[CalendarServer-changes] [15555] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Tue Apr 26 06:52:54 PDT 2016


Revision: 15555
          http://trac.calendarserver.org//changeset/15555
Author:   cdaboo at apple.com
Date:     2016-04-26 06:52:54 -0700 (Tue, 26 Apr 2016)
Log Message:
-----------
Allow user interaction when checking keychain so that acls can be applied if needed.

Modified Paths:
--------------
    CalendarServer/trunk/bin/keychain_init.py
    CalendarServer/trunk/requirements-twisted-osx.txt

Modified: CalendarServer/trunk/bin/keychain_init.py
===================================================================
--- CalendarServer/trunk/bin/keychain_init.py	2016-04-26 13:51:49 UTC (rev 15554)
+++ CalendarServer/trunk/bin/keychain_init.py	2016-04-26 13:52:54 UTC (rev 15555)
@@ -19,6 +19,7 @@
 import os
 import re
 import sys
+import OpenSSL
 
 identity_preference = "org.calendarserver.test"
 certname_regex = re.compile(r'"alis"<blob>="(.*)"')
@@ -107,11 +108,29 @@
         print("Imported certificate '{}'".format(certificate_name))
         return True
 
+
+
+def checkCertificate():
+
+        # Validate identity
+        error = OpenSSL.crypto.check_keychain_identity(identity_preference, allowInteraction=True)
+        if error:
+            raise RuntimeError(
+                "The configured TLS Keychain Identity ({cert}) cannot be used: {reason}".format(
+                    cert=identity_preference,
+                    reason=error
+                )
+            )
+        else:
+            print("Certificate/key can be used.")
+
+
 if __name__ == '__main__':
 
     if os.path.isfile("/usr/bin/security"):
         # If the identity exists we are done
         if identityExists():
+            checkCertificate()
             sys.exit(0)
 
         # Check for certificate and import if not present
@@ -121,5 +140,6 @@
         # Create the identity
         identityCreate()
 
+        checkCertificate()
     else:
         raise RuntimeError("Keychain access utility ('security') not found")

Modified: CalendarServer/trunk/requirements-twisted-osx.txt
===================================================================
--- CalendarServer/trunk/requirements-twisted-osx.txt	2016-04-26 13:51:49 UTC (rev 15554)
+++ CalendarServer/trunk/requirements-twisted-osx.txt	2016-04-26 13:52:54 UTC (rev 15555)
@@ -10,5 +10,5 @@
         #cffi==1.3.0
         #    pycparser==2.14
 
-    --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15423#egg=pysecuretransport
+    --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15554#egg=pysecuretransport
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160426/58cd85a2/attachment.html>


More information about the calendarserver-changes mailing list