[CalendarServer-changes] [10033] CalendarServer/trunk/contrib/migration
source_changes at macosforge.org
source_changes at macosforge.org
Thu Nov 15 11:55:48 PST 2012
Revision: 10033
http://trac.calendarserver.org//changeset/10033
Author: sagen at apple.com
Date: 2012-11-15 11:55:48 -0800 (Thu, 15 Nov 2012)
Log Message:
-----------
Enable SSL by default
Modified Paths:
--------------
CalendarServer/trunk/contrib/migration/calendarcommonextra.py
Added Paths:
-----------
CalendarServer/trunk/contrib/migration/test/test_commonextra.py
Modified: CalendarServer/trunk/contrib/migration/calendarcommonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/calendarcommonextra.py 2012-11-14 22:41:32 UTC (rev 10032)
+++ CalendarServer/trunk/contrib/migration/calendarcommonextra.py 2012-11-15 19:55:48 UTC (rev 10033)
@@ -10,21 +10,16 @@
# part of. You may not port this file to another platform without
# Apple's written consent.
-
-# NOTES:
-# - Start the "postgres for server" instance
-# - See if there is calendar/contacts data
-# - pgdump to a file within DataRoot
-# - Drop the database within "postgres for server" instance
-# - Start our service (if needed)
-
import datetime
import subprocess
+from plistlib import readPlist, writePlist
LOG = "/Library/Logs/Migration/calendarmigrator.log"
SERVER_APP_ROOT = "/Applications/Server.app/Contents/ServerRoot"
CALENDAR_SERVER_ROOT = "/Library/Server/Calendar and Contacts"
+CALDAVD_PLIST = "%s/Config/caldavd.plist" % (CALENDAR_SERVER_ROOT,)
SERVER_ADMIN = "%s/usr/sbin/serveradmin" % (SERVER_APP_ROOT,)
+CERT_ADMIN = "/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin"
PGDUMP = "%s/usr/bin/pg_dump" % (SERVER_APP_ROOT,)
DROPDB = "%s/usr/bin/dropdb" % (SERVER_APP_ROOT,)
POSTGRES_SERVICE_NAME = "postgres_server"
@@ -111,12 +106,81 @@
return False
+def getDefaultCert():
+ """
+ Ask certadmin for default cert
+ @returns: path to default certificate, or empty string if no default
+ @rtype: C{str}
+ """
+ child = subprocess.Popen(
+ args=[CERT_ADMIN, "--default-certificate-path"],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ )
+ output, error = child.communicate()
+ if child.returncode:
+ log("Error looking up default certificate (%d): %s" % (child.returncode, error))
+ return ""
+ else:
+ certPath = output.strip()
+ log("Default certificate is: %s" % (certPath,))
+ return certPath
+
+def updateSettings(settings, otherCert):
+ """
+ Replace SSL settings based on otherCert path
+ """
+ basePath = otherCert[:-len("cert.pem")]
+ log("Base path is %s" % (basePath,))
+
+ log("Setting SSLCertificate to %s" % (otherCert,))
+ settings["SSLCertificate"] = otherCert
+
+ otherChain = basePath + "chain.pem"
+ log("Setting SSLAuthorityChain to %s" % (otherChain,))
+ settings["SSLAuthorityChain"] = otherChain
+
+ otherKey = basePath + "key.pem"
+ log("Setting SSLPrivateKey to %s" % (otherKey,))
+ settings["SSLPrivateKey"] = otherKey
+
+ settings["EnableSSL"] = True
+ settings["RedirectHTTPToHTTPS"] = True
+ settings.setdefault("Authentication", {}).setdefault("Basic", {})["Enabled"] = True
+
+def setCert(plistPath, otherCert):
+ """
+ Replace SSL settings in plist at plistPath based on otherCert path
+ """
+ log("Reading plist %s" % (plistPath,))
+ plist = readPlist(plistPath)
+ log("Read in plist %s" % (plistPath,))
+
+ updateSettings(plist, otherCert)
+
+ log("Writing plist %s" % (plistPath,))
+ writePlist(plist, plistPath)
+
+def isSSLEnabled(plistPath):
+ """
+ Examine plist for EnableSSL
+ """
+ log("Reading plist %s" % (plistPath,))
+ plist = readPlist(plistPath)
+ return plist.get("EnableSSL", False)
+
def main():
startPostgres()
if dumpOldDatabase(DATADUMPFILENAME):
dropOldDatabase()
stopPostgres()
+ if not isSSLEnabled(CALDAVD_PLIST):
+ defaultCertPath = getDefaultCert()
+ log("Default cert path: %s" % (defaultCertPath,))
+ if defaultCertPath:
+ setCert(CALDAVD_PLIST, defaultCertPath)
+
if __name__ == "__main__":
main()
Added: CalendarServer/trunk/contrib/migration/test/test_commonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/test/test_commonextra.py (rev 0)
+++ CalendarServer/trunk/contrib/migration/test/test_commonextra.py 2012-11-15 19:55:48 UTC (rev 10033)
@@ -0,0 +1,59 @@
+##
+# Copyright (c) 2012 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+import twistedcaldav.test.util
+from contrib.migration.calendarcommonextra import updateSettings
+
+class CommonExtraTests(twistedcaldav.test.util.TestCase):
+ """
+ Calendar Server CommonExtra Tests
+ """
+
+ def test_updateSettings(self):
+ """
+ Verify SSL values are updated
+ """
+
+ # suppress prints
+ from contrib.migration import calendarcommonextra
+ self.patch(calendarcommonextra, "log", lambda x : x)
+
+ orig = {
+ }
+ expected = {
+ 'Authentication': {'Basic': {'Enabled': True}},
+ 'EnableSSL': True,
+ 'RedirectHTTPToHTTPS': True,
+ 'SSLAuthorityChain': '/test/pchain.pem',
+ 'SSLCertificate': '/test/path.cert',
+ 'SSLPrivateKey': '/test/pkey.pem',
+ }
+ updateSettings(orig, "/test/path.cert")
+ self.assertEquals(orig, expected)
+
+ orig = {
+ 'Authentication': {'Basic': {'Enabled': False}},
+ }
+ expected = {
+ 'Authentication': {'Basic': {'Enabled': True}},
+ 'EnableSSL': True,
+ 'RedirectHTTPToHTTPS': True,
+ 'SSLAuthorityChain': '/test/pchain.pem',
+ 'SSLCertificate': '/test/path.cert',
+ 'SSLPrivateKey': '/test/pkey.pem',
+ }
+ updateSettings(orig, "/test/path.cert")
+ self.assertEquals(orig, expected)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20121115/a70a7f99/attachment.html>
More information about the calendarserver-changes
mailing list