[CalendarServer-changes] [8433] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Dec 13 11:48:41 PST 2011
Revision: 8433
http://trac.macosforge.org/projects/calendarserver/changeset/8433
Author: sagen at apple.com
Date: 2011-12-13 11:48:41 -0800 (Tue, 13 Dec 2011)
Log Message:
-----------
Support authority-chain for APN certs, and retrieve passphrases from keychain if not in plist.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/push/applepush.py
CalendarServer/trunk/calendarserver/push/test/test_applepush.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/calendarserver/push/applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/applepush.py 2011-12-13 17:05:51 UTC (rev 8432)
+++ CalendarServer/trunk/calendarserver/push/applepush.py 2011-12-13 19:48:41 UTC (rev 8433)
@@ -98,6 +98,8 @@
settings["ProviderPort"],
settings[protocol]["CertificatePath"],
settings[protocol]["PrivateKeyPath"],
+ chainPath=settings[protocol]["AuthorityChainPath"],
+ passphrase=settings[protocol]["Passphrase"],
testConnector=providerTestConnector,
reactor=reactor,
)
@@ -113,6 +115,8 @@
settings["FeedbackPort"],
settings[protocol]["CertificatePath"],
settings[protocol]["PrivateKeyPath"],
+ chainPath=settings[protocol]["AuthorityChainPath"],
+ passphrase=settings[protocol]["Passphrase"],
testConnector=feedbackTestConnector,
reactor=reactor,
)
@@ -294,13 +298,15 @@
class APNConnectionService(service.Service, LoggingMixIn):
def __init__(self, host, port, certPath, keyPath, chainPath="",
- sslMethod="TLSv1_METHOD", testConnector=None, reactor=None):
+ passphrase="", sslMethod="TLSv1_METHOD", testConnector=None,
+ reactor=None):
self.host = host
self.port = port
self.certPath = certPath
self.keyPath = keyPath
self.chainPath = chainPath
+ self.passphrase = passphrase
self.sslMethod = sslMethod
self.testConnector = testConnector
@@ -313,10 +319,15 @@
# For testing purposes
self.testConnector.connect(self, factory)
else:
+ if self.passphrase:
+ passwdCallback = lambda *ignored : self.passphrase
+ else:
+ passwdCallback = None
context = ChainingOpenSSLContextFactory(
self.keyPath,
self.certPath,
certificateChainFile=self.chainPath,
+ passwdCallback=passwdCallback,
sslmethod=getattr(OpenSSL.SSL, self.sslMethod)
)
reactor.connectSSL(self.host, self.port, factory, context)
@@ -325,10 +336,11 @@
class APNProviderService(APNConnectionService):
def __init__(self, host, port, certPath, keyPath, chainPath="",
- sslMethod="TLSv1_METHOD", testConnector=None, reactor=None):
+ passphrase="", sslMethod="TLSv1_METHOD", testConnector=None,
+ reactor=None):
APNConnectionService.__init__(self, host, port, certPath, keyPath,
- chainPath="", sslMethod=sslMethod,
+ chainPath=chainPath, passphrase=passphrase, sslMethod=sslMethod,
testConnector=testConnector, reactor=reactor)
self.factory = None
@@ -446,11 +458,11 @@
class APNFeedbackService(APNConnectionService):
def __init__(self, store, updateSeconds, host, port, certPath, keyPath,
- chainPath="", sslMethod="TLSv1_METHOD", testConnector=None,
- reactor=None):
+ chainPath="", passphrase="", sslMethod="TLSv1_METHOD",
+ testConnector=None, reactor=None):
APNConnectionService.__init__(self, host, port, certPath, keyPath,
- chainPath="", sslMethod=sslMethod,
+ chainPath=chainPath, passphrase=passphrase, sslMethod=sslMethod,
testConnector=testConnector, reactor=reactor)
self.store = store
Modified: CalendarServer/trunk/calendarserver/push/test/test_applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2011-12-13 17:05:51 UTC (rev 8432)
+++ CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2011-12-13 19:48:41 UTC (rev 8433)
@@ -46,11 +46,15 @@
"CalDAV" : {
"CertificatePath" : "caldav.cer",
"PrivateKeyPath" : "caldav.pem",
+ "AuthorityChainPath" : "chain.pem",
+ "Passphrase" : "",
"Topic" : "caldav_topic",
},
"CardDAV" : {
"CertificatePath" : "carddav.cer",
"PrivateKeyPath" : "carddav.pem",
+ "AuthorityChainPath" : "chain.pem",
+ "Passphrase" : "",
"Topic" : "carddav_topic",
},
}
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2011-12-13 17:05:51 UTC (rev 8432)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2011-12-13 19:48:41 UTC (rev 8433)
@@ -665,11 +665,15 @@
"CalDAV" : {
"CertificatePath" : "",
"PrivateKeyPath" : "",
+ "AuthorityChainPath" : "",
+ "Passphrase" : "",
"Topic" : "",
},
"CardDAV" : {
"CertificatePath" : "",
"PrivateKeyPath" : "",
+ "AuthorityChainPath" : "",
+ "Passphrase" : "",
"Topic" : "",
},
},
@@ -1237,13 +1241,34 @@
service["DataHost"] = configDict.ServerHostName
# Retrieve APN topics from certificates if not explicitly set
- for protocol in ("CalDAV", "CardDAV"):
+ for protocol, accountName in (
+ ("CalDAV", "apns:com.apple.calendar"),
+ ("CardDAV", "apns:com.apple.contact"),
+ ):
if not service[protocol]["Topic"]:
certPath = service[protocol]["CertificatePath"]
if certPath and os.path.exists(certPath):
topic = getAPNTopicFromCertificate(certPath)
service[protocol]["Topic"] = topic
+ # If we already have the cert passphrase, don't fetch it again
+ if service[protocol]["Passphrase"]:
+ continue
+
+ # Get passphrase from keychain. If not there, fall back to what
+ # is in the plist.
+ try:
+ passphrase = getPasswordFromKeychain(accountName)
+ service[protocol]["Passphrase"] = passphrase
+ log.info("%s APN certificate passphrase retreived from keychain" % (protocol,))
+ except KeychainAccessError:
+ # The system doesn't support keychain
+ pass
+ except KeychainPasswordNotFound:
+ # The password doesn't exist in the keychain.
+ log.info("%s APN certificate passphrase not found in keychain" % (protocol,))
+
+
if (
service["Service"] == "twistedcaldav.notify.XMPPNotifierService" and
service["Enabled"]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20111213/39951f8f/attachment-0001.html>
More information about the calendarserver-changes
mailing list