Merge lp:~dobey/ubuntu-sso-client/update-13-10 into lp:ubuntu-sso-client/stable-13-10
- update-13-10
- Merge into stable-13-10
Proposed by
dobey
Status: | Merged |
---|---|
Approved by: | dobey |
Approved revision: | no longer in the source branch. |
Merged at revision: | 1031 |
Proposed branch: | lp:~dobey/ubuntu-sso-client/update-13-10 |
Merge into: | lp:ubuntu-sso-client/stable-13-10 |
Diff against target: |
339 lines (+193/-10) 8 files modified
data/UbuntuOne-Go_Daddy_CA.pem (+29/-0) data/UbuntuOne-Go_Daddy_Class_2_CA.pem (+25/-0) data/UbuntuOne-ValiCert_Class_2_VA.pem (+18/-0) setup.py (+11/-10) ubuntu_sso/utils/__init__.py (+25/-0) ubuntu_sso/utils/tests/test_common.py (+44/-0) ubuntu_sso/utils/webclient/qtnetwork.py (+24/-0) ubuntu_sso/utils/webclient/tests/test_qtnetwork.py (+17/-0) |
To merge this branch: | bzr merge lp:~dobey/ubuntu-sso-client/update-13-10 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Mike McCracken (community) | Approve | ||
Review via email: mp+166380@code.launchpad.net |
Commit message
[Brian Curtin]
- Set SSL configuration with bundled certificates for all WebClient requests.
Description of the change
To post a comment you must log in.
Revision history for this message
Mike McCracken (mikemc) : | # |
review:
Approve
- 1031. By Brian Curtin
-
[Brian Curtin]
- Set SSL configuration with bundled certificates for all WebClient requests.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === added file 'data/UbuntuOne-Go_Daddy_CA.pem' | |||
2 | --- data/UbuntuOne-Go_Daddy_CA.pem 1970-01-01 00:00:00 +0000 | |||
3 | +++ data/UbuntuOne-Go_Daddy_CA.pem 2013-05-29 20:29:29 +0000 | |||
4 | @@ -0,0 +1,29 @@ | |||
5 | 1 | -----BEGIN CERTIFICATE----- | ||
6 | 2 | MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx | ||
7 | 3 | ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g | ||
8 | 4 | RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw | ||
9 | 5 | MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH | ||
10 | 6 | QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j | ||
11 | 7 | b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j | ||
12 | 8 | b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj | ||
13 | 9 | YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN | ||
14 | 10 | AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H | ||
15 | 11 | KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm | ||
16 | 12 | VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR | ||
17 | 13 | SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT | ||
18 | 14 | cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ | ||
19 | 15 | 6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu | ||
20 | 16 | MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS | ||
21 | 17 | kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB | ||
22 | 18 | BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f | ||
23 | 19 | BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv | ||
24 | 20 | c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH | ||
25 | 21 | AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO | ||
26 | 22 | BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG | ||
27 | 23 | OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU | ||
28 | 24 | A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o | ||
29 | 25 | 0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX | ||
30 | 26 | RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH | ||
