Ignore:
Timestamp:
12/02/07 15:27:35 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/ca/server-config.tac: added file copied
from Session Manager equivalent

python/ndg.security.server/ndg/security/server/ca/SimpleCA.py:

  • added ability to generate a certificate request using M2Crypto
  • added properties for running web service over SSL + PKI settings
  • properties file path can be set vai the NDGSEC_CA_PROPFILEPATH environment variable

python/ndg.security.server/ndg/security/server/ca/start-container.sh: script to run
service with twistd.

python/ndg.security.server/ndg/security/server/ca/Makefile: calls to wsdl2dispatch to
generate server side stubs.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac: fixed typo

  • ref to Attribute Authority instead of Session Manager.

python/ndg.security.server/ndg/security/server/MyProxy.py: simplified use of OpenSSLConfig
class.

python/conf/sessionMgrProperties.xml: removed duplicate lines.

python/conf/simpleCAProperties.xml: re-added - for some reason not previously stored in
repository.

python/ndg.security.test/ndg/security/test/ca/server.sh: adapted from Session Manager
version.

python/ndg.security.test/ndg/security/test/ca/caClientTest.cfg: added settings for
issueCert unit test to configure certificate request.

python/ndg.security.test/ndg/security/test/ca/caClientTest.py: setting up
test1IssueCert unit test.

python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml: added settings for
SSL and PKI.

python/ndgSetup.sh: set up GRID_SECURITY_DIR environment variable

python/ndg.security.common/ndg/security/common/ca/init.py: Certificate Authority
web service client - updated settings for OpenSSLConfig object and issueCert method.

python/ndg.security.common/ndg/security/common/ca/CertReq.py: old code from alpha version
of NDG-Security.

python/ndg.security.common/ndg/security/common/ca/Makefile: generates client and server
side stubs for Certificate Authority web service.

python/ndg.security.common/ndg/security/common/wsSecurity.py: updated header

python/ndg.security.common/ndg/security/common/openssl.py:

  • fixed regular expression for 'req_distinguished_name' pattern match
  • parameters are parsed in call to read() rather than in getReqDN method.
  • reqDN is now a property.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/ca/__init__.py

    r2136 r2145  
    2121# Handling for public key retrieval 
    2222import tempfile 
    23 from M2Crypto import X509, RSA, EVP 
     23from M2Crypto import X509, RSA, EVP, m2 
    2424 
    2525from CertificateAuthority_services import CertificateAuthorityServiceLocator 
     
    4444     
    4545    #_________________________________________________________________________ 
    46     def __init__(self, uri=None, tracefile=None, **signatureHandlerKw): 
     46    def __init__(self,  
     47                 uri=None,  
     48                 tracefile=None, 
     49                 openSSLConfigFilePath=None,  
     50                 **signatureHandlerKw): 
    4751        """ 
    4852        @type uri: string 
     
    6165 
    6266        # Set-up parameter names for certificate request 
    63         self.__certReqDNparam = {} 
     67        self.__openSSLConfig = OpenSSLConfig(filePath=openSSLConfigFilePath) 
    6468 
    6569         
     
    9195 
    9296    #_________________________________________________________________________ 
     97    def __getOpenSSLConfig(self): 
     98        "Get OpenSSLConfig object property method" 
     99        return self.__openSSLConfig 
     100     
     101    openSSLConfig = property(fget=__getOpenSSLConfig, 
     102                             doc="OpenSSLConfig object") 
     103 
     104 
     105    #_________________________________________________________________________ 
    93106    def __getSignatureHandler(self): 
    94107        "Get SignatureHandler object property method" 
     
