def register( server_name, username, password, leap_home, provider_cert, provider_cert_fingerprint): try: validate_username(username) except ValueError: print('Only lowercase letters, digits, . - and _ allowed.') if not password: password = getpass.getpass('Please enter password for %s: ' % username) LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home) provider = LeapProvider(server_name, config) LeapCertificate(provider).setup_ca_bundle() srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert) if srp_auth.register(username, password): LeapSessionFactory(provider).create(username, password) else: logger.error("Register failed")
def test_set_cert_and_fingerprint_sets_fingerprint(self): LeapCertificate.set_cert_and_fingerprint(None, 'fingerprint') certs = LeapCertificate(self.provider) self.assertEqual('fingerprint', LeapCertificate.LEAP_FINGERPRINT) self.assertFalse(certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_cert(self): LeapCertificate.set_cert_and_fingerprint('some cert', None) certs = LeapCertificate(self.provider) self.assertIsNone(certs.LEAP_FINGERPRINT) self.assertEqual('some cert', certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_fingerprint(self): LeapCertificate.set_cert_and_fingerprint(None, "fingerprint") certs = LeapCertificate(self.provider) self.assertEqual("fingerprint", LeapCertificate.LEAP_FINGERPRINT) self.assertFalse(certs.provider_web_cert)
def test_set_cert_and_fingerprint_when_none_are_passed(self): LeapCertificate.set_cert_and_fingerprint(None, None) certs = LeapCertificate(self.provider) self.assertIsNone(certs.LEAP_FINGERPRINT) self.assertEqual(True, certs.provider_web_cert)
def test_set_cert_and_fingerprint_sets_cert(self): LeapCertificate.set_cert_and_fingerprint("some cert", None) certs = LeapCertificate(self.provider) self.assertIsNone(certs.LEAP_FINGERPRINT) self.assertEqual("some cert", certs.provider_web_cert)
def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint, credentials_file, organization_mode, leap_home, initial_sync=True): init_monkeypatches() events_server.ensure_server() register(events.KEYMANAGER_FINISHED_KEY_GENERATION, set_fresh_account) provider, username, password = credentials.read(organization_mode, credentials_file) LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home, start_background_jobs=True) provider = LeapProvider(provider, config) LeapCertificate(provider).setup_ca_bundle() leap_session = LeapSessionFactory(provider).create(username, password) if initial_sync: leap_session = yield leap_session.initial_sync() global fresh_account if fresh_account: add_welcome_mail(leap_session.mail_store) defer.returnValue(leap_session)
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home): LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_fingerprint) leap_config.set_leap_home(leap_home) provider = LeapProvider(provider_hostname) provider.setup_ca() provider.download_settings() return provider
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home): LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_fingerprint) config = LeapConfig(leap_home=leap_home, start_background_jobs=True) provider = LeapProvider(provider_hostname, config) provider.download_certificate() LeapCertificate(provider).setup_ca_bundle() return config, provider
def _set_provider(provider_cert, provider_cert_fingerprint, server_name, leap_home=None): if leap_home: leap_config.set_leap_home(leap_home) LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint) provider = LeapProvider(server_name) provider.setup_ca() provider.download_settings() return provider
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home): LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_fingerprint) leap_config.set_leap_home(leap_home) provider = LeapProvider(provider_hostname) provider.download_certificate() LeapCertificate(provider).setup_ca_bundle() provider.download_soledad_json() return provider
def test_that_leap_fingerprint_is_validated(self): session = MagicMock(wraps=requests.session()) session_func = MagicMock(return_value=session) LeapCertificate.set_cert_and_fingerprint(None, 'some fingerprint') with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func): with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock): provider = LeapProvider('some-provider.test', self.config) provider.fetch_valid_certificate() session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15) session.mount.assert_called_with('https://', ANY)
def _create_new_session(self, username, password, auth): account_email = self._provider.address_for(username) self._create_database_dir(auth.uuid) api_cert = LeapCertificate(self._provider).provider_api_cert soledad = yield self.setup_soledad(auth.token, auth.uuid, password, api_cert) mail_store = LeapMailStore(soledad) keymanager = yield self.setup_keymanager(self._provider, soledad, account_email, auth.token, auth.uuid) smtp_client_cert = self._download_smtp_cert(auth) smtp_host, smtp_port = self._provider.smtp_info() smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port) leap_session = LeapSession(self._provider, auth, mail_store, soledad, keymanager, smtp_config) defer.returnValue(leap_session)
def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint, credentials_file, organization_mode, leap_home): init_monkeypatches() events_server.ensure_server(random.randrange(8000, 11999)) provider, username, password = credentials.read(organization_mode, credentials_file) LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home, start_background_jobs=True) provider = LeapProvider(provider, config) LeapCertificate(provider).setup_ca_bundle() leap_session = LeapSessionFactory(provider).create(username, password) return leap_session
def _create_new_session(self, username, password, auth=None): self._create_dir(self._provider.config.leap_home) self._provider.download_certificate() auth = auth or self._auth_leap(username, password) account_email = self._provider.address_for(username) self._create_database_dir(auth.uuid) soledad = SoledadFactory.create(auth.token, auth.uuid, password, self._secrets_path(auth.uuid), self._local_db_path(auth.uuid), self._provider.discover_soledad_server(auth.uuid), LeapCertificate(self._provider).provider_api_cert) mail_store = LeapMailStore(soledad) nicknym = self._create_nicknym(account_email, auth.token, auth.uuid, soledad) smtp_client_cert = self._download_smtp_cert(auth) smtp_host, smtp_port = self._provider.smtp_info() smtp_config = LeapSMTPConfig(account_email, smtp_client_cert, smtp_host, smtp_port) return LeapSession(self._provider, auth, mail_store, soledad, nicknym, smtp_config)
