Changeset 1125 for TI12-security


Ignore:
Timestamp:
07/06/06 14:16:10 (13 years ago)
Author:
pjkersha
Message:

ts/xDomainCredsTransfer.py, NDG/SecurityCGI.py, NDG/Session.py, XMLSecDoc.py: use urlsafe_b64encode/
urlsafe_b64decode to allow safe passing of encoded parameters across URIs. Standard b64encode/b64decode
will include + and / symbols which have special meanings (thanks to Netscape :/ )

NDG/SecurityCGI.py: more work on authorisation request handlers.

NDG/AttAuthority.py: improved no local roles to map to error to print comma separated list of roles.

Location:
TI12-security/trunk/python
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/NDG/AttAuthority.py

    r1018 r1125  
    457457                                                    trustedHostRoles) 
    458458            if not localRoles: 
    459                 raise AttAuthorityAccessDenied(\ 
     459                raise AttAuthorityAccessDenied, \ 
    460460                    "No local roles mapped to the %s roles: %s" % \ 
    461                     (extAttCert['issuerName'], str(trustedHostRoles))) 
     461                    (extAttCert['issuerName'], ', '.join(trustedHostRoles)) 
    462462 
    463463            attCert.addRoles(localRoles) 
  • TI12-security/trunk/python/NDG/SecurityCGI.py

    r1096 r1125  
    254254            # Expiry is taken from encoded value passed over URI 
    255255            dtExpiry = None 
    256             expiryStr = base64.b64decode(encodedExpiry) 
     256            expiryStr = base64.urlsafe_b64decode(encodedExpiry) 
    257257        else: 
    258258            # Expiry is set from life time in hours input in __init__ 
     
    350350               sessCookie['NDG-ID1'].value, 
    351351               sessCookie['NDG-ID2'].value, 
    352                base64.b64encode(sessCookie['NDG-ID1']['expires']), 
     352               base64.urlsafe_b64encode(sessCookie['NDG-ID1']['expires']), 
    353353               hdrTxt, 
    354354               redirectMsg) 
     
    487487 
    488488        if resp['statCode'] == 'AccessGranted': 
    489             self.handleAttCertGranted(resp['attCert']) 
     489            self.onAttCertGranted(resp['attCert']) 
    490490         
    491491        elif resp['statCode'] == 'AccessDenied': 
    492             self.handleAttCertDenied(resp['extAttCertList'], resp['errMsg']) 
     492            self.onAttCertDenied(resp['extAttCertList'], resp['errMsg']) 
    493493             
    494494        elif resp['statCode'] == 'AccessError': 
     
    497497     
    498498    #_________________________________________________________________________ 
    499     def handleAttCertGranted(self, attCert): 
     499    def onAttCertGranted(self, attCert): 
    500500        """Callback invoked by getAttCert - handle case where an Attribute 
    501501        Authority has granted a new attribute certificate to the user.  Derive 
     
    506506     
    507507    #_________________________________________________________________________ 
    508     def handleAttCertDenied(self, extAttCertList, errMsg): 
     508    def onAttCertDenied(self, extAttCertList, errMsg): 
    509509        """Callback invoked by getAttCert - handle case where an Attribute 
    510510        Authority has denied an attribute certificate to the user.  Derive 
  • TI12-security/trunk/python/NDG/Session.py

    r1035 r1125  
    169169        # that the string length of the session ID will almost certainly be 
    170170        # longer than SessionMgr.__sessIDlen 
    171         sessID = base64.b64encode(os.urandom(self.__sessIDlen)) 
     171        sessID = base64.urlsafe_b64encode(os.urandom(self.__sessIDlen)) 
    172172        self.__sessIDlist.append(sessID) 
    173173 
     
    211211        try: 
    212212            aes = AES.new(encrKey, AES.MODE_ECB) 
    213             return base64.b64encode(aes.encrypt(paddedURI)) 
     213            return base64.urlsafe_b64encode(aes.encrypt(paddedURI)) 
    214214         
    215215        except Exception, e: 
     
    230230             
    231231            # Decode from base 64 
    232             b64DecodedEncrTxt = base64.b64decode(encrTxt) 
     232            b64DecodedEncrTxt = base64.urlsafe_b64decode(encrTxt) 
    233233             
    234234            # Decrypt and strip trailing spaces 
  • TI12-security/trunk/python/NDG/XMLSecDoc.py

    r920 r1125  
    13851385             
    13861386        try: 
    1387             key = base64.b64encode(os.urandom(keyLength))[0:192] 
     1387            key = base64.urlsafe_b64encode(os.urandom(keyLength))[0:192] 
    13881388        except Exception, e: 
    13891389            raise XMLSecDocError("Error creating symmetric key") 
  • TI12-security/trunk/python/Tests/xDomainCredsTransfer.py

    r986 r1125  
    141141 
    142142    cookie = SimpleCookie() 
    143     if not sessID: sessID = base64.b64encode(os.urandom(128)) 
    144     if not sessMgrURI: sessMgrURI = base64.b64encode(os.urandom(32)) 
     143    if not sessID: sessID = base64.urlsafe_b64encode(os.urandom(128)) 
     144    if not sessMgrURI: sessMgrURI = base64.urlsafe_b64encode(os.urandom(32)) 
    145145 
    146146    cookie['NDG-ID1'] = sessID 
Note: See TracChangeset for help on using the changeset viewer.