Changeset 2072 for TI12-security
- Timestamp:
- 29/01/07 13:34:04 (13 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py
r2051 r2072 42 42 43 43 #_________________________________________________________________________ 44 def __init__(self, 45 uri=None, 46 srvCertFilePath=None, 47 clntCertFilePath=None, 48 clntPriKeyFilePath=None, 49 tracefile=None): 44 def __init__(self, uri=None, tracefile=None, **signatureHandlerKw): 50 45 """ 51 46 @type uri: string 52 47 @keyword uri: URI for Attribute Authority WS. Setting it will also 53 48 initialise the Service Proxy 54 55 @type srvCertFilePath: string 56 @keyword srvCertFilePath: X.509 certificate of Attribute Authority use 57 to verify the signatures of responses. This may be omitted if the 58 the certificate is include in the WSSE header of the repsonse. 59 60 @type clntCertFilePath: string 61 @keyword clntCertFilePath: X.509 certificate of client. Passed in 62 SOAP WS-Security header to enable the AA to verify the signature of 63 this client's request and identify the client ID. 64 65 @type clntPriKeyFilePath: string 66 @keyword clntPriKeyFilePath: Private key of client used to sign 67 outbound messages to the Attribute Authority. 68 49 69 50 @keyword tracefile: set to file object such as sys.stderr to give 70 51 extra WS debug information""" … … 72 53 self.__srv = None 73 54 self.__uri = None 74 self.__srvCertFilePath = None75 self.__srvCertFilePath = None76 self.__clntCertFilePath = None77 self.__clntCert = None78 self.__clntPriKeyFilePath = None79 self.__clntPriKeyPwd = None80 55 self.__srvCertTempFile = None 81 56 … … 83 58 if uri: 84 59 self.__setURI(uri) 85 86 if srvCertFilePath: 87 self.__setSrvCertFilePath(srvCertFilePath) 88 89 if clntPriKeyFilePath: 90 self.__setClntPriKeyFilePath(clntPriKeyFilePath) 91 92 if clntCertFilePath: 93 if clntPriKeyFilePath is None: 94 raise AttAuthorityClientError, \ 95 "A Client private key file is required as well a " + \ 96 "public key" 97 98 self.__setClntCertFilePath(clntCertFilePath) 99 60 61 # WS-Security Signature handler 62 self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 100 63 101 64 self.__tracefile = tracefile … … 117 80 118 81 uri = property(fset=__setURI, doc="Set Attribute Authority WSDL URI") 82 83 84 #_________________________________________________________________________ 85 def __getSignatureHandler(self, uri): 86 "Get SignatureHandler object property method" 87 return self.__signatureHandler 88 89 signatureHandler = property(fget=__getSignatureHandler, 90 doc="SignatureHandler object") 119 91 120 92 … … 221 193 222 194 # WS-Security Signature handler object is passed to binding 223 signatureHandler = SignatureHandler(\224 certFilePath=self.__clntCertFilePath,225 priKeyFilePath=self.__clntPriKeyFilePath,226 priKeyPwd=self.__clntPriKeyPwd)227 228 195 try: 229 196 locator = AttAuthorityServiceLocator() 230 197 self.__srv = locator.getAttAuthority(self.__uri, 231 sig_handler=signatureHandler,232 198 sig_handler=self.__signatureHandler, 199 tracefile=self.__tracefile) 233 200 except HTTPResponse, e: 234 201 raise AttAuthorityClientError, \ -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py
