Changeset 3755
- Timestamp:
- 04/04/08 10:11:44 (13 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 14 added
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/README.txt
r3699 r3755 1 This file is for you to describe the sso Client application. Typically1 This file is for you to describe the ssoclient application. Typically 2 2 you would include information such as the information below: 3 3 … … 5 5 ====================== 6 6 7 Install ``sso Client`` using easy_install::7 Install ``ssoclient`` using easy_install:: 8 8 9 easy_install sso Client9 easy_install ssoclient 10 10 11 11 Make a config file as follows:: 12 12 13 paster make-config sso Client config.ini13 paster make-config ssoclient config.ini 14 14 15 15 Tweak the config file as appropriate and then setup the application:: -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/development.ini
r3699 r3755 1 1 # 2 # sso Client - Pylons development environment configuration2 # ssoclient - Pylons development environment configuration 3 3 # 4 4 # The %(here)s variable will be replaced with the parent directory of this file … … 17 17 18 18 [app:main] 19 use = egg:sso Client19 use = egg:ssoclient 20 20 full_stack = true 21 21 cache_dir = %(here)s/data … … 35 35 36 36 configfile = %(here)s/ssoClient.cfg 37 37 38 38 39 # Logging configuration … … 55 56 qualname = ssoclient 56 57 57 [logger_routes]58 level = DEBUG59 handlers = console60 qualname = routes61 62 58 [handler_console] 63 59 class = StreamHandler … … 69 65 format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s 70 66 datefmt = %H:%M:%S 67 -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/setup.py
r3699 r3755 7 7 8 8 setup( 9 name='sso Client',9 name='ssoclient', 10 10 version="", 11 11 #description='', -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg
r3699 r3755 1 1 # Single Sign On Service Configuration 2 # 3 # NERC Data Grid Project 4 # 5 # P J Kershaw 01/04/08 6 # 7 # Copyright (C) 2008 CCLRC & NERC 8 # 9 # This software may be distributed under the terms of the Q Public License, 10 # version 1.0 or later. 11 # 2 12 3 13 [DEFAULT] 4 14 # Server address for secure connections 5 sslServer: https://localhost/ssoClient 6 server: http://localhost/ssoClient 7 wayfURI: https://localhost/sso/wayf 8 layout: %(server)s/layout/ 15 sslServer: https://localhost/ssoClient 16 server: http://localhost/ssoClient 17 wayfURI: https://localhost/sso/wayf 18 # Use Client side logout instead 19 #logoutURI: https://localhost/sso/logout 20 layout: %(server)s/layout/ 9 21 icondir: %(server)s/layout/icons/ 10 22 disclaimer: 11 23 12 24 [layout] 13 localLink: http://ndg.nerc.ac.uk/ 14 localImage: %(layout)sndg_logo_circle.gif 15 localAlt: visit badc 16 ###### ought to be the end of the customisations 17 ndgLink: http://ndg.nerc.ac.uk/ 18 ndgImage: %(layout)sndg_logo_circle.gif 19 ndgAlt: visit ndg 20 stfcLink: http://ceda.stfc.ac.uk/ 21 stfcImage: %(layout)sstfc-circle-sm.gif 22 key: %(icondir)spadlock.png 23 keyGrey: %(layout)skeyG.gif 25 localLink: http://ndg.nerc.ac.uk/ 26 localImage: %(layout)sndg_logo_circle.gif 27 localAlt: Visit the BADC 28 ndgLink: http://ndg.nerc.ac.uk/ 29 ndgImage: %(layout)sndg_logo_circle.gif 30 ndgAlt: visit ndg 31 stfcLink: http://ceda.stfc.ac.uk/ 32 stfcImage: %(layout)sstfc-circle-sm.gif 33 key: %(icondir)spadlock.png 34 keyGrey: %(layout)skeyG.gif 24 35 selectI: %(layout)stick.png 25 36 Xicon: %(icondir)sxml.png -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/test.ini
