[CalendarServer-changes] [3201] CalendarServer/trunk/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Tue Oct 21 12:59:58 PDT 2008


Revision: 3201
          http://trac.macosforge.org/projects/calendarserver/changeset/3201
Author:   sagen at apple.com
Date:     2008-10-21 12:59:58 -0700 (Tue, 21 Oct 2008)
Log Message:
-----------
Use certadmin (if it's installed) to retrieve ssl passphrase for server cert

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/config.py
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py	2008-10-21 18:52:35 UTC (rev 3200)
+++ CalendarServer/trunk/twistedcaldav/config.py	2008-10-21 19:59:58 UTC (rev 3201)
@@ -152,6 +152,7 @@
     "SSLPrivateKey"      : "",  # Private key
     "SSLAuthorityChain"  : "",  # Certificate Authority Chain
     "SSLPassPhraseDialog": "/etc/apache2/getsslpassphrase",
+    "SSLCertAdmin"       : "/usr/sbin/certadmin",
 
     #
     # Process management

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2008-10-21 18:52:35 UTC (rev 3200)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2008-10-21 19:59:58 UTC (rev 3201)
@@ -16,6 +16,7 @@
 
 import os
 import stat
+import commands
 
 from zope.interface import implements
 
@@ -365,32 +366,43 @@
 from twisted.internet.ssl import DefaultOpenSSLContextFactory
 
 def _getSSLPassphrase(*args):
-    sslPrivKey = open(config.SSLPrivateKey)
 
-    type = None
-    for line in sslPrivKey.readlines():
-        if "-----BEGIN RSA PRIVATE KEY-----" in line:
-            type = "RSA"
-            break
-        elif "-----BEGIN DSA PRIVATE KEY-----" in line:
-            type = "DSA"
-            break
+    if os.path.exists(config.SSLCertAdmin):
+        cmd = "sudo %s --get-private-key-passphrase %s" % (config.SSLCertAdmin,
+            config.SSLPrivateKey)
+        status, output = commands.getstatusoutput(cmd)
+        if status != 0:
+            log.err("Could not get passphrase for %s. %s" %
+                (config.SSLPrivateKey, output))
+            return False
+        return output
 
-    sslPrivKey.close()
+    else:
+        sslPrivKey = open(config.SSLPrivateKey)
 
-    if type is None:
-        log.err("Could not get private key type for %s" % (config.SSLPrivateKey,))
-        return False
+        type = None
+        for line in sslPrivKey.readlines():
+            if "-----BEGIN RSA PRIVATE KEY-----" in line:
+                type = "RSA"
+                break
+            elif "-----BEGIN DSA PRIVATE KEY-----" in line:
+                type = "DSA"
+                break
 
-    import commands
-    return commands.getoutput("%s %s:%s %s" % (
-        config.SSLPassPhraseDialog,
-        config.ServerHostName,
-        config.SSLPort,
-        type
-    ))
+        sslPrivKey.close()
 
+        if type is None:
+            log.err("Could not get private key type for %s" % (config.SSLPrivateKey,))
+            return False
 
+        return commands.getoutput("%s %s:%s %s" % (
+            config.SSLPassPhraseDialog,
+            config.ServerHostName,
+            config.SSLPort,
+            type
+        ))
+
+
 class ChainingOpenSSLContextFactory(DefaultOpenSSLContextFactory):
     def __init__(
         self, privateKeyFileName, certificateFileName,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081021/f2cd516a/attachment-0001.html 


More information about the calendarserver-changes mailing list