r2063 r2072 39 39 40 40 #_________________________________________________________________________ 41 def __init__(self, 42 uri=None, 43 srvCertFilePath=None, 44 clntCertFilePath=None, 45 clntPriKeyFilePath=None, 46 clntPriKeyPwd=None, 47 tracefile=None): 41 def __init__(self, uri=None, tracefile=None, **signatureHandlerKw): 48 42 """ 49 uri: URI for Session Manager WS. Setting it 50 will set the Service Proxy 51 srvCertFilePath: Public key of Session Manager. This is 52 needed to verify signed messages back from 53 the Session Manager 54 clntCertFilePath: X.509 cert for client. This is passed to the 55 Session Manager so that it can encrypt 56 responses. WARNING: if not set, responses 57 are returned as clear text 58 clntPriKeyFilePath: Private key of client. This is passed to 59 the signature handler to sign requests to 60 the Session Manager. 61 clntPriKeyPwd: Password for the client private key file. 62 Default to None if the file is not password 63 protected. 64 tracefile: set to file object such as sys.stderr to 65 give extra WS debug information""" 43 @type uri: string 44 @keyword uri: URI for Session Manager WS. Setting it will set the 45 Service Proxy 46 47 @type tracefile: file stream type 48 @param tracefile: set to file object such as sys.stderr to give extra 49 WS debug information 50 51 @type signatureHandlerKw: dict 52 @param signatureHandlerKw: keywords to configure signature handler""" 66 53 67 54 self.__srv = None 68 55 self.__uri = None 69 self.__srvCertFilePath = None70 self.__clntCertFilePath = None71 self.__clntCert = None72 self.__clntPriKeyFilePath = None73 self.__clntPriKeyPwd = None74 56 75 57 self.__srvCertTempFile = None … … 78 60 if uri: 79 61 self.__setURI(uri) 80 81 if srvCertFilePath: 82 self.__setSrvCertFilePath(srvCertFilePath) 83 84 if clntPriKeyFilePath: 85 self.__setClntPriKeyFilePath(clntPriKeyFilePath) 86 87 if clntPriKeyPwd: 88 self.__setClntPriKeyPwd(clntPriKeyPwd) 89 90 if clntCertFilePath: 91 self.__setClntCertFilePath(clntCertFilePath) 92 62 63 # WS-Security Signature handler 64 self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 65 93 66 self.__tracefile = tracefile 94 67 95 68 96 69 # Instantiate Session Manager WS ZSI client 97 if self.__uri and srvCertFilePath and clntPriKeyFilePath:70 if self.__uri: 98 71 self.initService() 99 72 … … 101 74 #_________________________________________________________________________ 102 75 def __setURI(self, uri): 76 "Set URI property method" 103 77 104 78 if not isinstance(uri, basestring): … … 112 86 113 87 #_________________________________________________________________________ 114 def __setSrvCertFilePath(self, srvCertFilePath): 115 116 if not isinstance(srvCertFilePath, basestring): 117 raise SessionMgrClientError, \ 118 "Session Manager X.509 Cert. file must be a valid string" 119 120 self.__srvCertFilePath = srvCertFilePath 121 122 srvCertFilePath = property(fset=__setSrvCertFilePath, 123 doc="Set Session Manager X.509 Cert. file") 124 125 126 #_________________________________________________________________________ 127 def __setClntCertFilePath(self, clntCertFilePath): 128 129 if not isinstance(clntCertFilePath, basestring): 130 raise SessionMgrClientError, \ 131 "Client X.509 cert. file path must be a valid string" 132 133 self.__clntCertFilePath = clntCertFilePath 134 try: 135 self.__clntCert = open(self.__clntCertFilePath).read() 136 137 except IOError, (errNo, errMsg): 138 raise SessionMgrClientError, \ 139 "Reading certificate file \"%s\": %s" % \ 140 (self.__clntCertFilePath, errMsg) 141 142 except Exception, e: 143 raise SessionMgrClientError, \ 144 "Reading certificate file \"%s\": %s" %\ 145 (self.__clntCertFilePath, str(e)) 146 147 clntCertFilePath = property(fset=__setClntCertFilePath, 148 doc="File path for client X.509 cert.") 149 150 151 #_________________________________________________________________________ 152 def __setClntPriKeyFilePath(self, clntPriKeyFilePath): 153 154 if not isinstance(clntPriKeyFilePath, basestring): 155 raise SessionMgrClientError, \ 156 "Client private key file path must be a valid string" 157 158 self.