cert
self._download_if_needed = self._download_if_needed and \
not leap_certs.should_redownload(client_cert_path)
if self._download_if_needed and \
os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
download_client_cert(self._provider_config, client_cert_path,
self._session)
def _download_client_certificates(self, *args):
"""
Downloads the SMTP client certificate for the given provider
We actually are downloading the certificate for the same uri as
for the EIP config, but we duplicate these bits to allow mail
service to be working in a provider that does not offer EIP.
"""
# TODO factor out with eipboostrapper.download_client_certificates
# TODO this shouldn't be a private method, it's called from
# mainwindow.
leap_assert(self._provider_config, "We need a provider configuration!")
leap_assert(self._smtp_config, "We need an smtp configuration!")
logger.debug("Downloading SMTP client certificate for %s" %
(self._provider_config.get_domain(),))
client_cert_path = self._smtp_config.\
get_client_cert_path(self._provider_config,
about_to_download=True)
# For re-download if something is wrong with the cert
self._download_if_needed = self._download_if_needed and \
not leap_certs.should_redownload(client_cert_path)
if self._download_if_needed and \
os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
download_client_cert(self._provider_config,
client_cert_path,
self._session)
def _download_config_and_cert(self):
"""
Downloads the SMTP config and cert for the given provider.
"""
leap_assert(self._provider_config,
"We need a provider configuration!")
logger.debug("Downloading SMTP config for %s" %
(self._provider_config.get_domain(),))
download_service_config(
self._provider_config,
self._smtp_config,
self._session,
self._download_if_needed)
hosts = self._smtp_config.get_hosts()
if len(hosts) == 0:
raise NoSMTPHosts()
# TODO handle more than one host and define how to choose
hostname = hosts.keys()[0]
logger.debug("Using hostname %s for SMTP" % (hostname,))
client_cert_path = self._smtp_config.get_client_cert_path(
self._userid, self._provider_config, about_to_download=True)
needs_download = leap_certs.should_redownload(client_cert_path)
if needs_download:
# For re-download if something is wrong with the cert
# FIXME this doesn't read well. should reword the logic here.
self._download_if_needed = (
self._download_if_needed and not needs_download)
if self._download_if_needed and os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
try:
download_client_cert(self._provider_config,
client_cert_path,
self._session, kind="smtp")
except HTTPError as exc:
if exc.message.startswith('403 Client Error'):
logger.debug(
'Auth problem downloading smtp certificate... '
'It might be a provider problem, will try '
'fetching from vpn pool')
warnings.warn(
'Compatibility hack for platform 0.7 not fully '
'supporting smtp certificates. Will be deprecated in '
'bitmask 0.10')
download_client_cert(self._provider_config,
client_cert_path,
self._session, kind="vpn")
else:
raise
def _download_config_and_cert(self):
"""
Downloads the SMTP config and cert for the given provider.
"""
leap_assert(self._provider_config, "We need a provider configuration!")
logger.debug("Downloading SMTP config for %s" %
(self._provider_config.get_domain(), ))
download_service_config(self._provider_config, self._smtp_config,
self._session, self._download_if_needed)
hosts = self._smtp_config.get_hosts()
if len(hosts) == 0:
raise NoSMTPHosts()
# TODO handle more than one host and define how to choose
hostname = hosts.keys()[0]
logger.debug("Using hostname %s for SMTP" % (hostname, ))
client_cert_path = self._smtp_config.get_client_cert_path(
self._userid, self._provider_config, about_to_download=True)
needs_download = leap_certs.should_redownload(client_cert_path)
if needs_download:
# For re-download if something is wrong with the cert
# FIXME this doesn't read well. should reword the logic here.
self._download_if_needed = (self._download_if_needed
and not needs_download)
if self._download_if_needed and os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
try:
download_client_cert(self._provider_config,
client_cert_path,
self._session,
kind="smtp")
except HTTPError as exc:
if exc.message.startswith('403 Client Error'):
logger.debug(
'Auth problem downloading smtp certificate... '
'It might be a provider problem, will try '
'fetching from vpn pool')
warnings.warn(
'Compatibility hack for platform 0.7 not fully '
'supporting smtp certificates. Will be deprecated in '
'bitmask 0.10')
download_client_cert(self._provider_config,
client_cert_path,
self._session,
kind="vpn")
else:
raise
def _download_client_certificates(self, *args):
"""
Downloads the EIP client certificate for the given provider
"""
leap_assert(self._provider_config, "We need a provider configuration!")
leap_assert(self._eip_config, "We need an eip configuration!")
logger.debug("Downloading EIP client certificate for %s" %
(self._provider_config.get_domain(),))
client_cert_path = self._eip_config.\
get_client_cert_path(self._provider_config,
about_to_download=True)
# For re-download if something is wrong with the cert
self._download_if_needed = self._download_if_needed and \
not certs.should_redownload(client_cert_path)
if self._download_if_needed and \
os.path.exists(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
srp_auth = SRPAuth(self._provider_config)
session_id = srp_auth.get_session_id()
cookies = None
if session_id:
cookies = {"_session_id": session_id}
cert_uri = "%s/%s/cert" % (
self._provider_config.get_api_uri(),
self._provider_config.get_api_version())
logger.debug('getting cert from uri: %s' % cert_uri)
res = self._session.get(cert_uri,
verify=self._provider_config
.get_ca_cert_path(),
cookies=cookies,
timeout=REQUEST_TIMEOUT)
res.raise_for_status()
client_cert = res.content
if not certs.is_valid_pemfile(client_cert):
raise Exception(self.tr("The downloaded certificate is not a "
"valid PEM file"))
mkdir_p(os.path.dirname(client_cert_path))
with open(client_cert_path, "w") as f:
f.write(client_cert)
check_and_fix_urw_only(client_cert_path)
def _can_start(self, domain):
"""
Returns True if it has everything that is needed to run EIP,
False otherwise
:param domain: the domain for the provider to check
:type domain: str
"""
if IS_LINUX and not LinuxPolicyChecker.is_up():
logger.error("No polkit agent running.")
