Changeset 2926


Ignore:
Timestamp:
05/10/07 09:47:19 (12 years ago)
Author:
pjkersha
Message:

ndg.security.server/ndg/security/server/LoginService/loginservice/config/routing.py: fixed ordering for correcting wayf and getCredentials invocations

ndg.security.server/ndg/security/server/LoginService/loginservice/controllers/login.py: replaced OwsError? exception handling with LoginControllerError?

ndg.security.server/ndg/security/server/LoginService/loginservice/lib/base.py: copied over code from ows_server

ndg.security.server/ndg/security/server/LoginService/loginservice/public/* - copied code from ows_server for correct page rendering. Needs editing to remove code superfluous to security

ndg.security.server/ndg/security/server/LoginService/loginservice/templates/content.kid: added

ndg.security.server/ndg/security/server/LoginService/idp.cfg: cut-out more non-specific security settings

ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml: test with e.g. https login for site A

ndg.security.common/ndg/security/common/init.py: fix all list for imports

ndg.security.common/ndg/security/common/X509.py:

  • fixed cert. expired exception message
  • Added CertIssuerNotFound? exception for X509Stack class
  • fixed verifyCertChain for case where no issuer can be found for cert to be verified

ndg.security.common/ndg/security/common/AttAuthority/init.py: fix to all for imports

Location:
TI12-security/trunk/python
Files:
58 added
10 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.client/ndg/security/client/__init__.py

    r2909 r2926  
    99__contact__ = "P.J.Kershaw@rl.ac.uk" 
    1010__revision__ = "$Id$" 
     11# Import common package into client namespace 
     12from ndg.security.common import * 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2909 r2926  
    2424 
    2525__all__ = [ 
    26     'AttAuthority_services', 
    27     'AttAuthority_services_types', 
    28     ] 
     26    'AttAuthorityClient', 
     27    'AttAuthorityClientError', 
     28    'AttributeRequestDenied', 
     29    'NoTrustedHosts',] 
    2930 
    3031# Determine https http transport 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py

    r2909 r2926  
    284284                raise X509CertExpired, \ 
    285285                    "Certificate has expired: the time now is %s " % dtNow + \ 
    286                     " and the certificate expiry is %s" % self.__dtNotAfter 
     286                    "and the certificate expiry is %s" % self.__dtNotAfter 
    287287        else: 
    288288            return dtNow > self.__dtNotBefore and dtNow < self.__dtNotAfter 
     
    357357class X509StackError(Exception): 
    358358    """Error from X509Stack type""" 
    359      
     359 
     360#_____________________________________________________________________________ 
     361class CertIssuerNotFound(X509StackError): 
     362    """Raise from verifyCertChain if no certificate can be found to verify the 
     363    input""" 
     364    
    360365#_____________________________________________________________________________ 
    361366class X509Stack(object): 
     
    469474        # Check CA certificate stack 
    470475        if not caX509Stack: 
     476            if not issuerX509Cert: 
     477                raise CertIssuerNotFound, \ 
     478                    'No issuer cert. found for cert. "%s"'%x509Cert2Verify.dn 
     479             
    471480            caX509Stack = [issuerX509Cert] 
     481             
    472482             
    473483        for caCert in caX509Stack: 
     
    485495            return 
    486496        else: 
    487             raise X509StackError, 'No issuer cert. found for cert. "%s"' % \ 
     497            raise CertIssuerNotFound, 'No issuer cert. found for cert. "%s"'%\ 
    488498                                x509Cert2Verify.dn 
    489499         
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/__init__.py

    r2909 r2926  
    1111__revision__ = "$Id$" 
    1212 
     13# Enable from ndg.security.common import * for client and server modules. 
     14# Leave out SQLObject because it's an optional module and requires  
     15# installation of SQLObject 
    1316__all__ = [ 
     17    'AttAuthority', 
    1418    'AttCert', 
     19    'CredWallet', 
     20    'm2CryptoSSLUtility', 
     21    'openssl', 
     22    'SessionCookie', 
     23    'SessionMgr', 
     24    'wsSecurity', 
    1525    'X509', 
    16     'CredWallet', 
    17     'SQLObject', 
    18     'XMLSecDoc', 
    19     'SessionCookie', 
     26    'XMLSec' 
    2027    ] 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/LoginService/idp.cfg

    r2918 r2926  
    1010# 
    1111# the following is the server on which this browse/discovery instance runs! 
    12 server:         http://localhost:8080 
     12server:         https://localhost 
    1313# 
    1414# the following is the server on which the NDG discovery service is running! (Not to be confused with 
     
    2525# 
    2626layout:         /layout/ 
    27 # 
    28 mailserver:       outbox.rl.ac.uk 
    29 metadataMaintainer: b.n.lawrence@rl.ac.uk 
    30 repository:       http://localhost:8080 
    31 tbrecipient:      b.n.lawrence@rl.ac.uk 
     27 
    3228 
    3329# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/LoginService/loginservice/config/routing.py

    r2918 r2926  
    1818    # so they may take precedent over the more generic routes. For more information, refer 
    1919    # to the routes manual @ http://routes.groovie.org/docs/ 
     20    map.connect('login', controller='login') 
     21    map.connect('getCredentials', controller='login', action='getCredentials') 
     22    map.connect('wayf', controller='login', action='wayf') 
    2023    map.connect(':controller/:action/:id') 
    2124    map.connect('*url', controller='template', action='view') 
    22     map.connect('login', controller='login', action='login') 
    23     map.connect('getCredentials', controller='login', action='getCredentials') 
    24     map.connect('wayf', controller='login', action='wayf') 
    2525 
    2626    return map 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/LoginService/loginservice/controllers/login.py

    r2918 r2926  
    1515    AttributeRequestDenied 
    1616 
     17class LoginControllerError(Exception): 
     18    """Handle exceptions from LoginController""" 
     19     
    1720class LoginController(BaseController): 
    1821    ''' Provides the pylons controller for local login ''' 
     
