Ignore:
Timestamp:
03/07/07 09:35:48 (13 years ago)
Author:
pjkersha
Message:

Preparing new DEWS 0.8.0 release -

ndg.security.server/setup.py: remove commented out code

setup.py, ndg.security.client/setup.py, ndg.security.test/setup.py,
ndg.security.server/setup.py, ndg.security.common/setup.py:
update version to 0.8.0

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml:
reset default transport to http

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
default test settings for DEWS

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • updated for tests with SSL - sslCACertList keyword

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • test with SSL

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • include new SSL settings sslCACertList and sslCACertFilePathList

keywords / properties

  • removed transdict keyword
  • changed tranport attribute to _transport and transdict to _transdict

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • import httplib to enable catch for httplib.BadStatusLine? exception - this

is thrown when trying to connect with http to https service

  • include sslCACertFilePathList property
  • remove clntCertFilePath, clntPriKeyFilePath and clntPriKeyPwd properties -

no longer needed

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • new property caCertFilePathList enables setting of CA certs from file list
  • fix to HTTPSConnection class - set _postConnectionCheck attribute to

SSL.Checker.Checker default if not equivalent keyword was set

ndg.security.common/ndg/security/common/CredWallet.py:

  • enable calls to Attribute Authorities to set CA list for peer cert

verification with SSL connections

ndg-security-install.py: added new -t option to enable install of unit tests
package

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r2679 r2685  
    22import socket 
    33 
    4 from M2Crypto import SSL 
     4from M2Crypto import SSL, X509 
    55from M2Crypto.httpslib import HTTPSConnection as _HTTPSConnection 
    66 
     
    1515    setting match for peer cert""" 
    1616 
    17     def __init__(self, peerCertDN=None, peerCertCN=None, caCertList=[], **kw): 
     17    def __init__(self,  
     18                 peerCertDN=None,  
     19                 peerCertCN=None,  
     20                 caCertList=[], 
     21                 caCertFilePathList=[],  
     22                 **kw): 
    1823        """Override parent class __init__ to enable setting of myProxyServerDN 
    1924        setting 
     
    2934         
    3035        @type caCertList: list type of M2Crypto.X509.X509 types 
    31         @keyword caCert: CA X.509 certificates - if set the peer cert's  
     36        @keyword caCertList: CA X.509 certificates - if set the peer cert's  
    3237        CA signature is verified against one of these.  At least one must 
    33         verify""" 
     38        verify 
     39         
     40        @type caCertFilePathList: list string types 
     41        @keyword caCertFilePathList: same as caCertList except input as list 
     42        of CA cert file paths""" 
    3443         
    3544        SSL.Checker.Checker.__init__(self, **kw) 
     
    3746        self.peerCertDN = peerCertDN 
    3847        self.peerCertCN = peerCertCN 
    39         self.caCertList = caCertList 
    40          
     48        if caCertList: 
     49            self.caCertList = caCertList 
     50        elif caCertFilePathList: 
     51            self.caCertFilePathList = caCertFilePathList 
     52             
    4153         
    4254    def __call__(self, peerCert, host=None): 
     
    8193 
    8294 
     95    #_________________________________________________________________________ 
     96    def __setCACertsFromFileList(self, caCertFilePathList): 
     97        '''Read CA certificates from file and add them to the X.509 
     98        stack 
     99         
     100        @type caCertFilePathList: list or tuple 
     101        @param caCertFilePathList: list of file paths for CA certificates to 
     102        be used to verify certificate used to sign message''' 
     103         
     104        if not isinstance(caCertFilePathList, list) and \ 
     105           not isinstance(caCertFilePathList, tuple): 
     106            raise AttributeError, \ 
     107                        'Expecting a list or tuple for "caCertFilePathList"' 
     108 
     109        self.__caCertStack = X509Stack() 
     110 
     111        for caCertFilePath in caCertFilePathList: 
     112            self.__caCertStack.push(X509.load_cert(caCertFilePath)) 
     113         
     114    caCertFilePathList = property(fset=__setCACertsFromFileList, 
     115    doc="list of CA cert file paths - peer cert must validate against one") 
     116 
     117 
    83118class HTTPSConnection(_HTTPSConnection): 
    84119 
     
    89124            self._postConnectionCheck = kw['postConnectionCheck'] 
    90125            del kw['postConnectionCheck'] 
    91  
     126        else: 
     127            self._postConnectionCheck = SSL.Checker.Checker 
     128             
    92129        _HTTPSConnection.__init__(self, *args, **kw) 
    93130         
Note: See TracChangeset for help on using the changeset viewer.