Changeset 4672 for TI12-security/trunk/python
- Timestamp:
- 17/12/08 14:46:43 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 2 added
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py
r4671 r4672 31 31 class X509CertReadError(X509CertError): 32 32 """Error reading in certificate from file""" 33 33 34 class X509CertParseError(X509CertError): 35 """Error parsing a certificate""" 36 34 37 class X509CertInvalidNotBeforeTime(X509CertError): 35 38 """Call from X509Cert.isValidTime if certificates not before time is … … 43 46 "NDG X509 Certificate Handling" 44 47 48 formatPEM = M2Crypto.X509.FORMAT_PEM 49 formatDER = M2Crypto.X509.FORMAT_DER 50 45 51 def __init__(self, filePath=None, m2CryptoX509=None): 46 52 … … 60 66 61 67 62 def read(self, filePath=None, **isValidTimeKw): 63 """Read a certificate from PEM encoded file 68 def read(self, 69 filePath=None, 70 format=None, 71 warningStackLevel=3, 72 **isValidTimeKw): 73 """Read a certificate from PEM encoded DER format file 64 74 65 75 @type filePath: basestring 66 76 @param filePath: file path of PEM format file to be read 67 77 78 @type format: int 79 @param format: format of input file - PEM is the default. Set to 80 X509Cert.formatDER for DER format 81 68 82 @type isValidTimeKw: dict 69 83 @param isValidTimeKw: keywords to isValidTime() call""" 84 85 if format is None: 86 format = X509Cert.formatPEM 70 87 71 88 # Check for optional input certificate file path … … 78 95 79 96 try: 80 self.__m2CryptoX509 = M2Crypto.X509.load_cert(self.__filePath) 97 self.__m2CryptoX509 = M2Crypto.X509.load_cert(self.__filePath, 98 format=format) 81 99 except Exception, e: 82 100 raise X509CertReadError("Error loading certificate \"%s\": %s" % … … 87 105 self.__setM2CryptoX509() 88 106 89 if 'warningStackLevel'not in isValidTimeKw: 90 isValidTimeKw['warningStackLevel'] = 3 91 92 self.isValidTime(**isValidTimeKw) 93 94 95 def parse(self, certTxt, **isValidTimeKw): 107 self.isValidTime(warningStackLevel=warningStackLevel, **isValidTimeKw) 108 109 110 def parse(self, 111 certTxt, 112 format=None, 113 warningStackLevel=3, 114 **isValidTimeKw): 96 115 """Read a certificate input as a string 97 116 … … 99 118 @param certTxt: PEM encoded certificate to parse 100 119 120 @type format: int 121 @param format: format of input file - PEM is the default. Set to 122 X509Cert.formatDER for DER format 123 101 124 @type isValidTimeKw: dict 102 125 @param isValidTimeKw: keywords to isValidTime() call""" 103 126 127 if format is None: 128 format = X509Cert.formatPEM 129 104 130 try: 105 131 # Create M2Crypto memory buffer and pass to load certificate … … 108 134 # Nb. input converted to standard string - buffer method won't 109 135 # accept unicode type strings 110 certBIO = M2Crypto.BIO.MemoryBuffer(str(certTxt)) 111 self.__m2CryptoX509 = M2Crypto.X509.load_cert_bio(certBIO) 112 136 # certBIO = M2Crypto.BIO.MemoryBuffer(str(certTxt)) 137 # self.__m2CryptoX509 = M2Crypto.X509.load_cert_bio(certBIO) 138 self.__m2CryptoX509 = M2Crypto.X509.load_cert_string(str(certTxt), 139 format=format) 113 140 except Exception, e: 114 raise X509Cert Error("Error loading certificate: %s" % e)141 raise X509CertParseError("Error loading certificate: %s" % e) 115 142 116 143 # Update DN and validity times from M2Crypto X509 object just … … 118 145 self.__setM2CryptoX509() 119 146 120 121 if 'warningStackLevel'not in isValidTimeKw: 122 isValidTimeKw['warningStackLevel'] = 3 123 124 self.isValidTime(**isValidTimeKw) 147 self.isValidTime(warningStackLevel=warningStackLevel, **isValidTimeKw) 125 148 126 149 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py
r4656 r4672 433 433 434 434 @type: ndg.security.common.X509.X509Cert / M2Crypto.X509.X509 / 435 string or None435 PEM encoded string or None 436 436 @param cert: X.509 certificate. 437 437 … … 448 448 449 449 elif isinstance(cert, basestring): 450 # Nb. Assume PEM encoded string! 450 451 x509Cert = X509CertParse(cert) 451 452 … … 458 459 if x509Cert: 459 460 x509Cert.isValidTime(raiseExcep=True) 461 462 return x509Cert 460 463 461 464 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/dom.py