__clntPriKeyFilePath = clntPriKeyFilePath 159 160 clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath, 161 doc="File path for client private key") 162 163 164 #_________________________________________________________________________ 165 def __setClntPriKeyPwd(self, clntPriKeyPwd): 166 167 if not isinstance(clntPriKeyPwd, basestring): 168 raise SessionMgrClientError, \ 169 "Client private key password must be a valid string" 170 171 self.__clntPriKeyPwd = clntPriKeyPwd 172 173 clntPriKeyPwd = property(fset=__setClntPriKeyPwd, 174 doc="Password protecting client private key file") 175 176 88 def __getSignatureHandler(self, uri): 89 "Get SignatureHandler object property method" 90 return self.__signatureHandler 91 92 signatureHandler = property(fget=__getSignatureHandler, 93 doc="SignatureHandler object") 94 95 177 96 #_________________________________________________________________________ 178 97 def __getSrvX509Cert(self): … … 209 128 210 129 # WS-Security Signature handler object is passed to binding 211 signatureHandler = SignatureHandler(\212 certFilePath=self.__clntCertFilePath,213 priKeyFilePath=self.__clntPriKeyFilePath,214 priKeyPwd=self.__clntPriKeyPwd)215 216 130 try: 217 131 locator = SessionMgrServiceLocator() 218 132 self.__srv = locator.getSessionMgr(self.__uri, 219 sig_handler=signatureHandler,220 133 sig_handler=self.__signatureHandler, 134 tracefile=self.__tracefile) 221 135 except HTTPResponse, e: 222 136 raise SessionMgrClientError, \ … … 320 234 #_________________________________________________________________________ 321 235 def disconnect(self, 322 proxyCert=None,236 userCert=None, 323 237 sessCookie=None, 324 238 sessID=None, … … 327 241 328 242 disconnect([sessCookie=s]|[sessID=i, encrSessionMgrURI=e]| 329 [proxyCert=p][key=arg, ...]) 330 proxyCert: proxy certificate - use as ID instead of 331 a cookie in the case of a command line client. 332 sessCookie: session cookie returned from call to connect() 333 for a browser client. Input as a string or 334 SimpleCookie type. 335 sessID: session ID. Input this as well as 336 encrSessionMgrURI as an alternative to 337 sessCookie in the case of a browser client. 338 encrSessionMgrURI: encrypted Session Manager URI.""" 243 [userCert=u][key=arg, ...]) 244 245 @type userCert: 246 @keyword userCert: proxy certificate - use as ID instead of a cookie 247 in the case of a command line client. 248 249 @type sessCookie: ndg.security.common.SessionCookie or string 250 @keyword sessCookie: session cookie returned from call to connect() 251 for a browser client. 252 253 @type sessID: string 254 @keyword sessID: session ID. Input this as well as encrSessionMgrURI 255 as an alternative to sessCookie in the case of a browser client. 256 257 @type encrSessionMgrURI: string 258 @keyword encrSessionMgrURI: encrypted Session Manager URI.""" 339 259 340 260 # Checking authentication details: either a proxy cert, … … 359 279 # Make connection 360 280 try: 361 self.__srv.disconnect( proxyCert, sessID, encrSessionMgrURI)281 self.__srv.disconnect(userCert, sessID, encrSessionMgrURI) 362 282 363 283 except Exception, e: -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py
