[CalendarServer-changes] [14745] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon May 4 13:01:56 PDT 2015
Revision: 14745
http://trac.calendarserver.org//changeset/14745
Author: sagen at apple.com
Date: 2015-05-04 13:01:56 -0700 (Mon, 04 May 2015)
Log Message:
-----------
Move the APN cert checking from stdconfig to the preFlightChecks in the master
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2015-05-04 19:10:14 UTC (rev 14744)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2015-05-04 20:01:56 UTC (rev 14745)
@@ -33,6 +33,7 @@
from calendarserver.provision.root import RootResource
from calendarserver.push.applepush import APNSubscriptionResource
from calendarserver.push.notifier import NotifierFactory
+from calendarserver.push.util import getAPNTopicFromCertificate
from calendarserver.tools import diagnose
from calendarserver.tools.util import checkDirectory
from calendarserver.webadmin.landing import WebAdminLandingResource
@@ -76,6 +77,8 @@
from twistedcaldav.timezones import TimezoneCache
from twistedcaldav.timezoneservice import TimezoneServiceResource
from twistedcaldav.timezonestdservice import TimezoneStdServiceResource
+from twistedcaldav.util import getPasswordFromKeychain
+from twistedcaldav.util import KeychainAccessError, KeychainPasswordNotFound
from txdav.base.datastore.dbapiclient import DBAPIConnector
from txdav.base.datastore.subpostgres import PostgresService
@@ -1318,9 +1321,13 @@
if config.Notifications.Services.APNS.Enabled:
- for protocol in ("CalDAV", "CardDAV"):
+ for protocol, accountName in (
+ ("CalDAV", "apns:com.apple.calendar"),
+ ("CardDAV", "apns:com.apple.contact"),
+ ):
protoConfig = config.Notifications.Services.APNS[protocol]
+ # Verify the cert exists
if not os.path.exists(protoConfig.CertificatePath):
message = (
"The {proto} APNS certificate ({cert}) is missing".format(
@@ -1331,7 +1338,28 @@
postAlert("PushNotificationCertificateAlert", [])
return False, message
+ # Verify we can extract the topic
+ if not protoConfig.Topic:
+ topic = getAPNTopicFromCertificate(protoConfig.CertificatePath)
+ protoConfig.Topic = topic
+ if not protoConfig.Topic:
+ postAlert("PushNotificationCertificateAlert", [])
+ return False, message
+
+ # Verify we can acquire the passphrase
try:
+ passphrase = getPasswordFromKeychain(accountName)
+ protoConfig.Passphrase = passphrase
+ except KeychainAccessError:
+ # The system doesn't support keychain
+ pass
+ except KeychainPasswordNotFound:
+ # The password doesn't exist in the keychain.
+ postAlert("PushNotificationCertificateAlert", [])
+ return False, message
+
+ # Let OpenSSL try to use the cert
+ try:
if protoConfig.Passphrase:
passwdCallback = lambda *ignored: protoConfig.Passphrase
else:
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-05-04 19:10:14 UTC (rev 14744)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2015-05-04 20:01:56 UTC (rev 14745)
@@ -1611,10 +1611,6 @@
else:
log.error("APNS certificate path not specified")
- if not service[protocol]["Topic"]:
- log.error("APNS cannot proceed; disabling APNS")
- service["Enabled"] = False
-
# If we already have the cert passphrase, don't fetch it again
if service[protocol]["Passphrase"]:
continue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150504/559c8066/attachment-0001.html>
More information about the calendarserver-changes
mailing list