[CalendarServer-changes] [15401] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Dec 16 12:34:53 PST 2015
Revision: 15401
http://trac.calendarserver.org//changeset/15401
Author: cdaboo at apple.com
Date: 2015-12-16 12:34:53 -0800 (Wed, 16 Dec 2015)
Log Message:
-----------
Make sure APNS topic is properly extracted everywhere it is needed.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/push/util.py
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/calendarserver/push/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/util.py 2015-12-16 20:13:27 UTC (rev 15400)
+++ CalendarServer/trunk/calendarserver/push/util.py 2015-12-16 20:34:53 UTC (rev 15401)
@@ -14,12 +14,20 @@
# limitations under the License.
##
-from OpenSSL import crypto
from twext.python.log import Logger
+
from twisted.python.constants import Values, ValueConstant
+from twistedcaldav.util import getPasswordFromKeychain, KeychainAccessError, \
+ KeychainPasswordNotFound
+import OpenSSL
+from OpenSSL import crypto
+import os
+
+
+
class PushPriority(Values):
"""
Constants to use for push priorities
@@ -30,6 +38,75 @@
+def getAPNTopicFromConfig(protocol, accountName, protoConfig):
+ """
+ Given the APNS protocol config, extract the APN topic.
+
+ @param accountName: account name
+ @type accountName: L{str}
+ @param protocol: APNS protocol name
+ @type protocol: L{str}
+ @param protoConfig: APNS specific config
+ @type protoConfig: L{dict}
+
+ @raise: ValueError
+ """
+
+ if hasattr(OpenSSL, "__SecureTransport__"):
+ if protoConfig.KeychainIdentity:
+ # Verify the identity exists
+ error = OpenSSL.crypto.check_keychain_identity(protoConfig.KeychainIdentity)
+ if error:
+ raise ValueError(
+ "The {proto} APNS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ proto=protocol,
+ cert=protoConfig.KeychainIdentity,
+ reason=error
+ )
+ )
+
+ # Verify we can extract the topic
+ if not protoConfig.Topic:
+ topic = getAPNTopicFromIdentity(protoConfig.KeychainIdentity)
+ protoConfig.Topic = topic
+ if not protoConfig.Topic:
+ raise ValueError("Cannot extract {proto} APNS topic".format(proto=protocol))
+
+ else:
+ raise ValueError(
+ "No {proto} APNS Keychain Identity was set".format(proto=protocol))
+
+ else:
+ # Verify the cert exists
+ if not os.path.exists(protoConfig.CertificatePath):
+ raise ValueError(
+ "The {proto} APNS certificate ({cert}) is missing".format(
+ proto=protocol,
+ cert=protoConfig.CertificatePath
+ )
+ )
+
+ # Verify we can extract the topic
+ if not protoConfig.Topic:
+ topic = getAPNTopicFromCertificate(protoConfig.CertificatePath)
+ protoConfig.Topic = topic
+ if not protoConfig.Topic:
+ raise ValueError("Cannot extract {proto} APNS topic".format(proto=protocol))
+
+ # Verify we can acquire the passphrase
+ if not protoConfig.Passphrase:
+ try:
+ passphrase = getPasswordFromKeychain(accountName)
+ protoConfig.Passphrase = passphrase
+ except KeychainAccessError:
+ # The system doesn't support keychain
+ pass
+ except KeychainPasswordNotFound:
+ # The password doesn't exist in the keychain.
