Changeset 4587 for TI12-security
- Timestamp:
- 10/12/08 15:37:16 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 6 added
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py
r4404 r4587 73 73 self.caCertFilePathList = caCertFilePathList 74 74 75 76 75 def __call__(self, peerCert, host=None): 77 76 """Carry out checks on server ID … … 119 118 # They match - drop the exception and return all OK instead 120 119 return True 121 122 120 123 121 def __setCACertList(self, caCertList): 124 122 """Set list of CA certs - peer cert must validate against at least one … … 131 129 doc="list of CA certs - peer cert must validate against one") 132 130 133 134 #_________________________________________________________________________135 131 def __setCACertsFromFileList(self, caCertFilePathList): 136 132 '''Read CA certificates from file and add them to the X.509 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py
r4138 r4587 111 111 self.tracefile = None 112 112 113 self.smURI = self.cfg.get(defSection, 'sessionMgrURI') 114 self.aaURI = self.cfg.get(defSection, 'attAuthorityURI') 113 if self.cfg.has_option(defSection, 'sessionMgrURI'): 114 self.smURI = self.cfg.get(defSection, 'sessionMgrURI') 115 else: 116 self.smURI = None 117 118 if self.cfg.has_option(defSection, 'attAuthorityURI'): 119 self.aaURI = self.cfg.get(defSection, 'attAuthorityURI') 120 else: 121 self.aaURI = None 115 122 116 123 # ... for SSL connections to security web services -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py
r4584 r4587 1 """Single Sign On Service Login Controller 2 3 NERC Data Grid Project 4 """ 5 __author__ = "P J Kershaw" 6 __date__ = "10/12/08" 7 __copyright__ = "(C) 2008 STFC & NERC" 8 __license__ = \ 9 """This software may be distributed under the terms of the Q Public 10 License, version 1.0 or later.""" 11 __contact__ = "Philip.Kershaw@stfc.ac.uk" 12 __revision__ = '$Id$' 13 import logging 14 log = logging.getLogger(__name__) 15 1 16 # _redirect requires this to parse the server name 2 17 from urlparse import urlsplit … … 14 29 15 30 from base64 import urlsafe_b64decode, urlsafe_b64decode 16 import logging17 18 log = logging.getLogger(__name__)19 31 20 32 class LoginController(BaseController): … … 41 53 # Session is set in this domain - check it 42 54 try: 43 smClnt = WSGISessionManagerClient(uri=session['ndgSec']['h'], 55 smClnt = WSGISessionManagerClient( 56 environ=request.environ, 57 uri=session['ndgSec']['h'], 44 58 tracefile=self.cfg.tracefile, 45 59 httpProxyHost=self.cfg.httpProxyHost, … … 57 71 58 72 # Check session status 59 log.debug('Calling Session Manager "%s" getSessionStatus %sfor user '73 log.debug('Calling Session Manager "%s" getSessionStatus for user ' 60 74 '"%s" with sid="%s" ...' % 61 75 (session['ndgSec']['h'], … … 94 108 95 109 try: 96 smClnt = WSGISessionManagerClient(uri=self.cfg.smURI, 97 tracefile=self.cfg.tracefile, 98 httpProxyHost=self.cfg.httpProxyHost, 99 noHttpProxyList=self.cfg.noHttpProxyList, 100 **self.cfg.wss) 110 smClnt = WSGISessionManagerClient( 111 environ=request.environ, 112 uri=self.cfg.smURI, 113 tracefile=self.cfg.tracefile, 114 httpProxyHost=self.cfg.httpProxyHost, 115 noHttpProxyList=self.cfg.noHttpProxyList, 116 **self.cfg.wss) 101 117 102 118 username = request.params['username'] … … 129 145 # Make request for attribute certificate 130 146 attCert = smClnt.getAttCert(sessID=sessID, 131 att AuthorityURI=self.cfg.aaURI)147 attributeAuthorityURI=self.cfg.aaURI) 132 148 except SessionExpired, e: 133 149 log.info("Session expired getting Attribute Certificate: %s" % e) … … 202 218 203 219 # Look-up list of Cert DNs for trusted requestors 204 aaClnt = WSGIAttributeAuthorityClient(uri=self.cfg.aaURI, 220 aaClnt = WSGIAttributeAuthorityClient( 221 environ=request.environ, 222 uri=self.cfg.aaURI, 205 223 tracefile=self.cfg.tracefile, 206 224 httpProxyHost=self.cfg.httpProxyHost, -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py
r4584 r4587 124 124 125 125 try: 126 aaClnt = WSGIAttributeAuthorityClient(uri=cfg.aaURI, 126 aaClnt = WSGIAttributeAuthorityClient( 127 environ=pylons.request.environ, 128 uri=cfg.aaURI, 127 129 tracefile=cfg.tracefile, 128 130 httpProxyHost=cfg.httpProxyHost, -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py
r4584 r4587 48 48 self._environ = environ 49 49 50 if 'uri' in soapClientKw:50 if soapClientKw.get('uri'): 51 51 self._soapClient = AttributeAuthorityClient(**soapClientKw) 52 52 else: … … 114 114 # from other trusted hosts 115 115 allHostsInfo = self.ref.hostInfo 116 allHostsInfo.update(self.ref.get AllHostsInfo())116 allHostsInfo.update(self.ref.getTrustedHostInfo()) 117 117 return allHostsInfo 118 118 else: -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py
