def getDefaultCertPathAndUpdateMetaAndSiteFiles(force, allSites):
printDebugStr(debugClass.v, "getDefaultCertPathAndUpdateMetaAndSiteFiles force= %s", str(force))
result = ""
if (not force):
result = getMetaDataDefaultSiteCert()
if not os.path.exists(str(result)+ ".cert.pem"):
printDebugStr(debugClass.v, "certificate not found = %s", str(result))
result = ""
if ("" != result):
return saveAndReturn(result, allSites)
result = callCommand([ProxyPaths.CERTADMIN , "--default-certificate-path"])
printDebugStr(debugClass.v, "default cert path = %s", str(result))
if os.path.exists(str(result)):
return saveAndReturn(processCertPath(result), allSites)
result = callCommand([ProxyPaths.SEVERADMIN , "command", "certs:command=exportAllIdentities"])
result = callCommand([ProxyPaths.CERTADMIN , "--default-certificate-path"])
printDebugStr(debugClass.v, "default cert path = %s", str(result))
if os.path.exists(str(result)):
return saveAndReturn(processCertPath(result), allSites)
result = callCommand([ProxyPaths.SEVERADMIN , "command", "certs:command=createDefaultSelfSignedIdentity"])
result = callCommand([ProxyPaths.SEVERADMIN , "command", "certs:command=exportAllIdentities"])
result = callCommand([ProxyPaths.CERTADMIN , "--default-certificate-path"])
printDebugStr(debugClass.v, "default cert path = %s", str(result))
if not os.path.exists(str(result)):
result = ProxyPaths.PATH_PLACEHOLDER
return saveAndReturn(processCertPath(result), allSites)
def processCertPath(path):
certNamePieces = path.split(".")
maxLen = len(certNamePieces)
if maxLen > 2:
maxLen -= 2
finalNamePieces = certNamePieces[:maxLen]
resultName = str(".".join(finalNamePieces))
printDebugStr(debugClass.v, "processed default cert path = %s", resultName)
return resultName
def setSitesConfigFileWithCert(fileID, oldCertID, newCertID):
printDebugStr(debugClass.v, "setSitesConfigFileWithCert fileID = %s oldCertID=%s newCertID=%s", str(fileID), str(oldCertID),str(newCertID) )
fileName = convertIDtoFileName(fileID)
filePath = fileNameToPath(fileName)
if (fileName != "" and os.path.exists(filePath)):
with open (filePath, "rw") as myfile:
data = myfile.read().replace(oldCertID, newCertID)
data = re.sub("(?<=File \")(.*)(?=\..*\.pem)","/etc/certificates/" + newCertID, data)
open(filePath, 'wt').write(data)
printDebugStr(debugClass.v, "setSitesConfigFileWithCert filePath = %s oldCertID=%s newCertID=%s", str(filePath), str(oldCertID),str(newCertID) )
def loadConfig(self, configFile):
self._configFile = configFile
if configFile and os.path.exists(configFile):
configDict = plistlib.readPlist(configFile)
configDict = _cleanup(configDict)
self.updateNew(configDict)
else:
printDebugStr(debugClass.v,
"Saving a new default config file to %s", configFile)
self.Save(configFile)
def getMetaDataDefaultSiteCert():
metaDataPlist = readPlist("/Library/Server/Web/Config/apache2/servermgr_web_apache2_config.plist")
webMetaDataConfig = Config(metaDataPlist)
webSites = webMetaDataConfig.Get("Sites")
for index, aField in enumerate(webSites):
port = webMetaDataConfig.Get("Sites:{0}:SSLPassPhrase:Port".format(str(index)))
sslCertID = webMetaDataConfig.Get("Sites:{0}:SSLPassPhrase:sslCertificateIdentifier".format(str(index)))
if (port == "443"):
printDebugStr(debugClass.v, "getMetaDataDefaultSiteCert port 443 = %s", str(sslCertID))
return ("/etc/certificates/{0}".format(str(sslCertID)))
return ("")
def replaceAllCerts(proxyConfig, settings):
certPaths = getCertPathList(proxyConfig)
newDefaultCertpath = getDefaultCertPathAndUpdateMetaAndSiteFiles(settings.force, settings.resetAll)
newDefaultMSTIdentifier = getDefaultMSTIdentifier()
printDebugStr(debugClass.v, "replaceAllCerts certificate = " + newDefaultCertpath + " getCertPathList =" + str(len(certPaths)) )
for certificatePath, certificateValue in certPaths.iteritems():
printDebugStr(debugClass.v, "replaceAllCerts certificate = " + certificateValue + "path =" + str(certificatePath) )
if (certificateValue and certificateValue == ProxyPaths.PATH_PLACEHOLDER or settings.force):
proxyConfig.Set(certificatePath, newDefaultCertpath)
settings.result = True
replaceApacheConfigCert(newDefaultCertpath, newDefaultMSTIdentifier)
proxyConfig.Save(settings.plistPath)
def getCertPathList(aProxyConfig):
proxyService = aProxyConfig.Get("apache_config")
result = {}
for index, aField in enumerate(proxyService):
dictionariesPath = "apache_config:{0}:dictionaries".format(str(index))
directivePath = "apache_config:{0}:directive".format(str(index))
theDirective = aProxyConfig.Get(directivePath)
dictionaries = aProxyConfig.Get(dictionariesPath)
if (theDirective and "VirtualHost" == theDirective and dictionaries):
for dIndex, aField in enumerate(dictionaries):
