Changeset 4603


Ignore:
Timestamp:
11/12/08 16:25:07 (11 years ago)
Author:
pjkersha
Message:

#1004: initial work on Security Filter:

  • started new SSLClientAuthNMiddleware WSGI to filter configured URL paths applying SSL client authentication. Gets SSL client certificate from Apache SSL_CLIENT_CERT environment variable and so to work it requires deployment in mod_wsgi with SSL in order to pick up environ.
  • AppLoaderMiddleware?: convenience utility enables mod_wsgi application to parse a Paste Deploy style ini file containing an app and app pipeline as required.
Location:
TI12-security/trunk/python
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/m2Crypto/test_sslClntAuthN.py

    r4146 r4603  
    5959 
    6060if __name__ == "__main__": 
    61     hostname = 'gabriel.badc.rl.ac.uk' 
    62     path = '/openid' 
     61    import sys 
     62    if len(sys.argv) > 1: 
     63        from urlparse import urlparse 
     64        url = urlparse(sys.argv[1]) 
     65        hostname = url.netloc 
     66        path = url.path 
     67    else:     
     68        hostname = 'gabriel.badc.rl.ac.uk' 
     69        path = '/openid' 
     70         
    6371    con = HTTPSConnection(hostname, clntCertFilePath='./test.crt', 
    6472                          clntPriKeyFilePath='./test.key') 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py

    r4404 r4603  
    329329        return bool(self.__m2CryptoX509.verify(pubKey, **kw)) 
    330330 
     331    @classmethod 
     332    def Read(cls, filePath): 
     333        """Create a new X509 certificate read in from a file""" 
     334     
     335        x509Cert = cls(filePath=filePath) 
     336        x509Cert.read() 
     337         
     338        return x509Cert 
     339     
     340    @classmethod 
     341    def Parse(cls, x509CertTxt): 
     342        """Create a new X509 certificate from string of file content""" 
     343     
     344        x509Cert = cls() 
     345        x509Cert.parse(x509CertTxt) 
     346         
     347        return x509Cert 
     348         
    331349#_____________________________________________________________________________ 
    332350# Alternative AttCert constructors 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r4587 r4603  
    110110        if len(self.__caCertStack) > 0: 
    111111            try: 
    112                 self.__caCertStack.verifyCertChain(\ 
     112                self.__caCertStack.verifyCertChain( 
    113113                           x509Cert2Verify=X509Cert(m2CryptoX509=peerCert)) 
    114114            except Exception, e: 
     
    137137        be used to verify certificate used to sign message''' 
    138138         
    139         if not isinstance(caCertFilePathList, list) and \ 
    140            not isinstance(caCertFilePathList, tuple): 
     139        if not isinstance(caCertFilePathList, (list, tuple)): 
    141140            raise AttributeError( 
    142141                        'Expecting a list or tuple for "caCertFilePathList"') 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

    r4565 r4603  
    385385 
    386386    @classmethod 
    387     def _filterOpts(cls, opt, newOpt, prefix=None): 
     387    def _filterOpts(cls, opt, newOpt, prefix=''): 
    388388        '''Convenience utility to filter input options set in __init__ via 
    389389        app_conf or keywords 
     
    404404        badOpt = [] 
    405405        for k,v in newOpt.items(): 
    406             if k.startswith(prefix): 
     406            if prefix and k.startswith(prefix): 
    407407                subK = k.replace(prefix, '')                     
    408408                filtK = '_'.join(subK.split('.'))   
    409                  
    410                 # Allow for authN.* properties used by the Authentication 
    411                 # Interface  
    412                 if filtK not in cls.defOpt and \ 
    413                    not filtK.startswith('authN_') and \ 
    414                    not filtK.startswith('rendering_'): 
    415                     badOpt += [k]                 
    416                 else: 
    417                     opt[filtK] = v 
     409            else: 
     410                filtK = k 
     411                     
     412            # Allow for authN.* properties used by the Authentication 
     413            # Interface  
     414            if filtK not in cls.defOpt and \ 
     415               not filtK.startswith('authN_') and \ 
     416               not filtK.startswith('rendering_'): 
     417                badOpt += [k]                 
     418            else: 
     419                opt[filtK] = v 
    418420                 
    419421        if len(badOpt) > 0: 
Note: See TracChangeset for help on using the changeset viewer.