Changeset 4527
- Timestamp:
- 03/12/08 16:15:56 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py
r4407 r4527 256 256 log.debug("BaseSignatureHandler.__init__: setting config from " 257 257 "keywords...") 258 self.cfg.update(kw) 258 259 # Filter keywords if a prefix is set removing any that don't start with 260 # the prefix given 261 # if cfgFilePrefix: 262 # pfxWithDot = cfgFilePrefix+'.' 263 # kw = dict([(k.replace(pfxWithDot, ''), v) for k, v in kw.items() 264 # if k.startswith(pfxWithDot)]) 265 # 266 self.cfg.update(kw, prefix=cfgFilePrefix) 259 267 260 268 # set default value type, if none specified in config file -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/__init__.py
r4404 r4527 12 12 __contact__ = "Philip.Kershaw@stfc.ac.uk" 13 13 __revision__ = "$Id$" 14 import logging 15 log = logging.getLogger(__name__) 14 16 15 17 from ConfigParser import SafeConfigParser … … 18 20 from ZSI.wstools.Namespaces import OASIS 19 21 20 class WSSecurityConfigOpNotPermitted(Exception): 22 class WSSecurityConfigError(Exception): 23 """Configuration error with WS-Security setting or settings""" 24 25 class WSSecurityConfigOpNotPermitted(WSSecurityConfigError): 21 26 "Raise for dict methods not allowed in WSSecurityConfig" 22 27 … … 180 185 return key in self._param 181 186 182 def update(self, seq, *arg): 183 badKeys=[i for i in seq if i not in WSSecurityConfig.propertyDefaults] 184 if badKeys: 185 raise KeyError("Parameter key(s) %s not recognised" % \ 186 ','.join(badKeys)) 187 return self._param.update(seq, *arg) 187 def update(self, seq, *arg, **kw): 188 189 # Prefix for option names - optNames = name as they appear in the 190 # config file, self._param are the names used in the code. 191 prefix = kw.pop('prefix', None) 192 if prefix: 193 pfxWithDot = prefix+'.' 194 seqFilt = dict([(k.replace(pfxWithDot, ''), v) 195 for k, v in seq.items() 196 if k.startswith(pfxWithDot)]) 197 else: 198 seqFilt = seq 199 200 badKeys = [] 201 for optName, optVal in seqFilt.items(): 202 if optName not in WSSecurityConfig.propertyDefaults: 203 badKeys += [optName] 204 205 elif isinstance(WSSecurityConfig.propertyDefaults[optName], list): 206 if isinstance(optVal, basestring): 207 # Parse into a list 208 seqFilt[optName] = exVar(optVal).split() 209 elif isinstance(optVal, list): 210 seqFilt[optName] = exVar(optVal) 211 else: 212 raise WSSecurityConfigError("Expecting list type for " 213 'option "%s"' % optName) 214 elif isinstance(WSSecurityConfig.propertyDefaults[optName], bool): 215 if isinstance(optVal, basestring): 216 # Parse into a boolean 217 seqFilt[optName] = bool(optVal) 218 219 elif isinstance(optVal, bool): 220 seqFilt[optName] = optVal 221 else: 222 raise WSSecurityConfigError("Expecting bool type for " 223 'option "%s"' % optName) 224 else: 225 # Default to None if setting is an empty string. Settings 226 # of '' causes problems for M2Crypto parsing 227 seqFilt[optName] = exVar(optVal) or None 228 229 if len(badKeys) > 0: 230 log.warning("Ignoring unrecognised parameter key(s) for update: " 231 "%s" % ', '.join(badKeys)) 232 233 return self._param.update(seqFilt, *arg) 188 234 189 235 def fromkeys(self, seq): -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py
r4521 r4527 66 66 # keywords 67 67 self.referencedFilterKeys = \ 68 self.app_conf['referencedFilters'].split() 68 self.app_conf.pop('referencedFilters').split() 69 70 # Remove equivalent keyword if present 71 kw.pop('referencedFilters', None) 72 69 73 70 74 def __call__(self, environ, start_response): -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py
r4521 r4527 46 46 wsseCfgFilePrefix = self.app_conf.get('wsseCfgFilePrefix') 47 47 48 # Where possible remove keywords not applicable to SignatureHandler 49 kw.pop('wsseCfgFilePath', None) 50 kw.pop('wsseCfgFileSection', None) 51 kw.pop('wsseCfgFilePrefix', None) 52 48 53 self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath, 49 54 cfgFileSection=wsseCfgFileSection, 50 cfgFilePrefix=wsseCfgFilePrefix) 55 cfgFilePrefix=wsseCfgFilePrefix, 56 **kw) 51 57 52 58 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini
r4526 r4527 244 244 245 245 # Settings for WS-Security SignatureHandler class used by this filter 246 wsseCfgFilePath = %(here)s/services.ini 247 wsseCfgFileSection = WS-Security 246 #wsseCfgFilePath = %(here)s/services.ini 247 #wsseCfgFileSection = WS-Security 248 wsseCfgFilePrefix = wssecurity 249 250 # Verify against known CAs - Provide a space separated list of file paths 251 wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 252 #wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt 248 253 249 254 #______________________________________________________________________________ … … 261 266 262 267 # Settings for WS-Security SignatureHandler class used by this filter 263 wsseCfgFilePath = %(here)s/services.ini 264 wsseCfgFileSection = WS-Security 268 wsseCfgFilePrefix = wssecurity 269 270 # Certificate associated with private key used to sign a message. The sign 271 # method will add this to the BinarySecurityToken element of the WSSE header. 272 wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 273 #wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.crt 274 275 # PEM encoded private key file 276 wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 277 #wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.key 278 279 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 280 # signed message. See __setReqBinSecTokValType method and binSecTokValType 281 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or 282 # give full namespace to alternative - see 283 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 284 # 285 # binSecTokValType determines whether signingCert or signingCertChain 286 # attributes will be used. 287 wssecurity.reqBinSecTokValType=X509v3 288 289 # Add a timestamp element to an outbound message 290 wssecurity.addTimestamp=True 291 292 # For WSSE 1.1 - service returns signature confirmation containing signature 293 # value sent by client 294 wssecurity.applySignatureConfirmation=True 265 295 266 296 #______________________________________________________________________________ … … 305 335 paste.filter_app_factory=beaker.middleware:SessionMiddleware 306 336 307 #______________________________________________________________________________308 # Common WS-Security settings for wsseSignatureFilter and309 # wsseSignatureVerificationFilter310 [WS-Security]311 #312 # OUTBOUND MESSAGE CONFIG313 314 # Signature of an outbound message315 316 # Certificate associated with private key used to sign a message. The sign317 # method will add this to the BinarySecurityToken element of the WSSE header.318 signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt319 #signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.crt320 321 # PEM encoded private key file322 signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key323 #signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.key324 325 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a326 # signed message. See __setReqBinSecTokValType method and binSecTokValType327 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or328 # give full namespace to alternative - see329 # ZSI.wstools.Namespaces.OASIS.X509TOKEN330 #331 # binSecTokValType determines whether signingCert or signingCertChain332 # attributes will be used.333 reqBinSecTokValType=X509v3334 335 # Add a timestamp element to an outbound message336 addTimestamp=True337 338 # For WSSE 1.1 - service returns signature confirmation containing signature339 # value sent by client340 applySignatureConfirmation=True341 342 #343 # INBOUND MESSAGE CONFIG344 345 # Provide a space separated list of file paths346 caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt347 #caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt348 349 350 337 # Logging configuration 351 338 [loggers]
Note: See TracChangeset
for help on using the changeset viewer.