← Back to branch summary

~benji/landscape-client/better-self-signed-cert-ux

« back to all changes in this revision

Viewing changes to landscape/configuration.py

  • Committer: Benji York
  • Date: 2015-02-11 11:35:36 UTC
  • Revision ID: benji.york@canonical.com-20150211113536-onh8zcqeaa9jkz2v
checkpoint

Show diffs side-by-side

added added

removed removed

Lines of Context:
landscape/configuration.py
14
14
import sys
15
15
import textwrap
16
16
import time
 
17
import urlparse
17
18
 
18
19
from StringIO import StringIO
19
20
 
20
21
from landscape.lib.tag import is_valid_tag
21
22
 
22
 
from landscape.sysvconfig import SysVConfig, ProcessError
 
23
from landscape.broker.amp import RemoteBrokerConnector
 
24
from landscape.broker.config import BrokerConfiguration
 
25
from landscape.broker.registration import InvalidCredentialsError
23
26
from landscape.lib.amp import MethodCallError
 
27
from landscape.lib.bootstrap import BootstrapList, BootstrapDirectory
 
28
from landscape.lib.fetch import fetch, FetchError
24
29
from landscape.lib.twisted_util import gather_results
25
 
from landscape.lib.fetch import fetch, FetchError
26
 
from landscape.lib.bootstrap import BootstrapList, BootstrapDirectory
27
30
from landscape.reactor import LandscapeReactor
28
 
from landscape.broker.registration import InvalidCredentialsError
29
 
from landscape.broker.config import BrokerConfiguration
30
 
from landscape.broker.amp import RemoteBrokerConnector
 
31
from landscape.sysvconfig import SysVConfig, ProcessError
31
32
 
32
33
SELF_SIGNED_CERT_WARNING = """\
33
34
SELF-SIGNED CERTIFICATE
637
638
            return False
638
639
 
639
640
 
 
641
# TODO test
 
642
def extract_host_and_port(url):
 
643
    """Pull the host and port from a URL (defaulting to 443 if not provided).
 
644
    """
 
645
    host_and_port = urlparse.urlparse(url)[1]
 
646
    if ":" not in host_and_port:
 
647
        host_and_port += ":443"
 
648
    return host_and_port
 
649
 
 
650
 
640
651
def exchange_failure(config, on_message, try_again, ssl_error=False,
641
652
        cert_path='/etc/landscape/server.pem', raw_input=raw_input,
642
653
        subprocess=subprocess):
650
661
        if already_has_key:
651
662
            on_message(LDS_MITM_WARNING, error=True)
652
663
            return 99
 
664
        
 
665
        host_and_port = extract_host_and_port(config.url)
653
666
 
654
667
        # Otherwise (we're using LDS or some other unforseen thing).  Get
655
668
        # remote cert into a pending location and capture the fingerprint and
656
669
        # subject to show the user.
657
670
        fingerprint_etc = subprocess.check_output(("""\
658
671
            echo -n | 
659
 
            openssl s_client -connect landscape.canonical.com:443 2> /dev/null |
 
672
            openssl s_client -connect %s 2> /dev/null |
660
673
            sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |
661
674
            tee %s.pending |
662
 
            openssl x509 -fingerprint -subject -noout""" % cert_path).split(),
 
675
            openssl x509 -fingerprint -subject -noout"""
 
676
            % (host_and_port, cert_path)).split(),
663
677
            shell=True)
664
678
 
665
679
        on_message(SELF_SIGNED_CERT_WARNING % fingerprint_etc, error=True)