return False
provider_config = ProviderConfig.get_provider_config(domain)
if EIP_SERVICE not in provider_config.get_services():
return False
eip_config = eipconfig.EIPConfig()
api_version = provider_config.get_api_version()
eip_config.set_api_version(api_version)
eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))
launcher = get_vpn_launcher()
ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
if not os.path.isfile(ovpn_path):
logger.error("Cannot start OpenVPN, binary not found: %s" %
(ovpn_path,))
return False
# check for other problems
if not eip_loaded or provider_config is None:
logger.error("Cannot load provider and eip config, cannot "
"autostart")
return False
client_cert_path = eip_config.\
get_client_cert_path(provider_config, about_to_download=True)
if leap_certs.should_redownload(client_cert_path):
logger.error("The client should redownload the certificate,"
" cannot autostart")
return False
if not os.path.isfile(client_cert_path):
logger.error("Can't find the certificate, cannot autostart")
return False
return True
def _can_start(self, domain):
"""
Returns True if it has everything that is needed to run EIP,
False otherwise
:param domain: the domain for the provider to check
:type domain: str
"""
if not LinuxPolicyChecker.is_up():
logger.error("No polkit agent running.")
return False
eip_config = eipconfig.EIPConfig()
provider_config = ProviderConfig.get_provider_config(domain)
api_version = provider_config.get_api_version()
eip_config.set_api_version(api_version)
eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))
launcher = get_vpn_launcher()
ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
if not os.path.isfile(ovpn_path):
logger.error("Cannot start OpenVPN, binary not found: %s" %
(ovpn_path, ))
return False
# check for other problems
if not eip_loaded or provider_config is None:
logger.error("Cannot load provider and eip config, cannot "
"autostart")
return False
client_cert_path = eip_config.\
get_client_cert_path(provider_config, about_to_download=True)
if leap_certs.should_redownload(client_cert_path):
logger.error("The client should redownload the certificate,"
" cannot autostart")
return False
if not os.path.isfile(client_cert_path):
logger.error("Can't find the certificate, cannot autostart")
return False
return True
def _download_config_and_cert(self):
"""
Downloads the SMTP config and cert for the given provider.
"""
leap_assert(self._provider_config,
"We need a provider configuration!")
logger.debug("Downloading SMTP config for %s" %
(self._provider_config.get_domain(),))
download_service_config(
self._provider_config,
self._smtp_config,
self._session,
self._download_if_needed)
hosts = self._smtp_config.get_hosts()
if len(hosts) == 0:
raise NoSMTPHosts()
# TODO handle more than one host and define how to choose
hostname = hosts.keys()[0]
logger.debug("Using hostname %s for SMTP" % (hostname,))
client_cert_path = self._smtp_config.get_client_cert_path(
self._provider_config, about_to_download=True)
if not is_file(client_cert_path):
# For re-download if something is wrong with the cert
self._download_if_needed = (
self._download_if_needed and
not leap_certs.should_redownload(client_cert_path))
if self._download_if_needed and os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
download_client_cert(self._provider_config,
client_cert_path,
self._session)
def _download_config_and_cert(self):
"""
Downloads the SMTP config and cert for the given provider.
"""
leap_assert(self._provider_config, "We need a provider configuration!")
logger.debug("Downloading SMTP config for %s" %
(self._provider_config.get_domain(), ))
download_service_config(self._provider_config, self._smtp_config,
self._session, self._download_if_needed)
hosts = self._smtp_config.get_hosts()
if len(hosts) == 0:
raise NoSMTPHosts()
# TODO handle more than one host and define how to choose
hostname = hosts.keys()[0]
logger.debug("Using hostname %s for SMTP" % (hostname, ))
client_cert_path = self._smtp_config.get_client_cert_path(
self._provider_config, about_to_download=True)
if not is_file(client_cert_path):
# For re-download if something is wrong with the cert
self._download_if_needed = (
self._download_if_needed
and not leap_certs.should_redownload(client_cert_path))
if self._download_if_needed and os.path.isfile(client_cert_path):
check_and_fix_urw_only(client_cert_path)
return
download_client_cert(self._provider_config, client_cert_path,
self._session)
def test_not_should_redownload(self):
self.assertFalse(certs.should_redownload(TEST_CERT_PEM))
def _should_redownload(self):
return leap_certs.should_redownload(self._smtp_client_cert_path())
def test_should_redownload_if_no_cert(self):
self.assertTrue(certs.should_redownload(certfile=""))
def test_not_should_redownload(self):
self.assertFalse(certs.should_redownload(TEST_CERT_PEM))
def test_should_redownload_if_after(self):
new_now = lambda: time.struct_time(CERT_NOT_AFTER)
self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
def test_should_redownload_if_before(self):
new_now = lambda: time.struct_time(CERT_NOT_BEFORE)
self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
def test_should_redownload_if_before(self):
def new_now():
time.struct_time(CERT_NOT_BEFORE)
self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))
def test_should_redownload_if_no_cert(self):
self.assertTrue(certs.should_redownload(certfile=""))
def _should_redownload(self):
return leap_certs.should_redownload(self._smtp_client_cert_path())
def test_should_redownload_if_after(self):
def new_now():
time.struct_time(CERT_NOT_AFTER)
self.assertTrue(certs.should_redownload(TEST_CERT_PEM, now=new_now))