Changeset 4254 for TI12-security


Ignore:
Timestamp:
30/09/08 16:17:36 (11 years ago)
Author:
pjkersha
Message:

Fix to WSGI based WS-Security - make ApplySignatureFilter? WSGI reference SignatureVerificationFilter? to enable the client signature value to be copied to support WSSE 1.1 Signatue Confirmation

Location:
TI12-security/trunk/python
Files:
2 deleted
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/dom.py

    r4247 r4254  
    8787        @param wsseElem: wsse:Security element''' 
    8888        if self.b64EncSignatureValue is None: 
    89             log.info(\ 
    90 "SignatureConfirmation element requested but no request signature was cached") 
     89            log.info("SignatureConfirmation element requested but no request " 
     90                     "signature was cached") 
    9191            return 
    9292         
     
    648648        signatureValue = base64.decodestring(b64EncSignatureValue) 
    649649 
    650         # Cache Signature Value here so that a response can include it 
     650        # Cache Signature Value here so that a response can include it. 
     651        # 
     652        # Nb. If the sign method is called from a separate SignatureHandler 
     653        # object then the signature value must be passed from THIS object to 
     654        # the other SignatureHandler otherwise signature confirmation will 
     655        # fail 
    651656        if self.applySignatureConfirmation: 
    652657            # re-encode string to avoid possible problems with interpretation  
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

    r4245 r4254  
    6161        self.writeResponseSet = bool(self.app_conf.get('writeResponse', False)) 
    6262 
     63        # Check for a list of other filters to be referenced by this one 
     64        if 'referencedFilters' in self.app_conf: 
     65            # __call__  may reference any filters in environ keyed by these 
     66            # keywords 
     67            self.referencedFilterKeys = \ 
     68                                    self.app_conf['referencedFilters'].split() 
    6369 
    6470    def __call__(self, environ, start_response): 
     
    246252                                hasattr(self.serviceSOAPBinding, '_wsdl') 
    247253 
    248         # Check for a list of other filters to be referenced by this one 
    249         if 'referencedFilters' in self.app_conf: 
    250             # __call__ will add any filters found to the service SOAP Binding 
    251             # - check this doesn't have a name clash with the attribute to be 
    252             # added 
    253             if hasattr(self.serviceSOAPBinding, 'referencedWSGIFilters'): 
    254                 raise SOAPMiddlewareConfigError("Service SOAP binding class " 
    255                                                 "%r already has an attribute " 
    256                                                 "'referencedWSGIFilters'" % \ 
    257                                                 self.serviceSOAPBinding) 
    258             self.referencedFilterKeys = \ 
    259                                     self.app_conf['referencedFilters'].split() 
    260254 
    261255    def _getServiceSOAPBindingKw(self): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py

    r4238 r4254  
    7474            self.setSOAPWriter(environ, sw) 
    7575             
     76        filter = environ.get('wsseSignatureVerificationFilter01') 
     77        if filter is not None: 
     78            # Copy signature value in order to apply signature confirmation 
     79            if self.signatureHandler.applySignatureConfirmation: 
     80                self.signatureHandler.b64EncSignatureValue = \ 
     81                                filter.signatureHandler.b64EncSignatureValue 
     82             
    7683        try: 
    7784            self.signatureHandler.sign(sw) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClientTest.py

    r4246 r4254  
    115115        try: 
    116116            trustedHostInfo = self.siteAClnt.getTrustedHostInfo(_cfg['role']) 
     117            self.fail("Expecting NoMatchingRoleInTrustedHosts exception") 
     118             
    117119        except NoMatchingRoleInTrustedHosts, e: 
    118120            print 'As expected - no match for role "%s": %s' % \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/wsgi/site-a.ini

    r4245 r4254  
    8282[filter:wsseSignatureFilter] 
    8383paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
     84 
     85# Reference the verification filter in order to be able to apply signature 
     86# confirmation 
     87referencedFilters = wsseSignatureVerificationFilter01 
     88 
    8489# Last filter in chain SOAP handlers writes the response 
    8590writeResponse = True 
     
    9499# Certificate associated with private key used to sign a message.  The sign  
    95100# method will add this to the BinarySecurityToken element of the WSSE header.   
    96 signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     101#signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     102signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/java-ca-server.crt 
    97103 
    98104# PEM encoded private key file 
    99 signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     105#signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     106signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/java-ca-server.key 
    100107 
    101108# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    114121# For WSSE 1.1 - service returns signature confirmation containing signature  
    115122# value sent by client 
    116 applySignatureConfirmation=False 
     123applySignatureConfirmation=True 
    117124 
    118125# 
     
    120127 
    121128# Provide a space separated list of file paths 
    122 caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
     129caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/java-ca.crt 
     130 
    123131 
    124132# Logging configuration 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/echoServer.py

    r4129 r4254  
    1212from ZSI.ServiceContainer import GetSOAPContext 
    1313 
    14 from EchoService_services_server import \ 
    15     EchoService as _EchoService 
     14from EchoService_services_server import EchoService as _EchoService 
    1615 
    1716from ndg.security.common.wssecurity.dom import SignatureHandler 
     
    3130        # is set 
    3231        logging.basicConfig(level=logging.DEBUG, 
    33                         format='%(asctime)s %(filename)s:%(lineno)d %(levelname)s %(message)s') 
     32                            format='%(asctime)s %(filename)s:%(lineno)d ' 
     33                            '%(levelname)s %(message)s') 
    3434 
    3535        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG')) 
     
    7070     
    7171    def authorize(self, auth_info, post, action): 
    72         '''Override default simply in order to display client request info''' 
     72        '''Override default simply to display client request info''' 
    7373        ctx = GetSOAPContext() 
    7474        print "-"*80 
Note: See TracChangeset for help on using the changeset viewer.