Changeset 2900


Ignore:
Timestamp:
21/09/07 11:31:27 (12 years ago)
Author:
pjkersha
Message:

ndg.security.server/setup.py: added *.conf for conf/ openssl.conf file

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • Use RotatingFileHandler? from logging package to enable store of ACs issued to be limited. Properties file attCertFileLogCnt sets maximum number of files created before rotation.
  • newAttCertFilePath() is replaced by rotating file handler functionality
  • added logging with some debug messages - more needed to complete

ndg.security.server/ndg/security/server/conf/attCert/init.py

  • renamed to ndg.security.test/ndg/security/test/AttAuthority/attCertLog/init.py

ndg.security.server/ndg/security/server/conf/userRoles.py: userIsRegistered should return bool

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:

  • filled in default values for most attributes to ease installation config tasks
  • attCertFilePfx and attCertFileSfx replaced with attCertFileName and attCertFileLog attributes for new AC logging.

ndg.security.client/ndg/security/client/ndgSessionClient.py: removed debug calls. This module may now be surplus because of Pylons framework and plans for Java and PHP clients.

ndg.security.test/ndg/security/test/AttAuthority/siteAUserRoles.py: added coapec for testing

ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml: fix formatting

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: altered settings for tests

ndg.security.test/ndg/security/test/Log/LogTest.py: exptd with log config. Eventually change to be harness for SOAP log interface

Makefile: use default python + added force target.

Location:
TI12-security/trunk/python
Files:
2 added
12 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Makefile

    r2869 r2900  
    1616 
    1717# Override on the command line for alternative path 
    18 PYTHON=/usr/bin/python 
     18PYTHON=python 
    1919 
    2020eggs: 
     
    3535 
    3636replace: clean eggs 
     37 
     38# Convenient alias 
     39force: replace 
  • TI12-security/trunk/python/ndg.security.client/ndg/security/client/ndgSessionClient.py

    r2437 r2900  
    264264    (options, args) = parser.parse_args() 
    265265 
    266 #    import pdb 
    267 #    pdb.set_trace() 
    268266    if not options.sessMgrURI:         
    269267        sys.stderr.write("Error, No Session Manager WSDL URI set.\n\n") 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

    r2732 r2900  
    2929    # if you've installed it yourself it comes this way 
    3030    import cElementTree as ElementTree 
     31 
     32import logging 
     33log = logging.getLogger(__name__) 
    3134 
    3235# X509 Certificate handling 
     
    100103                    'attCertLifetime', 
    101104                    'attCertNotBeforeOff', 
    102                     'attCertFilePfx', 
    103                     'attCertFileSfx', 
     105                    'attCertFileName', 
     106                    'attCertFileLogCnt', 
    104107                    'mapConfigFile', 
    105108                    'attCertDir', 
     
    145148 
    146149        # Instantiate Certificate object 
     150        log.debug("Reading and checking Attribute Authority X.509 cert. ...") 
    147151        self.__cert = X509Cert(self.__prop['certFile']) 
    148152        self.__cert.read() 
     
    157161         
    158162        # Check CA certificate 
     163        log.debug("Reading and checking X.509 CA certificate ...") 
    159164        caCert = X509Cert(self.__prop['caCertFile']) 
    160165        caCert.read() 
     
    177182        # assign roles in an attribute certificate on a getAttCert request 
    178183        self.loadUserRolesInterface() 
     184 
     185 
     186        attCertFilePath = os.path.join(self.__prop['attCertDir'], 
     187                                       self.__prop['attCertFileName']) 
     188                 
     189        # Rotating file handler used for logging attribute certificates  
     190        # issued. 
     191        self.__attCertLog = AttCertLog(attCertFilePath) 
    179192         
    180193 
     
    186199        could be via a user database""" 
    187200 
     201        log.debug("Loading User roles inteface ...") 
    188202        try: 
    189203            try: 
     
    354368        @return: new attribute certificate""" 
    355369 
    356  
     370        log.debug("Calling getAttCert ...") 
     371         
    357372        # Read X.509 certificate 
    358373        try:             
     
    377392 
    378393        # Check certificate hasn't expired 
     394        log.debug("Checking client request X.509 certificate ...") 
    379395        try: 
    380396            holderCert.isValidTime(raiseExcep=True) 
     