certificatePath="{0}:{1}:VARS:SSLCertificate".format(dictionariesPath,str(dIndex))
certificateValue = aProxyConfig.Get(certificatePath)
printDebugStr(debugClass.v, "getCertPathList %s = %s", certificatePath, str(certificateValue))
if (certificateValue):
result[certificatePath]= certificateValue
return result
def setMetaDataAllSitesCert(theSSLCertID):
printDebugStr(debugClass.v, "setMetaDataAllSitesCert theSSLCertID = %s", str(theSSLCertID) )
metaDataPath = "/Library/Server/Web/Config/apache2/servermgr_web_apache2_config.plist"
metaDataPlist = readPlist(metaDataPath)
webMetaDataConfig = Config(metaDataPlist)
webSites = webMetaDataConfig.Get("Sites")
for index, aField in enumerate(webSites):
oldSSLCertID = webMetaDataConfig.Get("Sites:{0}:SSLPassPhrase:sslCertificateIdentifier".format(str(index)))
if (oldSSLCertID != ""):
hostID = webMetaDataConfig.Get("Sites:{0}:_id_".format(str(index)))
port = webMetaDataConfig.Get("Sites:{0}:SSLPassPhrase:Port".format(str(index)))
webMetaDataConfig.Set("Sites:{0}:SSLPassPhrase:SSLCertificateKeyFile".format(str(index)),"/etc/certificates/{0}.key.pem".format(str(theSSLCertID)) )
webMetaDataConfig.Set("Sites:{0}:SSLPassPhrase:sslCertificateIdentifier".format(str(index)),str(theSSLCertID) )
printDebugStr(debugClass.v, "setMetaDataAllSitesCert port = %s hostID =%s", str(port), str(hostID))
webMetaDataConfig.Save(metaDataPath)
setSitesConfigFileWithCert(hostID, oldSSLCertID, theSSLCertID)
return ("")
def getCertValueAndPath(aProxyConfig, virtualHost):
proxyService = aProxyConfig.Get("apache_config")
for index, aField in enumerate(proxyService):
dictionariesPath = "apache_config:{0}:dictionaries".format(str(index))
directivePath = "apache_config:{0}:directive".format(str(index))
namePath = "apache_config:{0}:name".format(str(index))
theDirective = aProxyConfig.Get(directivePath)
dictionaries = aProxyConfig.Get(dictionariesPath)
theVirtualHostName = aProxyConfig.Get(namePath)
if (theDirective and "VirtualHost" == theDirective and theVirtualHostName and virtualHost == theVirtualHostName and dictionaries):
printDebugStr(debugClass.v, "Found VirtualHost dictionaries = %s", str(dictionariesPath))
for dIndex, aField in enumerate(dictionaries):
certificatePath="{0}:{1}:VARS:SSLCertificate".format(dictionariesPath,str(dIndex))
certificateValue = aProxyConfig.Get(certificatePath)
printDebugStr(debugClass.v, "%s = %s", certificatePath, str(certificateValue))
if (certificateValue):
return (certificateValue, certificatePath)
return ("", "")
import sys
from optparse import OptionParser
result = 0
settings = commandLineSettings()
OKQuit = False
settings.getPreferenceFileSettings()
parser = OptionParser()
settings.installOptions(parser)
optionsResult = settings.parseOptions()
debugClass.SetEnabled(settings.debug)
webappPlist = readPlist(settings.webAppStatePath)
webappConfig = Config(webappPlist)
printDebugStr(debugClass.v, "settings.getstate = %s",
str(settings.getstate))
if settings.getstate:
print str(getWebApp(webappConfig, settings.webappname)[1])
if settings.setstate:
print str(
setWebApp(webappConfig, settings.webappname, settings.enabled))
webappConfig.Save(settings.webAppStatePath)
if settings.debug:
print "DEBUG-------------- WebApp State List -----------------"
proxyWebApps = webappConfig.Get("webapps")
for index, value in enumerate(proxyWebApps):
webappNamePath = "webapps:" + str(index) + ":name"
webAppName = webappConfig.Get(webappNamePath)
print webappNamePath + " = " + webAppName
def callCommand(cmd):
printDebugStr(debugClass.v, "command line tool = %s", str(cmd))
return subprocess.Popen(cmd, stdout=subprocess.PIPE,stderr=subprocess.PIPE, stdin=subprocess.PIPE).communicate()[0].strip()
import os
import sys
from optparse import OptionParser
result = 0;
settings = commandLineSettings()
OKQuit = False
settings.getPreferenceFileSettings()
parser = OptionParser()
settings.installOptions(parser)
optionsResult = settings.parseOptions()
debugClass.SetEnabled(settings.debug)
if not os.path.exists(str(settings.plistPath)):
printDebugStr(debugClass.v, "Crtitical error: settings plist not found: %s", str(settings.plistPath))
sys.exit(1)
configPlist = readPlist(settings.plistPath)
proxyConfig = Config(configPlist)
proxyConfig.debug = settings.debug
replaceApacheConfigCert(settings.certPath, settings.mstIdentity)
printDebugStr(debugClass.v, "settings.certPath = %s settings.virtualHostName = %s" , settings.certPath, settings.virtualHostName)
if settings.resetAll:
settings.force = True
replaceAllCerts(proxyConfig, settings)
elif (settings.certPath != ProxyPaths.PATH_PLACEHOLDER and settings.virtualHostName != VIRTUAL_HOST_DEFAULT):
replaceDefaultSiteSSLCerts(proxyConfig, settings)
else:
replaceAllDefaultCerts(proxyConfig, settings)