31 | 27 | qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV | ||
32 | 28 | U+4= | ||
33 | 29 | -----END CERTIFICATE----- | ||
34 | 0 | 30 | ||
35 | === added file 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem' | |||
36 | --- data/UbuntuOne-Go_Daddy_Class_2_CA.pem 1970-01-01 00:00:00 +0000 | |||
37 | +++ data/UbuntuOne-Go_Daddy_Class_2_CA.pem 2013-05-29 20:29:29 +0000 | |||
38 | @@ -0,0 +1,25 @@ | |||
39 | 1 | -----BEGIN CERTIFICATE----- | ||
40 | 2 | MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV | ||
41 | 3 | UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL | ||
42 | 4 | EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X | ||
43 | 5 | DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx | ||
44 | 6 | ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo | ||
45 | 7 | R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw | ||
46 | 8 | DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d | ||
47 | 9 | /+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9 | ||
48 | 10 | S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2 | ||
49 | 11 | TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl | ||
50 | 12 | OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA | ||
51 | 13 | pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44 | ||
52 | 14 | dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh | ||
53 | 15 | yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj | ||
54 | 16 | oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy | ||
55 | 17 | b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj | ||
56 | 18 | YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF | ||
57 | 19 | BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX | ||
58 | 20 | MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt | ||
59 | 21 | I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab | ||
60 | 22 | IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr | ||
61 | 23 | Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD | ||
62 | 24 | pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8= | ||
63 | 25 | -----END CERTIFICATE----- | ||
64 | 0 | 26 | ||
65 | === added file 'data/UbuntuOne-ValiCert_Class_2_VA.pem' | |||
66 | --- data/UbuntuOne-ValiCert_Class_2_VA.pem 1970-01-01 00:00:00 +0000 | |||
67 | +++ data/UbuntuOne-ValiCert_Class_2_VA.pem 2013-05-29 20:29:29 +0000 | |||
68 | @@ -0,0 +1,18 @@ | |||
69 | 1 | -----BEGIN CERTIFICATE----- | ||
70 | 2 | MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 | ||
71 | 3 | IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz | ||
72 | 4 | BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y | ||
73 | 5 | aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG | ||
74 | 6 | 9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy | ||
75 | 7 | NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y | ||
76 | 8 | azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs | ||
77 | 9 | YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw | ||
78 | 10 | Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl | ||
79 | 11 | cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY | ||
80 | 12 | dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9 | ||
81 | 13 | WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS | ||
82 | 14 | v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v | ||
83 | 15 | UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu | ||
