def test_throw_exception_for_invalid_certificate(self):
expected_exception_message = 'Certificate fingerprints don\'t match! Expected [0123456789012345678901234567890123456789012345678901234567890123] but got [06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d]'
with HTTMock(provider_json_invalid_fingerprint_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
with self.assertRaises(Exception) as cm:
provider.fetch_valid_certificate()
self.assertEqual(expected_exception_message, cm.exception.message)
def test_that_provider_cert_is_used_to_fetch_soledad_json(self):
get_func = MagicMock(wraps=requests.get)
with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func):
with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test')
provider.fetch_soledad_json()
get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify='/tmp/foobar/providers/some-provider.test/keys/client/api.pem', timeout=15)
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.setup_ca()
provider.download_settings()
return provider
def test_that_provider_cert_is_used_to_fetch_soledad_json(self):
get_func = MagicMock(wraps=requests.get)
LeapCertificate.provider_api_cert = PROVIDER_API_CERT
with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func):
with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_soledad_json()
get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=PROVIDER_API_CERT, timeout=15)
def initialize_leap_provider(provider_hostname, provider_cert, provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider_hostname, config)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
return config, provider
def test_that_leap_fingerprint_is_validated(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
LeapCertificate.set_cert_and_fingerprint(None, 'some fingerprint')
with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15)
session.mount.assert_called_with('https://', ANY)
def test_that_bootstrap_cert_is_used_to_fetch_certificate(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
get_func = MagicMock(wraps=requests.get)
with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func):
with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt', verify=BOOTSTRAP_CA_CERT, timeout=15)
session.get.assert_any_call('https://some-provider.test/provider.json', verify=BOOTSTRAP_CA_CERT, timeout=15)
def register_new_user(username, server_name):
certs_home = os.path.abspath(
os.path.join(os.path.abspath(__file__), "..", "..", "certificates"))
config = LeapConfig(certs_home=certs_home)
provider = LeapProvider(server_name, config)
password = getpass.getpass('Please enter password for %s: ' % username)
LeapAuthenticator(provider).register(LeapCredentials(username, password))
session = LeapSession.open(username, password, server_name)
session.nicknym.generate_openpgp_key()
def open(username, password, server_name, leap_home=DEFAULT_LEAP_HOME):
certs_home = os.path.abspath(
os.path.join(os.path.abspath(__file__), "..", "..", "certificates"))
config = LeapConfig(leap_home=leap_home, certs_home=certs_home)
provider = LeapProvider(server_name, config)
refresh_ca_bundle(provider)
session = LeapSessionFactory(provider).create(
LeapCredentials(username, password))
return session
def test_that_bootstrap_cert_is_used_to_fetch_certificate(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
get_func = MagicMock(wraps=requests.get)
LeapCertificate.LEAP_CERT = PROVIDER_WEB_CERT
with patch('pixelated.bitmask_libraries.provider.requests.session',
new=session_func):
with patch('pixelated.bitmask_libraries.provider.requests.get',
new=get_func):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt',
verify=PROVIDER_WEB_CERT,
timeout=15)
session.get.assert_any_call('https://some-provider.test/provider.json',
verify=PROVIDER_WEB_CERT,
timeout=15)
def open(username, password, server_name):
try:
certs_home = os.path.abspath(
os.path.join(os.path.abspath(__file__), "..", "..",
"certificates"))
config = LeapConfig(certs_home=certs_home)
provider = LeapProvider(server_name, config)
session = LeapSessionFactory(provider).create(
LeapCredentials(username, password))
return session
except:
raise
def test_that_leap_fingerprint_is_validated(self):
session = MagicMock(wraps=requests.session())
session_func = MagicMock(return_value=session)
with patch(
'pixelated.bitmask_libraries.provider.which_bootstrap_cert_fingerprint',
return_value='some fingerprint'):
with patch(
'pixelated.bitmask_libraries.provider.which_bootstrap_CA_bundle',
return_value=False):
with patch(
'pixelated.bitmask_libraries.provider.requests.session',
new=session_func):
with HTTMock(provider_json_mock, ca_cert_mock,
not_found_mock):
provider = LeapProvider('some-provider.test',
self.config)
provider.fetch_valid_certificate()
session.get.assert_any_call('https://some-provider.test/ca.crt',
verify=False,
timeout=15)
session.mount.assert_called_with('https://', ANY)
def test_provider_fetches_provider_json(self):
with HTTMock(provider_json_mock):