r4479 r4672 689 689 # Remove base 64 encoding 690 690 derString = base64.decodestring(x509CertTxt) 691 692 # Load from DER format into M2Crypto.X509 693 m2X509Cert = X509.load_cert_string(derString, 694 format=X509.FORMAT_DER) 695 self.verifyingCert = m2X509Cert 696 691 self.verifyingCert = X509Cert.Parse(derString, 692 format=X509Cert.formatDER) 697 693 x509Stack = X509Stack() 698 694 … … 708 704 else: 709 705 raise WSSecurityError("BinarySecurityToken ValueType " 710 'attribute is not recognised: "%s"' %\706 'attribute is not recognised: "%s"' % 711 707 valueType) 712 708 713 709 except Exception, e: 714 710 raise VerifyError("Error extracting BinarySecurityToken " 715 "from WSSE header: " % e)711 "from WSSE header: %s" % e) 716 712 717 713 if self.verifyingCert is None: -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/etree.py
r4404 r4672 647 647 # Remove base 64 encoding 648 648 derString = base64.decodestring(x509CertTxt) 649 650 # Load from DER format into M2Crypto.X509 651 m2X509Cert = X509.load_cert_string(derString, 652 format=X509.FORMAT_DER) 653 self.__setVerifyingCert(m2X509Cert) 649 self.verifyingCert = X509Cert.Parse(derString, 650 format=X509Cert.formatDER) 654 651 655 652 x509Stack = X509Stack() 656 653 657 elif valueType == \ 658 self.binSecTokValType['X509PKIPathv1']: 654 elif valueType == self.binSecTokValType['X509PKIPathv1']: 659 655 660 656 derString = base64.decodestring(x509CertTxt) … … 665 661 self.verifyingCert = x509Stack[-1] 666 662 else: 667 raise WSSecurityError('BinarySecurityToken ValueType ' \ 668 'attribute is not recognised: "%s"' % valueType) 663 raise WSSecurityError('BinarySecurityToken ValueType ' 664 'attribute is not recognised: "%s"' % 665 valueType) 669 666 670 667 if self.verifyingCert is None: 671 raise VerifyError("No certificate set for verification of the " \668 raise VerifyError("No certificate set for verification of the " 672 669 "signature") 673 670 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py
r4603 r4672 401 401 defOpt class variable 402 402 ''' 403 404 badOpt = [] 405 for k,v in newOpt.items(): 406 if prefix and k.startswith(prefix): 407 subK = k.replace(prefix, '') 408 filtK = '_'.join(subK.split('.')) 403 def _isBadOptName(optName): 404 # Allow for authN.* and rendering.* properties used by the 405 # Authentication and Rendering interfaces respectively 406 return optName not in cls.defOpt and \ 407 not optName.startswith('authN_') and \ 408 not optName.startswith('rendering_') 409 410 badOptNames = [] 411 for optName, optVal in newOpt.items(): 412 if prefix: 413 if optName.startswith(prefix): 414 optName = optName.replace(prefix, '') 415 filtOptName = '_'.join(optName.split('.')) 416 417 # Skip assignment for bad option names and record them in 418 # an error list instead 419 if _isBadOptName(filtOptName): 420 badOptNames += [optName] 421 else: 422 opt[filtOptName] = optVal 423 else: 424 # Options not starting with prefix are ignored 425 log.debug("Skipping option \"%s\": it doesn't start with " 426 "the prefix \"%s\"", optName, prefix) 409 427 else: 410 filtK = k 411 412 # Allow for authN.* properties used by the Authentication 413 # Interface 414 if filtK not in cls.defOpt and \ 415 not filtK.startswith('authN_') and \ 416 not filtK.startswith('rendering_'): 417 badOpt += [k] 418 else: 419 opt[filtK] = v 428 filtOptName = '_'.join(optName.split('.')) 429 430 # Record any bad option names 431 if _isBadOptName(filtOptName): 432 badOptNames += [optName] 433 else: 434 opt[filtOptName] = optVal 420 435 421 if len(badOpt ) > 0:436 if len(badOptNames) > 0: 422 437 raise TypeError("Invalid input option(s) set: %s" % 423 (", ".join(badOpt))) 424 425 426 438 (", ".join(badOptNames))) 439 440 427 441 def __call__(self, environ, start_response): 428 442 """Standard WSGI interface. Intercepts the path if it matches any of … … 1137 1151 <xrds:XRDS 1138 1152 xmlns:xrds="xri://$xrds" 1139 xmlns="xri://$xrd*($ v*2.0)">1153 xmlns="xri://$xrd*($OptNameSfx*2.0)"> 1140 1154 <XRD> 1141 1155 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/attAuthorityClientTest.cfg
r4671 r4672 11 11 # ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this 12 12 # setting for test6GetMappedAttCert 13 #uri = http://localhost:5000/AttributeAuthority13 uri = http://localhost:5000/AttributeAuthority 14 14 15 15 # With TCP Mon: 16 uri = http://localhost:4999/AttributeAuthority16 #uri = http://localhost:4999/AttributeAuthority 17 17 18 18 # For https connections only. !Omit ssl* settings if using http! -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py
