Ubuntu Single Sign On Client

Merge lp:~dobey/ubuntu-sso-client/update-13-10 into lp:ubuntu-sso-client/stable-13-10

  1. update-13-10
  2. Merge into stable-13-10
Proposed by dobey
Status: Merged
Approved by: dobey
Approved revision: no longer in the source branch.
Merged at revision: 1031
Proposed branch: lp:~dobey/ubuntu-sso-client/update-13-10
Merge into: lp:ubuntu-sso-client/stable-13-10
Diff against target: 339 lines (+193/-10)
8 files modified
data/UbuntuOne-Go_Daddy_CA.pem (+29/-0)
data/UbuntuOne-Go_Daddy_Class_2_CA.pem (+25/-0)
data/UbuntuOne-ValiCert_Class_2_VA.pem (+18/-0)
setup.py (+11/-10)
ubuntu_sso/utils/__init__.py (+25/-0)
ubuntu_sso/utils/tests/test_common.py (+44/-0)
ubuntu_sso/utils/webclient/qtnetwork.py (+24/-0)
ubuntu_sso/utils/webclient/tests/test_qtnetwork.py (+17/-0)
To merge this branch: bzr merge lp:~dobey/ubuntu-sso-client/update-13-10
Reviewer Review Type Date Requested Status
Mike McCracken (community) Approve
Review via email: mp+166380@code.launchpad.net

Commit message

[Brian Curtin]

    - Set SSL configuration with bundled certificates for all WebClient requests.

To post a comment you must log in.
Revision history for this message
Mike McCracken (mikemc) :
review: Approve
lp:~dobey/ubuntu-sso-client/update-13-10 updated
1031. By Brian Curtin

[Brian Curtin]

