Ubuntu Single Sign On Client

Merge lp:~mandel/ubuntu-sso-client/libsoup-ssl-dialog into lp:ubuntu-sso-client

  1. libsoup-ssl-dialog
  2. Merge into trunk
Proposed by Manuel de la Peña
Status: Rejected
Rejected by: Manuel de la Peña
Proposed branch: lp:~mandel/ubuntu-sso-client/libsoup-ssl-dialog
Merge into: lp:ubuntu-sso-client
Diff against target: 197 lines (+65/-18)
5 files modified
ubuntu_sso/qt/ssl_dialog.py (+1/-1)
ubuntu_sso/utils/webclient/common.py (+10/-0)
ubuntu_sso/utils/webclient/libsoup.py (+41/-7)
ubuntu_sso/utils/webclient/tests/__init__.py (+9/-6)
ubuntu_sso/utils/webclient/tests/test_webclient.py (+4/-4)
To merge this branch: bzr merge lp:~mandel/ubuntu-sso-client/libsoup-ssl-dialog
Reviewer Review Type Date Requested Status
Manuel de la Peña (community) Disapprove
Natalia Bidart Pending
Alejandro J. Cura Pending
Review via email: mp+97057@code.launchpad.net

Commit message

- Added the required logic to allow the libsoup weclient implementation to spawn the ssl dialog that will allow the user to accept an ssl cert with errors (LP: #939671)

Description of the change

- Added the required logic to allow the libsoup weclient implementation to spawn the ssl dialog that will allow the user to accept an ssl cert with errors (LP: #939671)

To post a comment you must log in.
lp:~mandel/ubuntu-sso-client/libsoup-ssl-dialog updated
948. By Manuel de la Peña

Merged with trunk.

949. By Manuel de la Peña

Merged with trunk.

Revision history for this message
Manuel de la Peña (mandel) wrote :

Rejecting since we wont use this code.

review: Disapprove

Unmerged revisions

949. By Manuel de la Peña

Merged with trunk.

948. By Manuel de la Peña

Merged with trunk.

947. By Manuel de la Peña

Reduced diff size.

946. By Manuel de la Peña

Reduced diff size.

945. By Manuel de la Peña

Merged with trunk.

944. By Manuel de la Peña

Added the required code to let the libsoup webclient implementation deal with ssl cert errors.

943. By Manuel de la Peña

Made changes to the tests so that they work correctly.

942. By Manuel de la Peña

Commit to share progress.