r2028 r2072 39 39 "Certificate File Path input must be a valid string" 40 40 41 41 self.__filePath = filePath 42 42 self.__dn = None 43 43 self.__dtNotBefore = None … … 148 148 raise X509CertError, "Not After time: " + str(e) 149 149 150 151 #_________________________________________________________________________ 152 def __getM2CryptoX509(self, m2CryptoX509=None): 153 "Return M2Crypto X.509 cert object" 154 return self.__m2CryptoX509 155 156 150 157 m2CryptoX509 = property(fset=__setM2CryptoX509, 151 doc="Set X509Cert from an M2Crypto.X509.X509 type") 158 fget=__getM2CryptoX509, 159 doc="M2Crypto.X509.X509 type") 152 160 153 161 … … 308 316 """Create a new X509 certificate read in from a file""" 309 317 310 x509Cert = X509Cert(filePath )318 x509Cert = X509Cert(filePath=filePath) 311 319 x509Cert.read() 312 320 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/XMLSec.py
r2028 r2072 645 645 for tfmNode in tfmNodes: 646 646 refAlgorithm = tfmNode.getAttributeNode('Algorithm').value 647 #refAlgorithm=tfmNode.getAttributeNodeNS(None, "Algorithm").value648 647 649 648 if refAlgorithm == DSIG.C14N_EXCL: … … 651 650 "InclusiveNamespaces")[0] 652 651 653 # pfxListAttNode = inclusiveNSnode.getAttributeNodeNS(None,654 # 'PrefixList')655 652 pfxListAttNode = inclusiveNSnode.getAttributeNode(\ 656 653 'PrefixList') -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py
r2063 r2072 52 52 53 53 54 from ndg.security.common.X509 import X509Cert, X509CertParse, X509CertRead 55 56 54 57 class _ENCRYPTION(ENCRYPTION): 55 58 '''Derived from ENCRYPTION class to add in extra 'tripledes-cbc' - is this … … 71 74 72 75 class VerifyError(Exception): 73 """Raised from SignatureHandler.verify if signature is invalid""" 76 """Raised from SignatureHandler.verify if an error occurs in the signature 77 verification""" 78 79 class InvalidSignature(Exception): 80 """Raised from verify method for an invalid signature""" 74 81 75 82 class SignatureError(Exception): … … 96 103 re.S) 97 104 105 106 #_________________________________________________________________________ 107 def __init__(self, 108 verifyingCert=None, 109 verifyingCertFilePath=None, 110 signingCert=None, 111 signingCertFilePath=None, 112 signingPriKey=None, 113 signingPriKeyFilePath=None, 114 signingPriKeyPwd=None): 115 116 self.__setVerifyingCert(verifyingCert) 117 self.__setVerifyingCertFilePath(verifyingCertFilePath) 118 119 self.__setSigningCert(signingCert) 120 self.__setSigningCertFilePath(signingCertFilePath) 121 122 # MUST be set before __setSigningPriKeyFilePath / __setSigningPriKey 123 # are called 124 self.__setSigningPriKeyPwd(signingPriKeyPwd) 125 126 if signingPriKey is not None: 127 # Don't allow None for private key setting 128 self.__setSigningPriKey(signingPriKey) 129 130 self.__setSigningPriKeyFilePath(signingPriKeyFilePath) 131 132 133 #_________________________________________________________________________ 134 def __setCert(self, cert): 135 """filter and convert input cert to signing verifying cert set 136 property methods. For signingCert, set to None if it is not to be 137 included in the SOAP header. For verifyingCert, set to None if this 138 cert can be expected to be retrieved from the SOAP header of the 139 message to be verified 140 141 @type: ndg.security.common.X509.X509Cert / M2Crypto.X509.X509 / 142 string or None 143 @param cert: X.509 certificate. 144 145 @rtype ndg.security.common.X509.X509Cert 146 @return X.509 certificate object""" 147 148 if cert is None or isinstance(cert, X509Cert): 149 # ndg.security.common.X509.X509Cert type / None 150 return cert 151 152 elif isinstance(cert, X509.X509): 153 # M2Crypto.X509.X509 type 154 return X509Cert(m2CryptoX509=cert) 155 156 elif isinstance(cert, basestring): 157 return X509CertParse(cert) 158 159 else: 160 raise AttributeError, "X.509 Cert. must be type: " + \ 161 "ndg.security.common.X509.X509Cert, M2Crypto.X509.X509 or " +\ 162 "a base64 encoded string" 163 164 165 #_________________________________________________________________________ 98 166 def __getVerifyingCert(self): 99 167 '''Return X.509 cert object corresponding to cert used to verify the … … 108 176 ''' 109 177 return self.