    - Set SSL configuration with bundled certificates for all WebClient requests.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added file 'data/UbuntuOne-Go_Daddy_CA.pem'
--- data/UbuntuOne-Go_Daddy_CA.pem 1970-01-01 00:00:00 +0000
+++ data/UbuntuOne-Go_Daddy_CA.pem 2013-05-29 20:29:29 +0000
@@ -0,0 +1,29 @@
1-----BEGIN CERTIFICATE-----
2MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
3ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
4RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
5MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
6QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
7b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
8b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
9YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
10AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
11KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
12VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
13SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
14cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
156qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
16MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
17kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
18BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
19BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
20c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
21AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
22BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
23OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
24A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
250yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
26RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
27qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
28U+4=
29-----END CERTIFICATE-----
030
=== added file 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'
--- data/UbuntuOne-Go_Daddy_Class_2_CA.pem 1970-01-01 00:00:00 +0000
+++ data/UbuntuOne-Go_Daddy_Class_2_CA.pem 2013-05-29 20:29:29 +0000
@@ -0,0 +1,25 @@
1-----BEGIN CERTIFICATE-----
2MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
3UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL
4EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
5DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx
6ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo
7R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw
8DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d
9/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9
10S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2
11TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl
12OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA
13pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44
14dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh
15yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj
16oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy
17b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
18YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
19BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX
20MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
21I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab
22IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr
23Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD
24pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
25-----END CERTIFICATE-----
026
=== added file 'data/UbuntuOne-ValiCert_Class_2_VA.pem'
--- data/UbuntuOne-ValiCert_Class_2_VA.pem 1970-01-01 00:00:00 +0000
+++ data/UbuntuOne-ValiCert_Class_2_VA.pem 2013-05-29 20:29:29 +0000
@@ -0,0 +1,18 @@
1-----BEGIN CERTIFICATE-----
2MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
3IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
4BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
5aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
69w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
7NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
8azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
9YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
10Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
11cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
12dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
13WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
14v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
15UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
16IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
17W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
18-----END CERTIFICATE-----
019
=== modified file 'setup.py'
--- setup.py 2013-04-03 18:50:39 +0000
+++ setup.py 2013-05-29 20:29:29 +0000
@@ -47,6 +47,8 @@
4747
48from distutils import log48from distutils import log
4949
50from ubuntu_sso.utils import get_cert_dir
51
50PROJECT_NAME = 'ubuntu-sso-client'52PROJECT_NAME = 'ubuntu-sso-client'