r3699 r3755 1 1 # 2 # sso Client - Pylons testing environment configuration2 # ssoclient - Pylons testing environment configuration 3 3 # 4 4 # The %(here)s variable will be replaced with the parent directory of this file -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py
r3044 r3755 38 38 HostCheck 39 39 40 import logging 41 log = logging.getLogger(__name__) 40 42 41 43 #_____________________________________________________________________________ … … 105 107 @param signatureHandlerKw: keywords to configure signature handler""" 106 108 109 log.debug("AttAuthorityClient.__init__ ...") 107 110 self.__srv = None 108 111 self.__uri = None … … 123 126 # set 124 127 if setSignatureHandler: 128 log.debug('signatureHandlerKw = %s' % signatureHandlerKw) 125 129 self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 126 130 else: -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/pylons/security_util.py
r3699 r3755 178 178 179 179 return requestURL 180 181 182 import sys183 from ConfigParser import SafeConfigParser as ConfigParser184 185 class SecurityConfigError(Exception):186 """Handle errors from parsing security config items"""187 188 class SecurityConfig(object):189 """Get Security related parameters from the Pylons NDG config file"""190 191 def __init__(self, cfgFilePath=None):192 '''Get PKI settings for Attribute Authority and Session Manager from193 the configuration file194 195 @type cfgFilePath: pylons config file object196 @param cfgFilePath: reference to NDG configuration file. If omitted197 defaults to request.environ['ndgConfig']'''198 199 self.cfgFilePath = cfgFilePath200 201 def read(self):202 '''Read content of config file into object'''203 cfg = ConfigParser()204 cfg.read(self.cfgFilePath)205 206 tracefileExpr = cfg.get('NDG_SECURITY', 'tracefile')207 if tracefileExpr:208 self.tracefile = eval(tracefileExpr)209 210 self.smURI = cfg.get('NDG_SECURITY', 'sessionMgrURI')211 self.aaURI = cfg.get('NDG_SECURITY', 'attAuthorityURI')212 213 # ... for SSL connections to security web services214 try:215 self.sslCACertFilePathList = \216 cfg.get('NDG_SECURITY', 'sslCACertFilePathList').split()217 218 except AttributeError:219 raise SecurityConfigError, \220 'No "sslCACertFilePathList" security setting'221 222 self.sslPeerCertCN = cfg.get('NDG_SECURITY', 'sslPeerCertCN', None)223 224 # ...and for WS-Security digital signature225 self.wssCertFilePath = cfg.get('NDG_SECURITY', 'wssCertFilePath')226 self.wssPriKeyFilePath = cfg.get('NDG_SECURITY', 'wssKeyFilePath')227 self.wssPriKeyPwd = cfg.get('NDG_SECURITY', 'wssKeyPwd')228 229 try:230 self.wssCACertFilePathList = \231 cfg.get('NDG_SECURITY', 'wssCACertFilePathList').split()232 233 except AttributeError:234 raise SecurityConfigError, \235 'No "wssCACertFilePathList" security setting'236 237 # Inclusive namespace prefixes for Exclusive C14N238 try:239 self.wssRefInclNS = cfg.get('NDG_SECURITY', 'wssRefInclNS').split()240 241 except AttributeError:242 raise SecurityConfigError, 'No "wssRefInclNS" security setting'243 244 try:245 self.wssSignedInfoInclNS = cfg.get('NDG_SECURITY',246 'wssSignedInfoInclNS').split()247 except AttributeError:248 raise SecurityConfigError, \249 'No "wssSignedInfoInclNS" security setting'250 251 252 # Gatekeeper params253 254 # Attribute Certificate Issuer255 self.acIssuer = cfg.get('NDG_SECURITY', 'acIssuer')256 257 # verification of X.509 cert back to CA258 try:259 self.acCACertFilePathList = cfg.get('NDG_SECURITY',260 'acCACertFilePathList').split()261 except AttributeError:262 raise SecurityConfigError, \263 'No "acCACertFilePathList" security setting'264 265 # Hostname266 self.server=cfg.get('NDG_SECURITY', 'server', '')267 268 # For secure connections269 self.sslServer = cfg.get('NDG_SECURITY', 'sslServer', '')270 271 # These URLs are referred from template files272 self.getCredentials = '%s/getCredentials' % self.sslServer273 self.logout = '%s/logout' % self.server274 275 # Where Are You From URI276 self.wayfuri='%s/wayf' % self.server277 278 self.localLink=cfg.get('layout', 'localLink', None)279 self.localImage=cfg.get('layout', 'localImage', None)280 self.localAlt=cfg.get('layout', 'localAlt', 'Visit Local Site')281 self.ndgLink=cfg.get('layout', 'ndgLink', 'http://ndg.nerc.ac.uk')282 self.ndgImage=cfg.get('layout', 'ndgImage', None)283 self.ndgAlt=cfg.get('layout', 'ndgAlt','Visit NDG')284 self.stfcLink=cfg.get('layout', 'stfcLink')285 self.stfcImage=cfg.get('layout', 'stfcImage')286 self.helpIcon=cfg.get('layout', 'helpIcon')287 self.LeftAlt=cfg.get('layout', 'HdrLeftAlt')288 self.LeftLogo=cfg.get('layout', 'HdrLeftLogo')289 self.pageLogo="bodcHdr"290 self.icons_xml=cfg.get('layout','Xicon')291 self.icons_plot=cfg.get('layout','plot')292 self.icons_prn=cfg.get('layout', 'printer')293 294 self.disclaimer = cfg.get('DEFAULT', 'disclaimer')295 296 297 def __repr__(self):298 return '\n'.join(["%s=%s" % (k,v) for k,v in self.__dict__.items() \299 if k[:2] != "__"]) -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py
r3699 r3755 25 25 from Crypto.Cipher import AES, DES3 26 26 except: 27 pass 27 from warnings import warn 28 warn('Crypto.Cipher not available: EncryptionHandler disabled!', 29 RuntimeWarning) 30 class AES: 31 MODE_ECB = None 32 MODE_CBC = None 33 34 class DES3: 35 MODE_CBC = None 28 36 29 37 import os … … 52 60 from xml.dom.ext.reader.PyExpat import Reader 53 61 62 # Enable settings from a config file 63 from ndg.security.common.wssecurity import WSSecurityConfig 54 64 55 65 from ndg.security.common.X509 import X509Cert, X509CertParse, X509CertRead, \ … … 145 155 146 156 binSecTokValType = { 147 "X509PKIPathv1": "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1",148 "X509": "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509",149 "X509v3": "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"157 "X509PKIPathv1": OASIS.X509TOKEN.X509PKIPathv1, 158 "X509": OASIS.X509TOKEN.X509, 159 "X509v3": OASIS.X509TOKEN.X509+"v3" 150 160 } 151 161 152 162 153 163 #_________________________________________________________________________ 154 def __init__(self, 155 reqBinSecTokValType="X509v3", 156 verifyingCert=None, 157 verifyingCertFilePath=None, 158 signingCert=None, 159 signingCertFilePath=None, 160 signingCertChain=None, 161 signingPriKey=None, 162 signingPriKeyFilePath=None, 163 signingPriKeyPwd=None, 164 caCertDirPath=None, 165 