__verifyingCert 110 111 verifyingCert = property(fget=__getVerifyingCert, 112 doc="X.509 obj for cert that verified signature") 113 114 178 179 115 180 #_________________________________________________________________________ 116 def __init__(self, 117 certFilePath=None, 118 priKeyFilePath=None, 119 priKeyPwd=None): 120 121 self.__certFilePath = certFilePath 122 self.__priKeyFilePath = priKeyFilePath 123 self.__priKeyPwd = priKeyPwd 124 125 # X.509 cert object corresponding to cert used to verify the signature 126 # in the last call to verify - set to None until verify is called 127 self.__verifyingCert = None 181 def __setVerifyingCert(self, verifyingCert): 182 "Set property method for X.509 cert. used to verify a signature" 183 self.__verifyingCert = self.__setCert(verifyingCert) 184 185 # Reset file path as it may no longer apply 186 self.__verifyingCertFilePath = None 187 188 verifyingCert = property(fset=__setVerifyingCert, 189 fget=__getVerifyingCert, 190 doc="Set X.509 Cert. for verifying signature") 191 192 193 #_________________________________________________________________________ 194 def __setVerifyingCertFilePath(self, verifyingCertFilePath): 195 "Set method for Service X.509 cert. file path property" 196 197 if isinstance(verifyingCertFilePath, basestring): 198 self.__verifyingCert = X509CertRead(verifyingCertFilePath) 199 200 elif verifyingCertFilePath is not None: 201 raise AttributeError, \ 202 "Verifying X.509 Cert. file path must be None or a valid string" 203 204 self.__verifyingCertFilePath = verifyingCertFilePath 205 206 verifyingCertFilePath = property(fset=__setVerifyingCertFilePath, 207 doc="file path of X.509 Cert. for verifying signature") 208 209 210 #_________________________________________________________________________ 211 def __setSigningCert(self, signingCert): 212 "Set property method for X.509 cert. to be included with signature" 213 self.__signingCert = self.__setCert(signingCert) 214 215 # Reset file path as it may no longer apply 216 self.__signingCertFilePath = None 217 218 signingCert = property(fset=__setSigningCert, 219 doc="Set X.509 Cert. to include signature") 220 221 222 #_________________________________________________________________________ 223 def __setSigningCertFilePath(self, signingCertFilePath): 224 "Set signature X.509 cert property method" 225 226 if isinstance(signingCertFilePath, basestring): 227 self.__signingCert = X509CertRead(signingCertFilePath) 228 229 elif signingCertFilePath is not None: 230 raise AttributeError, \ 231 "Signature X.509 cert. file path must be a valid string" 232 233 self.__signingCertFilePath = signingCertFilePath 234 235 236 signingCertFilePath = property(fset=__setSigningCertFilePath, 237 doc="File path X.509 cert. to include with signed message") 238 239 240 #_________________________________________________________________________ 241 def __setSigningPriKeyPwd(self, signingPriKeyPwd): 242 "Set method for private key file password used to sign message" 243 if signingPriKeyPwd is not None and \ 244 not isinstance(signingPriKeyPwd, basestring): 245 raise AttributeError, \ 246 "Signing private key password must be None or a valid string" 247 248 self.__signingPriKeyPwd = signingPriKeyPwd 249 250 signingPriKeyPwd = property(fset=__setSigningPriKeyPwd, 251 doc="Password protecting private key file used to sign message") 252 253 254 #_________________________________________________________________________ 255 def __setSigningPriKey(self, signingPriKey): 256 """Set method for client private key 257 258 Nb. if input is a string, signingPriKeyPwd will need to be set if 259 the key is password protected. 