51VERSION = '4.3'53VERSION = '4.3'
5254
@@ -285,14 +287,17 @@
285 cmdclass['build_i18n'] = dummy_build_i18n287 cmdclass['build_i18n'] = dummy_build_i18n
286288
287289
288def setup_windows():290data_files = [(get_cert_dir(),
289 """Provide the required info to setup the project on windows."""291 ['data/UbuntuOne-Go_Daddy_CA.pem',
292 'data/UbuntuOne-ValiCert_Class_2_VA.pem',
293 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'])]
294
295if sys.platform == 'win32':
290 set_py2exe_paths()296 set_py2exe_paths()
291 _data_files = []
292 # for PyQt, see http://www.py2exe.org/index.cgi/Py2exeAndPyQt297 # for PyQt, see http://www.py2exe.org/index.cgi/Py2exeAndPyQt
293 _includes = ['sip', 'email', 'ubuntu_sso.qt.gui',298 _includes = ['sip', 'email', 'ubuntu_sso.qt.gui',
294 'ubuntu_sso.qt.controllers', 'PyQt4.QtNetwork', 'PIL']299 'ubuntu_sso.qt.controllers', 'PyQt4.QtNetwork', 'PIL']
295 _extra = {300 extra = {
296 'options': {301 'options': {
297 'py2exe': {302 'py2exe': {
298 'bundle_files': 1,303 'bundle_files': 1,
@@ -306,15 +311,11 @@
306 'console': sso_executables,311 'console': sso_executables,
307 'zipfile': None,312 'zipfile': None,
308 }313 }
309 return _data_files, _extra
310
311if sys.platform == 'win32':
312 data_files, extra = setup_windows()
313else:314else:
314 data_files = [315 data_files.extend([
315 ('lib/ubuntu-sso-client', sso_executables),316 ('lib/ubuntu-sso-client', sso_executables),
316 ('share/dbus-1/services', ['data/com.ubuntu.sso.service']),317 ('share/dbus-1/services', ['data/com.ubuntu.sso.service']),
317 ]318 ])
318 extra = {}319 extra = {}
319320
320DistUtilsExtra.auto.setup(321DistUtilsExtra.auto.setup(
321322
=== modified file 'ubuntu_sso/utils/__init__.py'
--- ubuntu_sso/utils/__init__.py 2012-10-23 14:17:58 +0000
+++ ubuntu_sso/utils/__init__.py 2013-05-29 20:29:29 +0000
@@ -33,6 +33,7 @@
33import os33import os
34import sys34import sys
3535
36from dirspec.basedir import load_config_paths
36from dirspec.utils import get_program_path37from dirspec.utils import get_program_path
3738
38from twisted.internet import defer39from twisted.internet import defer
@@ -141,6 +142,30 @@
141 return cmd_args142 return cmd_args
142143
143144
145def get_cert_dir():
146 """Return directory containing certificate files."""
147
148 if getattr(sys, "frozen", None) is not None:
149 if sys.platform == "win32":
150 ssl_cert_location = list(load_config_paths(
151 "ubuntuone"))[1]
152 elif sys.platform == "darwin":
153 main_app_dir = "".join(__file__.partition(".app")[:-1])
154 main_app_resources_dir = os.path.join(main_app_dir,
155 "Contents",
156 "Resources")
157 ssl_cert_location = main_app_resources_dir
158 elif any(plat in sys.platform for plat in ("win32", "darwin")):
159 pkg_dir = os.path.dirname(__file__)
160 src_tree_path = os.path.dirname(os.path.dirname(pkg_dir))
161 ssl_cert_location = os.path.join(src_tree_path,
162 "data")
163 else:
164 ssl_cert_location = '/etc/ssl/certs'
165
166 return ssl_cert_location
167
168
144@defer.inlineCallbacks169@defer.inlineCallbacks
145def ping_url(url, email, credentials):170def ping_url(url, email, credentials):
146 """Ping the 'url' with the 'email' attached to it.171 """Ping the 'url' with the 'email' attached to it.
147172
=== modified file 'ubuntu_sso/utils/tests/test_common.py'
--- ubuntu_sso/utils/tests/test_common.py 2013-02-11 21:52:34 +0000
+++ ubuntu_sso/utils/tests/test_common.py 2013-05-29 20:29:29 +0000
@@ -32,6 +32,7 @@
3232
33import logging33import logging
34import sys34import sys
35import os
3536
36from twisted.internet import defer37from twisted.internet import defer
37from twisted.web import resource38from twisted.web import resource
@@ -167,6 +168,49 @@
167 self.assertEqual(expected, result)168 self.assertEqual(expected, result)
168169
169170
171class GetCertDirTestCase(TestCase):
172 """Test determining the cert location."""
173
174 @defer.inlineCallbacks
175 def setUp(self):
176 yield super(GetCertDirTestCase, self).setUp()
177
178 def test_win(self):
179 """Test geting a path when Common AppData is defined."""
180 self.patch(utils, "__file__",
181 os.path.join("path", "to", "ubuntu_sso",
182 "utils", "__init__.py"))
183 self.patch(sys, "platform", "win32")
184 path = utils.get_cert_dir()
185 self.assertEqual(path, os.path.join("path", "to", "data"))
186
187 def test_darwin_frozen(self):
188 """Test that we get a path with .app in it on frozen darwin."""
189 self.patch(sys, "platform", "darwin")
190 sys.frozen = "macosx-app"
191 self.addCleanup(delattr, sys, "frozen")
192 self.patch(utils, "__file__",
193 os.path.join("path", "to", "Main.app", "ignore"))
194 path = utils.get_cert_dir()
195 self.assertEqual(path, os.path.join("path", "to", "Main.app",
196 "Contents", "Resources"))
197
198 def test_darwin_unfrozen(self):
199 """Test that we get a source-relative path on unfrozen darwin."""
200 self.patch(sys, "platform", "darwin")
201 self.patch(utils, "__file__",
202 os.path.join("path", "to", "ubuntuone",