caCertFilePathList=[], 166 addTimestamp=True, 167 applySignatureConfirmation=False, 168 refC14nKw={'unsuppressedPrefixes': ['xmlns', 169 'xsi', 170 'xsd', 171 'SOAP-ENV', 172 'wsu', 173 'wsse', 174 'ns1']}, 175 # Added 'ec' to list P J Kershaw 01/02/07 176 signedInfoC14nKw = {'unsuppressedPrefixes': ['xsi', 177 'xsd', 178 'SOAP-ENV', 179 'ds', 180 'wsse', 181 'ec']}): 164 def __init__(self, cfgFilePath=None, configClass=WSSecurityConfig, **kw): 182 165 ''' 183 166 @reqBinSecTokValType: set the ValueType for the BinarySecurityToken … … 259 242 ''' 260 243 261 self.__setReqBinSecTokValType(reqBinSecTokValType) 244 # WSSecurityConfig is the default class for reading config params but 245 # alternative derivative class may be passed in instead. 246 if not issubclass(configClass, WSSecurityConfig): 247 raise TypeError("%s is not a sub-class of WSSecurityConfig" % \ 248 configClass) 249 self.cfg = configClass() 250 251 # Read parameters from config file if set 252 if cfgFilePath: 253 self.cfg.read(cfgFilePath) 254 255 # Also update config from keywords set 256 self.cfg.update(kw) 257 258 259 self.__setReqBinSecTokValType(self.cfg['reqBinSecTokValType']) 262 260 263 261 # Set keywords for canonicalization of SignedInfo and reference 264 262 # elements 265 self.__setRefC14nKw(refC14nKw) 266 self.__setSignedInfoC14nKw(signedInfoC14nKw) 267 268 269 self.__setVerifyingCert(verifyingCert) 270 self.__setVerifyingCertFilePath(verifyingCertFilePath) 271 272 self.__setSigningCert(signingCert) 273 self.__setSigningCertFilePath(signingCertFilePath) 274 275 if signingCertChain: 276 self.__setSigningCertChain(signingCertChain) 263 # TODO: get rid of refC14nKw and signedInfoC14nKw options 264 if len(self.cfg.get('refC14nInclNS', [])): 265 self.__setRefC14nKw({'unsuppressedPrefixes': 266 self.cfg['refC14nInclNS']}) 267 else: 268 self.__setRefC14nKw(self.cfg['refC14nKw']) 269 270 271 if len(self.cfg.get('signedInfoC14nNS', [])): 272 self.__setSignedInfoC14nKw({'unsuppressedPrefixes': 273 self.cfg['signedInfoC14nNS']}) 274 else: 275 self.__setSignedInfoC14nKw(self.cfg['signedInfoC14nKw']) 276 277 278 self.__setVerifyingCert(self.cfg['verifyingCert']) 279 self.__setVerifyingCertFilePath(self.cfg['verifyingCertFilePath']) 280 281 self.__setSigningCert(self.cfg['signingCert']) 282 self.__setSigningCertFilePath(self.cfg['signingCertFilePath']) 283 284 if self.cfg.get('signingCertChain'): 285 self.__setSigningCertChain(self.cfg['signingCertChain']) 277 286 else: 278 287 self.__signingCertChain = None … … 280 289 # MUST be set before __setSigningPriKeyFilePath / __setSigningPriKey 281 290 # are called 282 self.__setSigningPriKeyPwd(s igningPriKeyPwd)283 284 if s igningPriKey is not None:291 self.__setSigningPriKeyPwd(self.cfg['signingPriKeyPwd']) 292 293 if self.cfg.get('signingPriKey'): 285 294 # Don't allow None for private key setting 286 self.__setSigningPriKey(s igningPriKey)287 288 self.__setSigningPriKeyFilePath(s igningPriKeyFilePath)295 self.__setSigningPriKey(self.cfg['signingPriKey']) 296 297 self.__setSigningPriKeyFilePath(self.cfg['signingPriKeyFilePath']) 289 298 290 299 # CA certificate(s) for verification of X.509 certificate used with 291 300 # signature. 