Changeset 4682 for TI12-security


Ignore:
Timestamp:
18/12/08 17:05:05 (11 years ago)
Author:
pjkersha
Message:
  • paster template - updated .ini_tmpl file adding $$ escapes for $ vars to be left in place
  • configfileparsers: added 'here' variable as default for INIPropertyFile class in the style of Paste Deploy ini file handling
  • WSGISessionManagerClient and WSGIAttributeAuthorityClient: more robust error handling and fixes for keying filter names from environ
  • Combined services tests: make use name substitution for section names
Location:
TI12-security/trunk/python
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/X509.py

    r4680 r4682  
    1313import logging 
    1414log = logging.getLogger(__name__) 
    15 from warnings import warn # warn of impendiong certificate expiry 
     15from warnings import warn # warn of impending certificate expiry 
    1616 
    1717import types 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/configfileparsers.py

    r4680 r4682  
    171171             
    172172        if cfg is None: 
    173             self.cfg = CaseSensitiveConfigParser() 
     173            hereDef = {'here': os.path.dirname(propFilePath)} 
     174            self.cfg = CaseSensitiveConfigParser(defaults=hereDef) 
    174175            self.cfg.read(propFilePath) 
    175176            if not os.path.isfile(propFilePath): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/templates/default_project/services.ini_tmpl

    r4680 r4682  
    55# * Session Manager 
    66# * Attribute Authority 
    7 # * OpenID Provider 
    87# 
    98# The %(here)s variable will be replaced with the parent directory of this file 
     
    1110# Author: P J Kershaw 
    1211# date: 30/11/05 
    13 # Copyright: (C) 2008 STFC 
     12# Copyright: (C) 2008 STFC & NERC 
    1413# license: This software may be distributed under the terms of the Q Public  
    1514# License, version 1.0 or later. 
    1615# Contact: Philip.Kershaw@stfc.ac.uk 
     16# Revision: $$Id$$ 
    1717 
    1818[DEFAULT] 
     
    2020# Attribute Authority settings 
    2121# 'name' setting MUST agree with map config file 'thisHost' name attribute 
    22 attributeAuthority.name: ${attributeAuthorityID} 
     22attributeAuthority.name: Site A 
    2323 
    2424# Lifetime is measured in seconds 
     
    3131 
    3232# All Attribute Certificates issued are recorded in this dir 
    33 attributeAuthority.attCertDir: $NDGSEC_CONFIG_DIR/siteAAttributeAuthority/attCertLog 
     33attributeAuthority.attCertDir: %(here)s/siteAAttributeAuthority/attCertLog 
    3434 
    3535# Files in attCertDir are stored using a rotating file handler 
     
    4141 
    4242# Location of role mapping file 
    43 attributeAuthority.mapConfigFile: $NDGSEC_CONFIG_DIR/siteAAttributeAuthority/siteAMapConfig.xml 
     43attributeAuthority.mapConfigFile: %(here)s/siteAAttributeAuthority/siteAMapConfig.xml 
    4444 
    4545# Settings for custom AAUserRoles derived class to get user roles for given  
    4646# user ID 
    47 attributeAuthority.userRolesModFilePath: $NDGSEC_CONFIG_DIR/siteAAttributeAuthority 
     47attributeAuthority.userRolesModFilePath: %(here)s/siteAAttributeAuthority 
    4848attributeAuthority.userRolesModName: siteAUserRoles 
    4949attributeAuthority.userRolesClassName: TestUserRoles 
    5050 
    5151# Config for XML signature of Attribute Certificate 
    52 attributeAuthority.signingPriKeyFilePath: $NDGSEC_CONFIG_DIR/siteAAttributeAuthority/siteA-aa.key 
    53 attributeAuthority.signingCertFilePath: $NDGSEC_CONFIG_DIR/siteAAttributeAuthority/siteA-aa.crt 
    54 attributeAuthority.caCertFilePathList: $NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt 
     52attributeAuthority.signingPriKeyFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.key 
     53attributeAuthority.signingCertFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.crt 
     54attributeAuthority.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    5555 
    5656#______________________________________________________________________________ 
     
