<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[15028] CalendarServer/trunk/calendarserver/tools/diagnose.py</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/15028">15028</a></dd>
<dt>Author</dt> <dd>sagen@apple.com</dd>
<dt>Date</dt> <dd>2015-08-04 10:39:33 -0700 (Tue, 04 Aug 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Remove TLS cert checks since front-end proxy handles that now</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServertrunkcalendarservertoolsdiagnosepy">CalendarServer/trunk/calendarserver/tools/diagnose.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServertrunkcalendarservertoolsdiagnosepy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tools/diagnose.py (15027 => 15028)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tools/diagnose.py        2015-08-03 21:59:39 UTC (rev 15027)
+++ CalendarServer/trunk/calendarserver/tools/diagnose.py        2015-08-04 17:39:33 UTC (rev 15028)
</span><span class="lines">@@ -26,15 +26,8 @@
</span><span class="cx"> import subprocess
</span><span class="cx"> import urllib2
</span><span class="cx">
</span><del>-from twext.internet.ssl import ChainingOpenSSLContextFactory
-import OpenSSL
</del><span class="cx">
</span><del>-
</del><span class="cx"> PREFS_PLIST = "/Library/Server/Preferences/Calendar.plist"
</span><del>-SSLPrivateKey = ""
-SSLCertAdmin = ""
-SSLPassPhraseDialog = ""
-SSLPort = ""
</del><span class="cx"> ServerHostName = ""
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -154,16 +147,6 @@
</span><span class="cx">
</span><span class="cx"> connectToAgent(password)
</span><span class="cx">
</span><del>- if keys.get("EnableSSL", "False") == "True":
- success, message = verifyTLSCertificate(keys)
- if success:
- print("TLS Certificate OK")
- else:
- print("Problem with TLS certificate: {}".format(message))
- print("Try resetting the certificate for Calendar and Contacts in Server.app")
- else:
- print("TLS is disabled")
-
</del><span class="cx"> connectToCaldavd(keys)
</span><span class="cx">
</span><span class="cx"> showWebApps()
</span><span class="lines">@@ -415,30 +398,13 @@
</span><span class="cx"> "Authentication.Basic.Enabled",
</span><span class="cx"> "Authentication.Digest.Enabled",
</span><span class="cx"> "Authentication.Kerberos.Enabled",
</span><del>- "EnableSSL",
</del><ins>+ "ServerHostName",
</ins><span class="cx"> "HTTPPort",
</span><span class="cx"> "SSLPort",
</span><del>- "RedirectHTTPToHTTPS",
- "SSLCertificate",
- "SSLPrivateKey",
- "SSLAuthorityChain",
- "SSLCertAdmin",
- "SSLPassPhraseDialog",
- "ServerHostName",
</del><span class="cx"> )
</span><span class="cx"> hidden = [
</span><del>- "SSLCertificate",
- "SSLPrivateKey",
- "SSLAuthorityChain",
- "SSLCertAdmin",
- "SSLPassPhraseDialog",
</del><span class="cx"> "ServerHostName",
</span><span class="cx"> ]
</span><del>- ifHasValue = [
- "SSLCertificate",
- "SSLPrivateKey",
- "SSLAuthorityChain",
- ]
</del><span class="cx"> keys = {}
</span><span class="cx"> for line in stdout.split("\n"):
</span><span class="cx"> if "=" in line:
</span><span class="lines">@@ -446,8 +412,6 @@
</span><span class="cx"> keys[key] = value
</span><span class="cx"> if key not in hidden:
</span><span class="cx"> print("{key} : {value}".format(key=key, value=value))
</span><del>- if key in ifHasValue and value:
- print("{key} is set".format(key=key))
</del><span class="cx"> return keys
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -637,211 +601,32 @@
</span><span class="cx"> print()
</span><span class="cx"> print("Server connection:")
</span><span class="cx">
</span><del>- httpPort = keys.get("HTTPPort", "8008")
- sslPort = keys.get("SSLPort", "8443")
- # redirect = keys.get("RedirectHTTPToHTTPS", "False") == "True"
- sslEnabled = keys.get("EnableSSL", "False") == "True"
</del><ins>+ url = "https://{host}/principals/".format(host=keys["ServerHostName"])
+ try:
+ print("Attempting to send a request to port 443...")