292 if caCertDirPath:293 self.caCertDirPath = caCertDirPath294 295 elif caCertFilePathList:296 self.caCertFilePathList = caCertFilePathList297 298 self.addTimestamp = addTimestamp299 self.applySignatureConfirmation = applySignatureConfirmation301 if self.cfg.get('caCertDirPath'): 302 self.caCertDirPath = self.cfg['caCertDirPath'] 303 304 elif self.cfg.get('caCertFilePathList'): 305 self.caCertFilePathList = self.cfg['caCertFilePathList'] 306 307 self.addTimestamp = self.cfg['addTimestamp'] 308 self.applySignatureConfirmation=self.cfg['applySignatureConfirmation'] 300 309 self.b64EncSignatureValue = None 310 311 log.debug("WSSE Config = %s" % self.cfg) 312 301 313 302 314 #_________________________________________________________________________ … … 465 477 doc="file path of X.509 Cert. for verifying signature") 466 478 479 480 #_________________________________________________________________________ 481 def __getSigningCert(self): 482 '''Return X.509 cert object corresponding to cert used with 483 signature 484 485 @rtype: M2Crypto.X509.X509 486 @return: certificate object 487 ''' 488 return self.__signingCert 489 467 490 468 491 #_________________________________________________________________________ … … 474 497 self.__signingCertFilePath = None 475 498 476 signingCert = property(fset=__setSigningCert, 477 doc="Set X.509 Cert. to include signature") 499 signingCert = property(fget=__getSigningCert, 500 fset=__setSigningCert, 501 doc="X.509 Cert. to include signature") 478 502 479 503 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/echoServer.cfg
r3652 r3755 12 12 port = 7100 13 13 path = /Echo 14 signingPriKeyFilePath = $NDGSEC_WSSESRV_UNITTEST_DIR/server.key 15 signingPriKeyPwd = 16 signingCertFilePath = $NDGSEC_WSSESRV_UNITTEST_DIR/server.crt 17 caCertFilePathList = $NDGSEC_WSSESRV_UNITTEST_DIR/ndg-test-ca.crt 14 wsseCfgFilePath = $NDGSEC_WSSESRV_UNITTEST_DIR/wssecurity.cfg -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/echoServer.py
r3687 r3755 93 93 path = cfg.get('setUp', 'path') 94 94 95 signingPriKeyFilePath = xpdVars(cfg.get('setUp', 'signingPriKeyFilePath')) 96 signingPriKeyPwd = xpdVars(cfg.get('setUp', 'signingPriKeyPwd')) 97 signingCertFilePath = xpdVars(cfg.get('setUp', 'signingCertFilePath')) 98 caCertFilePathList = [xpdVars(file) for file in \ 99 cfg.get('setUp', 'caCertFilePathList').split()] 95 wsseCfgFilePath = xpdVars(cfg.get('setUp', 'wsseCfgFilePath')) 100 96 101 97 serviceContainer = ServiceContainer((hostname, port)) … … 104 100 echo = EchoService() 105 101 echo.signatureHandler = wsSecurity.SignatureHandler(\ 106 signingCertFilePath=signingCertFilePath, 107 signingPriKeyFilePath=signingPriKeyFilePath, 108 signingPriKeyPwd=signingPriKeyPwd, 109 caCertFilePathList=caCertFilePathList, 110 applySignatureConfirmation=True, 111 refC14nKw={'unsuppressedPrefixes':[]}, 112 signedInfoC14nKw={'unsuppressedPrefixes':[]}) 113 # refC14nKw={'unsuppressedPrefixes': 114 # ['xmlns', 115 # 'xsi', 116 # 'xsd', 117 # 'SOAP-ENV', 118 # 'soapenv', 119 # 'wsu', 120 # 'wsse', 121 # 'ns1']}, 122 # signedInfoC14nKw={'unsuppressedPrefixes': 123 # ['xsi', 124 # 'xsd', 125 # 'SOAP-ENV', 126 # 'soapenv', 127 # 'ds', 128 # 'wsse', 129 # 'ec']}) 102 cfgFilePath=wsseCfgFilePath) 130 103 131 104 serviceContainer.setNode(echo, url=path)
Note: See TracChangeset
for help on using the changeset viewer.