Changeset 1858
- Timestamp:
- 13/12/06 17:04:49 (14 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 5 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/conf/myProxyProperties.xml
r964 r1858 4 4 Nb. MYPROXY_SERVER environment variable if set, overrides this setting 5 5 --> 6 <myProxyServer>localhost</myProxyServer> 6 <hostname>localhost</hostname> 7 <port>7512</port> 7 8 <!-- 8 9 Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting … … 11 12 --> 12 13 <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir> 13 <credStorageDir></credStorageDir>14 14 <!-- Open SSL Configuration settings --> 15 15 <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName> 16 16 <tmpDir>/tmp</tmpDir> 17 <path>$GLOBUS_LOCATION/bin:$GLOBUS_LOCATION/sbin:/usr/bin:/bin</path>18 17 <!-- 19 Limit on maximum lifetime any proxy certificate can have - specified when20 a certificate is first created by addUser() method21 18 Limit on maximum lifetime any proxy certificate can have - specified 19 when a certificate is first created by store() method 20 --> 22 21 <proxyCertMaxLifetime></proxyCertMaxLifetime> <!-- in hours --> 23 22 <!-- … … 26 25 --> 27 26 <proxyCertLifetime></proxyCertLifetime> <!-- in hours --> 28 <simpleCACltProp>29 <wsdl></wsdl>30 <xmlSigKeyFile></xmlSigKeyFile>31 <xmlSigCertFile></xmlSigCertFile>32 <xmlSigCertPPhrase></xmlSigCertPPhrase>33 </simpleCACltProp>34 27 </myProxyProp> -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/MyProxy.py
r1857 r1858 53 53 54 54 @cvar __getCmd: get command string 55 @cvar __infoCmd: info command string 56 @cvar __destroyCmd: destroy command string 57 @cvar __changePassphrase: command string to change cred pass-phrase 55 58 @cvar __storeCmd: store command string 56 @cvar _certReqParamName: names of parameters needed to generate a 59 @cvar _hostCertSubDirPath: sub-directory path host certificate (as tuple) 60 @cvar _hostKeySubDirPath: sub-directory path to host key (as tuple) 61 @cvar _certReqDNdefaultsName: names of parameters needed to generate a 57 62 certificate request e.g. CN, OU etc. 58 63 """ … … 89 94 LIFETIME=%d\0""" 90 95 91 92 _certReqParamName = ('O', 'OU') 96 _hostCertSubDirPath = ('etc', 'hostcert.pem') 97 _hostKeySubDirPath = ('etc', 'hostkey.pem') 98 99 _certReqDNdefaultsName = ('O', 'OU') 93 100 94 101 # valid configuration property keywords 95 __validKeys = ['myProxyServer', 102 __validKeys = ('hostname', 103 'port', 96 104 'gridSecurityDir', 97 'credStorageDir',98 105 'openSSLConfFileName', 99 106 'tmpDir', 100 'path',101 107 'proxyCertMaxLifetime', 102 'proxyCertLifetime', 103 'simpleCACltProp', 104 'simpleCASrvProp'] 108 'proxyCertLifetime') 105 109 106 110 # For checking whether MyProxy server name is localhost … … 112 116 113 117 #_________________________________________________________________________ 114 def __init__(self, 115 propFilePath=None, 116 hostname=os.environ.get('MYPROXY_SERVER'), 117 port=7512, 118 **prop): 118 def __init__(self, propFilePath=None, **prop): 119 """Make an initial settings for client connections to MyProxy 120 121 Settings are held in a dictionary which can be set from **prop, 122 a call to setProperties() or by passing settings in an XML file 123 given by propFilePath 124 125 @param propFilePath: set properties via a configuration file 126 @param **prop: set properties via keywords - see __validKeys 127 class variable for a list of these 119 128 """ 120 @param hostname string for MyProxy server - defaults to 121 MYPROXY_SERVER environment variable 122 @param integer port number MyProxy is running on 123 propFilePath: set properties via a configuration file 124 prop: set properties via keywords 125 """ 126 self.hostname = hostname 127 self.port = port 128 129 129 130 # Set-up parameter names for certificate request 130 self.__certReq Param = {}.fromkeys(MyProxyClient._certReqParamName)131 self.__certReqDNdefaults = {} 131 132 132 133 # Check for parameter names set from input 133 self.certReqParam = certReqKw134 135 134 #self.certReqDNdefaults = None 135 136 # settings dictionary 136 137 self.__prop = {} 137 138 139 # Defaults 140 self.__prop['port'] = 7512 141 self.__prop['proxyCertLifetime'] = 43200 142 self.