Ubuntu Single Sign On Client

Merge lp:~dobey/ubuntu-sso-client/update-13-10 into lp:ubuntu-sso-client/stable-13-10

update-13-10
Merge into stable-13-10

Proposed by dobey on 2013-05-29

Status:	Merged
Approved by:	dobey on 2013-05-29
Approved revision:	no longer in the source branch.
Merged at revision:	1031
Proposed branch:	lp:~dobey/ubuntu-sso-client/update-13-10
Merge into:	lp:ubuntu-sso-client/stable-13-10
Diff against target:	339 lines (+193/-10) 8 files modified data/UbuntuOne-Go_Daddy_CA.pem (+29/-0) data/UbuntuOne-Go_Daddy_Class_2_CA.pem (+25/-0) data/UbuntuOne-ValiCert_Class_2_VA.pem (+18/-0) setup.py (+11/-10) ubuntu_sso/utils/__init__.py (+25/-0) ubuntu_sso/utils/tests/test_common.py (+44/-0) ubuntu_sso/utils/webclient/qtnetwork.py (+24/-0) ubuntu_sso/utils/webclient/tests/test_qtnetwork.py (+17/-0)
To merge this branch:	bzr merge lp:~dobey/ubuntu-sso-client/update-13-10
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Mike McCracken (community)		2013-05-29	Approve on 2013-05-29
Review via email: mp+166380@code.launchpad.net

Commit message

[Brian Curtin]

- Set SSL configuration with bundled certificates for all WebClient requests.

Revision history for this message

Mike McCracken (mikemc) on 2013-05-29:

review: Approve

lp:~dobey/ubuntu-sso-client/update-13-10 updated on 2013-05-29

1031. By Brian Curtin on 2013-05-29

[Brian Curtin]

- Set SSL configuration with bundled certificates for all WebClient requests.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Ubuntu One hackers