+ raise ValueError("Cannot retrieve {proto} APNS passphrase from keychain".format(proto=protocol))
+
+
+
def getAPNTopicFromCertificate(certPath):
"""
Given the path to a certificate, extract the UID value portion of the
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2015-12-16 20:13:27 UTC (rev 15400)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2015-12-16 20:34:53 UTC (rev 15401)
@@ -33,7 +33,7 @@
from calendarserver.provision.root import RootResource
from calendarserver.push.applepush import APNSubscriptionResource
from calendarserver.push.notifier import NotifierFactory
-from calendarserver.push.util import getAPNTopicFromCertificate, getAPNTopicFromIdentity
+from calendarserver.push.util import getAPNTopicFromConfig
from calendarserver.tools import diagnose
from calendarserver.tools.util import checkDirectory
from calendarserver.webadmin.landing import WebAdminLandingResource
@@ -79,8 +79,6 @@
from twistedcaldav.timezones import TimezoneCache
from twistedcaldav.timezoneservice import TimezoneServiceResource
from twistedcaldav.timezonestdservice import TimezoneStdServiceResource
-from twistedcaldav.util import getPasswordFromKeychain
-from twistedcaldav.util import KeychainAccessError, KeychainPasswordNotFound
from txdav.base.datastore.dbapiclient import DBAPIConnector
from txdav.base.datastore.subpostgres import PostgresService
@@ -1378,73 +1376,12 @@
):
protoConfig = config.Notifications.Services.APNS[protocol]
- if hasattr(OpenSSL, "__SecureTransport__"):
- if protoConfig.KeychainIdentity:
- # Verify the identity exists
- error = OpenSSL.crypto.check_keychain_identity(protoConfig.KeychainIdentity)
- if error:
- message = (
- "The {proto} APNS Keychain Identity ({cert}) cannot be used: {reason}".format(
- proto=protocol,
- cert=protoConfig.KeychainIdentity,
- reason=error
- )
- )
- return False, message
+ try:
+ getAPNTopicFromConfig(protocol, accountName, protoConfig)
+ except ValueError as e:
+ postAlert("PushNotificationCertificateAlert", 0, [])
+ return False, str(e)
- # Verify we can extract the topic
- if not protoConfig.Topic:
- topic = getAPNTopicFromIdentity(protoConfig.KeychainIdentity)
- protoConfig.Topic = topic
- if not protoConfig.Topic:
- postAlert("PushNotificationKeychainIdentityAlert", 0, [])
- message = "Cannot extract APN topic"
- return False, message
-
- else:
- message = (
- "No {proto} APNS Keychain Identity was set".format(
- proto=protocol,
- )
- )
- postAlert("MissingKeychainIdentityAlert", 0, [])
- return False, message
-
- else:
- # Verify the cert exists
- if not os.path.exists(protoConfig.CertificatePath):
- message = (
- "The {proto} APNS certificate ({cert}) is missing".format(
- proto=protocol,
- cert=protoConfig.CertificatePath
- )
- )
- postAlert("PushNotificationCertificateAlert", 0, [])
- return False, message
-
- # Verify we can extract the topic
- if not protoConfig.Topic:
- topic = getAPNTopicFromCertificate(protoConfig.CertificatePath)
- protoConfig.Topic = topic
- if not protoConfig.Topic:
- postAlert("PushNotificationCertificateAlert", 0, [])
- message = "Cannot extract APN topic"
- return False, message
-
- # Verify we can acquire the passphrase
- if not protoConfig.Passphrase:
- try:
- passphrase = getPasswordFromKeychain(accountName)
- protoConfig.Passphrase = passphrase
- except KeychainAccessError:
- # The system doesn't support keychain
- pass
- except KeychainPasswordNotFound:
- # The password doesn't exist in the keychain.
- postAlert("PushNotificationCertificateAlert", 0, [])
- message = "Cannot retrieve APN passphrase from keychain"
- return False, message
-
# Let OpenSSL try to use the cert
try:
if protoConfig.Passphrase:
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-12-16 20:13:27 UTC (rev 15400)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-12-16 20:34:53 UTC (rev 15401)
@@ -23,7 +23,7 @@
import re
import sys
-from calendarserver.push.util import getAPNTopicFromCertificate
+from calendarserver.push.util import getAPNTopicFromConfig
from twext.enterprise.jobs.jobitem import JobItem
from twext.enterprise.jobs.queue import ControllerQueue
@@ -1699,31 +1699,13 @@
continue
if not service[protocol]["Topic"]:
- certPath = service[protocol]["CertificatePath"]
- if certPath:
- if os.path.exists(certPath):
- topic = getAPNTopicFromCertificate(certPath)
- service[protocol]["Topic"] = topic
- else:
- log.error("APNS certificate not found: {p}", p=certPath)
- else:
- log.error("APNS certificate path not specified")
+ try:
+ getAPNTopicFromConfig(protocol, accountName, service[protocol])
+ except ValueError as e:
+ log.error(e)
# If we already have the cert passphrase, don't fetch it again
- if service[protocol]["Passphrase"]:
- continue
-
- # Get passphrase from keychain. If not there, fall back to what
- # is in the plist.
- try:
- passphrase = getPasswordFromKeychain(accountName)
- service[protocol]["Passphrase"] = passphrase
- log.info("{p} APNS certificate passphrase retreived from keychain", p=protocol)
- except KeychainAccessError:
- # The system doesn't support keychain
- pass
- except KeychainPasswordNotFound:
- # The password doesn't exist in the keychain.
+ if not service[protocol]["Passphrase"]:
log.info("{p} APNS certificate passphrase not found in keychain", p=protocol)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151216/f9b718f3/attachment-0001.html>
More information about the calendarserver-changes
mailing list