r4584 r4587 139 139 self._environ = environ 140 140 141 if 'uri' in soapClientKw:141 if soapClientKw.get('uri'): 142 142 self._soapClient = SessionManagerClient(**soapClientKw) 143 143 else: … … 244 244 245 245 if self.refInEnviron: 246 # Connect to local instance 246 # Connect to local instance of Session Manager - next check for 247 # an Attribute Authority URI or instance running locally 247 248 if kw.get('attributeAuthorityURI') is None and \ 248 249 kw.get('attributeAuthority') is None: -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py
r4565 r4587 58 58 } 59 59 httpBasicAuthentication = HTTPBasicAuthentication() 60 60 61 def __init__(self, app, globalConfig, **localConfig): 62 self.app = app 63 61 64 def __call__(self, environ, start_response): 62 65 … … 65 68 action = getattr(self, methodName) 66 69 return action(environ, start_response) 70 elif self.app is not None: 71 return self.app(environ, start_response) 67 72 else: 68 73 start_response('404 Not Found', [('Content-type', 'text/plain')]) … … 138 143 start_response('200 OK', [('Content-type', 'text/xml')]) 139 144 return str(attCert) 140 141 142 def app_factory(global_config, **local_conf):143 return CombinedServicesWSGI()144 145 146 def app_factory(globalConfig, **localConfig): 147 return CombinedServicesWSGI(None, globalConfig, **localConfig) 148 149 def filter_app_factory(app, globalConfig, **localConfig): 150 return CombinedServicesWSGI(app, globalConfig, **localConfig) 145 151 146 152 # Initialize environment for unit tests -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini
r4573 r4587 148 148 149 149 [app:mainApp] 150 paste.app_factory = ndg.security.test.combinedservices.serverapp:app_factory 150 paste.app_factory = ndg.security.server.sso.sso.config.middleware:make_app 151 cache_dir = %(here)s/data 152 beaker.session.key = sso 153 beaker.session.secret = somesecret 154 155 # If you'd like to fine-tune the individual locations of the cache data dirs 156 # for the Cache data, or the Session saves, un-comment the desired settings 157 # here: 158 #beaker.cache.data_dir = %(here)s/data/cache 159 #beaker.session.data_dir = %(here)s/data/sessions 160 161 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* 162 # Debug mode will enable the interactive debugging tool, allowing ANYONE to 163 # execute malicious code after an exception is raised. 164 set debug = false 165 166 configfile = %(here)s/singleSignOnService/sso.cfg 167 #configfile = /home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso.cfg 168 169 # AuthKit Set-up 170 authkit.setup.method=openid, cookie 171 authkit.cookie.secret=secret encryption string 172 authkit.cookie.signoutpath = /logout 173 authkit.openid.path.signedin=/ 174 authkit.openid.store.type=file 175 authkit.openid.store.config=%(here)s/data/openid 176 authkit.openid.session.key = authkit_openid 177 authkit.openid.session.secret = random string 178 179 authkit.openid.baseurl = http://localhost 180 181 # Template for signin 182 authkit.openid.template.obj = ndg.security.server.sso.sso.lib.openid_util:make_template 183 184 # Handler for parsing OpenID and creating a session from it 185 authkit.openid.urltouser = ndg.security.server.sso.sso.lib.openid_util:url2user 151 186 152 187 # Chain of SOAP Middleware filters … … 159 194 SessionMiddlewareFilter 160 195 OpenIDProviderFilter 196 testHarnessFilter 161 197 mainApp 198 199 [filter:testHarnessFilter] 200 paste.filter_app_factory = 201 ndg.security.test.combinedservices.serverapp:filter_app_factory 202 162 203 163 204 #______________________________________________________________________________ -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/siteAAttributeAuthority/siteAMapConfig.xml
r4584 r4587 5 5 <loginURI>https://localhost/sso/login</loginURI> 6 6 <aaDN>/O=NDG/OU=Site A/CN=AttributeAuthority</aaDN> 7 <!-- 7 8 <loginServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginServerDN> 8 9 <loginRequestServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginRequestServerDN> 9 </thisHost> 10 --> 11 <loginServerDN>/C=UK/CN=gabriel.badc.rl.ac.uk/O=RAL/ST=Oxfordshire/OU=BADC</loginServerDN> 12 <loginRequestServerDN>/C=UK/CN=gabriel.badc.rl.ac.uk/O=RAL/ST=Oxfordshire/OU=BADC</loginRequestServerDN> 13 </thisHost> 10 14 <trusted name="Site C"> 11 15 <aaURI>http://aa.sitec.blah</aaURI>
Note: See TracChangeset
for help on using the changeset viewer.