    394410                    "Setting user Id from holder certificate DN: %s" % e 
    395411        
    396          
    397412        # Make a new Attribute Certificate instance passing in certificate 
    398413        # details for later signing 
    399         # 
    400         # Nb. new attribute certificate file path is created from the 
    401         # Credentials Repository 
    402         attCert = AttCert(filePath=self.__newAttCertFilePath()) 
     414        attCert = AttCert() 
    403415 
    404416        attCert.certFilePathList = [self.__prop['certFile'], 
     
    557569             
    558570            # Write out certificate to keep a record of it for auditing 
    559             attCert.write() 
     571            #attCert.write() 
     572            self.__attCertLog.info(attCert) 
     573             
     574            log.info(\ 
     575                 'Issued an Attribute Certificate to "%s" with roles: %s' % \ 
     576                 (attCert.roles, userId)) 
    560577 
    561578            # Return the cert to caller 
     
    626643                                    float(self.__prop['attCertNotBeforeOff']) 
    627644 
    628         # Likewise port number 
     645        # Likewise ... 
    629646        self.__prop['portNum'] = int(self.__prop['portNum']) 
    630          
     647        self.__prop['attCertFileLogCnt']=int(self.__prop['attCertFileLogCnt']) 
    631648         
    632649        # Check directory path 
     
    947964                 
    948965        return localRoles 
    949         
    950          
    951     #_________________________________________________________________________      
    952     def __newAttCertFilePath(self): 
    953         """Create a new unique attribute certificate file path 
    954          
    955         @return: string file path""" 
    956          
    957         attCertFd, attCertFilePath = \ 
    958                    tempfile.mkstemp(suffix=self.__prop['attCertFileSfx'], 
    959                                     prefix=self.__prop['attCertFilePfx'], 
    960                                     dir=self.__prop['attCertDir'], 
    961                                     text=True) 
    962  
    963         # The file is opened - close using the file descriptor returned in the 
    964         # first element of the tuple 
    965         os.close(attCertFd) 
    966  
    967         # The file path is the 2nd element 
    968         return attCertFilePath 
    969  
    970  
     966 
     967 
     968from logging.handlers import RotatingFileHandler 
     969 
     970 
     971# Inherit directly from Logger 
     972class AttCertLog(logging.getLoggerClass(), object): 
     973     
     974    def __init__(self, attCertFilePath, backUpCnt=1024): 
     975 
     976        # Inherit from Logger class 
     977        super(AttCertLog, self).__init__(name='', level=logging.INFO) 
     978                             
     979        # Set a format for messages 
     980        formatter = logging.Formatter(fmt="", datefmt="") 
     981 
     982        if attCertFilePath: 
     983            fileLog = RotatingFileHandler(attCertFilePath,  
     984                                          maxBytes=1,  
     985                                          backupCount=backUpCnt) 
     986            fileLog.setFormatter(formatter)             
     987            self.addHandler(fileLog) 
     988                        
    971989#_____________________________________________________________________________ 
    972990class AAUserRolesError(Exception): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml

    r2420 r2900  
    55        attribute 
    66        --> 
    7     <name>BADC</name>  
     7    <name>YourOrganisationName</name>  
    88    <portNum>5000</portNum> 
    99    <!-- 
     
    1111    --> 
    1212    <useSSL></useSSL> <!-- leave blank to use http --> 
    13     <sslCertFile></sslCertFile> 
    14     <sslKeyFile></sslKeyFile> 
     13    <sslCertFile>$NDGSEC_DIR/conf/certs/ssl-cert.pem</sslCertFile> 
     14    <sslKeyFile>$NDGSEC_DIR/conf/certs/ssl-key.pem</sslKeyFile> 
    1515    <sslKeyPwd></sslKeyPwd> 
    1616    <!-- 
     
    1818    --> 
    1919    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    20     <certFile></certFile> 
    21     <keyFile></keyFile> 
     20    <certFile>$NDGSEC_DIR/conf/certs/aa-cert.pem</certFile> 
     21    <keyFile>$NDGSEC_DIR/conf/certs/aa-key.pem</keyFile> 
    2222    <keyPwd></keyPwd> 
    23     <caCertFile></caCertFile> 
     23    <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile> 
    2424    <!--  
    2525    Set the certificate used to verify the signature of messages from the  
     
