def download_client_cert(provider_config, path, session): """ Downloads the client certificate for each service. :param provider_config: instance of a ProviderConfig :type provider_config: ProviderConfig :param path: the path to download the cert to. :type path: str :param session: a fetcher.session instance. For the moment we only support requests.sessions :type session: requests.sessions.Session """ # TODO we should implement the @with_srp_auth decorator # again. srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() token = srp_auth.get_token() cookies = None if session_id is not None: cookies = {"_session_id": session_id} cert_uri = "%s/%s/cert" % ( provider_config.get_api_uri(), provider_config.get_api_version()) logger.debug('getting cert from uri: %s' % cert_uri) headers = {} # API v2 will only support token auth, but in v1 we can send both if token is not None: headers["Authorization"] = 'Token token="{0}"'.format(token) res = session.get(cert_uri, verify=provider_config .get_ca_cert_path(), cookies=cookies, timeout=REQUEST_TIMEOUT, headers=headers) res.raise_for_status() client_cert = res.content if not leap_certs.is_valid_pemfile(client_cert): # XXX raise more specific exception. raise Exception("The downloaded certificate is not a " "valid PEM file") mkdir_p(os.path.dirname(path)) try: with open(path, "w") as f: f.write(client_cert) except IOError as exc: logger.error( "Error saving client cert: %r" % (exc,)) raise check_and_fix_urw_only(path)
def download_client_cert(provider_config, path, session): """ Downloads the client certificate for each service. :param provider_config: instance of a ProviderConfig :type provider_config: ProviderConfig :param path: the path to download the cert to. :type path: str :param session: a fetcher.session instance. For the moment we only support requests.sessions :type session: requests.sessions.Session """ # TODO we should implement the @with_srp_auth decorator # again. srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() token = srp_auth.get_token() cookies = None if session_id is not None: cookies = {"_session_id": session_id} cert_uri = "%s/%s/cert" % (provider_config.get_api_uri(), provider_config.get_api_version()) logger.debug('getting cert from uri: %s' % cert_uri) headers = {} # API v2 will only support token auth, but in v1 we can send both if token is not None: headers["Authorization"] = 'Token token="{0}"'.format(token) res = session.get(cert_uri, verify=provider_config.get_ca_cert_path(), cookies=cookies, timeout=REQUEST_TIMEOUT, headers=headers) res.raise_for_status() client_cert = res.content if not leap_certs.is_valid_pemfile(client_cert): # XXX raise more specific exception. raise Exception("The downloaded certificate is not a " "valid PEM file") mkdir_p(os.path.dirname(path)) try: with open(path, "w") as f: f.write(client_cert) except IOError as exc: logger.error("Error saving client cert: %r" % (exc, )) raise check_and_fix_urw_only(path)
def _download_client_certificates(self, *args): """ Downloads the EIP client certificate for the given provider """ leap_assert(self._provider_config, "We need a provider configuration!") leap_assert(self._eip_config, "We need an eip configuration!") logger.debug("Downloading EIP client certificate for %s" % (self._provider_config.get_domain(),)) client_cert_path = self._eip_config.\ get_client_cert_path(self._provider_config, about_to_download=True) # For re-download if something is wrong with the cert self._download_if_needed = self._download_if_needed and \ not certs.should_redownload(client_cert_path) if self._download_if_needed and \ os.path.exists(client_cert_path): check_and_fix_urw_only(client_cert_path) return srp_auth = SRPAuth(self._provider_config) session_id = srp_auth.get_session_id() cookies = None if session_id: cookies = {"_session_id": session_id} cert_uri = "%s/%s/cert" % ( self._provider_config.get_api_uri(), self._provider_config.get_api_version()) logger.debug('getting cert from uri: %s' % cert_uri) res = self._session.get(cert_uri, verify=self._provider_config .get_ca_cert_path(), cookies=cookies, timeout=REQUEST_TIMEOUT) res.raise_for_status() client_cert = res.content if not certs.is_valid_pemfile(client_cert): raise Exception(self.tr("The downloaded certificate is not a " "valid PEM file")) mkdir_p(os.path.dirname(client_cert_path)) with open(client_cert_path, "w") as f: f.write(client_cert) check_and_fix_urw_only(client_cert_path)