260 261 @type signingPriKey: M2Crypto.RSA.RSA / string 262 @param signingPriKey: private key used to sign message""" 263 264 if isinstance(signingPriKey, basestring): 265 pwdCallback = lambda *ar, **kw: self.__signingPriKeyPwd 266 self.__signingPriKey = RSA.load_key_string(signingPriKey, 267 callback=pwdCallback) 268 269 elif isinstance(signingPriKey, RSA.RSA): 270 self.__signingPriKey = signingPriKey 271 272 else: 273 raise AttributeError, "Signing private key must be a valid " + \ 274 "M2Crypto.RSA.RSA type or a string" 275 276 signingPriKey = property(fset=__setSigningPriKey, 277 doc="Private key used to sign outbound message") 278 279 280 #_________________________________________________________________________ 281 def __setSigningPriKeyFilePath(self, signingPriKeyFilePath): 282 """Set method for client private key file path 283 284 signingPriKeyPwd MUST be set prior to a call to this method""" 285 if not isinstance(signingPriKeyFilePath, basestring): 286 raise AttributeError, \ 287 "Private key file path must be a valid string" 288 289 try: 290 # Read Private key to sign with 291 priKeyFile = BIO.File(open(signingPriKeyFilePath)) 292 pwdCallback = lambda *ar, **kw: self.__signingPriKeyPwd 293 self.__signingPriKey = RSA.load_key_bio(priKeyFile, 294 callback=pwdCallback) 295 except Exception, e: 296 raise AttributeError, "Setting private key for signature: %s" % e 297 298 self.__signingPriKeyFilePath = signingPriKeyFilePath 299 300 signingPriKeyFilePath = property(fset=__setSigningPriKeyFilePath, 301 doc="File path for private key used to sign message") 128 302 129 303 … … 133 307 ''' 134 308 135 try:136 # Read Private key to sign with137 priKeyFile = BIO.File(open(self.__priKeyFilePath))138 pwdCallback = lambda *ar, **kw: self.__priKeyPwd139 priKey = RSA.load_key_bio(priKeyFile, callback=pwdCallback)140 141 except Exception, e:142 raise SignatureError, "Loading private key for signature: %s" % e143 144 145 309 # Add X.509 cert as binary security token 146 try: 147 x509Cert = X509.load_cert(self.__certFilePath) 148 except Exception, e: 149 raise SignatureError, "Error loading X.509 certificate for " + \ 150 "binary security token element of signature" 151 152 x509CertStr=self.__class__.__x509CertPat.findall(x509Cert.as_pem())[0] 310 x509CertStr = self.__class__.__x509CertPat.findall(\ 311 self.__signingCert.toString())[0] 153 312 154 313 soapWriter._header.setNamespaceAttribute('wsse', OASIS.WSSE) … … 327 486 328 487 # Sign using the private key and base 64 encode the result 329 signatureValue = priKey.sign(signedInfoDigestValue)488 signatureValue = self.__signingPriKey.sign(signedInfoDigestValue) 330 489 b64EncSignatureValue = base64.encodestring(signatureValue).strip() 331 490 … … 333 492 signatureValueElem.createAppendTextNode(b64EncSignatureValue) 334 493 335 # Extract RSA public key from the cert336 rsaPubKey = x509Cert.get_pubkey().get_rsa()494 # # Extract RSA public key from the cert 495 # rsaPubKey = self.__signingCert.m2CryptoX509.get_pubkey().get_rsa() 337 496 338 497 # Check the signature … … 341 500 # open('soap.xml', 'w').write(str(soapWriter)) 342 501 # import pdb;pdb.set_trace() 343 print "Signature Generated"344 print str(soapWriter)502 # print "Signature Generated" 503 # print str(soapWriter) 345 504 346 505 … … 488 647 contextNode=parsedSOAP.dom, 489 648 context=ctxt)[0] 490 649 except: 650 # Signature may not have included the Binary Security Token in 651 # which case the verifying cert will need to have been set 652 # elsewhere 653 pass 654 655 656 try: 491 657 b64EncX509Cert = self.