[CalendarServer-changes] [10033] CalendarServer/trunk/contrib/migration

source_changes at macosforge.org source_changes at macosforge.org
Thu Nov 15 11:55:48 PST 2012


Revision: 10033
          http://trac.calendarserver.org//changeset/10033
Author:   sagen at apple.com
Date:     2012-11-15 11:55:48 -0800 (Thu, 15 Nov 2012)
Log Message:
-----------
Enable SSL by default

Modified Paths:
--------------
    CalendarServer/trunk/contrib/migration/calendarcommonextra.py

Added Paths:
-----------
    CalendarServer/trunk/contrib/migration/test/test_commonextra.py

Modified: CalendarServer/trunk/contrib/migration/calendarcommonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/calendarcommonextra.py	2012-11-14 22:41:32 UTC (rev 10032)
+++ CalendarServer/trunk/contrib/migration/calendarcommonextra.py	2012-11-15 19:55:48 UTC (rev 10033)
@@ -10,21 +10,16 @@
 # part of.  You may not port this file to another platform without
 # Apple's written consent.
 
-
-# NOTES:
-# - Start the "postgres for server" instance
-# - See if there is calendar/contacts data
-# - pgdump to a file within DataRoot
-# - Drop the database within "postgres for server" instance
-# - Start our service (if needed)
-
 import datetime
 import subprocess
+from plistlib import readPlist, writePlist
 
 LOG = "/Library/Logs/Migration/calendarmigrator.log"
 SERVER_APP_ROOT = "/Applications/Server.app/Contents/ServerRoot"
 CALENDAR_SERVER_ROOT = "/Library/Server/Calendar and Contacts"
+CALDAVD_PLIST = "%s/Config/caldavd.plist" % (CALENDAR_SERVER_ROOT,)
 SERVER_ADMIN = "%s/usr/sbin/serveradmin" % (SERVER_APP_ROOT,)
+CERT_ADMIN = "/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin"
 PGDUMP = "%s/usr/bin/pg_dump" % (SERVER_APP_ROOT,)
 DROPDB = "%s/usr/bin/dropdb" % (SERVER_APP_ROOT,)
 POSTGRES_SERVICE_NAME = "postgres_server"
@@ -111,12 +106,81 @@
         return False
 
 
+def getDefaultCert():
+    """
+    Ask certadmin for default cert
+    @returns: path to default certificate, or empty string if no default
+    @rtype: C{str}
+    """
+    child = subprocess.Popen(
+        args=[CERT_ADMIN, "--default-certificate-path"],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+    )
+    output, error = child.communicate()
+    if child.returncode:
+        log("Error looking up default certificate (%d): %s" % (child.returncode, error))
+        return ""
+    else:
+        certPath = output.strip()
+        log("Default certificate is: %s" % (certPath,))
+        return certPath
+
+def updateSettings(settings, otherCert):
+    """
+    Replace SSL settings based on otherCert path
+    """
+    basePath = otherCert[:-len("cert.pem")]
+    log("Base path is %s" % (basePath,))
+
+    log("Setting SSLCertificate to %s" % (otherCert,))
+    settings["SSLCertificate"] = otherCert
+
+    otherChain = basePath + "chain.pem"
+    log("Setting SSLAuthorityChain to %s" % (otherChain,))
+    settings["SSLAuthorityChain"] = otherChain
+
+    otherKey = basePath + "key.pem"
+    log("Setting SSLPrivateKey to %s" % (otherKey,))
+    settings["SSLPrivateKey"] = otherKey
+
+    settings["EnableSSL"] = True
+    settings["RedirectHTTPToHTTPS"] = True
+    settings.setdefault("Authentication", {}).setdefault("Basic", {})["Enabled"] = True
+
+def setCert(plistPath, otherCert):
+    """
+    Replace SSL settings in plist at plistPath based on otherCert path
+    """
+    log("Reading plist %s" % (plistPath,))
+    plist = readPlist(plistPath)
+    log("Read in plist %s" % (plistPath,))
+
+    updateSettings(plist, otherCert)
+
+    log("Writing plist %s" % (plistPath,))
+    writePlist(plist, plistPath)
+
+def isSSLEnabled(plistPath):
+    """
+    Examine plist for EnableSSL
+    """
+    log("Reading plist %s" % (plistPath,))
+    plist = readPlist(plistPath)
+    return plist.get("EnableSSL", False)
+
 def main():
     startPostgres()
     if dumpOldDatabase(DATADUMPFILENAME):
         dropOldDatabase()
     stopPostgres()
 
+    if not isSSLEnabled(CALDAVD_PLIST):
+        defaultCertPath = getDefaultCert()
+        log("Default cert path: %s" % (defaultCertPath,))
+        if defaultCertPath:
+            setCert(CALDAVD_PLIST, defaultCertPath)
 
+
 if __name__ == "__main__":
     main()

Added: CalendarServer/trunk/contrib/migration/test/test_commonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/test/test_commonextra.py	                        (rev 0)
+++ CalendarServer/trunk/contrib/migration/test/test_commonextra.py	2012-11-15 19:55:48 UTC (rev 10033)
@@ -0,0 +1,59 @@
+##
+# Copyright (c) 2012 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+import twistedcaldav.test.util
+from contrib.migration.calendarcommonextra import updateSettings
+
+class CommonExtraTests(twistedcaldav.test.util.TestCase):
+    """
+    Calendar Server CommonExtra Tests
+    """
+
+    def test_updateSettings(self):
+        """
+        Verify SSL values are updated
+        """
+
+        # suppress prints
+        from contrib.migration import calendarcommonextra
+        self.patch(calendarcommonextra, "log", lambda x : x)
+
+        orig = {
+        }
+        expected = {
+            'Authentication': {'Basic': {'Enabled': True}},
+            'EnableSSL': True,
+            'RedirectHTTPToHTTPS': True,
+            'SSLAuthorityChain': '/test/pchain.pem',
+            'SSLCertificate': '/test/path.cert',
+            'SSLPrivateKey': '/test/pkey.pem',
+        }
+        updateSettings(orig, "/test/path.cert")
+        self.assertEquals(orig, expected)
+
+        orig = {
+            'Authentication': {'Basic': {'Enabled': False}},
+        }
+        expected = {
+            'Authentication': {'Basic': {'Enabled': True}},
+            'EnableSSL': True,
+            'RedirectHTTPToHTTPS': True,
+            'SSLAuthorityChain': '/test/pchain.pem',
+            'SSLCertificate': '/test/path.cert',
+            'SSLPrivateKey': '/test/pkey.pem',
+        }
+        updateSettings(orig, "/test/path.cert")
+        self.assertEquals(orig, expected)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20121115/a70a7f99/attachment.html>


More information about the calendarserver-changes mailing list