Changeset 2893


Ignore:
Timestamp:
18/09/07 15:05:31 (12 years ago)
Author:
pjkersha
Message:

New version of MyProxy? no longer needs NDG-customised version of M2Crypto. - Now unit tested with standard M2Crypto v0.18

ndg.security.server/ndg/security/server/Log.py:

  • simplified and set-up so that handlers are added according to NDGSEC_* environment variable settings

ndg.security.server/ndg/security/server/MyProxy.py:

  • replaced customised M2Crypto code with standard M2Crypto vers 0.18 calls now that required functions are supported. These are: as_der() method for X.509 cert requests and X509.load_cert_der_string

ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:

  • set for unit test re-run

ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py:

  • fix to password defaults

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml +
ndg.security.test/ndg/security/test/SessionMgr/openssl.conf:

  • use a local OpenSSL config file instead of one in Globus installation
Location:
TI12-security/trunk/python
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/Log.py

    r2418 r2893  
    2727#_____________________________________________________________________________ 
    2828class Log(_logSuperClass): 
    29     """NDG Logging class""" 
     29    """NDG Security Logging class""" 
    3030     
    3131    msgFmt = '%(asctime)s %(name)s: %(levelname)-8s %(message)s' 
     
    3636    backUpCnt = 10 
    3737     
    38     def __init__(self,  
    39                  logName='',  
    40                  logFilePath=None,  
    41                  console=False, 
    42                  sysLog=False, 
    43                  sysLogHandlerKw={}): 
     38    def __init__(self, name=name, sysLogHandlerKw={}): 
    4439        """NDG Logging class 
    4540         
     
    4843        console:        Set to True to send output to the stderr""" 
    4944 
     45        logDebug = bool(os.environ.get("NDGSEC_LOGDEBUG")) 
     46         
    5047        # Inherit from Logger class 
    51         _logSuperClass.__init__(self, logName, level=logging.DEBUG) 
     48        _logSuperClass.__init__(self, name=name, level=logging.DEBUG) 
    5249                             
    5350         
     
    5754 
    5855        # Handler set to write to INFO messages or higher to the sys.stderr 
    59         if console: 
     56        if os.environ.get("NDGSEC_CONSOLELOG"): 
    6057            console = logging.StreamHandler() 
    6158            console.setLevel(logging.INFO) 
     
    7168        # maxBytes, a new log file is started.  Up to backupCount are created 
    7269        # before the first is overwritten 
     70        logFilePath = os.environ.get("NDGSEC_LOGFILEPATH") 
    7371        if logFilePath: 
    7472            fileLog = RotatingFileHandler(logFilePath,  
     
    7876             
    7977            # Nb. log file includes debug messages 
    80             fileLog.setLevel(logging.DEBUG) 
     78            if logDebug: fileLog.setLevel(logging.DEBUG) 
    8179             
    8280            self.addHandler(fileLog) 
    8381             
    84         if sysLog: 
     82        if os.environ.get("NDGSEC_SYSLOG"): 
    8583            sysLogHandler = SysLogHandler(**sysLogHandlerKw) 
    8684            sysLogHandler.setFormatter(formatter) 
    8785             
    88             sysLogHandler.setLevel(logging.DEBUG) 
     86            if logDebug: sysLogHandler.setLevel(logging.DEBUG) 
    8987             
    9088            self.addHandler(sysLogHandler) 
     89 
     90# Make NDG Security Logger the default 
     91logging.setLoggerClass(Log) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/MyProxy.py

    r2827 r2893  
    395395         
    396396        req.sign(pubKey, messageDigest) 
    397          
    398         return (req.as_asn1(), key.as_pem(cipher=None)) 
     397 
     398        return (req.as_der(), key.as_pem(cipher=None)) 
    399399     
    400400     
     
    458458        pemCerts = []         
    459459        dat = inputDat 
    460          
     460 
    461461        while dat:     
    462462            # find start of cert, get length         
     