    3740                 
    3841        except AttributeError: 
    39             raise OwsError, 'No "sslCACertFilePathList" security setting' 
     42            raise LoginControllerError, 'No "sslCACertFilePathList" security setting' 
    4043 
    4144        self.sslPeerCertCN = self.ndgCfg.get('NDG_SECURITY', 'sslPeerCertCN') 
     
    5356                 
    5457        except AttributeError: 
    55             raise OwsError, 'No "wssCACertFilePathList" security setting' 
     58            raise LoginControllerError, 'No "wssCACertFilePathList" security setting' 
    5659 
    5760     
    5861    def index(self): 
    59         ''' Ok, you really want to login here''' 
     62        '''Present login''' 
    6063        if 'ndgSec' in session:  
    6164            return self.__doRedirect() 
     
    6669    def getCredentials(self): 
    6770        """Authenticate user and cache user credentials in 
    68         Session Manager following user login""" 
     71        Session Manager following user login form submit""" 
    6972         
    7073        try: 
     
    173176            trustedHosts[thisHost.keys()[0]] = thisHost.values()[0] 
    174177        except TypeError: 
    175             raise OwsError, \ 
     178            raise LoginControllerError, \ 
    176179                        "thisHost returned from Attribute Authority is empty"  
    177180             
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/LoginService/loginservice/lib/base.py

    r2918 r2926  
    77import loginservice.models as model 
    88import loginservice.lib.helpers as h 
     9from loginservice.lib.security_util import setSecuritySession, \ 
     10                                            LoginServiceQuery 
     11import urllib 
     12from base64 import urlsafe_b64encode 
    913 
    1014class BaseController(WSGIController): 
    1115    def __call__(self, environ, start_response): 
    12         # Insert any code to be run per request here. The Routes match 
    13         # is under environ['pylons.routes_dict'] should you want to check 
    14         # the action or route vars here 
     16 
     17        # construct URL picking up setting of server name from config to  
     18        # avoid exposing absolute URL hidden behind mod_proxy see #857             
     19        baseURL = request.environ['ndgConfig'].get('DEFAULT', 'server') 
     20        c.requestURL = baseURL + urllib.quote(environ.get('PATH_INFO', '')) 
     21 
     22        query = '&'.join(["%s=%s" % item for item in request.params.items()]) 
     23        if query: 
     24            c.requestURL += '?' + query 
     25 
     26        # Base 64 encode to enable passing around in 'r' argument of query 
     27        # string for use with login/logout 
     28        c.b64encRequestURL = urlsafe_b64encode(c.requestURL) 
     29 
     30        if 'h' in request.params: 
     31            logger.debug("Setting security session from URL query args ...") 
     32            setSecuritySession() 
     33             
     34            if 'panelView' not in session: 
     35                session['panelView']='History' 
     36            session.save() 
     37             
     38            # TODO Make the redirect tidier ... 
     39            qs = LoginServiceQuery.stripFromURI() 
     40 
     41            cc = construct_url(environ, querystring=qs) 
     42            h.redirect_to(cc) 
     43         
     44        #organise the information needed by pagetabs ...  
     45        # TODO avoid this for the server controllers ... 
     46         
     47        c.pageTabs=[('Search',g.discoveryURL)] 
     48        if 'results' in session: c.pageTabs.append(('Results',session['results'])) 
     49        if 'lastViewed' in session: c.pageTabs.append(('Display',session['lastViewed'])) 
     50         
     51        if 'selection' in session: 
     52            c.pageTabs.append(('Selections',h.url_for(controller='selection',action='index'))) 
     53            c.pageTabs.append(('Visualise',h.url_for(controller='visualise', action='index'))) 
     54            c.pageTabs.append(('Download','Blah')) 
     55 
    1556        return WSGIController.__call__(self, environ, start_response) 
    1657 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/LoginService/loginservice/templates/ndgPage.kid

    r2918 r2926  
    1414 
    1515    </head> 
    16  
    17     <div py:def="header1(searchBox)"> 
    18         <div id="header"/> 
    19         <div id="logo"><img src="$g.LeftLogo" alt="$g.LeftAlt" /></div> 
    20     </div> 
    2116     
    2217    <div py:def="header()"> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml

    r2900 r2926  
    22<AAmap> 
    33    <thisHost name="Site A"> 
    4         <aaURI>thisHostAttAuthorityURI</aaURI> 
    5         <loginURI>login</loginURI> 
    6         </thisHost> 
     4        <aaURI>http://localhost:5000/AttributeAuthority</aaURI> 
     5        <loginURI>https://localhost/login</loginURI> 
     6    </thisHost> 
    77    <trusted name="Site C"> 
    88        <aaURI>attAuthorityURI</aaURI> 
Note: See TracChangeset for help on using the changeset viewer.