def download_client_cert(provider_config, path, session, kind="vpn"): """ Downloads the client certificate for each service. :param provider_config: instance of a ProviderConfig :type provider_config: ProviderConfig :param path: the path to download the cert to. :type path: str :param session: a fetcher.session instance. For the moment we only support requests.sessions :type session: requests.sessions.Session :param kind: the kind of certificate being requested. Valid values are "vpn" or "smtp". :type kind: string """ srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() token = srp_auth.get_token() cookies = None if session_id is not None: cookies = {"_session_id": session_id} if kind == "vpn": cert_uri_template = "%s/%s/cert" method = "get" params = {} elif kind == "smtp": cert_uri_template = "%s/%s/smtp_cert" method = "post" params = {"address": srp_auth.get_username()} else: raise ValueError("Incorrect value passed to kind parameter") cert_uri = cert_uri_template % (provider_config.get_api_uri(), provider_config.get_api_version()) logger.debug("getting %s cert from uri: %s" % (kind, cert_uri)) headers = {} # API v2 will only support token auth, but in v1 we can send both if token is not None: headers["Authorization"] = "Token token={0}".format(token) call = getattr(session, method) res = call( cert_uri, verify=provider_config.get_ca_cert_path(), cookies=cookies, params=params, timeout=REQUEST_TIMEOUT, headers=headers, data=params, ) res.raise_for_status() client_cert = res.content if not leap_certs.is_valid_pemfile(client_cert): # XXX raise more specific exception. raise Exception("The downloaded certificate is not a " "valid PEM file") mkdir_p(os.path.dirname(path)) try: with open(path, "w") as f: f.write(client_cert) except IOError as exc: logger.error("Error saving client cert: %r" % (exc,)) raise check_and_fix_urw_only(path)
def test_not_is_valid_pemfile(self): cert_data = 'this is some invalid data for the pem file' self.assertFalse(certs.is_valid_pemfile(cert_data))
def test_is_valid_pemfile(self): with open(TEST_CERT_PEM) as f: cert_data = f.read() self.assertTrue(certs.is_valid_pemfile(cert_data))
def download_client_cert(provider_config, path, session, kind="vpn"): """ Downloads the client certificate for each service. :param provider_config: instance of a ProviderConfig :type provider_config: ProviderConfig :param path: the path to download the cert to. :type path: str :param session: a fetcher.session instance. For the moment we only support requests.sessions :type session: requests.sessions.Session :param kind: the kind of certificate being requested. Valid values are "vpn" or "smtp". :type kind: string """ srp_auth = SRPAuth(provider_config) session_id = srp_auth.get_session_id() token = srp_auth.get_token() cookies = None if session_id is not None: cookies = {"_session_id": session_id} if kind == "vpn": cert_uri_template = "%s/%s/cert" method = 'get' params = {} elif kind == 'smtp': cert_uri_template = "%s/%s/smtp_cert" method = 'post' params = {'address': srp_auth.get_username()} else: raise ValueError("Incorrect value passed to kind parameter") cert_uri = cert_uri_template % ( provider_config.get_api_uri(), provider_config.get_api_version()) logger.debug('getting %s cert from uri: %s' % (kind, cert_uri)) headers = {} # API v2 will only support token auth, but in v1 we can send both if token is not None: headers["Authorization"] = 'Token token={0}'.format(token) call = getattr(session, method) res = call(cert_uri, verify=provider_config.get_ca_cert_path(), cookies=cookies, params=params, timeout=REQUEST_TIMEOUT, headers=headers, data=params) res.raise_for_status() client_cert = res.content if not leap_certs.is_valid_pemfile(client_cert): # XXX raise more specific exception. raise Exception("The downloaded certificate is not a " "valid PEM file") mkdir_p(os.path.dirname(path)) try: with open(path, "w") as f: f.write(client_cert) except IOError as exc: logger.error( "Error saving client cert: %r" % (exc,)) raise check_and_fix_urw_only(path)