84 | 16 | IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC | ||
85 | 17 | W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd | ||
86 | 18 | -----END CERTIFICATE----- | ||
87 | 0 | 19 | ||
88 | === modified file 'setup.py' | |||
89 | --- setup.py 2013-04-03 18:50:39 +0000 | |||
90 | +++ setup.py 2013-05-29 20:29:29 +0000 | |||
91 | @@ -47,6 +47,8 @@ | |||
92 | 47 | 47 | ||
93 | 48 | from distutils import log | 48 | from distutils import log |
94 | 49 | 49 | ||
95 | 50 | from ubuntu_sso.utils import get_cert_dir | ||
96 | 51 | |||
97 | 50 | PROJECT_NAME = 'ubuntu-sso-client' | 52 | PROJECT_NAME = 'ubuntu-sso-client' |
98 | 51 | VERSION = '4.3' | 53 | VERSION = '4.3' |
99 | 52 | 54 | ||
100 | @@ -285,14 +287,17 @@ | |||
101 | 285 | cmdclass['build_i18n'] = dummy_build_i18n | 287 | cmdclass['build_i18n'] = dummy_build_i18n |
102 | 286 | 288 | ||
103 | 287 | 289 | ||
106 | 288 | def setup_windows(): | 290 | data_files = [(get_cert_dir(), |
107 | 289 | """Provide the required info to setup the project on windows.""" | 291 | ['data/UbuntuOne-Go_Daddy_CA.pem', |
108 | 292 | 'data/UbuntuOne-ValiCert_Class_2_VA.pem', | ||
109 | 293 | 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'])] | ||
110 | 294 | |||
111 | 295 | if sys.platform == 'win32': | ||
112 | 290 | set_py2exe_paths() | 296 | set_py2exe_paths() |
113 | 291 | _data_files = [] | ||
114 | 292 | # for PyQt, see http://www.py2exe.org/index.cgi/Py2exeAndPyQt | 297 | # for PyQt, see http://www.py2exe.org/index.cgi/Py2exeAndPyQt |
115 | 293 | _includes = ['sip', 'email', 'ubuntu_sso.qt.gui', | 298 | _includes = ['sip', 'email', 'ubuntu_sso.qt.gui', |
116 | 294 | 'ubuntu_sso.qt.controllers', 'PyQt4.QtNetwork', 'PIL'] | 299 | 'ubuntu_sso.qt.controllers', 'PyQt4.QtNetwork', 'PIL'] |
118 | 295 | _extra = { | 300 | extra = { |
119 | 296 | 'options': { | 301 | 'options': { |
120 | 297 | 'py2exe': { | 302 | 'py2exe': { |
121 | 298 | 'bundle_files': 1, | 303 | 'bundle_files': 1, |
122 | @@ -306,15 +311,11 @@ | |||
123 | 306 | 'console': sso_executables, | 311 | 'console': sso_executables, |
124 | 307 | 'zipfile': None, | 312 | 'zipfile': None, |
125 | 308 | } | 313 | } |
126 | 309 | return _data_files, _extra | ||
127 | 310 | |||
128 | 311 | if sys.platform == 'win32': | ||
129 | 312 | data_files, extra = setup_windows() | ||
130 | 313 | else: | 314 | else: |
132 | 314 | data_files = [ | 315 | data_files.extend([ |
133 | 315 | ('lib/ubuntu-sso-client', sso_executables), | 316 | ('lib/ubuntu-sso-client', sso_executables), |
134 | 316 | ('share/dbus-1/services', ['data/com.ubuntu.sso.service']), | 317 | ('share/dbus-1/services', ['data/com.ubuntu.sso.service']), |
136 | 317 | ] | 318 | ]) |
137 | 318 | extra = {} | 319 | extra = {} |
138 | 319 | 320 | ||
139 | 320 | DistUtilsExtra.auto.setup( | 321 | DistUtilsExtra.auto.setup( |
140 | 321 | 322 | ||
141 | === modified file 'ubuntu_sso/utils/__init__.py' | |||
142 | --- ubuntu_sso/utils/__init__.py 2012-10-23 14:17:58 +0000 | |||
143 | +++ ubuntu_sso/utils/__init__.py 2013-05-29 20:29:29 +0000 | |||
144 | @@ -33,6 +33,7 @@ | |||
145 | 33 | import os | 33 | import os |
146 | 34 | import sys | 34 | import sys |
147 | 35 | 35 | ||
148 | 36 | from dirspec.basedir import load_config_paths | ||
149 | 36 | from dirspec.utils import get_program_path | 37 | from dirspec.utils import get_program_path |
150 | 37 | 38 | ||
151 | 38 | from twisted.internet import defer | 39 | from twisted.internet import defer |