    470470            derCert = dat[ind:ind+len+4] 
    471471             
    472             x509 = X509.load_cert_string(derCert, type=X509.TYPE_ASN1) 
     472            x509 = X509.load_cert_der_string(derCert) 
    473473            pemCert = x509.as_pem() 
    474474             
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py

    r2270 r2893  
    4141        '''test1Store: upload X509 cert and private key to repository''' 
    4242             
    43         passphrase = self.cfg['test1Store'].get('passphrase') or \ 
    44             getpass.getpass(prompt="\ntest1Store cred. pass-phrase: ") 
     43        passphrase = self.cfg['test1Store'].get('passphrase') 
     44        if passphrase is None: 
     45            passphrase = getpass.getpass(\ 
     46                                 prompt="\ntest1Store cred. pass-phrase: ") 
    4547             
    46         ownerPassphrase = self.cfg['test1Store'].get('ownerpassphrase') or \ 
    47             getpass.getpass(prompt="\ntest1Store cred. owner pass-phrase: ") 
     48        ownerPassphrase = self.cfg['test1Store'].get('ownerpassphrase') 
     49        if ownerPassphrase is None: 
     50            ownerPassphrase = getpass.getpass(\ 
     51                              prompt="\ntest1Store cred. owner pass-phrase: ") 
    4852             
    4953        try: 
     
    5761                        force=False) 
    5862            print "Store creds for user %s" % \ 
    59                     self.cfg['test1Store']['username'] 
     63                                            self.cfg['test1Store']['username'] 
    6064        except: 
    6165            self.fail(traceback.print_exc()) 
     
    6468    def test2GetDelegation(self): 
    6569        '''test2GetDelegation: retrieve proxy cert./private key''' 
    66         passphrase = self.cfg['test2GetDelegation']['passphrase'] or \ 
    67             getpass.getpass(prompt="\ntest2GetDelegation pass-phrase: ") 
     70        passphrase = self.cfg['test2GetDelegation'].get('passphrase') 
     71        if passphrase is None: 
     72            passphrase = getpass.getpass(\ 
     73                                 prompt="\ntest2GetDelegation pass-phrase: ") 
    6874          
    6975        try: 
     
    8490        # ownerpassphrase can be omitted from the congif file in which case 
    8591        # the get call below would return None 
    86         ownerpassphrase = self.cfg['test3Info'].get('ownerpassphrase') or \ 
    87             getpass.getpass(prompt="\ntest3Info owner creds pass-phrase: ") 
     92        ownerPassphrase = self.cfg['test3Info'].get('ownerpassphrase') 
     93        if ownerPassphrase is None: 
     94            ownerPassphrase = getpass.getpass(\ 
     95                              prompt="\ntest3Info owner creds pass-phrase: ") 
    8896 
    8997        try: 
     
    92100                                 self.cfg['test3Info']['ownercertfile'], 
    93101                                 self.cfg['test3Info']['ownerkeyfile'], 
    94                                  ownerPassphrase=ownerpassphrase) 
     102                                 ownerPassphrase=ownerPassphrase) 
    95103            print "test3Info... " 
    96104            print "credExists: %s" % credExists 
     
    105113        credential""" 
    106114        try: 
    107             passphrase = self.cfg['test4ChangePassphrase']['passphrase'] or \ 
    108             getpass.getpass(prompt="test4ChangePassphrase - pass-phrase: ") 
     115            passphrase=self.cfg['test4ChangePassphrase'].get('passphrase') 
     116            if passphrase is None: 
     117                passphrase = getpass.getpass(\ 
     118                             prompt="test4ChangePassphrase - pass-phrase: ") 
    109119             
    110             if not self.cfg['test4ChangePassphrase']['newpassphrase']: 
     120            newPassphrase = \ 
     121                        self.cfg['test4ChangePassphrase'].get('newpassphrase') 
     122            if newPassphrase is None: 
    111123                newPassphrase = getpass.getpass(\ 
    112124                        prompt="test4ChangePassphrase - new pass-phrase: ") 
     