__prop['proxyCertMaxLifetime'] = 43200 138 143 139 144 # Configuration file used to get default subject when generating a … … 152 157 153 158 # Grid security directory - environment variable setting overrides 154 if 'GRID_SECURITY_DIR' in self.__env:159 if 'GRID_SECURITY_DIR' in os.environ: 155 160 self.__prop['gridSecurityDir'] = self.__env['GRID_SECURITY_DIR'] 156 161 … … 160 165 161 166 # Server host name - environment setting overrides 162 if 'MYPROXY_SERVER' in self.__env: 163 self.__prop['myProxyServer'] = self.__env['MYPROXY_SERVER'] 164 167 if 'MYPROXY_SERVER' in os.environ: 168 self.__prop['hostname'] = os.environ['MYPROXY_SERVER'] 169 170 # ... and port number 171 if 'MYPROXY_SERVER_PORT' in os.environ: 172 self.__prop['port'] = os.environ['MYPROXY_SERVER_PORT'] 165 173 166 174 #_________________________________________________________________________ … … 171 179 invalidKeys = [key for key in prop if key not in self.__validKeys] 172 180 if invalidKeys: 173 raise MyProxyClientError, "Property name \"%s\" is invalid" % key 181 raise MyProxyClientError, 'Invalid property name(s) set: "%s"' % \ 182 '", "'.join(invalidKeys) 174 183 175 184 self.__prop.update(prop) 176 185 177 186 # Update openssl conf file path 178 if 'gridSecurityDir' in prop or 'openSSLConfFileName' in prop: 179 187 if 'gridSecurityDir' in prop or 'openSSLConfFileName' in prop: 180 188 self.__openSSLConf.filePath = \ 181 189 os.path.join(self.__prop['gridSecurityDir'], … … 189 197 propFilePath|propertiesElem 190 198 191 propFilePath: set to read from the specified file 192 propertiesElem: set to read beginning from a cElementTree node""" 199 @param propFilePath: set to read from the specified file 200 @param propertiesElem: set to read beginning from a cElementTree node 201 @return None 202 """ 193 203 194 204 if propFilePath is not None: 195 196 205 try: 197 206 tree = ElementTree.parse(propFilePath) … … 199 208 200 209 except IOError, e: 201 raise MyProxyClientError (\210 raise MyProxyClientError, \ 202 211 "Error parsing properties file \"%s\": %s" % \ 203 (e.filename, e.strerror)) 204 205 212 (e.filename, e.strerror) 206 213 except Exception, e: 207 raise MyProxyClientError ("Error parsing properties file: %s" %\208 str(e))209 214 raise MyProxyClientError, \ 215 "Error parsing properties file: %s" % str(e) 216 210 217 if propElem is None: 211 raise MyProxyClientError("Root element for parsing is not defined") 218 raise MyProxyClientError, \ 219 "Root element for parsing properties file is not defined" 212 220 213 221 … … 221 229 elem.text = os.path.expandvars(elem.text) 222 230 223 prop[elem.tag] = elem.text 224 225 226 # Check for SimpleCA properties - should be either WS client or 227 # local server property settings 228 if 'simpleCACltProp' in prop: 229 230 tagElem = propElem.find('simpleCACltProp') 231 if not tagElem: 232 raise MyProxyClientError("Tag %s not found in file" % \ 233 'simpleCACltProp') 234 235 try: 236 simpleCAClt = SimpleCAClient() 237 simpleCAClt.readProperties(propElem=tagElem) 238 239 except Exception, e: 240 raise MyProxyClientError("Setting SimpleCAClient properties: %s"%e) 241 242 prop['simpleCACltProp'] = simpleCAClt() 243 244 elif 'simpleCASrvProp' in prop: 245 246 tagElem = propElem.find('simpleCASrvProp') 247 if not tagElem: 248 raise MyProxyClientError("Tag %s not found in file" % \ 249 'simpleCASrvProp') 250 251 try: 252 simpleCA = SimpleCA() 253 simpleCA.readProperties(propElem=tagElem) 254 255 except Exception, e: 256 raise MyProxyClientError("Setting SimpleCA properties: %s" % e) 257 258 prop['simpleCASrvProp'] = simpleCA() 259 260 else: 261 raise MyProxyClientError(\ 262 "Neither %s or %s tags found in properties file" % \ 263 ('simpleCACltProp', 'simpleCASrvProp')) 264 265 231 if elem.text.isdigit(): 232 prop[elem.tag] = int(elem.text) 233 else: 234 prop[elem.tag] = elem.text 235 266 236 self.setProperties(**prop) 267 237 … … 272 242 local machine myproxy-admin-* commands won't work. This affects 273 243 addUser and userIsRegistered commands""" 274 return self.__prop[' myProxyServer'] in self.__class__.__localHostnames244 return self.__prop['hostname'] in self.__class__.