Changeset 4405


Ignore:
Timestamp:
31/10/08 14:48:47 (11 years ago)
Author:
pjkersha
Message:
  • Fix to ConfigFileParsers? validateProperties - don't attempt to validate a section that's missing
  • sessionmanagerclient unit test: Session Manager WSGI test harness now working.
  • Fix to Attribute Authority rotating file handler for Attribute Certificate log - backup count setting now enabled correctly.
Location:
TI12-security/trunk/python
Files:
1 deleted
8 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/ClassFactory.py

    r4404 r4405  
    9494                                                                moduleName)) 
    9595        return object 
    96          
     96 
    9797    except Exception, e: 
    98         raise ClassFactoryError("Error instantiating class, %s: %s" % \ 
    99                                                     (importClass.__name__, e)) 
     98        log.error("Error instantiating class, %s: %s"%(importClass.__name__,e)) 
     99        raise 
    100100             
    101101                  
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/ConfigFileParsers.py

    r4404 r4405  
    479479             
    480480        elif validKeys[key] and isinstance(validKeys[key], dict): 
    481             validateProperties(properties[key], validKeys[key]) 
     481            validateProperties(properties.get(key, {}), validKeys[key]) 
    482482                 
    483483        elif key not in properties and nonDefaultProperty(validKeys[key]): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/attributeauthority.py

    r4404 r4405  
    224224        # Rotating file handler used for logging attribute certificates  
    225225        # issued. 
    226         self.__attCertLog = AttCertLog(attCertFilePath) 
     226        self._attCertLog=AttCertLog(attCertFilePath, 
     227                                    backUpCnt=self.__prop['attCertFileLogCnt']) 
    227228 
    228229 
     
    686687            # Write out certificate to keep a record of it for auditing 
    687688            #attCert.write() 
    688             self.__attCertLog.info(attCert) 
     689            self._attCertLog.info(attCert) 
    689690             
    690691            log.info('Issued an Attribute Certificate to "%s" with roles: ' 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sessionmanager.py

    r4404 r4405  
    248248        'moduleFilePath': None, 
    249249        'moduleName': None, 
    250         'className': None, 
     250        'className': 'NullCredentialRepository', 
    251251    } 
    252252 
     
    340340        If non module or class name were set a null interface is loaded by 
    341341        default''' 
    342         credReposProp = self.__prop[SessionManager.CREDREPOS_KEYNAME] 
     342         
     343        credReposProp = self.__prop.get(SessionManager.CREDREPOS_KEYNAME, {}) 
     344 
    343345        credentialRepositoryModule = credReposProp.get('moduleName') 
    344346        credentialRepositoryClassName = credReposProp.get('className') 
     
    346348        if credentialRepositoryModule is None or \ 
    347349           credentialRepositoryClassName is None: 
     350            # Default to NullCredentialRepository if no settings have been made 
    348351            self._credentialRepository = NullCredentialRepository() 
    349352        else: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/README

    r4279 r4405  
    11Unit tests for NDG Credential Wallet Module 
    2 ================================================== 
     2=========================================== 
     3Test Attribute Authorities services must be started for *AttCert* named tests. 
     4  
     51) Two test Attribute Authority services are required.  These can be run from  
     6the Attribute Authority Client unit test directory.  It's path relative to this  
     7directory is ../attributeauthorityclient/.  Run each service in a separate  
     8window so that the output can be monitored: 
     9 
     10$ ../attributeauthorityclient/wsgi/siteAServerApp.py 
     11$ ../attributeauthorityclient/wsgi/siteBServerApp.py 
     12 
     135) Run the tests with the command: 
     14 
     15$ python ./test_credentialwallet.py 
     16 
     176) To run individual tests give the test method name: 
     18 
     19$ python ./test_credentialwallet.py CredentialWalletTestCase.test1ReadOnlyClassVariables 
     20 
     21Finally, 
     22 * See credWalletTest.cfg sets the unittest configuration 
     23 * credWallet.cfg sets the Credential Wallet's configuration 
     24 
     25Troubleshooting: 
     26 * http_proxy environment variable settings can cause connection problems to 
     27the Attribute Authorities.  unset http_proxy or set no_proxy: 
     28 
     29$ export no_proxy=http://localhost:5000/AttributeAuthority,http://localhost:5100/AttributeAuthority 
     30 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/README

    r4403 r4405  
    66  
    771) Two test Attribute Authority services are required.  These can be run from  
    8 the Attribute Authority unit test directory.  It's path relative to this  
     8the Attribute Authority Client unit test directory.  It's path relative to this  
    99directory is ../attributeauthorityclient/.  Run each service in a separate  
    1010window so that the output can be monitored: 
     