    3535    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    3636    <!-- Location of role mapping file --> 
    37     <mapConfigFile></mapConfigFile> 
     37    <mapConfigFile>$NDGSEC_DIR/conf/mapConfig.xml</mapConfigFile> 
    3838    <!-- All Attribute Certificates are recorded in this dir before dispatch 
    3939    to SOAP requestor 
    4040    --> 
    41     <attCertDir></attCertDir> 
     41    <attCertDir>$NDGSEC_DIR/conf/attCertLog</attCertDir> 
    4242    <!--  
    4343    File prefix and suffix for files stored in attCertDir  
    4444    --> 
    45     <attCertFilePfx>ac-</attCertFilePfx> 
    46     <attCertFileSfx>.xml</attCertFileSfx> 
     45    <attCertFileName>ac.xml</attCertFileName> 
     46    <attCertFileLogCnt>1024</attCertFileLogCnt> 
    4747    <dnSeparator>/</dnSeparator> 
    4848    <!--  
     
    5050    given user ID 
    5151    --> 
    52     <userRolesModFilePath></userRolesModFilePath> 
    53     <userRolesModName></userRolesModName> 
    54     <userRolesClassName></userRolesClassName> 
    55     <userRolesPropFile></userRolesPropFile> 
     52    <userRolesModFilePath>$NDGSEC_DIR/conf</userRolesModFilePath> 
     53    <userRolesModName>userRoles</userRolesModName> 
     54    <userRolesClassName>UserRoles</userRolesClassName> 
     55    <userRolesPropFile>$NDGSEC_DIR/conf/userRoles.cfg</userRolesPropFile> 
    5656</AAprop> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/userRoles.py

    r2721 r2900  
    4040        @rtype: bool 
    4141        @return: True if user is registered""" 
    42  
     42        return False 
     43     
    4344 
    4445    def getRoles(self, userId): 
  • TI12-security/trunk/python/ndg.security.server/setup.py

    r2870 r2900  
    6464    package_data =          {'ndg.security.server.conf': ['*.xml',  
    6565                                                          '*.py', 
    66                                                           '*.tac'],                                                
     66                                                          '*.tac', 
     67                                                          '*.cfg', 
     68                                                          '*.conf'],                                                
    6769                             'ndg.security.server.conf.certs': ['*'], 
    6870                             'ndg.security.server.conf.attCert': ['*'], 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2884 r2900  
    1010# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1111# setting for test6GetMappedAttCert 
    12 uri = https://localhost:5000/AttributeAuthority 
     12uri = http://localhost:5000/AttributeAuthority 
    1313#uri = https://localhost:5000/AttributeAuthority 
    1414#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
     
    6868#issuingclntcertfilepath = ./proxy-cert.pem 
    6969# Setup for use by testGetMappedAttCert test 
    70 attCertFilePath = ./ac.xml 
     70attCertFilePath = ./ac-clnt.xml 
    7171 
    7272[test6GetAttCertWithUserIdSet] 
     
    103103# Marine Data Server 
    104104#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    105 userAttCertFilePath = ./ac.xml 
     105userAttCertFilePath = ./ac-clnt.xml 
     106 
    106107mappedAttCertFilePath = ./mapped-ac.xml 
    107108 
     
    129130 
    130131uri = http://localhost:5000/AttributeAuthority 
    131 userAttCertFilePathList = ./ac.xml 
     132userAttCertFilePathList = ./ac-clnt.xml 
    132133 
    133134 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2884 r2900  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
     5    <useSSL></useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
     
    2020    <attCertLifetime>28800</attCertLifetime> 
    2121    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    22     <attCertFilePfx>ac-</attCertFilePfx> 
    23     <attCertFileSfx>.xml</attCertFileSfx> 
     22    <attCertFileName>ac.xml</attCertFileName> 
     23    <attCertFileLogCnt>16</attCertFileLogCnt> 
    2424    <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile> 
    25     <attCertDir>$NDGSEC_AA_UNITTEST_DIR</attCertDir> 
     25    <attCertDir>$NDGSEC_AA_UNITTEST_DIR/attCertLog</attCertDir> 
    2626    <dnSeparator>/</dnSeparator> 
    2727    <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml

