Changeset 4159 for TI12-security/trunk


Ignore:
Timestamp:
01/09/08 16:30:47 (11 years ago)
Author:
pjkersha
Message:

Makefile: fixed epydoc target log redirect
SOAP/WS-Security middleware: extended use of SOAP and WS-Security base classes for WSGI filters.

Location:
TI12-security/trunk/python
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Makefile

    r3994 r4159  
    7878        ${EPYDOC} ./ndg.security.*/ndg -o ${EPYDOC_OUTDIR} \ 
    7979        --name ${EPYDOC_NAME} ${EPYDOC_FRAMES_OPT} --include-log --graph=all -v \ 
    80         >& ${EPYDOC_LOGFILE} 
     80        > ${EPYDOC_LOGFILE} 
    8181         
    8282# Generate SysV init scripts for Twisted based services 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/development.ini

    r4152 r4159  
    1010smtp_server = localhost 
    1111error_email_from = paste@localhost 
    12 wsseCfgFilePath=wssecurity.cfg 
     12wsseCfgFilePath = ./wssecurity.cfg 
    1313 
    1414[server:main] 
     
    7171qualname = ndgsecurity 
    7272 
     73[logger_ndg] 
     74level = DEBUG 
     75handlers = 
     76qualname = ndg 
     77 
    7378[handler_console] 
    7479class = StreamHandler 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py

    r4133 r4159  
    290290        elif self.cfg.get('caCertFilePathList'): 
    291291            self.caCertFilePathList = self.cfg['caCertFilePathList'] 
    292              
     292 
     293        self._caX509Stack = [] 
     294         
    293295        self.addTimestamp = self.cfg['addTimestamp'] 
    294296         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

    r4155 r4159  
    687687        @type identifier: basestring 
    688688        @param identifier: OpenID selected by user - for ID Select mode only 
    689         @rtype oidResponse: openid.server.server.OpenIDResponse 
    690         @return oidResponse: OpenID response object''' 
     689        @rtype: openid.server.server.OpenIDResponse 
     690        @return: OpenID response object''' 
    691691 
    692692        oidResponse = oidRequest.answer(True, identity=identifier) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

    r4152 r4159  
    2222from ZSI.ServiceContainer import ServiceSOAPBinding 
    2323         
     24class SOAPMiddlewareError(Exception): 
     25    """Base error handling exception for this module""" 
     26     
     27class SOAPMiddlewareReadError(SOAPMiddlewareError): 
     28    """SOAP read error""" 
     29     
    2430class SOAPMiddleware(object): 
    2531    '''Middleware configurable to a given ZSI SOAP binding'''   
     
    4349            # Check class inherits from ServiceSOAPBinding 
    4450            if not issubclass(serviceSOAPBindingClass, ServiceSOAPBinding): 
    45                 raise TypeError( 
    46                     "%s class must be derived from ServiceSOAPBinding" % \ 
    47                     self.app_conf['ServiceSOAPBindingClass']) 
     51                raise TypeError("%s class must be derived from " 
     52                                "ServiceSOAPBinding" % \ 
     53                                self.app_conf['ServiceSOAPBindingClass']) 
    4854        else:  
    4955            serviceSOAPBindingClass = ServiceSOAPBinding 
    5056                  
    5157        self.serviceSOAPBinding = serviceSOAPBindingClass() 
    52         self.enableWSDLQuery = bool() 
    53         if self.app_conf.get('enableWSDLQuery', False) and \ 
    54            hasattr(self.serviceSOAPBinding, '_wsdl'): 
    55             self.enableWSDLQuery = True 
     58        self.enableWSDLQuery = self.app_conf.get('enableWSDLQuery', False) and\ 
     59                                hasattr(self.serviceSOAPBinding, '_wsdl') 
    5660 
    5761        
     
    7276         
    7377        if environ.get('REQUEST_METHOD') == 'GET' and \ 
    74            'wsdl' in dict(paste.request.parse_querystring(environ)): 
     78           environ.get('QUERY_STRING') == 'wsdl': 
    7579            if self.enableWSDLQuery: 
    7680                wsdl = self.serviceSOAPBinding._wsdl 
     
    8589            return self.app(environ, start_response) 
    8690 
    87         # Check for ParsedSoap object set in environment, if not present, 
    88         # make one 
    89         if 'ZSI.parse.ParsedSoap' in environ: 
    90             ps = environ['ZSI.parse.ParsedSoap'] 
    91         else: 
    92             # TODO: allow for chunked data 
    93             soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH']) 
    94             log.debug("SOAP Request") 
    95             log.debug("_"*80) 
    96             log.debug(soapIn) 
    97             log.debug("_"*80) 
     91        ps = self.parse(environ) 
    9892             
    99             ps = ParsedSoap(soapIn) 
    100          
    10193        # Map SOAP Action to method in binding class 
    10294        method = getattr(self.serviceSOAPBinding,  
     