dobey

 === added file 'data/UbuntuOne-Go_Daddy_CA.pem'
 --- data/UbuntuOne-Go_Daddy_CA.pem	1970-01-01 00:00:00 +0000
 +++ data/UbuntuOne-Go_Daddy_CA.pem	2013-05-29 20:29:29 +0000
@@ -0,0 +1,29 @@
++-----BEGIN CERTIFICATE-----
++MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
++ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
++RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
++MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
++QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
++b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
++b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
++YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
++AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
++KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
++VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
++SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
++cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
++6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
++MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
++kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
++BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
++BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
++c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
++AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
++BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
++OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
++A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
++0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
++RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
++qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
++U+4=
++-----END CERTIFICATE-----
 === added file 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'
 --- data/UbuntuOne-Go_Daddy_Class_2_CA.pem	1970-01-01 00:00:00 +0000
 +++ data/UbuntuOne-Go_Daddy_Class_2_CA.pem	2013-05-29 20:29:29 +0000
@@ -0,0 +1,25 @@
++-----BEGIN CERTIFICATE-----
++MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
++UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL
++EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
++DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx
++ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo
++R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw
++DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d
++/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9
++S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2
++TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl
++OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA
++pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44
++dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh
++yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj
++oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy
++b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
++YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
++BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX
++MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
++I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab
++IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr
++Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD
++pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
++-----END CERTIFICATE-----
 === added file 'data/UbuntuOne-ValiCert_Class_2_VA.pem'
 --- data/UbuntuOne-ValiCert_Class_2_VA.pem	1970-01-01 00:00:00 +0000
 +++ data/UbuntuOne-ValiCert_Class_2_VA.pem	2013-05-29 20:29:29 +0000
@@ -0,0 +1,18 @@
++-----BEGIN CERTIFICATE-----
++MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
++IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
++BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
++aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
++9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
++NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
++azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
++YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
++Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
++cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
++dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
++WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
++v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
++UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
++IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
++W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
++-----END CERTIFICATE-----
 === modified file 'setup.py'
 --- setup.py	2013-04-03 18:50:39 +0000
 +++ setup.py	2013-05-29 20:29:29 +0000
@@ -47,6 +47,8 @@
  from distutils import log
++from ubuntu_sso.utils import get_cert_dir
++
  PROJECT_NAME = 'ubuntu-sso-client'
  VERSION = '4.3'
@@ -285,14 +287,17 @@
      cmdclass['build_i18n'] = dummy_build_i18n
--def setup_windows():
--    """Provide the required info to setup the project on windows."""
++data_files = [(get_cert_dir(),
++              ['data/UbuntuOne-Go_Daddy_CA.pem',
++               'data/UbuntuOne-ValiCert_Class_2_VA.pem',
++               'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'])]
++
++if sys.platform == 'win32':
      set_py2exe_paths()
--    _data_files = []
      # for PyQt, see http://www.py2exe.org/index.cgi/Py2exeAndPyQt
      _includes = ['sip', 'email', 'ubuntu_sso.qt.gui',
                   'ubuntu_sso.qt.controllers', 'PyQt4.QtNetwork', 'PIL']
--    _extra = {
++    extra = {
          'options': {
              'py2exe': {
                  'bundle_files': 1,
@@ -306,15 +311,11 @@
          'console': sso_executables,
          'zipfile': None,
+     }
--    return _data_files, _extra
--
--if sys.platform == 'win32':
--    data_files, extra = setup_windows()
  else:
--    data_files = [
++    data_files.extend([
          ('lib/ubuntu-sso-client', sso_executables),
          ('share/dbus-1/services', ['data/com.ubuntu.sso.service']),
--    ]
++    ])
      extra = {}
  DistUtilsExtra.auto.setup(
 === modified file 'ubuntu_sso/utils/__init__.py'
 --- ubuntu_sso/utils/__init__.py	2012-10-23 14:17:58 +0000
 +++ ubuntu_sso/utils/__init__.py	2013-05-29 20:29:29 +0000
@@ -33,6 +33,7 @@
  import os
  import sys
++from dirspec.basedir import load_config_paths
  from dirspec.utils import get_program_path
  from twisted.internet import defer
@@ -141,6 +142,30 @@
      return cmd_args
++def get_cert_dir():
++    """Return directory containing certificate files."""
++
++    if getattr(sys, "frozen", None) is not None:
++        if sys.platform == "win32":
++            ssl_cert_location = list(load_config_paths(
++                    "ubuntuone"))[1]
++        elif sys.platform == "darwin":
++                main_app_dir = "".join(__file__.partition(".app")[:-1])
++                main_app_resources_dir = os.path.join(main_app_dir,
++                                                      "Contents",
