Context Navigation

python

Timestamp:

11/12/08 16:25:07 (12 years ago)

Author:

pjkersha

Message:

#1004: initial work on Security Filter:

started new SSLClientAuthNMiddleware WSGI to filter configured URL paths applying SSL client authentication. Gets SSL client certificate from Apache SSL_CLIENT_CERT environment variable and so to work it requires deployment in mod_wsgi with SSL in order to pick up environ.
AppLoaderMiddleware?: convenience utility enables mod_wsgi application to parse a Paste Deploy style ini file containing an app and app pipeline as required.

Location:

TI12-security/trunk/python

Files:

-                      r4146
+                      r4603
 if __name__ == "__main__":
+    hostname = 'gabriel.badc.rl.ac.uk'
+    path = '/openid'
+    import sys
+    if len(sys.argv) > 1:
+        from urlparse import urlparse
+        url = urlparse(sys.argv[1])
+        hostname = url.netloc
+        path = url.path
+    else:
+        hostname = 'gabriel.badc.rl.ac.uk'
+        path = '/openid'
     con = HTTPSConnection(hostname, clntCertFilePath='./test.crt',
                           clntPriKeyFilePath='./test.key')

-                      r4404
+                      r4603
         return bool(self.__m2CryptoX509.verify(pubKey, **kw))
+    @classmethod
+    def Read(cls, filePath):
+        """Create a new X509 certificate read in from a file"""
+        x509Cert = cls(filePath=filePath)
+        x509Cert.read()
+        return x509Cert
+    @classmethod
+    def Parse(cls, x509CertTxt):
+        """Create a new X509 certificate from string of file content"""
+        x509Cert = cls()
+        x509Cert.parse(x509CertTxt)
+        return x509Cert
 #_____________________________________________________________________________
 # Alternative AttCert constructors

-                      r4587
+                      r4603
         if len(self.__caCertStack) > 0:
             try:
                 self.__caCertStack.verifyCertChain(\
+                self.__caCertStack.verifyCertChain(
                            x509Cert2Verify=X509Cert(m2CryptoX509=peerCert))
             except Exception, e:
 …
         be used to verify certificate used to sign message'''
+        if not isinstance(caCertFilePathList, list) and \
+           not isinstance(caCertFilePathList, tuple):
+        if not isinstance(caCertFilePathList, (list, tuple)):
             raise AttributeError(
                         'Expecting a list or tuple for "caCertFilePathList"')

-                      r4565
+                      r4603
     @classmethod
     def _filterOpts(cls, opt, newOpt, prefix=None):
+    def _filterOpts(cls, opt, newOpt, prefix=''):
         '''Convenience utility to filter input options set in __init__ via
         app_conf or keywords
 …
         badOpt = []
         for k,v in newOpt.items():
             if k.startswith(prefix):
+            if prefix and k.startswith(prefix):
                 subK = k.replace(prefix, '')
                 filtK = '_'.join(subK.split('.'))
+                # Allow for authN.* properties used by the Authentication
+                # Interface
+                if filtK not in cls.defOpt and \
+                   not filtK.startswith('authN_') and \
+                   not filtK.startswith('rendering_'):
+                    badOpt += [k]
+                else:
+                    opt[filtK] = v
+            else:
+                filtK = k
+            # Allow for authN.* properties used by the Authentication
+            # Interface
+            if filtK not in cls.defOpt and \
+               not filtK.startswith('authN_') and \
+               not filtK.startswith('rendering_'):
+                badOpt += [k]
+            else:
+                opt[filtK] = v
         if len(badOpt) > 0:

Note: See TracChangeset for help on using the changeset viewer.