    136128               environ.get('HTTP_SOAPACTION') is not None 
    137129         
     130    @classmethod 
     131    def parse(cls, environ): 
     132        '''Parse SOAP message from environ['wsgi.input'] 
    138133         
     134        Reading from environ['wsgi.input'] may be a destructive process so the 
     135        content is saved in a ZSI.parse.ParsedSoap object for use by SOAP 
     136        handlers which follow in the chain 
     137         
     138        environ['ZSI.parse.ParsedSoap'] may be set to a ParsedSoap object 
     139        parsed by a SOAP handler ahead of the current one in the chain.  In 
     140        this case, don't re-parse.  If NOT parsed, parse and set 
     141        'ZSI.parse.ParsedSoap' environ key''' 
     142         
     143        # Check for ParsedSoap object set in environment, if not present, 
     144        # make one 
     145        ps = environ.get('ZSI.parse.ParsedSoap') 
     146        if ps is None: 
     147            # TODO: allow for chunked data 
     148            contentLength = int(environ['CONTENT_LENGTH']) 
     149            soapIn = environ['wsgi.input'].read(contentLength) 
     150            if len(soapIn) < contentLength: 
     151                raise SOAPMiddlewareReadError("Expecting %s content length; " 
     152                                              "received %d instead." % \ 
     153                                              (environ['CONTENT_LENGTH'], 
     154                                               len(soapIn))) 
     155             
     156            log.debug("SOAP Request for handler %r" % cls) 
     157            log.debug("_"*80) 
     158            log.debug(soapIn) 
     159            log.debug("_"*80) 
     160             
     161            ps = ParsedSoap(soapIn) 
     162            environ['ZSI.parse.ParsedSoap'] = ps 
     163             
     164        return environ['ZSI.parse.ParsedSoap'] 
     165     
     166        
    139167def makeFilter(app, app_conf):   
    140168    from ndgsecurity.config.attributeauthority import AttributeAuthorityWS 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py

    r4152 r4159  
    2222from ndg.security.server.wsgi.soap import SOAPMiddleware 
    2323 
    24 class SignatureMiddleware(SOAPMiddleware): 
    25     '''Apply WS-Security digital signature to SOAP message''' 
     24class WSSecurityFilterError(Exception): 
     25    """Base exception class for WS-Security WSGI Filter""" 
     26     
     27class WSSecurityFilterConfigError(WSSecurityFilterError): 
     28    """WS-Security Filter Config Error""" 
     29     
     30class WSSecurityFilter(SOAPMiddleware): 
    2631     
    2732    def __init__(self, app, app_conf): 
    2833        self.app = app 
    29         self.signatureHandler = SignatureHandler( 
    30                                         cfg=app_conf.get('wsseCfgFilePath')) 
     34        wsseCfgFilePath = app_conf.get('wsseCfgFilePath') 
     35        if not wsseCfgFilePath: 
     36            raise WSSecurityFilterConfigError("No configuration file set") 
     37         
     38        self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath) 
    3139     
     40     
     41class SignatureFilter(WSSecurityFilter): 
     42    '''Apply WS-Security digital signature to SOAP message''' 
    3243    def __call__(self, environ, start_response): 
    3344        if not self.isSOAPMessage(environ): 
     
    4455        soapOut = str(sw) 
    4556         
    46         return [soapOut] 
     57        return soapOut 
    4758     
    4859 
    49 class SignatureVerificationMiddleware(SOAPMiddleware): 
     60class SignatureVerificationFilter(WSSecurityFilter): 
    5061    '''Verify WS-Security digital signature in SOAP message''' 
    51      
    52     def __init__(self, app, app_conf): 
    53         log.debug("SignatureVerificationMiddleware.__init__ ...") 
    54         self.app = app 
    55         self.signatureHandler = SignatureHandler( 
    56                                         cfg=app_conf.get('wsseCfgFilePath')) 
    5762     
    5863    def __call__(self, environ, start_response): 
    5964        if not self.isSOAPMessage(environ): 
    60             return self.app(environ, start_response) 
    61          
    62         if 'SOAP_ACTION' not in environ: 
    6365            log.debug("Non-SOAP request: Skipping signature verification") 
    6466            return self.app(environ, start_response) 
     
    6668        log.debug("Verifying inbound message signature...") 
    6769        
    68         # TODO: allow for chunked data 
    69         soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH']) 
    70          
    71         ps = ParsedSoap(soapIn) 
     70        ps = self.parse(environ) 
    7271        self.signatureHandler.verify(ps) 
    7372         
     
    7978 
    8079def makeSignatureVerificationFilter(app, global_conf): 
    81     return SignatureVerificationMiddleware(app, global_conf)  
     80    return SignatureVerificationFilter(app, global_conf)  
    8281 
    8382def makeSignatureFilter(app, global_conf): 
    84     return SignatureMiddleware(app, global_conf) 
     83    return SignatureFilter(app, global_conf) 
Note: See TracChangeset for help on using the changeset viewer.