r4667 r4672 77 77 sslCACertList = [] 78 78 79 thisSection = self.cfg['setUp'] 80 79 81 # Instantiate WS proxy 80 self.siteAClnt = AttributeAuthorityClient(uri= self.cfg['setUp']['uri'],81 sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'),82 sslCACertList=sslCACertList,83 cfgFileSection='wsse',84 cfg=self.cfgParser)82 self.siteAClnt = AttributeAuthorityClient(uri=thisSection['uri'], 83 sslPeerCertCN=thisSection.get('sslPeerCertCN'), 84 sslCACertList=sslCACertList, 85 cfgFileSection='wsse', 86 cfg=self.cfgParser) 85 87 86 88 def test01GetHostInfo(self): -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini
r4587 r4672 17 17 18 18 [DEFAULT] 19 # Settings for WS-Security signature handler20 #wsseCfgFilePath = %(here)s/services.ini21 #wsseCfgFileSection = WS-Security22 23 19 #______________________________________________________________________________ 24 20 # Attribute Authority settings … … 266 262 # The SessionManagerWS SOAP interface class needs to know about these other 267 263 # filters 268 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 ndg.security.server.wsgi.attributeAuthorityFilter 264 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 265 ndg.security.server.wsgi.attributeAuthorityFilter 269 266 270 267 # Path from URL for Session Manager in this Paste deployment … … 286 283 287 284 # Settings for WS-Security SignatureHandler class used by this filter 288 #wsseCfgFilePath = %(here)s/services.ini289 #wsseCfgFileSection = WS-Security290 285 wsseCfgFilePrefix = wssecurity 291 286 … … 312 307 # Certificate associated with private key used to sign a message. The sign 313 308 # method will add this to the BinarySecurityToken element of the WSSE header. 314 wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 315 #wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.crt 309 wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.crt 316 310 317 311 # PEM encoded private key file 318 wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 319 #wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.key 312 wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.key 320 313 321 314 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/clnt.crt
r4285 r4672 2 2 Data: 3 3 Version: 3 (0x2) 4 Serial Number: 2 43 (0xf3)4 Serial Number: 259 (0x103) 5 5 Signature Algorithm: md5WithRSAEncryption 6 6 Issuer: O=NDG, OU=BADC, CN=Test CA 7 7 Validity 8 Not Before: Dec 1 8 11:42:41 2007GMT9 Not After : Dec 1 7 11:42:41 2008GMT8 Not Before: Dec 16 15:19:45 2008 GMT 9 Not After : Dec 15 15:19:45 2013 GMT 10 10 Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 11 11 Subject Public Key Info: … … 33 33 Exponent: 65537 (0x10001) 34 34 X509v3 extensions: 35 Netscape Cert Type: 35 Netscape Cert Type: 36 36 SSL Client, SSL Server, S/MIME, Object Signing 37 37 Signature Algorithm: md5WithRSAEncryption 38 c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:39 eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:40 73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:41 16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:42 2 8:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:43 c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:44 4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:45 6d:7838 63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 39 1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 40 44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 41 6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 42 24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 43 f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 44 bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 45 9e:5f 46 46 -----BEGIN CERTIFICATE----- 47 MIICizCCAfSgAwIBAgICA PMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA 3MTIxODExNDI049 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx47 MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 49 NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 50 50 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 51 51 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U … … 55 55 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 56 56 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQ DB58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 58 Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 59 LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 60 ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 61 61 -----END CERTIFICATE-----
Note: See TracChangeset
for help on using the changeset viewer.