+ response = urllib2.urlopen(url, timeout=30)
+ html = response.read()
+ code = response.getcode()
+ print(code, html)
+ if code == 200:
+ print("Received 200 response")
</ins><span class="cx">
</span><del>- if httpPort:
- url = "http://localhost:{}/".format(httpPort)
- try:
- print("Attempting to send a request to port {}...".format(httpPort))
- response = urllib2.urlopen(url, timeout=30)
- html = response.read()
- code = response.getcode()
- print(code, html)
- if code == 200:
- print("Received 200 response")
</del><ins>+ except urllib2.HTTPError as e:
+ code = e.code
+ reason = e.reason
</ins><span class="cx">
</span><del>- except urllib2.HTTPError as e:
- code = e.code
- reason = e.reason
-
- if code == 401:
- print("Got the expected response")
- else:
- print(
- "Got an unexpected response: {code} {reason}".format(
- code=code, reason=reason
- )
- )
-
- except Exception as e:
</del><ins>+ if code == 401:
+ print("Got the expected response")
+ else:
</ins><span class="cx"> print(
</span><del>- "Can't connect to port {port}: {error}".format(
- port=httpPort, error=e
</del><ins>+ "Got an unexpected response: {code} {reason}".format(
+ code=code, reason=reason
</ins><span class="cx"> )
</span><span class="cx"> )
</span><span class="cx">
</span><del>-
- if sslPort and sslEnabled:
- url = "https://localhost:{}/".format(sslPort)
- try:
- print("Attempting to send a request to port {}...".format(sslPort))
- response = urllib2.urlopen(url, timeout=30)
- html = response.read()
- code = response.getcode()
- print(code, html)
- if code == 200:
- print("Received 200 response")
-
- except urllib2.HTTPError as e:
- code = e.code
- reason = e.reason
-
- if code == 401:
- print("Got the expected response")
- else:
- print(
- "Got an unexpected response: {code} {reason}".format(
- code=code, reason=reason
- )
- )
-
- except Exception as e:
- print(
- "Can't connect to port {port}: {error}".format(
- port=sslPort, error=e
- )
- )
- else:
- print("Skipping TLS port since it's disabled")
-
-
-
-def getSSLPassphrase(*ignored):
-
- if not SSLPrivateKey:
- return None
-
- if SSLCertAdmin and os.path.isfile(SSLCertAdmin):
- child = subprocess.Popen(
- args=[
- "sudo", SSLCertAdmin,
- "--get-private-key-passphrase", SSLPrivateKey,
- ],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE,
- )
- output, error = child.communicate()
-
- if child.returncode:
- print(
- "Could not get passphrase for key: {error}".format(
- error=error
- )
- )
- else:
- print("Obtained passphrase for key")
- return output.strip()
-
- if (
- SSLPassPhraseDialog and
- os.path.isfile(SSLPassPhraseDialog)
- ):
- sslPrivKey = open(SSLPrivateKey)
- try:
- keyType = None
- for line in sslPrivKey.readlines():
- if "-----BEGIN RSA PRIVATE KEY-----" in line:
- keyType = "RSA"
- break
- elif "-----BEGIN DSA PRIVATE KEY-----" in line:
- keyType = "DSA"
- break
- finally:
- sslPrivKey.close()
-
- if keyType is None:
- print("Could not get private key type for key")
- else:
- child = subprocess.Popen(
- args=[
- SSLPassPhraseDialog,
- "{}:{}".format(ServerHostName, SSLPort),
- keyType,
- ],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE,
- )
- output, error = child.communicate()
-
- if child.returncode:
- print(
- "Could not get passphrase for key: {error}".format(
- error=error
- )
- )
- else:
- return output.strip()
-
- return None
-
-
-
-def verifyTLSCertificate(keys):
- """
- If a TLS certificate is configured, make sure it exists, is non empty,
- and that it's valid.
- """
- global SSLPrivateKey
- global SSLCertAdmin
- global SSLPassPhraseDialog
- global SSLPort
- global ServerHostName
-
- certPath = keys.get("SSLCertificate", "")
- keyPath = keys.get("SSLPrivateKey", "")
- chainPath = keys.get("SSLAuthorityChain", "")
-
- SSLPrivateKey = keyPath
- SSLCertAdmin = keys.get("SSLCertAdmin", "")
- SSLPassPhraseDialog = keys.get("SSLPassPhraseDialog", "")
- SSLPort = keys.get("SSLPort", "")
- ServerHostName = keys.get("ServerHostName", "")
-
- print()
- print("Checking TLS Certificate:")
-
- if certPath:
- if not os.path.exists(certPath):
- message = (
- "The configured TLS certificate ({cert}) is missing".format(
- cert=certPath
- )
- )
- return False, message
- else:
- return False, "EnableSSL is set to true, but certificate path not set"
-
- length = os.stat(certPath).st_size
- if length == 0:
- message = (
- "The configured TLS certificate ({cert}) is empty".format(
- cert=certPath
- )
- )
- return False, message
-
- try:
- ChainingOpenSSLContextFactory(
- keyPath,
- certPath,
- certificateChainFile=chainPath,
- passwdCallback=getSSLPassphrase,
- sslmethod=getattr(OpenSSL.SSL, "SSLv23_METHOD"),
- ciphers="RC4-SHA:HIGH:!ADH"
- )
</del><span class="cx"> except Exception as e:
</span><del>- message = (
- "The configured TLS certificate ({cert}) cannot be used: {reason}".format(
- cert=certPath,
- reason=str(e)
- )
- )
- return False, message
</del><ins>+ print("Can't connect to port 443: {error}".format(error=e))
</ins><span class="cx">
</span><del>- return True, "TLS enabled"
</del><span class="cx">
</span><del>-
-
</del><span class="cx"> if __name__ == "__main__":
</span><span class="cx"> main()
</span></span></pre>
</div>
</div>
</body>
</html>