From ddf00a0a72a0cb3bf7eab8882d608198fe7cf52c Mon Sep 17 00:00:00 2001 From: Tobias Lindahl Date: Mon, 8 Jun 2020 10:12:00 +0200 Subject: [PATCH] Move apns certificates away from the roster priv dir --- .../roster/priv/apns_certificates/cert_rc.pem | 43 ------------------- apps/roster/priv/apns_certificates/key_rc.pem | 32 -------------- apps/roster/src/api/push/roster_apns_api.erl | 4 +- .../certs}/apns_certificates/cert_dev.pem | 0 .../certs}/apns_certificates/cert_prod.pem | 0 .../certs}/apns_certificates/key_dev.pem | 0 .../certs}/apns_certificates/key_prod.pem | 0 sys.config | 2 +- 8 files changed, 2 insertions(+), 79 deletions(-) delete mode 100644 apps/roster/priv/apns_certificates/cert_rc.pem delete mode 100644 apps/roster/priv/apns_certificates/key_rc.pem rename {apps/roster/priv => etc/certs}/apns_certificates/cert_dev.pem (100%) rename {apps/roster/priv => etc/certs}/apns_certificates/cert_prod.pem (100%) rename {apps/roster/priv => etc/certs}/apns_certificates/key_dev.pem (100%) rename {apps/roster/priv => etc/certs}/apns_certificates/key_prod.pem (100%) diff --git a/apps/roster/priv/apns_certificates/cert_rc.pem b/apps/roster/priv/apns_certificates/cert_rc.pem deleted file mode 100644 index 655773614..000000000 --- a/apps/roster/priv/apns_certificates/cert_rc.pem +++ /dev/null @@ -1,43 +0,0 @@ -Bag Attributes - friendlyName: VoIP Services: com.nynja.rc.mobile.communicator - localKeyID: 99 0A 35 09 EC D0 FC 53 C2 08 A9 48 C9 35 A0 F9 70 FD 23 76 -subject=/UID=com.nynja.rc.mobile.communicator.voip/CN=VoIP Services: com.nynja.rc.mobile.communicator/OU=9GKQ5AMF2B/O=Nynja, Inc./C=US -issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority ------BEGIN CERTIFICATE----- -MIIGkTCCBXmgAwIBAgIIIEL0otT3tsIwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV -BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js -ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3 -aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw -HhcNMTkwNTI4MTM0OTU2WhcNMjAwNTI3MTM0OTU2WjCBqTE1MDMGCgmSJomT8ixk -AQEMJWNvbS5ueW5qYS5yYy5tb2JpbGUuY29tbXVuaWNhdG9yLnZvaXAxODA2BgNV -BAMML1ZvSVAgU2VydmljZXM6IGNvbS5ueW5qYS5yYy5tb2JpbGUuY29tbXVuaWNh -dG9yMRMwEQYDVQQLDAo5R0tRNUFNRjJCMRQwEgYDVQQKDAtOeW5qYSwgSW5jLjEL -MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH0QUI -M9eQhmXRB+cBXrxjWvLoLyeFzrKp+UMpzuXtXwZmI2gqNtZLnXRrQW7ZH3BT1sov -oTxUOKDCr6xF8v+gB/+tOxst5l9eWDFRypy9OaTRnP3WwgXeCbO3sEk6XAR9Yp1i -PahgiEneP6vJ9y3xRttluWc8N6PZJi3kupNyIm/GWUx3dUG+LYxnOQ3YlFFqIBXk -ZRGao4MbTnNouuvMlbA1V1mnUehxgFLPNoZYRr5jtolk0zcYU6yRQKFWDQ5LYlyl -LmVoOuECKAjnDHEywH7yCf6dFHpZOtKQDWfut511DsUUAp7nn9jXLYkfj6cndUux -TZyDKPsORyGX5FnJAgMBAAGjggLMMIICyDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY -MBaAFIgnFwmpthhgi+zruvZHWcVSVKO3MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEF -BQcwAYYjaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy13d2RyMDEwggEdBgNV -HSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNS -ZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVz -IGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJt -cyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQg -Y2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYq -aHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBMGA1Ud -JQQMMAoGCCsGAQUFBwMCMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9jcmwuYXBw -bGUuY29tL3d3ZHJjYS5jcmwwHQYDVR0OBBYEFJkKNQns0PxTwgipSMk1oPlw/SN2 -MA4GA1UdDwEB/wQEAwIHgDAQBgoqhkiG92NkBgMBBAIFADAQBgoqhkiG92NkBgMC -BAIFADAwBgoqhkiG92NkBgMDBCIMIGNvbS5ueW5qYS5yYy5tb2JpbGUuY29tbXVu -aWNhdG9yMFcGCiqGSIb3Y2QGAwQESQxHY29tLm55bmphLnJjLm1vYmlsZS5jb21t -dW5pY2F0b3IsIGNvbS5ueW5qYS5yYy5tb2JpbGUuY29tbXVuaWNhdG9yLnZvaXAw -EAYKKoZIhvdjZAYDBQQCBQAwDQYJKoZIhvcNAQELBQADggEBACIUnr8Nm5y+i5A1 -smgFuUxaEcI0pGwiRvEuvMynSOwjYJN1FmIg3RHxxAdqXbBYmILToXMLzMvEJx/G -kiknrvxRdgUf9GIcuYQ3ZC8i7b37sa1ofS2iJ2CiAz2R7upCQumXAWxjovGdAMCX -Y8nU4nlNXy+MrSyYklf5BrLCjeyhjeSILuoX1b6H5aWfHETGqAzX/le7p5HGYqxh -ZahMkgunvWYKPiNdWMsMjDyAAl8V7aVwXhd/1VV6h2+4WyFK5o+sIasOSLbKLH8k -Bt0cz6Bg8u+cX+EJwOvlENCEDgzr89TjuXRditDhbTqBHXZ/D3gXr7fLmAcOduxD -DUtjq8g= ------END CERTIFICATE----- \ No newline at end of file diff --git a/apps/roster/priv/apns_certificates/key_rc.pem b/apps/roster/priv/apns_certificates/key_rc.pem deleted file mode 100644 index 4502d3e3f..000000000 --- a/apps/roster/priv/apns_certificates/key_rc.pem +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - friendlyName: NynjaRCVoipServicesKey - localKeyID: 99 0A 35 09 EC D0 FC 53 C2 08 A9 48 C9 35 A0 F9 70 FD 23 76 -Key Attributes: ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDH0QUIM9eQhmXR -B+cBXrxjWvLoLyeFzrKp+UMpzuXtXwZmI2gqNtZLnXRrQW7ZH3BT1sovoTxUOKDC -r6xF8v+gB/+tOxst5l9eWDFRypy9OaTRnP3WwgXeCbO3sEk6XAR9Yp1iPahgiEne -P6vJ9y3xRttluWc8N6PZJi3kupNyIm/GWUx3dUG+LYxnOQ3YlFFqIBXkZRGao4Mb -TnNouuvMlbA1V1mnUehxgFLPNoZYRr5jtolk0zcYU6yRQKFWDQ5LYlylLmVoOuEC -KAjnDHEywH7yCf6dFHpZOtKQDWfut511DsUUAp7nn9jXLYkfj6cndUuxTZyDKPsO -RyGX5FnJAgMBAAECggEAZejsCRfvvI1fRnIiVmeL65yKQPMz1CHsq5YutBcK27rY -V6V9TfJz71LZ+o3/zAslzgzBR/OTAl1zWHgig/aAe4040JBRt2JEh6ixVsbgk/3f -Wu0X5b1FIs6N84SchIBD5fMy09UgmENKcWjF5BcGPoVmBoa96U9zaJ/5Tiv+YXnZ -safRcSuULqX8EPYlhYxQGTulXx5z6N/OSLNMe7yn+5E508TVTE/kK+WqFHjzyw0N -1JuGlLZ+GtfsKU65ZP3dantlKdssJ4g+daJ2a/35qbBCterEQc8R3haYuOx5JLQe -o3ZIf3GTLKw/QbgH1UYy00wt6fZINBRqzXdqQO2IAQKBgQDvuPhCCyrID5GJA53l -PMnHm8K9gojfbAUm9a46aBT4NJJuHNtra8QxOHadQyuM6srEm+yCqls1Cifs3rW7 -M8UYEiyNsX18e/0khTu77CTYbUfZ7JOAZx9TJQXbifXV0Q0btaKlkHg7XFC+1ECN -8WQjYMjT2SZhG1UYNrfcvbhpAQKBgQDVYl/A1gW70LSrZ1OiwXGa/RQVNxYY7Za3 -EewwtScs34+Y+JReqDWgZpoqIV5yck+CQfRDjck1oMklyhBlgwrJaIs7M5Bj0gWF -DbNXO1/kA+40zRzGXm6/uQo6wWXGkhJ9VuLYOAfSe2P3EF9i22hBzFVoSbfuXI5/ -PQn1qfHoyQKBgQCQFr4h9FRiq/juQh5GC6O9NwJ2pl9e666tHD79HFJ+Xhsl1HKO -vtfOPgINxLIIoZf/VTlz0LHBz7jvx220eAmfzky5XlXu3RfrO6oL6oS7EfR+KJUA -OPu7HiXHL8V0H5OhdCuvGIcsJvDhwvKKXu2x1hrgO0W2WJdtVnZtWBvgAQKBgQDI -0dJn+4Rd4+eEwLO3ovK1+KQj6zoCr+d914I/vN1nn+bXAmswQoJluOox6EGo1+f4 -IPYvdYr9y5pC1E5mGtPWBWuzha3II+pJ9EDqQdjXENPoIXmJP2pfSVhVP5n3LZX1 -HAZVkzXZY4MLC/+ZXABcnF9szKQr0jPRj7KF3zDp8QKBgQDMCaTtcc67WEUVb6yK -BhW1fUpFDUUqB20NMJjWmN38diiiBDtWee+4OobK+7+wYOM/xIlKgtPZMMWVSSQ4 -YZjp7VEHVBPGLxxfDytYtpQIp+yP83bK8R/EIC5ljSxLzmZfiUsjmRJJ760mt9J3 -qPY6n66RhZOfHqd6960jYQXsDA== ------END PRIVATE KEY----- diff --git a/apps/roster/src/api/push/roster_apns_api.erl b/apps/roster/src/api/push/roster_apns_api.erl index b7935fe57..18287f5b5 100644 --- a/apps/roster/src/api/push/roster_apns_api.erl +++ b/apps/roster/src/api/push/roster_apns_api.erl @@ -254,9 +254,7 @@ certfiles_from_session_name(apns_sandbox_prod) -> ensure_cert_files(?PROD_CERTS) certfiles_from_session_name(apns_sandbox_dev) -> ensure_cert_files(?DEV_CERTS). ensure_cert_files({CertBase, KeyBase}) -> - %% TODO: Move the certs away from priv_dir - CertDir = filename:join(code:priv_dir(roster), - get_from_config(apns_cert_dir)), + CertDir = get_from_config(apns_cert_dir), KeyFile = filename:join(CertDir, KeyBase), CertFile = filename:join(CertDir, CertBase), case filelib:is_file(KeyFile) andalso filelib:is_file(CertFile) of diff --git a/apps/roster/priv/apns_certificates/cert_dev.pem b/etc/certs/apns_certificates/cert_dev.pem similarity index 100% rename from apps/roster/priv/apns_certificates/cert_dev.pem rename to etc/certs/apns_certificates/cert_dev.pem diff --git a/apps/roster/priv/apns_certificates/cert_prod.pem b/etc/certs/apns_certificates/cert_prod.pem similarity index 100% rename from apps/roster/priv/apns_certificates/cert_prod.pem rename to etc/certs/apns_certificates/cert_prod.pem diff --git a/apps/roster/priv/apns_certificates/key_dev.pem b/etc/certs/apns_certificates/key_dev.pem similarity index 100% rename from apps/roster/priv/apns_certificates/key_dev.pem rename to etc/certs/apns_certificates/key_dev.pem diff --git a/apps/roster/priv/apns_certificates/key_prod.pem b/etc/certs/apns_certificates/key_prod.pem similarity index 100% rename from apps/roster/priv/apns_certificates/key_prod.pem rename to etc/certs/apns_certificates/key_prod.pem diff --git a/sys.config b/sys.config index 5a6283243..31a477058 100644 --- a/sys.config +++ b/sys.config @@ -97,7 +97,7 @@ {push_api,[ {apns_force_http, false}, {fcm_server_key,<<"AAAAAzb6_Zg:APA91bGN0jYv_4iqyk8IC4xUdPYXh0yPsTF9YYj_gd9oebRr_ZEoLuC5hCD9RfdqA3Y3AF_P_WbelqvzvgR3RsX_mHBLynV14Q6HakXAtrY_eWLK2xqamF2OC9uBXfKgxTFFqmyr1Kbw">>}, - {apns_cert_dir, "apns_certificates"}, + {apns_cert_dir, "etc/certs/apns_certificates"}, {apns_binary_port, 2195}, {apns_http_port, 443}]}, {job_delay, 60}, %% 1 mins -- GitLab