def _background(meta, oauth, dialog, builder, lets_connect): try: cert, key = create_keypair(oauth, meta.api_base_uri) meta.cert = cert meta.key = key meta.config = get_profile_config(oauth, meta.api_base_uri, meta.profile_id) ovpn_text = format_like_ovpn(meta.config, meta.cert, meta.key) config_dict = parse_ovpn(ovpn_text) if meta.two_factor: GLib.idle_add(lambda: two_auth_step(builder, oauth, meta, config_dict=config_dict, lets_connect=lets_connect)) else: GLib.idle_add(lambda: finalizing_step(meta=meta, builder=builder, config_dict=config_dict, lets_connect=lets_connect)) GLib.idle_add(lambda: dialog.hide()) except Exception as e: error = e GLib.idle_add(lambda: error_helper( dialog, "can't finalize configuration", "{}: {}".format( type(error).__name__, str(error)))) GLib.idle_add(lambda: dialog.hide()) raise
def refresh(): """ Refreshes an active configuration. The token is refreshed if expired, and a new token is obtained if the token is invalid. """ uuid, auth_url, metadata = get_storage(check=True) token, token_endpoint, auth_endpoint, api_url, display_name, support_contact, profile_id, con_type, country_id, _, _ = metadata oauth = OAuth2Session(client_id=CLIENT_ID, token=token, auto_refresh_url=token_endpoint) try: token = oauth.refresh_token(token_url=token_endpoint) except InvalidGrantError as e: _logger.warning(f"token invalid: {e}") oauth = oauth2.run_challenge(token_endpoint, auth_endpoint) api_base_uri, token_endpoint, auth_endpoint = get_info(auth_url) client = get_client() try: cert, key = get_cert_key(client, uuid) except IOError: # probably the NM connection was deleted cert = None if not cert or not check_certificate(oauth, api_base_uri, cert): key, cert = create_keypair(oauth, api_base_uri) config = get_config(oauth, api_base_uri, profile_id) save_connection_with_mainloop(config, key, cert) update_token(token)
def _background(meta, oauth, dialog, builder): try: cert, key = create_keypair(oauth, meta.api_base_uri) meta.cert = cert meta.key = key meta.config = get_profile_config(oauth, meta.api_base_uri, meta.profile_id) except Exception as e: GLib.idle_add( lambda: error_helper(dialog, "can't finalize configuration", "{}: {}".format(type(e).__name__, str(e)))) GLib.idle_add(lambda: dialog.hide()) raise else: try: uuid = store_provider(meta) monitor_vpn( uuid=uuid, callback=lambda *args, **kwargs: vpn_change(builder=builder)) GLib.idle_add( lambda: notify("eduVPN provider added", "added provider '{}'". format(meta.display_name))) except Exception as e: GLib.idle_add( lambda: error_helper(dialog, "can't store configuration", "{} {}".format(type(e).__name__, str(e)))) GLib.idle_add(lambda: dialog.hide()) raise else: GLib.idle_add(lambda: dialog.hide()) GLib.idle_add(lambda: update_providers(builder))
def activate_connection(meta, builder): """do the actual connecting action""" logger.info("Connecting to {}".format(meta.display_name)) notify("eduVPN connecting...", "Connecting to '{}'".format(meta.display_name)) try: if not meta.token: logger.error("metadata for {} doesn't contain oauth2 token".format(meta.uuid)) else: oauth = oauth_from_token(meta=meta) config = get_profile_config(oauth, meta.api_base_uri, meta.profile_id) meta.config = config update_config_provider(meta) if datetime.now() > datetime.fromtimestamp(meta.token['expires_at']): logger.info("key pair is expired") cert, key = create_keypair(oauth, meta.api_base_uri) update_keys_provider(meta.uuid, cert, key) connect_provider(meta.uuid) except Exception as e: switch = builder.get_object('connect-switch') GLib.idle_add(switch.set_active, False) window = builder.get_object('eduvpn-window') error_helper(window, "can't enable connection", "{}: {}".format(type(e).__name__, str(e))) raise
def _cert_check(meta, oauth, builder, info): common_name = common_name_from_cert(meta.cert.encode('ascii')) cert_valid = check_certificate(oauth, meta.api_base_uri, common_name) if not cert_valid['is_valid']: logger.warning('client certificate not valid, reason: {}'.format( cert_valid['reason'])) if cert_valid['reason'] in ('certificate_missing', 'certificate_not_yet_valid', 'certificate_expired'): logger.info('Going to try to fetch new keypair') cert, key = create_keypair(oauth, meta.api_base_uri) update_keys_provider(meta.uuid, cert, key) elif cert_valid['reason'] == 'user_disabled': raise EduvpnException('Your account has been disabled.') else: raise EduvpnException( 'Your client certificate is invalid ({})'.format( cert_valid['reason'])) _fetch_updated_config(oauth, meta, builder, info)
def get_config_and_keycert(oauth: OAuth2Session, api_url: str, profile_id: str) -> Tuple[str, str, str]: config = get_config(oauth, api_url, profile_id) private_key, certificate = create_keypair(oauth, api_url) return config, private_key, certificate
def main(): logging.basicConfig(level=logging.INFO) search_term = parse_args() verifier = make_verifier(Ed25519_PUBLIC_KEY) if isinstance(search_term, str) and search_term.lower().startswith('https://'): base_url = search_term info_url = base_url else: servers = list_servers(SERVER_URI, verifier=verifier) secure_internet = [ s for s in servers if s['server_type'] == 'secure_internet' ] institute_access = [ s for s in servers if s['server_type'] == 'institute_access' ] orgs = list_orgs(ORGANISATION_URI, verifier=verifier) choice = menu(institutes=institute_access, orgs=orgs, search_term=search_term) if not choice: exit(1) type_, base_url = choice if type_ == 'secure_internet_home': secure_internets = [ s for s in secure_internet if s['base_url'] == base_url ] info_url = secure_internet_choice(secure_internets) else: info_url = base_url exists = get_entry(base_url) if exists: token, api_base_uri, token_endpoint, authorization_endpoint = exists oauth = OAuth2Session(client_id=CLIENT_ID, token=token, auto_refresh_url=token_endpoint) else: api_base_uri, token_endpoint, auth_endpoint = get_info( info_url, verifier) oauth = get_oauth(token_endpoint, auth_endpoint) set_entry(base_url, oauth.token, api_base_uri, token_endpoint, auth_endpoint) oauth.refresh_token(token_url=token_endpoint) profiles = list_profiles(oauth, api_base_uri) profile_id = profile_choice(profiles) config = get_config(oauth, api_base_uri, profile_id) private_key, certificate = create_keypair(oauth, api_base_uri) if write_to_nm_choice(): save_connection(config, private_key, certificate) else: target = Path('eduVPN.ovpn').resolve() print(f"Writing configuration to {target}") write_config(config, private_key, certificate, target)
def test_create_keypair(self): create_keypair(oauth=self.oauth, api_base_uri='test')