941. By Manuel de la Peña

Merged with parent and fixed conflicts.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu_sso/qt/ssl_dialog.py'
2--- ubuntu_sso/qt/ssl_dialog.py 2012-03-06 14:13:10 +0000
3+++ ubuntu_sso/qt/ssl_dialog.py 2012-03-15 11:28:19 +0000
4@@ -63,7 +63,7 @@
5
6
7 class SSLDialog(QDialog):
8- """"Dialog used to show SSL exceptions."""
9+ """Dialog used to show SSL exceptions."""
10
11 def __init__(self, app_name, domain=None, details=None, parent=None):
12 """Create a new instance."""
13
14=== modified file 'ubuntu_sso/utils/webclient/common.py'
15--- ubuntu_sso/utils/webclient/common.py 2012-03-09 12:04:31 +0000
16+++ ubuntu_sso/utils/webclient/common.py 2012-03-15 11:28:19 +0000
17@@ -47,6 +47,16 @@
18 """Failure raised when there is an issue with the proxy auth."""
19
20
21+class SSLCertError(WebClientError):
22+ """Failure raised when there is an issue with the ssl cert."""
23+
24+ def __init__(self, message, ssl_details=None, response=None):
25+ """Create a new insance with the given details."""
26+ super(SSLCertError, self).__init__(message)
27+ self.ssl_details = ssl_details
28+ self.response = response
29+
30+
31 class Response(object):
32 """A response object."""
33
34
35=== modified file 'ubuntu_sso/utils/webclient/libsoup.py'
36--- ubuntu_sso/utils/webclient/libsoup.py 2012-03-09 11:47:38 +0000
37+++ ubuntu_sso/utils/webclient/libsoup.py 2012-03-15 11:28:19 +0000
38@@ -17,6 +17,7 @@
39
40 import httplib
41
42+from OpenSSL.crypto import load_certificate, FILETYPE_PEM
43 from twisted.internet import defer
44
45 from ubuntu_sso.logger import setup_logging
46@@ -25,6 +26,7 @@
47 HeaderDict,
48 Response,
49 ProxyUnauthorizedError,
50+ SSLCertError,
51 UnauthorizedError,
52 WebClientError,
53 )
54@@ -48,17 +50,37 @@
55 self.session.add_feature(SoupGNOME.ProxyResolverGNOME())
56 self.session.connect("authenticate", self._on_authenticate)
57
58+ def _get_response(self, message):
59+ """Return a response from a SoupMessage."""
60+ headers = HeaderDict()
61+ response_headers = message.get_property("response-headers")
62+ add_header = lambda key, value, _: headers[key].append(value)
63+ response_headers.foreach(add_header, None)
64+ content = message.response_body.flatten().get_data()
65+ response = Response(content, headers)
66+ return response
67+
68 def _on_message(self, session, message, d):
69 """Handle the result of an http message."""
70 logger.debug('_on_message status code is %s', message.status_code)
71+ is_ssl, raw_cert, errors = message.get_https_status()
72 if message.status_code == httplib.OK:
73- headers = HeaderDict()
74- response_headers = message.get_property("response-headers")
75- add_header = lambda key, value, _: headers[key].append(value)
76- response_headers.foreach(add_header, None)
77- content = message.response_body.flatten().get_data()
78- response = Response(content, headers)
79- d.callback(response)
80+ response = self._get_response(message)
81+ if is_ssl and errors.real != 0:
82+ cert = load_certificate(FILETYPE_PEM,
83+ raw_cert.props.certificate_pem)
84+ cert_subject = cert.get_subject()
85+ ssl_details = dict(organization=cert_subject.O,
86+ common_name=cert_subject.CN,
87+ locality_name=cert_subject.L,
88+ unit=cert_subject.OU,
89+ country_name=cert_subject.C,
90+ state_name=cert_subject.ST)
91+ e = SSLCertError(message.reason_phrase,
92+ ssl_details=ssl_details, response=response)
93+ d.errback(e)
94+ else:
95+ d.callback(response)
96 elif message.status_code == httplib.UNAUTHORIZED:
97 e = UnauthorizedError(message.reason_phrase)
98 d.errback(e)
99@@ -109,6 +131,17 @@
100 defer.returnValue(response)
101
102 @defer.inlineCallbacks
103+ def _on_ssl_error(self, failure):
104+ """Deal with SSL errors."""
105+ failure.trap(SSLCertError)
106+ logger.debug('SSL cert errors found.')
107+ trust_cert = yield self.request_ssl_cert_approval(
108+ failure.value.ssl_details['common_name'],
109+ self.format_ssl_details(failure.value.ssl_details))
110+ if trust_cert:
111+ defer.returnValue(failure.value.response)
112+
113+ @defer.inlineCallbacks
114 def request(self, iri, method="GET", extra_headers=None,
115 oauth_credentials=None, post_content=None):
116 """Return a deferred that will be fired with a Response object."""
117@@ -136,6 +169,7 @@
118 self.session.queue_message(message, self._on_message, d)
119 d.addErrback(self._on_proxy_authenticate, iri, method, extra_headers,
120 oauth_credentials, post_content)
121+ d.addErrback(self._on_ssl_error)
122 response = yield d
123 defer.returnValue(response)
124
125
126=== modified file 'ubuntu_sso/utils/webclient/tests/__init__.py'
127--- ubuntu_sso/utils/webclient/tests/__init__.py 2012-03-09 12:04:31 +0000
128+++ ubuntu_sso/utils/webclient/tests/__init__.py 2012-03-15 11:28:19 +0000
129@@ -17,7 +17,7 @@
130 """Tests for the proxy-aware webclient."""
131
132 from twisted.application import internet, service
133-from twisted.internet import ssl
134+from twisted.internet import defer, ssl
135 from twisted.web import http, server
136
137
138@@ -62,12 +62,12 @@
139 class SaveHTTPChannel(http.HTTPChannel):
140 """A save protocol to be used in tests."""
141
142- protocolInstance = None
143+ protocolInstances = []
144
145 # pylint: disable=C0103
146 def connectionMade(self):
147 """Keep track of the given protocol."""
148- SaveHTTPChannel.protocolInstance = self
149+ SaveHTTPChannel.protocolInstances.append(self)
150 http.HTTPChannel.connectionMade(self)
151
152
153@@ -137,9 +137,12 @@
154 return self.ssl_server._port.getHost().port
155 # pylint: enable=W0212
156
157+ @defer.inlineCallbacks
158 def stop(self):
159 """Shut it down."""
160 #pylint: disable=E1101
161- if self.site.protocol.protocolInstance:
162- self.site.protocol.protocolInstance.timeoutConnection()
163- return self.service_collection.stopService()
164+ for protocol in self.site.protocol.protocolInstances:
165+ protocol.timeoutConnection()
166+ if self.ssl_server:
167+ yield self.ssl_server.stopService()
168+ yield self.service_collection.stopService()
169
170=== modified file 'ubuntu_sso/utils/webclient/tests/test_webclient.py'
171--- ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-03-12 23:15:45 +0000
172+++ ubuntu_sso/utils/webclient/tests/test_webclient.py 2012-03-15 11:28:19 +0000
173@@ -1015,11 +1015,12 @@
174
175 def test_ssl_fail_dialog_user_accepts(self):
176 """Test showing the dialog and accepting."""
177- self._assert_ssl_fail_user_accepts()
178+ return self._assert_ssl_fail_user_accepts()
179
180 def test_ssl_fail_dialog_user_accepts_via_proxy(self):
181 """Test showing the dialog and accepting when using a proxy."""
182- self._assert_ssl_fail_user_accepts(self.get_nonauth_proxy_settings())
183+ return self._assert_ssl_fail_user_accepts(
184+ self.get_nonauth_proxy_settings())
185
186 def test_ssl_fail_dialog_user_rejects(self):
187 """Test showing the dialog and rejecting."""
188@@ -1032,8 +1033,7 @@
189 self.assertEqual(details,
190 self.wc.format_ssl_details(self.cert_details))
191
192- if (WEBCLIENT_MODULE_NAME.endswith(".txweb") or
193- WEBCLIENT_MODULE_NAME.endswith(".libsoup")):
194+ if WEBCLIENT_MODULE_NAME.endswith(".txweb"):
195 reason = 'SSL support has not yet been implemented.'
196 test_ssl_fail_dialog_user_accepts.skip = reason
197 test_ssl_fail_dialog_user_accepts_via_proxy.skip = reason

Subscribers

People subscribed via source and target branches