    6262# 
    6363# CA certificates for Attribute Certificate signature validation 
    64 sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt 
     64sessionManager.credentialWallet.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6565 
    6666# CA certificates for SSL connection peer cert. validation - required if 
    6767# connecting to an Attribute Authority over SSL 
    68 sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt 
     68sessionManager.credentialWallet.sslCACertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6969 
    7070# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     
    9595# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    9696# values should be delimited by a space 
    97 sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt 
     97sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    9898 
    9999# Signature of an outbound message 
     
    105105 
    106106# PEM encoded cert 
    107 sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_CONFIG_DIR/sessionmanager/sm.crt 
     107sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(here)s/sessionmanager/sm.crt 
    108108 
    109109# ... or provide file path to PEM encoded private key file 
    110 sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_CONFIG_DIR/sessionmanager/sm.key 
     110sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(here)s/sessionmanager/sm.key 
    111111 
    112112# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    134134# Specific settings for UserCertAuthN Session Manager authentication plugin 
    135135# This sets up PKI credentials for a single test account 
    136 sessionManager.authNService.userX509CertFilePath: $NDGSEC_CONFIG_DIR/sessionmanager/user.crt 
    137 sessionManager.authNService.userPriKeyFilePath: $NDGSEC_CONFIG_DIR/sessionmanager/user.key 
     136sessionManager.authNService.userX509CertFilePath: %(here)s/sessionmanager/user.crt 
     137sessionManager.authNService.userPriKeyFilePath: %(here)s/sessionmanager/user.key 
    138138sessionManager.authNService.userPriKeyPwd: testpassword 
    139139 
     
    196196paste.filter_app_factory =  
    197197        ndg.security.test.combinedservices.serverapp:filter_app_factory 
    198  
     198sessionManagerFilterID = filter:SessionManagerFilter 
     199attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
    199200 
    200201#______________________________________________________________________________ 
     
    217218# identified by this prefix: 
    218219AttributeAuthority.propPrefix = attributeAuthority 
    219 AttributeAuthority.propFilePath = $NDGSEC_CONFIG_DIR/services.ini 
    220 AttributeAuthority.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     220AttributeAuthority.propFilePath = %(here)s/services.ini 
     221AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    221222 
    222223# Provide an identifier for this filter so that main WSGI app  
    223224# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
    224225# directly 
    225 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     226referencedFilters = filter:wsseSignatureVerificationFilter 
    226227 
    227228# Path from URL for Attribute Authority in this Paste deployment 
     
    231232enableWSDLQuery = True 
    232233charset = utf-8 
    233 filterID = ndg.security.server.wsgi.attributeAuthorityFilter 
     234filterID = %(__name__)s 
    234235 
    235236#______________________________________________________________________________ 
     
    252253# by this prefix: 
    253254SessionManager.propPrefix = sessionManager 
    254 SessionManager.propFilePath = $NDGSEC_CONFIG_DIR/services.ini 
     255SessionManager.propFilePath = %(here)s/services.ini 
    255256 
    256257# This filter references other filters - a local Attribute Authority (optional) 
    257258# and a WS-Security signature verification filter (required if using signature 
    258259# to authenticate user in requests 
    259 SessionManager.attributeAuthorityFilterID = ndg.security.server.wsgi.attributeAuthorityFilter 
    260 SessionManager.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     260SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
     261SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    261262 
    262263# The SessionManagerWS SOAP interface class needs to know about these other  
    263264# filters 
    264 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01  
    265                                         ndg.security.server.wsgi.attributeAuthorityFilter 
     265referencedFilters = filter:wsseSignatureVerificationFilter  
     266                                        filter:AttributeAuthorityFilter 
    266267 
    267268# Path from URL for Session Manager in this Paste deployment 
     
    274275# Provide an identifier for this filter so that main WSGI app  
    275276# CombinedServicesWSGI can call this Session Manager directly 
    276 filterID = ndg.security.server.wsgi.sessionManagerFilter 
     277filterID = %(__name__)s 
    277278 
    278279#______________________________________________________________________________ 
     
    280281[filter:wsseSignatureVerificationFilter] 
    281282paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    282 filterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     283filterID = %(__name__)s 
    283284 
    284285# Settings for WS-Security SignatureHandler class used by this filter 
     