152 | @@ -141,6 +142,30 @@ | |||
153 | 141 | return cmd_args | 142 | return cmd_args |
154 | 142 | 143 | ||
155 | 143 | 144 | ||
156 | 145 | def get_cert_dir(): | ||
157 | 146 | """Return directory containing certificate files.""" | ||
158 | 147 | |||
159 | 148 | if getattr(sys, "frozen", None) is not None: | ||
160 | 149 | if sys.platform == "win32": | ||
161 | 150 | ssl_cert_location = list(load_config_paths( | ||
162 | 151 | "ubuntuone"))[1] | ||
163 | 152 | elif sys.platform == "darwin": | ||
164 | 153 | main_app_dir = "".join(__file__.partition(".app")[:-1]) | ||
165 | 154 | main_app_resources_dir = os.path.join(main_app_dir, | ||
166 | 155 | "Contents", | ||
167 | 156 | "Resources") | ||
168 | 157 | ssl_cert_location = main_app_resources_dir | ||
169 | 158 | elif any(plat in sys.platform for plat in ("win32", "darwin")): | ||
170 | 159 | pkg_dir = os.path.dirname(__file__) | ||
171 | 160 | src_tree_path = os.path.dirname(os.path.dirname(pkg_dir)) | ||
172 | 161 | ssl_cert_location = os.path.join(src_tree_path, | ||
173 | 162 | "data") | ||
174 | 163 | else: | ||
175 | 164 | ssl_cert_location = '/etc/ssl/certs' | ||
176 | 165 | |||
177 | 166 | return ssl_cert_location | ||
178 | 167 | |||
179 | 168 | |||
180 | 144 | @defer.inlineCallbacks | 169 | @defer.inlineCallbacks |
181 | 145 | def ping_url(url, email, credentials): | 170 | def ping_url(url, email, credentials): |
182 | 146 | """Ping the 'url' with the 'email' attached to it. | 171 | """Ping the 'url' with the 'email' attached to it. |
183 | 147 | 172 | ||
184 | === modified file 'ubuntu_sso/utils/tests/test_common.py' | |||
185 | --- ubuntu_sso/utils/tests/test_common.py 2013-02-11 21:52:34 +0000 | |||
186 | +++ ubuntu_sso/utils/tests/test_common.py 2013-05-29 20:29:29 +0000 | |||
187 | @@ -32,6 +32,7 @@ | |||
188 | 32 | 32 | ||
189 | 33 | import logging | 33 | import logging |
190 | 34 | import sys | 34 | import sys |
191 | 35 | import os | ||
192 | 35 | 36 | ||
193 | 36 | from twisted.internet import defer | 37 | from twisted.internet import defer |
194 | 37 | from twisted.web import resource | 38 | from twisted.web import resource |
195 | @@ -167,6 +168,49 @@ | |||
196 | 167 | self.assertEqual(expected, result) | 168 | self.assertEqual(expected, result) |
197 | 168 | 169 | ||
198 | 169 | 170 | ||
199 | 171 | class GetCertDirTestCase(TestCase): | ||
200 | 172 | """Test determining the cert location.""" | ||
201 | 173 | |||
202 | 174 | @defer.inlineCallbacks | ||
203 | 175 | def setUp(self): | ||
204 | 176 | yield super(GetCertDirTestCase, self).setUp() | ||
205 | 177 | |||
206 | 178 | def test_win(self): | ||
207 | 179 | """Test geting a path when Common AppData is defined.""" | ||
208 | 180 | self.patch(utils, "__file__", | ||
209 | 181 | os.path.join("path", "to", "ubuntu_sso", | ||
210 | 182 | "utils", "__init__.py")) | ||
211 | 183 | self.patch(sys, "platform", "win32") | ||
212 | 184 | path = utils.get_cert_dir() | ||
213 | 185 | self.assertEqual(path, os.path.join("path", "to", "data")) | ||
214 | 186 | |||
215 | 187 | def test_darwin_frozen(self): | ||
216 | 188 | """Test that we get a path with .app in it on frozen darwin.""" | ||
217 | 189 | self.patch(sys, "platform", "darwin") | ||
218 | 190 | sys.frozen = "macosx-app" | ||
219 | 191 | self.addCleanup(delattr, sys, "frozen") | ||
220 | 192 | self.patch(utils, "__file__", | ||