def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint, credentials_file, organization_mode, leap_home): init_monkeypatches() events_server.ensure_server() provider, username, password = credentials.read(organization_mode, credentials_file) LeapCertificate.set_cert_and_fingerprint(leap_provider_cert, leap_provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home, start_background_jobs=True) provider = LeapProvider(provider, config) LeapCertificate(provider).setup_ca_bundle() leap_session = LeapSessionFactory(provider).create(username, password) yield leap_session.initial_sync() defer.returnValue(leap_session)
def register(server_name, username, password, leap_home, provider_cert, provider_cert_fingerprint): try: validate_username(username) except ValueError: print('Only lowercase letters, digits, . - and _ allowed.') if not password: password = getpass.getpass('Please enter password for %s: ' % username) LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home) provider = LeapProvider(server_name, config) LeapCertificate(provider).setup_ca_bundle() srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert) if srp_auth.register(username, password): LeapSessionFactory(provider).create(username, password) else: logger.error("Register failed")
def download(self): cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) cookies = {"_session_id": self._auth.session_id} headers = {} headers["Authorization"] = 'Token token="{0}"'.format(self._auth.token) response = requests.get(cert_url, verify=LeapCertificate( self._provider).provider_api_cert, cookies=cookies, timeout=self._provider.config.timeout_in_s, headers=headers) response.raise_for_status() client_cert = response.content return client_cert
def download(self): cert_url = '%s/%s/smtp_cert' % (self._provider.api_uri, self._provider.api_version) headers = {} headers["Authorization"] = 'Token token="{0}"'.format(self._auth.token) params = {'address': self._auth.username} response = requests.post(cert_url, params=params, data=params, verify=LeapCertificate( self._provider).provider_api_cert, timeout=self._provider.config.timeout_in_s, headers=headers) response.raise_for_status() client_cert = response.content return client_cert
def _init_soledad(self, encryption_passphrase): try: server_url = self._discover_soledad_server() self._create_database_dir() secrets = self._secrets_path() local_db = self._local_db_path() return Soledad(self.user_uuid, passphrase=unicode(encryption_passphrase), secrets_path=secrets, local_db_path=local_db, server_url=server_url, cert_file=LeapCertificate(self.provider).provider_api_cert, shared_db=None, auth_token=self.user_token, defer_encryption=False) except (WrongMacError, UnknownMacMethodError), e: raise SoledadWrongPassphraseException(e)
def test_that_soledad_is_created_with_required_params(self, soledad_mock): soledad_mock.return_value = None # when SoledadSession(self.provider, 'any-passphrase', self.auth.token, self.auth.uuid) # then soledad_mock.assert_called_with( self.auth.uuid, passphrase=u'any-passphrase', secrets_path='%s/soledad/%s.secret' % (self.leap_home, self.auth.uuid), local_db_path='%s/soledad/%s.db' % (self.leap_home, self.auth.uuid), server_url='https://couch1.some-server.test:1234/user-%s' % self.auth.uuid, cert_file=LeapCertificate(self.provider).provider_api_cert, shared_db=None, auth_token=self.auth.token, defer_encryption=False)
def _download_client_certificates(self): cert_path = self._client_cert_path() if not os.path.exists(os.path.dirname(cert_path)): os.makedirs(os.path.dirname(cert_path)) cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) cookies = {"_session_id": self.session_id} headers = {} headers["Authorization"] = 'Token token="{0}"'.format(self.user_token) response = requests.get( cert_url, verify=LeapCertificate(self._provider).provider_api_cert, cookies=cookies, timeout=self._provider.config.timeout_in_s, headers=headers) response.raise_for_status() client_cert = response.content with open(cert_path, 'w') as f: f.write(client_cert)
leap_home, provider_cert, provider_cert_fingerprint): if not password: password = getpass.getpass('Please enter password for %s: ' % username) try: validate_username(username) validate_password(password) except ValueError, e: print(e.message) sys.exit(1) events_server.ensure_server() LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home) provider = LeapProvider(server_name, config) LeapCertificate(provider).setup_ca_bundle() srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert) if srp_auth.register(username, password): LeapSessionFactory(provider).create(username, password) else: logger.error("Register failed") def validate_username(username): accepted_characters = '^[a-z0-9\-\_\.]*$' if (not re.match(accepted_characters, username)): raise ValueError('Only lowercase letters, digits, . - and _ allowed.')
def register(server_name, username, password, leap_home, provider_cert, provider_cert_fingerprint): if not password: password = getpass.getpass('Please enter password for %s: ' % username) try: validate_username(username) validate_password(password) except ValueError, e: print(e.message) sys.exit(1) events_server.ensure_server() LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint) config = LeapConfig(leap_home=leap_home) provider = LeapProvider(server_name, config) LeapCertificate(provider).setup_ca_bundle() srp_auth = SRPAuth(provider.api_uri, LeapCertificate(provider).provider_api_cert) if srp_auth.register(username, password): LeapSessionFactory(provider).create(username, password) else: logger.error("Register failed") def validate_username(username): accepted_characters = '^[a-z0-9\-\_\.]*$' if (not re.match(accepted_characters, username)):
def setUp(self): self.config = LeapConfig(leap_home='/tmp/foobar') LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
def test_provider_api_cert(self): certs = LeapCertificate(self.provider).provider_api_cert self.assertEqual( '/some/leap/home/providers/test.leap.net/keys/client/api.pem', certs)
def setUp(self): leap_config.leap_home = '/tmp/foobar' LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)
def setUp(self): leap_config.set_leap_home('/tmp/foobar') LeapCertificate.set_cert_and_fingerprint(PROVIDER_WEB_CERT, None)