    1313$ ../attributeauthorityclient/wsgi/siteBServerApp.py 
    1414 
    15 5) Run the tests with the command: 
     152) Run the tests with the command: 
    1616 
    1717$ python ./test_sessionmanager.py 
    1818 
    19 6) To run individual tests give the test method name: 
     193) To run individual tests give the test method name: 
    2020 
    2121$ python ./test_sessionmanager.py SessionManagerTestCase.test1Connect 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini

    r4318 r4405  
    2121 
    2222# Flag for SSL - set to something to stipulate http, leave blank to use http  
    23 #SessionManager.useSSL:  
     23#sessionManager.useSSL:  
    2424 
    2525# X.509 certificate for SSL connections - ignored if useSSL is blank  
    26 #SessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem 
     26#sessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem 
    2727 
    2828# Private key file for SSL  - ignored if useSSL is blank  
    29 #SessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem 
     29#sessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem 
    3030 
    3131# Directory containing CA cert.s to verify SSL peer cert against - ignored if  
    3232# useSSL is blank  
    33 #SessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca 
    34  
    35 # On receipt of Attribute Certificates from Attribute Authorities, the 
    36 # signature of the Attribute Certificate needs to be checked.  This list of 
    37 # CA certs. enables the X,509 certificate used in the signature to be  
    38 # validated 
    39 SessionManager.credentialWallet.caCertFilePathList: $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
     33#sessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca 
     34 
     35# Credential Wallet Settings - global to all user sessions 
     36# 
     37# CA certificates for Attribute Certificate signature validation 
     38sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
     39 
     40# CA certificates for SSL connection peer cert. validation - required if 
     41# connecting to an Attribute Authority over SSL 
     42sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
     43 
     44# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     45# from another organisation trusted by the target Attribute Authority 
     46sessionManager.credentialWallet.mapFromTrustedHosts=True 
     47sessionManager.credentialWallet.rtnExtAttCertList=True 
     48 
     49# Refresh an Attribute Certificate, if an existing one in the wallet has only 
     50# this length of time left before it expires 
     51credentialWallet.attCertRefreshElapse=7200 
     52 
     53# Pointer to WS-Security settings.  IN this case, they're identified by a  
     54# prefix.   
     55sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity 
     56 
     57# ...A section name could also be used. 
     58#sessionManager.credentialWallet.wssCfgSection= 
     59 
     60# SOAP Signature Handler settings for the Credential Wallet's Attribute  
     61# Authority interface 
     62# 
     63# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     64# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     65# values should be delimited by a space 
     66sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
     67 
     68# Signature of an outbound message 
     69# 
     70# Certificate associated with private key used to sign a message.  The sign  
     71# method will add this to the BinarySecurityToken element of the WSSE header.   
     72# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
     73# As an alternative, use signingCertChain - see below... 
     74 
     75# PEM encoded cert 
     76sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt 
     77 
     78# ... or provide file path to PEM encoded private key file 
     79sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key 
     80 
     81# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     82# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     83# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     84# give full namespace to alternative - see  
     85# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     86# 
     87# binSecTokValType determines whether signingCert or signingCertChain  
     88# attributes will be used. 
     89sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3 
     90 
     91# Add a timestamp element to an outbound message 
     92sessionManager.credentialWallet.wssecurity.addTimestamp: True 
     93 
     94# For WSSE 1.1 - service returns signature confirmation containing signature  
     95# value sent by client 
     96sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True 
     97 
     98# Authentication service properties  
     99sessionManager.authNService.moduleFilePath:  
     100sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn 
     101sessionManager.authNService.className: BasicAuthN 
     102 
     103# Specific settings for BasicAuthN Session Manager authentication plugin 
     104# This sets up two test accounts.  Passwords are MD5 encrypted 
     105sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
    40106 
    41107# Settings for the Credential Repository - NullCredRepos is  
    42 #SessionManager.credentialRepository.modFilePath:  
    43 #SessionManager.credentialRepository.modName: ndg.security.common.CredWallet 
    44 #SessionManager.credentialRepository.className: NullCredRepos 
    45 #SessionManager.credentialRepository.propFile: 
     108#sessionManager.credentialRepository.modFilePath:  
     109#sessionManager.credentialRepository.modName: ndg.security.common.CredWallet 
     110#sessionManager.credentialRepository.className: NullCredRepos 
     111#sessionManager.credentialRepository.propFile: 
    46112 
    47113[server:main] 
     
    51117 
    52118[app:mainApp] 
    53 paste.app_factory = ndg.security.test.sessionMgrClient.wsgi.sessionManagerServerApp:app_factory 
     119paste.app_factory = ndg.security.test.sessionmanagerclient.wsgi.sessionManagerServerApp:app_factory 
    54120 
    55121# Chain of SOAP Middleware filters 
     
    62128ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
    63129ServiceSOAPBindingPropPrefix = SessionManager 
    64 SessionManager.propPrefix = SessionManager 
     130SessionManager.propPrefix = sessionManager 
    65131SessionManager.propFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/wsgi/session-manager.ini 
    66132referencedFilters = wsseSignatureVerificationFilter01 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/sessionManagerServerApp.py

    r4404 r4405  
    3030    os.environ['NDGSEC_AA_PROPFILEPATH'] = \ 
    3131                        os.path.join(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
    32 #                                     "sessionMgr.cfg") 
    33                                      "sessionMgrProperties.xml") 
     32                                     "sessionMgr.cfg") 
    3433 
    3534# To start the Site A Session Manager run  
Note: See TracChangeset for help on using the changeset viewer.