__localHostnames 275 245 276 246 #_________________________________________________________________________ 277 247 def __setCertReqParam(self, dict): 278 '''certReq Paramproperty set method - forces setting of certificate248 '''certReqDNdefaults property set method - forces setting of certificate 279 249 request parameter names to valid values 280 250 … … 282 252 283 253 invalidKw = [k for k in dict \ 284 if k not in MyProxyClient._certReq ParamName]254 if k not in MyProxyClient._certReqDNdefaultsName] 285 255 if invalidKw: 286 256 raise MyProxyClientError, \ 287 257 "Invalid certificate request keyword(s): %s. Valid keywords are: %s" % \ 288 (', '.join(invalidKw), ', '.join(MyProxyClient._certReq ParamName))289 290 self.__certReq Param.update(dict)258 (', '.join(invalidKw), ', '.join(MyProxyClient._certReqDNdefaultsName)) 259 260 self.__certReqDNdefaults.update(dict) 291 261 292 262 #_________________________________________________________________________ 293 263 def __getCertReqParam(self): 294 """certReq Paramproperty set method - for Certificate request264 """certReqDNdefaults property set method - for Certificate request 295 265 parameters dict""" 296 return self.__certReq Param297 298 299 certReq Param= property(fset=__setCertReqParam,266 return self.__certReqDNdefaults 267 268 269 certReqDNdefaults = property(fset=__setCertReqParam, 300 270 fget=__getCertReqParam, 301 271 doc="Dictionary of parameters for cert. request") … … 329 299 req.set_pubkey(pubKey) 330 300 301 if self.__certReqDNdefaults: 302 certReqDNdefaults = self.__certReqDNdefaults 303 else: 304 defaultReqDN = self.__openSSLConf.getReqDN() 305 306 certReqDNdefaults['O'] = defaultReqDN['0.organizationName'] 307 certReqDNdefaults['OU'] = defaultReqDN['0.organizationUnitName'] 308 309 import pdb;pdb.set_trace() 310 331 311 # Set DN 332 312 x509Name = X509.X509_Name() 333 313 x509Name.CN = CN 334 x509Name.OU = self.__certReqParam['OU']335 x509Name.O = self.__certReqParam['O']314 x509Name.OU = certReqDNdefaults['OU'] 315 x509Name.O = certReqDNdefaults['O'] 336 316 req.set_subject_name(x509Name) 337 317 … … 432 412 given username 433 413 434 Exceptions: GetError, StoreCredError414 Exceptions: GetError, RetrieveError 435 415 436 416 @param username: username selected for credential … … 449 429 if not ownerCertFile or not ownerKeyFile: 450 430 if globusLoc: 451 ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem') 452 ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem') 431 ownerCertFile = os.path.join(globusLoc, 432 *MyProxyClient._hostCertSubDirPath) 433 ownerKeyFile = os.path.join(globusLoc, 434 *MyProxyClient._hostKeySubDirPath) 453 435 else: 454 436 raise MyProxyClientError, \ … … 472 454 # host/<hostname> one 473 455 conn.clientPostConnectionCheck = None 474 conn.connect((self. hostname, self.port))456 conn.connect((self.__prop['hostname'], self.__prop['port'])) 475 457 476 458 # send globus compatibility stuff … … 503 485 """change pass-phrase protecting the credentials for a given username 504 486 505 Exceptions: GetError, StoreCredError487 Exceptions: GetError, RetrieveError 506 488 507 489 @param username: username of credential … … 522 504 if not ownerCertFile or not ownerKeyFile: 523 505 if globusLoc: 524 ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem') 525 ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem') 506 ownerCertFile = os.path.join(globusLoc, 507 *MyProxyClient._hostCertSubDirPath) 508 ownerKeyFile = os.path.join(globusLoc, 509 *MyProxyClient._hostKeySubDirPath) 526 510 else: 527 511 raise MyProxyClientError, \ 528 512 "No client authentication cert. and private key file were given" 529 513 530 import pdb;pdb.set_trace()531 514 context = Context(protocol='sslv3') 532 515 context.load_cert(ownerCertFile, … … 545 528 # host/<hostname> one 546 529 conn.clientPostConnectionCheck = None 547 conn.connect((self. hostname, self.port))530 conn.connect((self.__prop['hostname'], self.