    162175    clntPriKeyPwd = property(fset=__setClntPriKeyPwd, 
    163176                         doc="Password protecting client private key file") 
    164  
    165  
    166     #_________________________________________________________________________         
    167     def __setCertReqDNparam(self, dict): 
    168         '''certReqDNparam property set method - forces setting of certificate  
    169         request parameter names to valid values 
    170          
    171         @param dict: dictionary of parameters''' 
    172          
    173         invalidKw = [k for k in dict \ 
    174                      if k not in self.__class__._certReqDNparamName] 
    175         if invalidKw: 
    176             raise CertificateAuthorityClientError, \ 
    177     "Invalid certificate request keyword(s): %s.  Valid keywords are: %s" % \ 
    178     (', '.join(invalidKw), ', '.join(self.__class__._certReqDNparamName)) 
    179      
    180         self.__certReqDNparam.update(dict) 
    181  
    182  
    183     #_________________________________________________________________________         
    184     def __getCertReqDNparam(self): 
    185         """certReqDNparam property set method - for Certificate request  
    186         parameters dict""" 
    187         return self.__certReqDNparam 
    188      
    189      
    190     certReqDNparam = property(fset=__setCertReqDNparam, 
    191                             fget=__getCertReqDNparam, 
    192                             doc="Dictionary of parameters for cert. request") 
    193177 
    194178         
     
    248232        req.set_pubkey(pubKey) 
    249233         
    250         if self.__certReqDNparam: 
    251             certReqDNparam = self.__certReqDNparam 
    252         else: 
    253             defaultReqDN = self.__openSSLConf.getReqDN() 
    254              
    255             certReqDNparam = {} 
    256             certReqDNparam['O'] = defaultReqDN['0.organizationName'] 
    257             certReqDNparam['OU'] = defaultReqDN['0.organizationalUnitName'] 
     234        defaultReqDN = self.__openSSLConfig.reqDN         
    258235             
    259236        # Set DN 
    260237        x509Name = X509.X509_Name() 
    261238        x509Name.CN = CN 
    262         x509Name.OU = certReqDNparam['OU'] 
    263         x509Name.O = certReqDNparam['O'] 
     239        x509Name.OU = defaultReqDN.get('0.organizationalUnitName') or \ 
     240                        defaultReqDN['0U'] 
     241        x509Name.O = defaultReqDN.get('0.organizationName') or \ 
     242                        defaultReqDN['0'] 
     243                         
    264244        req.set_subject_name(x509Name) 
    265245         
    266246        req.sign(pubKey, messageDigest) 
    267247         
    268         return (req.as_pem(), key.as_pem(cipher=None)) 
     248        return req, key 
    269249     
    270250                                     
    271251    #_________________________________________________________________________ 
    272     def signCert(self,  
    273                  certReq=None,  
    274                  CN=None,  
    275                  opensslConfigFilePath=None, 
    276                  **createCertReqKw): 
     252    def issueCert(self,  
     253                  certReq=None,  
     254                  CN=None,  
     255                  openSSLConfigFilePath=None, 
     256                  **createCertReqKw): 
    277257        """Send a certificate request to the CA for signing 
    278258         
    279         signCert([certReq=cr]|[CN=cn, opensslConfigFilePath=p, **kw]) 
     259        signCert([certReq=cr]|[CN=cn, openSSLConfigFilePath=p, **kw]) 
    280260         
    281261        @type certReq: M2Crypto.X509.Request 
     
    288268        cert.  This keyword is ignored if certReq keyword is set. 
    289269         
    290         @type opensslConfigFilePath: string 
    291         @keyword opensslConfigFilePath: file path for OpenSSL configuration 
     270        @type openSSLConfigFilePath: string 
     271        @keyword openSSLConfigFilePath: file path for OpenSSL configuration 
    292272        file from which to get settings for Distinguished Name for new  
    293273        certificate.  This keyword is ignored if certReq keyword is set. 
     274         
     275        @type **createCertReqKw: dict 
     276        @param **createCertReqKw: keywords to call to _createCertReq - only 
     277        applies if certReq is not set. 
     278         
    294279        @rtype: tuple 
    295280        @return: signed certificate and private key.  Private key will be  
     
    303288         
    304289        try:    
    305             cert = self.__srv.signCert(certReq.as_pem()) 
     290            cert = self.__srv.issueCert(certReq.as_pem()) 
    306291 
    307292        except Exception, e: 
Note: See TracChangeset for help on using the changeset viewer.