221 | 193 | os.path.join("path", "to", "Main.app", "ignore")) | ||
222 | 194 | path = utils.get_cert_dir() | ||
223 | 195 | self.assertEqual(path, os.path.join("path", "to", "Main.app", | ||
224 | 196 | "Contents", "Resources")) | ||
225 | 197 | |||
226 | 198 | def test_darwin_unfrozen(self): | ||
227 | 199 | """Test that we get a source-relative path on unfrozen darwin.""" | ||
228 | 200 | self.patch(sys, "platform", "darwin") | ||
229 | 201 | self.patch(utils, "__file__", | ||
230 | 202 | os.path.join("path", "to", "ubuntuone", | ||
231 | 203 | "utils", "__init__.py")) | ||
232 | 204 | path = utils.get_cert_dir() | ||
233 | 205 | self.assertEqual(path, os.path.join("path", "to", "data")) | ||
234 | 206 | |||
235 | 207 | def test_linux(self): | ||
236 | 208 | """Test that linux gets the right path.""" | ||
237 | 209 | self.patch(sys, "platform", "linux2") | ||
238 | 210 | path = utils.get_cert_dir() | ||
239 | 211 | self.assertEqual(path, "/etc/ssl/certs") | ||
240 | 212 | |||
241 | 213 | |||
242 | 170 | class RootResource(resource.Resource): | 214 | class RootResource(resource.Resource): |
243 | 171 | """A root resource that logs the number of calls.""" | 215 | """A root resource that logs the number of calls.""" |
244 | 172 | 216 | ||
245 | 173 | 217 | ||
246 | === modified file 'ubuntu_sso/utils/webclient/qtnetwork.py' | |||
247 | --- ubuntu_sso/utils/webclient/qtnetwork.py 2013-03-28 21:50:02 +0000 | |||
248 | +++ ubuntu_sso/utils/webclient/qtnetwork.py 2013-05-29 20:29:29 +0000 | |||
249 | @@ -30,6 +30,8 @@ | |||
250 | 30 | 30 | ||
251 | 31 | from __future__ import unicode_literals | 31 | from __future__ import unicode_literals |
252 | 32 | 32 | ||
253 | 33 | import glob | ||
254 | 34 | import os | ||
255 | 33 | import sys | 35 | import sys |
256 | 34 | from io import StringIO | 36 | from io import StringIO |
257 | 35 | 37 | ||
258 | @@ -47,10 +49,12 @@ | |||
259 | 47 | QNetworkReply, | 49 | QNetworkReply, |
260 | 48 | QNetworkRequest, | 50 | QNetworkRequest, |
261 | 49 | QSslCertificate, | 51 | QSslCertificate, |
262 | 52 | QSslConfiguration, | ||
263 | 50 | ) | 53 | ) |
264 | 51 | from twisted.internet import defer | 54 | from twisted.internet import defer |
265 | 52 | 55 | ||
266 | 53 | from ubuntu_sso.logger import setup_logging | 56 | from ubuntu_sso.logger import setup_logging |
267 | 57 | from ubuntu_sso.utils import get_cert_dir | ||
268 | 54 | from ubuntu_sso.utils.webclient.common import ( | 58 | from ubuntu_sso.utils.webclient.common import ( |
269 | 55 | BaseWebClient, | 59 | BaseWebClient, |
270 | 56 | HeaderDict, | 60 | HeaderDict, |
271 | @@ -102,6 +106,25 @@ | |||
272 | 102 | self.proxy_retry = False | 106 | self.proxy_retry = False |
273 | 103 | self.setup_proxy() | 107 | self.setup_proxy() |
274 | 104 | 108 | ||
275 | 109 | # Apply our local certificates as the SSL configuration to be used | ||
276 | 110 | # for all QNetworkRequest calls. | ||
277 | 111 | self.ssl_config = QSslConfiguration.defaultConfiguration() | ||
278 | 112 | ca_certs = self.ssl_config.caCertificates() | ||
279 | 113 | try: | ||
280 | 114 | for path in glob.glob(os.path.join(get_cert_dir(), | ||
281 | 115 | "UbuntuOne*.pem")): | ||
282 | 116 | with open(path) as f: | ||
283 | 117 | cert = QSslCertificate(f.read()) | ||
284 | 118 | if cert.isValid(): | ||
285 | 119 | ca_certs.append(cert) | ||
286 | 120 | else: | ||
287 | 121 | logger.error("invalid certificate: {}".format(path)) | ||
288 | 122 | except (IndexError, IOError) as err: | ||