203 "utils", "__init__.py"))
204 path = utils.get_cert_dir()
205 self.assertEqual(path, os.path.join("path", "to", "data"))
206
207 def test_linux(self):
208 """Test that linux gets the right path."""
209 self.patch(sys, "platform", "linux2")
210 path = utils.get_cert_dir()
211 self.assertEqual(path, "/etc/ssl/certs")
212
213
170class RootResource(resource.Resource):214class RootResource(resource.Resource):
171 """A root resource that logs the number of calls."""215 """A root resource that logs the number of calls."""
172216
173217
=== modified file 'ubuntu_sso/utils/webclient/qtnetwork.py'
--- ubuntu_sso/utils/webclient/qtnetwork.py 2013-03-28 21:50:02 +0000
+++ ubuntu_sso/utils/webclient/qtnetwork.py 2013-05-29 20:29:29 +0000
@@ -30,6 +30,8 @@
3030
31from __future__ import unicode_literals31from __future__ import unicode_literals
3232
33import glob
34import os
33import sys35import sys
34from io import StringIO36from io import StringIO
3537
@@ -47,10 +49,12 @@
47 QNetworkReply,49 QNetworkReply,
48 QNetworkRequest,50 QNetworkRequest,
49 QSslCertificate,51 QSslCertificate,
52 QSslConfiguration,
50)53)
51from twisted.internet import defer54from twisted.internet import defer
5255
53from ubuntu_sso.logger import setup_logging56from ubuntu_sso.logger import setup_logging
57from ubuntu_sso.utils import get_cert_dir
54from ubuntu_sso.utils.webclient.common import (58from ubuntu_sso.utils.webclient.common import (
55 BaseWebClient,59 BaseWebClient,
56 HeaderDict,60 HeaderDict,
@@ -102,6 +106,25 @@
102 self.proxy_retry = False106 self.proxy_retry = False
103 self.setup_proxy()107 self.setup_proxy()
104108
109 # Apply our local certificates as the SSL configuration to be used
110 # for all QNetworkRequest calls.
111 self.ssl_config = QSslConfiguration.defaultConfiguration()
112 ca_certs = self.ssl_config.caCertificates()
113 try:
114 for path in glob.glob(os.path.join(get_cert_dir(),
115 "UbuntuOne*.pem")):
116 with open(path) as f:
117 cert = QSslCertificate(f.read())
118 if cert.isValid():
119 ca_certs.append(cert)
120 else:
121 logger.error("invalid certificate: {}".format(path))
122 except (IndexError, IOError) as err:
123 raise WebClientError(
124 "Unable to configure SSL certificates: {}".format(err))
125
126 self.ssl_config.setCaCertificates(ca_certs)
127
105 def _set_proxy(self, proxy):128 def _set_proxy(self, proxy):
106 """Set the proxy to be used."""129 """Set the proxy to be used."""
107 QNetworkProxy.setApplicationProxy(proxy)130 QNetworkProxy.setApplicationProxy(proxy)
@@ -157,6 +180,7 @@
157 """Return a deferred that will be fired with a Response object."""180 """Return a deferred that will be fired with a Response object."""
158 uri = self.iri_to_uri(iri)181 uri = self.iri_to_uri(iri)
159 request = QNetworkRequest(QUrl(uri))182 request = QNetworkRequest(QUrl(uri))
183 request.setSslConfiguration(self.ssl_config)
160 headers = yield self.build_request_headers(uri, method, extra_headers,184 headers = yield self.build_request_headers(uri, method, extra_headers,
161 oauth_credentials)185 oauth_credentials)
162186
163187
=== modified file 'ubuntu_sso/utils/webclient/tests/test_qtnetwork.py'
--- ubuntu_sso/utils/webclient/tests/test_qtnetwork.py 2012-12-14 22:06:47 +0000
+++ ubuntu_sso/utils/webclient/tests/test_qtnetwork.py 2013-05-29 20:29:29 +0000
@@ -47,6 +47,8 @@
47 self.settings = dict(https=dict(username='user', password='pasword'))47 self.settings = dict(https=dict(username='user', password='pasword'))
48 self.patch(qtnetwork.gsettings, 'get_proxy_settings',48 self.patch(qtnetwork.gsettings, 'get_proxy_settings',
49 lambda: self.settings)49 lambda: self.settings)
50 self.patch(qtnetwork, "get_cert_dir", lambda: "")
51 self.patch(qtnetwork.glob, "glob", lambda dir: [])
5052
51 self.proxy = None53 self.proxy = None
5254
@@ -69,6 +71,21 @@
69 def _clean_webclient_instance(self):71 def _clean_webclient_instance(self):
70 """Set the webclient not to have a proxy."""72 """Set the webclient not to have a proxy."""
71 qtnetwork.WebClient.proxy_instance = None73 qtnetwork.WebClient.proxy_instance = None
74
75 def test_setup_no_certs(self):
76 # Ensure WebClient can start even if it finds no certs.
77 # It may or may not end up working depending on the certs actually
78 # being in the system, but not having them locally shouldn't prevent
79 # startup.
80 qtnetwork.WebClient()
81
82 def test_setup_unreadable_cert(self):
83 # If for some reason a cert of our own is found but can't be read,
84 # make sure we raise WebClientError.
85 # glob only returns paths that actually exist, but we fake this by
86 # passing something that can't be opened.
87 self.patch(qtnetwork.glob, "glob", lambda dir: ["asdfasdfasdf"])
88 self.assertRaises(qtnetwork.WebClientError, qtnetwork.WebClient)
7289
7390
74class SetupLinuxProxyTestCase(SetupProxyTestCase):91class SetupLinuxProxyTestCase(SetupProxyTestCase):

Subscribers

People subscribed via source and target branches

to all changes: