[CalendarServer-changes] [9485] CalendarServer/trunk/contrib/certupdate
source_changes at macosforge.org
source_changes at macosforge.org
Mon Jul 23 17:02:33 PDT 2012
Revision: 9485
http://trac.macosforge.org/projects/calendarserver/changeset/9485
Author: sagen at apple.com
Date: 2012-07-23 17:02:33 -0700 (Mon, 23 Jul 2012)
Log Message:
-----------
Fall back to default certificate if it exists
Modified Paths:
--------------
CalendarServer/trunk/contrib/certupdate/calendarcertupdate.py
CalendarServer/trunk/contrib/certupdate/test/test_certupdate.py
Modified: CalendarServer/trunk/contrib/certupdate/calendarcertupdate.py
===================================================================
--- CalendarServer/trunk/contrib/certupdate/calendarcertupdate.py 2012-07-23 22:44:56 UTC (rev 9484)
+++ CalendarServer/trunk/contrib/certupdate/calendarcertupdate.py 2012-07-24 00:02:33 UTC (rev 9485)
@@ -27,6 +27,7 @@
SERVICE_NAME = "calendar"
CALDAVD_PLIST = "/Library/Server/Calendar and Contacts/Config/caldavd.plist"
SERVER_ADMIN = "/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin"
+CERT_ADMIN = "/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin"
def main():
@@ -36,7 +37,14 @@
if sys.argv[1] != "remove":
die("Bad command line; 'remove' expected", 2)
if isThisMyCert(CALDAVD_PLIST, sys.argv[2]):
- die("%s is in use by calendar" % (sys.argv[2],), 1)
+ defaultCert = getDefaultCert()
+ if defaultCert:
+ replaceCert(CALDAVD_PLIST, defaultCert)
+ restartService(CALDAVD_PLIST)
+ die("Replaced calendar cert with default: %s" % (defaultCert,), 0)
+ else:
+ removeCert(CALDAVD_PLIST)
+ die("No default, so removing calendar cert", 0)
else:
die("%s is not in use by calendar" % (sys.argv[2],), 0)
@@ -75,6 +83,49 @@
return otherCert == myCert
+def getDefaultCert():
+ """
+ Ask certadmin for default cert
+ @returns: path to default certificate, or empty string if no default
+ @rtype: C{str}
+ """
+ child = subprocess.Popen(
+ args=[CERT_ADMIN, "--default-certificate-path"],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ )
+ output, error = child.communicate()
+ if child.returncode:
+ log("Error looking up default certificate (%d): %s" % (child.returncode, error))
+ return ""
+ else:
+ certPath = output.strip()
+ log("Default certificate is: %s" % (certPath,))
+ return certPath
+
+
+def removeCert(plistPath):
+ """
+ Remove SSL settings in plist at plistPath
+ """
+ log("Reading plist %s" % (plistPath,))
+ plist = readPlist(plistPath)
+ log("Read in plist %s" % (plistPath,))
+
+ log("Clearing SSLCertificate")
+ plist["SSLCertificate"] = ""
+ log("Clearing SSLAuthorityChain")
+ plist["SSLAuthorityChain"] = ""
+ log("Clearing SSLPrivateKey")
+ plist["SSLPrivateKey"] = ""
+
+ log("Disabling SSL")
+ plist["EnableSSL"] = False
+
+ log("Writing plist %s" % (plistPath,))
+ writePlist(plist, plistPath)
+
+
def replaceCert(plistPath, otherCert):
"""
Replace SSL settings in plist at plistPath based on otherCert path
Modified: CalendarServer/trunk/contrib/certupdate/test/test_certupdate.py
===================================================================
--- CalendarServer/trunk/contrib/certupdate/test/test_certupdate.py 2012-07-23 22:44:56 UTC (rev 9484)
+++ CalendarServer/trunk/contrib/certupdate/test/test_certupdate.py 2012-07-24 00:02:33 UTC (rev 9485)
@@ -19,7 +19,7 @@
import twistedcaldav.test.util
from plistlib import readPlist
from contrib.certupdate.calendarcertupdate import (
- getMyCert, isThisMyCert, replaceCert
+ getMyCert, isThisMyCert, replaceCert, removeCert
)
samplePlist = """<?xml version="1.0" encoding="UTF-8"?>
@@ -32,6 +32,8 @@
<string>/etc/certificates/original.cert.pem</string>
<key>SSLPrivateKey</key>
<string>/etc/certificates/original.key.pem</string>
+ <key>EnableSSL</key>
+ <true/>
</dict>
</plist>
"""
@@ -63,3 +65,10 @@
self.assertEquals(plist["SSLAuthorityChain"], "/etc/certificates/new.chain.pem")
self.assertEquals(plist["SSLCertificate"], "/etc/certificates/new.cert.pem")
self.assertEquals(plist["SSLPrivateKey"], "/etc/certificates/new.key.pem")
+
+ def test_removeCert(self):
+ removeCert(self.path)
+ plist = readPlist(self.path)
+ self.assertEquals(plist["SSLAuthorityChain"], "")
+ self.assertEquals(plist["SSLCertificate"], "")
+ self.assertEquals(plist["SSLPrivateKey"], "")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120723/73d9ae22/attachment-0001.html>
More information about the calendarserver-changes
mailing list