    r2739 r2900  
    11<?xml version="1.0" encoding="utf-8"?> 
    22<AAmap> 
    3         <thisHost name="Site A"> 
    4             <aaURI>thisHostAttAuthorityURI</aaURI> 
    5             <loginURI>login</loginURI> 
     3    <thisHost name="Site A"> 
     4        <aaURI>thisHostAttAuthorityURI</aaURI> 
     5        <loginURI>login</loginURI> 
    66        </thisHost> 
    77    <trusted name="Site C"> 
    8             <aaURI>attAuthorityURI</aaURI> 
    9             <loginURI>http://www.sitec.blah/loginPageURI</loginURI> 
    10                 <role remote="StaffMember" local="staff"/> 
     8        <aaURI>attAuthorityURI</aaURI> 
     9        <loginURI>http://www.sitec.blah/loginPageURI</loginURI> 
     10        <role remote="StaffMember" local="staff"/> 
    1111    </trusted> 
    1212    <trusted name="Site D"> 
    13             <aaURI>attAuthorityURI</aaURI> 
    14             <loginURI>loginPageURI</loginURI> 
    15                 <role remote="academic" local="postgrad"/> 
    16                 <role remote="student" local="SiteDStudent"/> 
    17                 <role remote="eoGroup" local="atsr-archive"/> 
     13        <aaURI>attAuthorityURI</aaURI> 
     14        <loginURI>loginPageURI</loginURI> 
     15        <role remote="academic" local="postgrad"/> 
     16        <role remote="student" local="SiteDStudent"/> 
     17        <role remote="eoGroup" local="atsr-archive"/> 
    1818    </trusted> 
    1919</AAmap> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAUserRoles.py

    r2270 r2900  
    2929 
    3030    def getRoles(self, userId): 
    31         return ['staff', 'postdoc', 'undergrad']  
     31        return ['staff', 'postdoc', 'undergrad', 'coapec']  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml

    r2350 r2900  
    2020    <attCertLifetime>28800</attCertLifetime> 
    2121    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
    22     <attCertFilePfx>ac-</attCertFilePfx> 
    23     <attCertFileSfx>.xml</attCertFileSfx> 
     22    <attCertFileName>ac.xml</attCertFileName> 
     23    <attCertFileLogCnt>16</attCertFileLogCnt> 
    2424    <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteBMapConfig.xml</mapConfigFile> 
    25     <attCertDir>$NDGSEC_AA_UNITTEST_DIR</attCertDir> 
     25    <attCertDir>$NDGSEC_AA_UNITTEST_DIR/attCertLog</attCertDir> 
    2626    <dnSeparator>/</dnSeparator> 
    2727    <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/Log/LogTest.py

    r2686 r2900  
    1212""" 
    1313import unittest 
    14  
    15 from ndg.security.server.Log import * 
     14import os 
     15import logging 
     16#logging.basicConfig(level=logging.DEBUG, 
     17#                    format='%(asctime)s %(levelname)-8s %(message)s', 
     18#                    datefmt='%a, %d %b %Y %H:%M:%S', 
     19#                    filename='./ndg.log', 
     20#                    filemode='w') 
     21from logging.config import fileConfig 
     22fileConfig('log.cfg') 
     23log = logging.getLogger(__name__) 
    1624 
    1725class LogTestCase(unittest.TestCase): 
    1826 
    1927    def setUp(self): 
    20         self.log = Log(logName='LogUnitTest', 
    21                        logFilePath="./ndg.log",  
    22                        console=True, 
    23                        sysLog=True) 
    24          
    25         # Force rotating file handler to produce multiple files 
    26         self.log.__class__.maxBytes = 10 
     28        pass 
     29     
     30    def __output(self): 
     31        print log 
     32        log.info('Jackdaws love my big sphinx of quartz.') 
     33     
     34        log.debug('Quick zephyrs blow, vexing daft Jim.') 
     35        log.info('How quickly daft jumping zebras vex.') 
     36        log.warning('Jail zesty vixen who grabbed pay from quack.') 
     37        log.error('The five boxing wizards jump quickly.') 
    2738 
    28     def test(self): 
    29          
    30         self.log.info('Jackdaws love my big sphinx of quartz.') 
    31      
    32         self.log.debug('Quick zephyrs blow, vexing daft Jim.') 
    33         self.log.info('How quickly daft jumping zebras vex.') 
    34         self.log.warning('Jail zesty vixen who grabbed pay from quack.') 
    35         self.log.error('The five boxing wizards jump quickly.') 
    36              
     39 
     40    def test1(self): 
     41        self.__output() 
     42           
    3743             
    3844#_____________________________________________________________________________        
Note: See TracChangeset for help on using the changeset viewer.