289 | 123 | raise WebClientError( | ||
290 | 124 | "Unable to configure SSL certificates: {}".format(err)) | ||
291 | 125 | |||
292 | 126 | self.ssl_config.setCaCertificates(ca_certs) | ||
293 | 127 | |||
294 | 105 | def _set_proxy(self, proxy): | 128 | def _set_proxy(self, proxy): |
295 | 106 | """Set the proxy to be used.""" | 129 | """Set the proxy to be used.""" |
296 | 107 | QNetworkProxy.setApplicationProxy(proxy) | 130 | QNetworkProxy.setApplicationProxy(proxy) |
297 | @@ -157,6 +180,7 @@ | |||
298 | 157 | """Return a deferred that will be fired with a Response object.""" | 180 | """Return a deferred that will be fired with a Response object.""" |
299 | 158 | uri = self.iri_to_uri(iri) | 181 | uri = self.iri_to_uri(iri) |
300 | 159 | request = QNetworkRequest(QUrl(uri)) | 182 | request = QNetworkRequest(QUrl(uri)) |
301 | 183 | request.setSslConfiguration(self.ssl_config) | ||
302 | 160 | headers = yield self.build_request_headers(uri, method, extra_headers, | 184 | headers = yield self.build_request_headers(uri, method, extra_headers, |
303 | 161 | oauth_credentials) | 185 | oauth_credentials) |
304 | 162 | 186 | ||
305 | 163 | 187 | ||
306 | === modified file 'ubuntu_sso/utils/webclient/tests/test_qtnetwork.py' | |||
307 | --- ubuntu_sso/utils/webclient/tests/test_qtnetwork.py 2012-12-14 22:06:47 +0000 | |||
308 | +++ ubuntu_sso/utils/webclient/tests/test_qtnetwork.py 2013-05-29 20:29:29 +0000 | |||
309 | @@ -47,6 +47,8 @@ | |||
310 | 47 | self.settings = dict(https=dict(username='user', password='pasword')) | 47 | self.settings = dict(https=dict(username='user', password='pasword')) |
311 | 48 | self.patch(qtnetwork.gsettings, 'get_proxy_settings', | 48 | self.patch(qtnetwork.gsettings, 'get_proxy_settings', |
312 | 49 | lambda: self.settings) | 49 | lambda: self.settings) |
313 | 50 | self.patch(qtnetwork, "get_cert_dir", lambda: "") | ||
314 | 51 | self.patch(qtnetwork.glob, "glob", lambda dir: []) | ||
315 | 50 | 52 | ||
316 | 51 | self.proxy = None | 53 | self.proxy = None |
317 | 52 | 54 | ||
318 | @@ -69,6 +71,21 @@ | |||
319 | 69 | def _clean_webclient_instance(self): | 71 | def _clean_webclient_instance(self): |
320 | 70 | """Set the webclient not to have a proxy.""" | 72 | """Set the webclient not to have a proxy.""" |
321 | 71 | qtnetwork.WebClient.proxy_instance = None | 73 | qtnetwork.WebClient.proxy_instance = None |
322 | 74 | |||
323 | 75 | def test_setup_no_certs(self): | ||
324 | 76 | # Ensure WebClient can start even if it finds no certs. | ||
325 | 77 | # It may or may not end up working depending on the certs actually | ||
326 | 78 | # being in the system, but not having them locally shouldn't prevent | ||
327 | 79 | # startup. | ||
328 | 80 | qtnetwork.WebClient() | ||
329 | 81 | |||
330 | 82 | def test_setup_unreadable_cert(self): | ||
331 | 83 | # If for some reason a cert of our own is found but can't be read, | ||
332 | 84 | # make sure we raise WebClientError. | ||
333 | 85 | # glob only returns paths that actually exist, but we fake this by | ||
334 | 86 | # passing something that can't be opened. | ||
335 | 87 | self.patch(qtnetwork.glob, "glob", lambda dir: ["asdfasdfasdf"]) | ||
336 | 88 | self.assertRaises(qtnetwork.WebClientError, qtnetwork.WebClient) | ||
337 | 72 | 89 | ||
338 | 73 | 90 | ||
339 | 74 | class SetupLinuxProxyTestCase(SetupProxyTestCase): | 91 | class SetupLinuxProxyTestCase(SetupProxyTestCase): |