__prop['port'])) 548 531 549 532 # send globus compatibility stuff … … 572 555 """destroy credentials from the server for a given username 573 556 574 Exceptions: GetError, StoreCredError557 Exceptions: GetError, RetrieveError 575 558 576 559 @param username: username selected for credential … … 589 572 if not ownerCertFile or not ownerKeyFile: 590 573 if globusLoc: 591 ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem') 592 ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem') 574 ownerCertFile = os.path.join(globusLoc, 575 *MyProxyClient._hostCertSubDirPath) 576 ownerKeyFile = os.path.join(globusLoc, 577 *MyProxyClient._hostKeySubDirPath) 593 578 else: 594 579 raise MyProxyClientError, \ … … 612 597 # host/<hostname> one 613 598 conn.clientPostConnectionCheck = None 614 conn.connect((self. hostname, self.port))599 conn.connect((self.__prop['hostname'], self.__prop['port'])) 615 600 616 601 # send globus compatibility stuff … … 637 622 ownerKeyFile=None, 638 623 ownerPassphrase=None, 639 lifetime= 43200):624 lifetime=None): 640 625 """Upload credentials to the server 641 626 642 Exceptions: GetError, StoreCredError627 Exceptions: GetError, RetrieveError 643 628 644 629 @param username: username selected for credential … … 659 644 @return none 660 645 """ 646 647 lifetime = lifetime or self.__prop['proxyCertMaxLifetime'] 648 661 649 globusLoc = os.environ.get('GLOBUS_LOCATION') 662 650 if not ownerCertFile or not ownerKeyFile: 663 651 if globusLoc: 664 ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem') 665 ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem') 652 ownerCertFile = os.path.join(globusLoc, 653 *MyProxyClient._hostCertSubDirPath) 654 ownerKeyFile = os.path.join(globusLoc, 655 *MyProxyClient._hostKeySubDirPath) 666 656 else: 667 657 ownerCertFile = certFile … … 685 675 # host/<hostname> one 686 676 conn.clientPostConnectionCheck = None 687 conn.connect((self. hostname, self.port))677 conn.connect((self.__prop['hostname'], self.__prop['port'])) 688 678 689 679 # send globus compatibility stuff … … 715 705 716 706 #_________________________________________________________________________ 717 def logon(self, username, passphrase, lifetime= 43200):707 def logon(self, username, passphrase, lifetime=None): 718 708 """Retrieve a proxy credential from a MyProxy server 719 709 … … 726 716 proxy certificate, it's private key and the signing certificate. 727 717 """ 728 718 719 lifetime = lifetime or self.__prop['proxyCertLifetime'] 720 729 721 context = Context(protocol='sslv3') 730 722 … … 740 732 # host/<hostname> one 741 733 conn.clientPostConnectionCheck = None 742 conn.connect((self. hostname, self.port))734 conn.connect((self.__prop['hostname'], self.__prop['port'])) 743 735 744 736 # send globus compatibility stuff … … 746 738 747 739 # send get command 748 cmd = MyProxyClient.__getCmd % (username, passphrase,lifetime)740 cmd = MyProxyClient.__getCmd % (username, passphrase, lifetime) 749 741 conn.write(cmd) 750 742 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py
r1824 r1858 1 1 #!/usr/bin/e 2 """NDG Attribute Authority client 2 """NDG Attribute Authority client unit tests 3 3 4 4 NERC Data Grid Project … … 20 20 21 21 def setUp(self): 22 try: 23 # Session Manager WSDL 24 self.uri = 'http://127.0.0.1:5700/AttributeAuthority' 25 26 # Instantiate WS proxy 27 self.clnt = AttAuthorityClient(self.uri, 28 tracefile=sys.stderr) 29 except Exception, e: 30 self.fail(str(e)) 31 32 33 def tearDown(self): 34 pass 35 22 # Session Manager WSDL 23 self.uri = 'http://127.0.0.1:5700/AttributeAuthority' 24 25 # Instantiate WS proxy 26 self.clnt = AttAuthorityClient(self.uri, tracefile=sys.stderr) 27 36 28 37 29 def testGetPubKey(self): … … 43 35 44 36 def testGetTrustedHostInfo(self): 45 46 try: 47 role = 'role' 48 self.clnt.getTrustedHostInfo(role) 49 except Exception, e: 50 self.fail(str(e)) 37 """testGetTrustedHostInfo: retrieve trusted host info matching a 38 given role""" 39 role = 'role' 40 self.clnt.getTrustedHostInfo(role) 51 41 52 42 53 43 def testGetTrustedHostInfoWithNoRole(self): 54 55 try: 56 self.clnt.getTrustedHostInfo() 57 except Exception, e: 58 self.fail(str(e)) 59 44 """testGetTrustedHostInfoWithNoRole: retrieve trusted host info 45 irrespective of role""" 46 self.clnt.getTrustedHostInfo() 60 47 61 48 def testGetHostInfo(self): 62 63 try: 64 self.clnt.getHostInfo() 65 except Exception, e: 66 self.fail(str(e)) 49 """testGetHostInfo: retrieve info for AA host""" 50 self.clnt.getHostInfo() 67 51 68 52
Note: See TracChangeset
for help on using the changeset viewer.