++                                                      "Resources")
++                ssl_cert_location = main_app_resources_dir
++    elif any(plat in sys.platform for plat in ("win32", "darwin")):
++        pkg_dir = os.path.dirname(__file__)
++        src_tree_path = os.path.dirname(os.path.dirname(pkg_dir))
++        ssl_cert_location = os.path.join(src_tree_path,
++                                         "data")
++    else:
++        ssl_cert_location = '/etc/ssl/certs'
++
++    return ssl_cert_location
++
++
  @defer.inlineCallbacks
  def ping_url(url, email, credentials):
      """Ping the 'url' with the 'email' attached to it.
 === modified file 'ubuntu_sso/utils/tests/test_common.py'
 --- ubuntu_sso/utils/tests/test_common.py	2013-02-11 21:52:34 +0000
 +++ ubuntu_sso/utils/tests/test_common.py	2013-05-29 20:29:29 +0000
@@ -32,6 +32,7 @@
  import logging
  import sys
++import os
  from twisted.internet import defer
  from twisted.web import resource
@@ -167,6 +168,49 @@
          self.assertEqual(expected, result)
++class GetCertDirTestCase(TestCase):
++    """Test determining the cert location."""
++
++    @defer.inlineCallbacks
++    def setUp(self):
++        yield super(GetCertDirTestCase, self).setUp()
++
++    def test_win(self):
++        """Test geting a path when Common AppData is defined."""
++        self.patch(utils, "__file__",
++                   os.path.join("path", "to", "ubuntu_sso",
++                                "utils", "__init__.py"))
++        self.patch(sys, "platform", "win32")
++        path = utils.get_cert_dir()
++        self.assertEqual(path, os.path.join("path", "to", "data"))
++
++    def test_darwin_frozen(self):
++        """Test that we get a path with .app in it on frozen darwin."""
++        self.patch(sys, "platform", "darwin")
++        sys.frozen = "macosx-app"
++        self.addCleanup(delattr, sys, "frozen")
++        self.patch(utils, "__file__",
++                   os.path.join("path", "to", "Main.app", "ignore"))
++        path = utils.get_cert_dir()
++        self.assertEqual(path, os.path.join("path", "to", "Main.app",
++                                            "Contents", "Resources"))
++
++    def test_darwin_unfrozen(self):
++        """Test that we get a source-relative path on unfrozen darwin."""
++        self.patch(sys, "platform", "darwin")
++        self.patch(utils, "__file__",
++                   os.path.join("path", "to", "ubuntuone",
++                                "utils", "__init__.py"))
++        path = utils.get_cert_dir()
++        self.assertEqual(path, os.path.join("path", "to", "data"))
++
++    def test_linux(self):
++        """Test that linux gets the right path."""
++        self.patch(sys, "platform", "linux2")
++        path = utils.get_cert_dir()
++        self.assertEqual(path, "/etc/ssl/certs")
++
++
  class RootResource(resource.Resource):
      """A root resource that logs the number of calls."""
 === modified file 'ubuntu_sso/utils/webclient/qtnetwork.py'
 --- ubuntu_sso/utils/webclient/qtnetwork.py	2013-03-28 21:50:02 +0000
 +++ ubuntu_sso/utils/webclient/qtnetwork.py	2013-05-29 20:29:29 +0000
@@ -30,6 +30,8 @@
  from __future__ import unicode_literals
++import glob
++import os
  import sys
  from io import StringIO
@@ -47,10 +49,12 @@
      QNetworkReply,
      QNetworkRequest,
      QSslCertificate,
++    QSslConfiguration,
+ )
  from twisted.internet import defer
  from ubuntu_sso.logger import setup_logging
++from ubuntu_sso.utils import get_cert_dir
  from ubuntu_sso.utils.webclient.common import (
      BaseWebClient,
      HeaderDict,
@@ -102,6 +106,25 @@
          self.proxy_retry = False
          self.setup_proxy()
++        # Apply our local certificates as the SSL configuration to be used
++        # for all QNetworkRequest calls.
++        self.ssl_config = QSslConfiguration.defaultConfiguration()
++        ca_certs = self.ssl_config.caCertificates()
++        try:
++            for path in glob.glob(os.path.join(get_cert_dir(),
++                                               "UbuntuOne*.pem")):
++                with open(path) as f:
++                    cert = QSslCertificate(f.read())
++                    if cert.isValid():
++                        ca_certs.append(cert)
++                    else:
++                        logger.error("invalid certificate: {}".format(path))
++        except (IndexError, IOError) as err:
++            raise WebClientError(
++                    "Unable to configure SSL certificates: {}".format(err))
++
++        self.ssl_config.setCaCertificates(ca_certs)
++
      def _set_proxy(self, proxy):
          """Set the proxy to be used."""
          QNetworkProxy.setApplicationProxy(proxy)
@@ -157,6 +180,7 @@
          """Return a deferred that will be fired with a Response object."""
          uri = self.iri_to_uri(iri)
          request = QNetworkRequest(QUrl(uri))
++        request.setSslConfiguration(self.ssl_config)
          headers = yield self.build_request_headers(uri, method, extra_headers,
                                                     oauth_credentials)
 === modified file 'ubuntu_sso/utils/webclient/tests/test_qtnetwork.py'
 --- ubuntu_sso/utils/webclient/tests/test_qtnetwork.py	2012-12-14 22:06:47 +0000
 +++ ubuntu_sso/utils/webclient/tests/test_qtnetwork.py	2013-05-29 20:29:29 +0000
@@ -47,6 +47,8 @@
          self.settings = dict(https=dict(username='user', password='pasword'))
          self.patch(qtnetwork.gsettings, 'get_proxy_settings',
                  lambda: self.settings)
++        self.patch(qtnetwork, "get_cert_dir", lambda: "")
++        self.patch(qtnetwork.glob, "glob", lambda dir: [])
          self.proxy = None
@@ -69,6 +71,21 @@
      def _clean_webclient_instance(self):
          """Set the webclient not to have a proxy."""
          qtnetwork.WebClient.proxy_instance = None
++
++    def test_setup_no_certs(self):
++        # Ensure WebClient can start even if it finds no certs.
++        # It may or may not end up working depending on the certs actually
++        # being in the system, but not having them locally shouldn't prevent
++        # startup.
++        qtnetwork.WebClient()
++
++    def test_setup_unreadable_cert(self):
++        # If for some reason a cert of our own is found but can't be read,
++        # make sure we raise WebClientError.
++        # glob only returns paths that actually exist, but we fake this by
++        # passing something that can't be opened.
++        self.patch(qtnetwork.glob, "glob", lambda dir: ["asdfasdfasdf"])
++        self.assertRaises(qtnetwork.WebClientError, qtnetwork.WebClient)
  class SetupLinuxProxyTestCase(SetupProxyTestCase):

Ubuntu Single Sign On Client

Merge lp:~dobey/ubuntu-sso-client/update-13-10 into lp:ubuntu-sso-client/stable-13-10

Commit message

Description of the change

Preview Diff

Subscribers