__class__.__beginCert + \ 492 658 str(binSecTokNode.childNodes[0]._get_nodeValue()) + \ 493 659 self.__class__.__endCert 494 495 self.__verifyingCert = X509.load_cert_string(b64EncX509Cert) 496 except: 497 # If not, check cert file 498 self.__verifyingCert = X509.load_cert(self.__certFilePath) 660 661 self.__setVerifyingCert(b64EncX509Cert) 662 except Exception, e: 663 raise VerifyError, "Error extracting BinarySecurityToken from " +\ 664 "WSSE header: " + str(e) 665 666 if self.__verifyingCert is None: 667 raise VerifyError, "No certificate set for verification " + \ 668 "of the signature" 669 499 670 500 671 # Extract RSA public key from the cert 501 rsaPubKey = self.__verifyingCert. get_pubkey().get_rsa()672 rsaPubKey = self.__verifyingCert.m2CryptoX509.get_pubkey().get_rsa() 502 673 503 674 # Apply the signature verification … … 506 677 signatureValue)) 507 678 except RSA.RSAError: 508 raise VerifyError, "Error in Signature"679 raise InvalidSignature, "Error in Signature" 509 680 510 681 if not verify: 511 raise VerifyError, "Invalid signature"682 raise InvalidSignature, "Invalid signature" 512 683 513 684 #print "Signature OK" … … 544 715 545 716 def __init__(self, 546 certFilePath=None,547 priKeyFilePath=None,548 priKeyPwd=None,717 signingCertFilePath=None, 718 signingPriKeyFilePath=None, 719 signingPriKeyPwd=None, 549 720 chkSecurityTokRef=False, 550 721 encrNS=_ENCRYPTION.BLOCK_AES256): 551 722 552 self.__ certFilePath = certFilePath553 self.__ priKeyFilePath = priKeyFilePath554 self.__ priKeyPwd = priKeyPwd723 self.__signingCertFilePath = signingCertFilePath 724 self.__signingPriKeyFilePath = signingPriKeyFilePath 725 self.__signingPriKeyPwd = signingPriKeyPwd 555 726 556 727 self.__chkSecurityTokRef = chkSecurityTokRef … … 572 743 Use Key Wrapping - message is encrypted using a shared key which 573 744 itself is encrypted with the public key provided by the X.509 cert. 574 certFilePath"""745 signingCertFilePath""" 575 746 576 747 # Use X.509 Cert to encrypt 577 x509Cert = X509.load_cert(self.__ certFilePath)748 x509Cert = X509.load_cert(self.__signingCertFilePath) 578 749 579 750 soapWriter.dom.setNamespaceAttribute('wsse', OASIS.WSSE) … … 765 936 766 937 767 if self.__chkSecurityTokRef and self.__ certFilePath:938 if self.__chkSecurityTokRef and self.__signingCertFilePath: 768 939 769 940 # Check input cert. against SecurityTokenReference … … 784 955 785 956 # Read RSA Private key in order to decrypt wrapped key 786 priKeyFile = BIO.File(open(self.__ priKeyFilePath))787 p riKey = RSA.load_key_bio(priKeyFile,788 callback=lambda *ar, **kw: self.__priKeyPwd)957 priKeyFile = BIO.File(open(self.__signingPriKeyFilePath)) 958 pwdCallback = lambda *ar, **kw: self.__signingPriKeyPwd 959 priKey = RSA.load_key_bio(priKeyFile, callback=pwdCallback) 789 960 790 961 sharedKey = priKey.private_decrypt(encryptedKey, RSA.pkcs1_padding) -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py
r2063 r2072 130 130 131 131 # Read Attribute Authority Properties file 132 self.readProperties( propFilePath)132 self.readProperties() 133 133 134 134 # Read the Map Configuration file -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac
r2058 r2072 47 47 # Get certificate corresponding to private key that signed the 48 48 # message - i.e. the user's proxy 49 proxyCert = X509Cert(\ 50 m2CryptoX509=WSSecurityHandler.signatureHandler.verifyingCert) 49 proxyCert = WSSecurityHandler.signatureHandler.verifyingCert 51 50 52 51 attCert = self.aa.getAttCert(proxyCert=proxyCert, … … 106 105 # public and private keys 107 106 WSSecurityHandler.signatureHandler = SignatureHandler(\ 108 certFilePath=aaSrv.aa['certFile'],109 priKeyFilePath=aaSrv.aa['keyFile'],110 priKeyPwd=aaSrv.aa['keyPwd'])107 signingCertFilePath=aaSrv.aa['certFile'], 108 signingPriKeyFilePath=aaSrv.aa['keyFile'], 109 signingPriKeyPwd=aaSrv.aa['keyPwd']) 111 110 112 111 # Add Service to Attribute Authority branch -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py
r2070 r2072 4 4 NERC Data Grid Project 5 5 6 P J Kershaw 02/06/057 8 Copyright (C) 2006 CCLRC & NERC9 10 This software may be distributed under the terms of the Q Public License, 11 version 1.0 or later.6 @author P J Kershaw 02/06/05 7 8 @copyright (C) 2006 CCLRC & NERC 9 10 @license This software may be distributed under the terms of the Q Public 11 License, version 1.0 or later. 12 12 """ 13 13 … … 28 28 import base64 29 29 30 # Session Manager WSDLURI in cookie30 # Session Manager URI in cookie 31 31 from Crypto.Cipher import AES 32 32 33 # Check Session M gr WSDLURI is encrypted33 # Check Session Manager URI is encrypted 34 34 from urllib import urlopen 35 35 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py
r2051 r2072 36 36 37 37 # Instantiate WS proxy 38 self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 39 clntCertFilePath=self.cfg['setUp']['usercertfilepath'], 40 clntPriKeyFilePath=self.cfg['setUp']['userprikeyfilepath'], 41 tracefile=sys.stderr) 38 self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 39 signingCertFilePath=self.cfg['setUp']['usercertfilepath'], 40 signingPriKeyFilePath=self.cfg['setUp']['userprikeyfilepath'], 41 tracefile=sys.stderr) 42 42 43 43 44 … … 123 124 124 125 # Make client to site B Attribute Authority 125 clnt = AttAuthorityClient( \126 127 clntCertFilePath=self.cfg['test6GetMappedAttCert']['usercertfilepath'],128 clntPriKeyFilePath=self.cfg['test6GetMappedAttCert']['userprikeyfilepath'],129 126 clnt = AttAuthorityClient( 127 uri=self.cfg['test6GetMappedAttCert']['uri'], 128 signingCertFilePath=self.cfg['test6GetMappedAttCert']['usercertfilepath'], 129 signingPriKeyFilePath=self.cfg['test6GetMappedAttCert']['userprikeyfilepath'], 130 tracefile=sys.stderr) 130 131 131 132 # Make attribute certificate request -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg
r2070 r2072 12 12 [test1Store] 13 13 username: sstljakTestUser 14 #username: gabriel14 username: gabriel 15 15 passphrase: 16 16 certFile: ./userCert.pem … … 21 21 22 22 [test2GetDelegation] 23 username: sstljakTestUser24 #username: gabriel23 #username: sstljakTestUser 24 username: gabriel 25 25 passphrase: 26 26 27 27 [test3Info] 28 #username: sstljakTestUser29 username: gabriel28 username: sstljakTestUser 29 #username: gabriel 30 30 ownerCertFile: ./proxy-cert.pem 31 31 ownerKeyFile: ./proxy-key.pem … … 33 33 34 34 [test4ChangePassphrase] 35 #username: sstljakTestUser36 username: gabriel35 username: sstljakTestUser 36 #username: gabriel 37 37 ownerCertFile: ./proxy-cert.pem 38 38 ownerKeyFile: ./proxy-key.pem -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg
r2070 r2072 23 23 # Password protecting client private key - if omitted it will be prompted for 24 24 # from tty 25 clntprikeypwd =25 #clntprikeypwd = 26 26 27 27 clntcertfilepath = ./clnt-cert.pem … … 34 34 35 35 [test2CookieConnect] 36 username = sstljakTestUser37 #username = gabriel36 #username = sstljakTestUser 37 username = gabriel 38 38 #passphrase = 39 39 40 40 [test3ProxyCertConnect] 41 username = sstljakTestUser42 #username = gabriel41 #username = sstljakTestUser 42 username = gabriel 43 43 #passphrase = 44 44
Note: See TracChangeset
for help on using the changeset viewer.