    137149        '''test5Destroy: destroy credentials for a given user''' 
    138150 
    139         ownerPassphrase = self.cfg['test5Destroy']['ownerpassphrase'] or \ 
    140             getpass.getpass(prompt="\ntest5Destroy cred. owner pass-phrase: ") 
     151        ownerPassphrase = self.cfg['test5Destroy'].get('ownerpassphrase') 
     152        if ownerPassphrase is None: 
     153            ownerPassphrase = getpass.getpass(\ 
     154                          prompt="\ntest5Destroy cred. owner pass-phrase: ") 
    141155 
    142156        try: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r2510 r2893  
    1010propFilePath: ./myProxyProperties.xml 
    1111 
     12# If a pass-phrase entry is commented out it will be prompted for from the 
     13# terminal.  To set a null password, leave the field in place but set to 
     14# blank 
    1215[test1Store] 
    13 username: raphaelTest 
     16#username: raphaelTest 
    1417#username: gabriel 
    15 passphrase: 
    16 certFile: ./user-cert.pem 
    17 keyFile: ./user-key.pem 
    18 ownerCertFile: ./user-cert.pem 
    19 ownerKeyFile: ./user-key.pem 
    20 ownerPassphrase: 
     18#passphrase: 
     19#certFile: ./user-cert.pem 
     20#keyFile: ./user-key.pem 
     21#ownerCertFile: ./user-cert.pem 
     22#ownerKeyFile: ./user-key.pem 
     23#ownerPassphrase: 
     24username: Junk 
     25passphrase: Junk 
     26certFile: ./Junk-cert.pem 
     27keyFile: ./Junk-key.pem 
     28ownerCertFile: ./Junk-cert.pem 
     29ownerKeyFile: ./Junk-key.pem 
     30ownerPassphrase: JunkJunk 
    2131 
    2232[test2GetDelegation] 
    23 username: raphaelTest 
    24 #username: gabriel 
    25 passphrase: 
     33#username: raphaelTest 
     34username: Junk 
     35passphrase: JunkJunk 
    2636 
    2737[test3Info] 
    2838#username: sstljakTestUser 
    29 username: gabriel 
     39username: Junk 
    3040ownerCertFile: ./proxy-cert.pem 
    3141ownerKeyFile: ./proxy-key.pem 
    32 ownerPassphrase: None 
     42ownerPassphrase:  
    3343 
    3444[test4ChangePassphrase] 
    3545#username: sstljakTestUser 
    36 username: gabriel 
     46username: Junk 
    3747ownerCertFile: ./proxy-cert.pem 
    3848ownerKeyFile: ./proxy-key.pem 
    39 passphrase:  
    40 newPassphrase: 
    41 ownerPassphrase: None 
     49passphrase: JunkJunk 
     50newPassphrase: JunkJunk2 
     51ownerPassphrase:  
    4252 
    4353[test5Destroy] 
    4454#username: sstljakTestUser 
    45 username: gabriel 
     55username: Junk 
    4656ownerCertFile: ./proxy-cert.pem 
    4757ownerKeyFile: ./proxy-key.pem 
    48 ownerPassphrase: None 
     58ownerPassphrase:  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml

    r2827 r2893  
    5151                but the settings can be independent of any Globus installation 
    5252                --> 
    53                 <openSSLConfFilePath>$GLOBUS_LOCATION/etc/globus-user-ssl.conf</openSSLConfFilePath> 
     53                <openSSLConfFilePath>$NDGSEC_SM_UNITTEST_DIR/openssl.conf</openSSLConfFilePath> 
    5454                <tmpDir>/tmp</tmpDir> 
    5555                <!--  
Note: See TracChangeset for help on using the changeset viewer.