provider = LeapProvider('some-provider.test', self.config)
self.assertEqual("1", provider.api_version)
self.assertEqual("some-provider.test", provider.domain)
self.assertEqual("https://api.some-provider.test:4430",
provider.api_uri)
self.assertEqual("https://some-provider.test/ca.crt",
provider.ca_cert_uri)
self.assertEqual(
"SHA256: 06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d",
provider.ca_cert_fingerprint)
self.assertEqual(["mx"], provider.services)
def initialize_leap_provider(provider_hostname, provider_cert,
provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.setup_ca()
provider.download_settings()
return provider
def _set_provider(provider_cert, provider_cert_fingerprint, server_name, leap_home=None):
if leap_home:
leap_config.set_leap_home(leap_home)
LeapCertificate.set_cert_and_fingerprint(provider_cert, provider_cert_fingerprint)
provider = LeapProvider(server_name)
provider.setup_ca()
provider.download_settings()
return provider
def initialize_leap_provider(provider_hostname, provider_cert,
provider_fingerprint, leap_home):
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_fingerprint)
leap_config.set_leap_home(leap_home)
provider = LeapProvider(provider_hostname)
provider.download_certificate()
LeapCertificate(provider).setup_ca_bundle()
provider.download_soledad_json()
return provider
def initialize_leap(leap_provider_cert, leap_provider_cert_fingerprint,
credentials_file, organization_mode, leap_home):
init_monkeypatches()
events_server.ensure_server()
provider, username, password = credentials.read(organization_mode,
credentials_file)
LeapCertificate.set_cert_and_fingerprint(leap_provider_cert,
leap_provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home, start_background_jobs=True)
provider = LeapProvider(provider, config)
LeapCertificate(provider).setup_ca_bundle()
leap_session = LeapSessionFactory(provider).create(username, password)
yield leap_session.initial_sync()
defer.returnValue(leap_session)
def register(server_name, username, password, leap_home, provider_cert,
provider_cert_fingerprint):
try:
validate_username(username)
except ValueError:
print('Only lowercase letters, digits, . - and _ allowed.')
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri,
LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def test_fetch_valid_certificate(self):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
def test_fetch_smtp_json(self):
with HTTMock(provider_json_mock, smtp_json_mock, not_found_mock):
provider = LeapProvider("some-provider.test", self.config)
smtp = provider.fetch_smtp_json()
self.assertEqual("mx.some-provider.test", smtp.get("hosts").get("leap-mx").get("hostname"))
def test_fetch_valid_certificate(self):
with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
provider.fetch_valid_certificate()
def test_throw_exception_for_fetch_smtp_status_code(self):
with HTTMock(provider_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
self.assertRaises(HTTPError, provider.fetch_smtp_json)
def test_fetch_smtp_json(self):
with HTTMock(provider_json_mock, smtp_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
smtp = provider.fetch_smtp_json()
self.assertEqual('mx.some-provider.test',
smtp.get('hosts').get('leap-mx').get('hostname'))
def test_fetch_soledad_json(self):
with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
soledad = provider.fetch_soledad_json()
self.assertEqual("some value", soledad.get('some key'))
def test_fetch_smtp_json(self):
with HTTMock(provider_json_mock, smtp_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
smtp = provider.fetch_smtp_json()
self.assertEqual('mx.some-provider.test', smtp.get('hosts').get('leap-mx').get('hostname'))
def test_fetch_soledad_json(self):
with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
soledad = provider.fetch_soledad_json()
self.assertEqual("some value", soledad.get('some key'))
def test_throw_exception_for_invalid_certificate(self):
with HTTMock(provider_json_invalid_fingerprint_mock, ca_cert_mock,
not_found_mock):
provider = LeapProvider('some-provider.test', self.config)
self.assertRaises(Exception, provider.fetch_valid_certificate)
if not password:
password = getpass.getpass('Please enter password for %s: ' % username)
try:
validate_username(username)
validate_password(password)
except ValueError, e:
print(e.message)
sys.exit(1)
events_server.ensure_server()
LeapCertificate.set_cert_and_fingerprint(provider_cert,
provider_cert_fingerprint)
config = LeapConfig(leap_home=leap_home)
provider = LeapProvider(server_name, config)
LeapCertificate(provider).setup_ca_bundle()
srp_auth = SRPAuth(provider.api_uri,
LeapCertificate(provider).provider_api_cert)
if srp_auth.register(username, password):
LeapSessionFactory(provider).create(username, password)
else:
logger.error("Register failed")
def validate_username(username):
accepted_characters = '^[a-z0-9\-\_\.]*$'
if (not re.match(accepted_characters, username)):
raise ValueError('Only lowercase letters, digits, . - and _ allowed.')