def test_fetch_uses_combined_ca_bundle_otherwise(self):
with tempfile.NamedTemporaryFile() as tmp_input, \
tempfile.NamedTemporaryFile(delete=False) as tmp_output:
ca_content = pkg_resources.resource_string('leap.common.testing',
'cacert.pem')
ca_cert_path = tmp_input.name
self._dump_to_file(ca_cert_path, ca_content)
pth = 'leap.bitmask.keymanager.tempfile.NamedTemporaryFile'
with mock.patch(pth) as mocked:
mocked.return_value = tmp_output
km = self._key_manager(ca_cert_path=ca_cert_path)
get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)
yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL)
# assert that combined bundle file is passed to get call
get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
# assert that files got appended
expected = self._slurp_file(ca_bundle.where()) + ca_content
self.assertEqual(expected, self._slurp_file(tmp_output.name))
del km # force km out of scope
self.assertFalse(path.exists(tmp_output.name))
def test_fetch_key_use_default_ca_bundle_if_set_as_ca_cert_path(self):
ca_cert_path = ca_bundle.where()
km = self._key_manager(ca_cert_path=ca_cert_path)
get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)
yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL)
get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
def test_fetch_key_use_default_ca_bundle_if_set_as_ca_cert_path(self):
ca_cert_path = ca_bundle.where()
km = self._key_manager(ca_cert_path=ca_cert_path)
get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)
yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL, OpenPGPKey)
get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
def __del__(self):
try:
created_tmp_combined_ca_bundle = self._combined_ca_bundle not in \
[ca_bundle.where(), self._ca_cert_path]
if created_tmp_combined_ca_bundle:
os.remove(self._combined_ca_bundle)
except OSError:
pass
def __del__(self):
try:
created_tmp_combined_ca_bundle = self._combined_ca_bundle not in \
[ca_bundle.where(), self._ca_cert_path]
if created_tmp_combined_ca_bundle:
os.remove(self._combined_ca_bundle)
except OSError:
pass
def auto_detect_ca_bundle(self):
if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
local_cert = self._local_server_cert()
if local_cert:
return local_cert
else:
return ca_bundle.where()
else:
return self._config.ca_cert_bundle
def auto_detect_ca_bundle(self):
if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE:
local_cert = self._local_server_cert()
if local_cert:
return local_cert
else:
return ca_bundle.where()
else:
return self._config.ca_cert_bundle
def verify(self):
"""
Verify parameter for requests.
:returns: either False, if checks are skipped, or the
path to the ca bundle.
:rtype: bool or str
"""
if self._bypass_checks:
verify = False
else:
verify = ca_bundle.where()
return verify
def getCertifiTrustRoot():
try:
import certifi
bundle = certifi.where()
except ImportError:
log.warn("certifi was not found. Using leap.common bundle")
bundle = ca_bundle.where()
if bundle is None:
log.error("Cannot find an usable cacert bundle. "
"Certificate verification will fail")
return None
cacerts = certsFromBundle(bundle)
return trustRootFromCertificates(cacerts)
def getCertifiTrustRoot():
try:
import certifi
bundle = certifi.where()
except ImportError:
log.warn("certifi was not found. Using leap.common bundle")
bundle = ca_bundle.where()
if bundle is None:
log.error("Cannot find an usable cacert bundle. "
"Certificate verification will fail")
return None
cacerts = certsFromBundle(bundle)
return trustRootFromCertificates(cacerts)
def create_combined_bundle_file(self):
leap_ca_bundle = ca_bundle.where()
if self.provider_api_cert == leap_ca_bundle:
return self.provider_api_cert
elif not self.provider_api_cert:
return leap_ca_bundle
with open(self.combined_cerfificates_path, 'w') as fout:
fin = fileinput.input(files=(leap_ca_bundle,
self.provider_api_cert))
for line in fin:
fout.write(line)
fin.close()
def _create_combined_bundle_file(self):
leap_ca_bundle = ca_bundle.where()
if self._ca_cert_path == leap_ca_bundle:
return self._ca_cert_path # don't merge file with itself
elif not self._ca_cert_path:
return leap_ca_bundle
tmp_file = tempfile.NamedTemporaryFile(delete=False)
with open(tmp_file.name, 'w') as fout:
fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path))
for line in fin:
fout.write(line)
fin.close()
return tmp_file.name
def _create_combined_bundle_file(self):
leap_ca_bundle = ca_bundle.where()
if self._ca_cert_path == leap_ca_bundle:
return self._ca_cert_path # don't merge file with itself
elif not self._ca_cert_path:
return leap_ca_bundle
tmp_file = tempfile.NamedTemporaryFile(delete=False)
with open(tmp_file.name, 'w') as fout:
fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path))
for line in fin:
fout.write(line)
fin.close()
return tmp_file.name
def verify(self):
"""
Verify parameter for requests.
:returns: either False, if checks are skipped, or the
path to the ca bundle.
:rtype: bool or str
"""
if self._bypass_checks:
return False
cert = flags.CA_CERT_FILE
if cert is not None:
verify = cert
else:
verify = ca_bundle.where()
return verify
def verify(self):
"""
Verify parameter for requests.
:returns: either False, if checks are skipped, or the
path to the ca bundle.
:rtype: bool or str
"""
if self._bypass_checks:
return False
cert = flags.CA_CERT_FILE
if cert is not None:
verify = cert
else:
verify = ca_bundle.where()
return verify
def test_fetch_uses_combined_ca_bundle_otherwise(self):
with tempfile.NamedTemporaryFile() as tmp_input, \
tempfile.NamedTemporaryFile(delete=False) as tmp_output:
ca_content = pkg_resources.resource_string('leap.common.testing',
'cacert.pem')
ca_cert_path = tmp_input.name
self._dump_to_file(ca_cert_path, ca_content)
with patch('leap.keymanager.tempfile.NamedTemporaryFile') as mock:
mock.return_value = tmp_output
km = self._key_manager(ca_cert_path=ca_cert_path)
get_mock = self._mock_get_response(km, PUBLIC_KEY_OTHER)
yield km.fetch_key(ADDRESS_OTHER, REMOTE_KEY_URL, OpenPGPKey)
# assert that combined bundle file is passed to get call
get_mock.assert_called_once_with(REMOTE_KEY_URL, 'GET')
# assert that files got appended
expected = self._slurp_file(ca_bundle.where()) + ca_content
self.assertEqual(expected, self._slurp_file(tmp_output.name))
del km # force km out of scope
self.assertFalse(path.exists(tmp_output.name))