    286287 
    287288# Verify against known CAs - Provide a space separated list of file paths 
    288 wssecurity.caCertFilePathList=$NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt 
    289 #wssecurity.caCertFilePathList=$NDGSEC_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_CONFIG_DIR/ca/java-ca.crt 
     289wssecurity.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    290290 
    291291#______________________________________________________________________________ 
     
    296296# Reference the verification filter in order to be able to apply signature 
    297297# confirmation 
    298 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
    299 wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     298referencedFilters = filter:wsseSignatureVerificationFilter 
     299wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    300300 
    301301# Last filter in chain of SOAP handlers writes the response 
     
    307307# Certificate associated with private key used to sign a message.  The sign  
    308308# method will add this to the BinarySecurityToken element of the WSSE header.   
    309 wssecurity.signingCertFilePath=$NDGSEC_CONFIG_DIR/server.crt 
     309wssecurity.signingCertFilePath=%(here)s/server.crt 
    310310 
    311311# PEM encoded private key file 
    312 wssecurity.signingPriKeyFilePath=$NDGSEC_CONFIG_DIR/server.key 
     312wssecurity.signingPriKeyFilePath=%(here)s/server.key 
    313313 
    314314# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    399399# setting below is the default and can be omitted if it matches the filterID 
    400400# set for the Session Manager 
    401 #openid.provider.authN.environKey=ndg.security.server.wsgi.sessionManagerFilter 
     401#openid.provider.authN.environKey=filter:SessionManagerFilter 
    402402 
    403403# Database connection to enable check between username and OpenID identifier 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/templates/template.py

    r4674 r4682  
    11#!/usr/bin/env python 
    22 
    3 from paste.script.templates import Template, var 
     3from paste.script.templates import Template, var, _skip_variables 
    44 
    55vars = [ 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

    r4680 r4682  
    1818from ndg.security.common.attributeauthority import AttributeAuthorityClient 
    1919 
     20class WSGIAttributeAuthorityClientError(Exception): 
     21    """Base class for WSGIAttributeAuthorityClient exceptions""" 
     22     
     23class WSGIAttributeAuthorityClientConfigError( 
     24                                        WSGIAttributeAuthorityClientError): 
     25    """Configuration error""" 
     26     
    2027class WSGIAttributeAuthorityClient(object): 
    2128    """Client interface to Attribute Authority for WSGI based applications 
     
    7683            # Connect to local instance 
    7784            return self.ref.hostInfo 
    78         else: 
     85         
     86        elif self._soapClient is None:             
     87            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
     88                        "local Attribute Authority is set and no SOAP client " 
     89                        "to a remote service has been initialized") 
     90        else:             
    7991            # Make connection to remote service 
    8092            return self._soapClient.getHostInfo() 
     
    97109            # Connect to local instance 
    98110            return self.ref.getTrustedHostInfo(**kw) 
     111        elif self._soapClient is None:             
     112            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
     113                        "local Attribute Authority is set and no SOAP client " 
     114                        "to a remote service has been initialized") 
    99115        else: 
    100116            # Make connection to remote service 
     
    116132            allHostsInfo.update(self.ref.getTrustedHostInfo()) 
    117133            return allHostsInfo 
     134        elif self._soapClient is None:             
     135            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
     136                        "local Attribute Authority is set and no SOAP client " 
     137                        "to a remote service has been initialized") 
    118138        else: 
    119139            # Make connection to remote service 
     
    142162 
    143163            return self.ref.getAttCert(**kw) 
     164        elif self._soapClient is None:             
     165            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
     166                        "local Attribute Authority is set and no SOAP client " 
     167                        "to a remote service has been initialized") 
    144168        else: 
    145169            # Make connection to remote service 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4680 r4682  
    5757    SessionManagerClientError, SessionCertTimeError 
    5858 
    59 # Combine Session not found exception classes as raised from server and 
    60 # client side to enable convenient exception handling by a client to this 
    61 # class.  e.g. a call to WSGISessionManager.connect without the need to know  
    62 # whether the wrapper is calling a remote service over the SOAP interface or 
    63 # the service locally via a reference a Session Manager in environ: 
    64 #  
    65 # try: 
    66 #     wsgiClnt.connect(username, passphrase=p) 
    67 # except SessionNotFound, e: 
    68 #     #  do something 
    69 #     raise 
    70 #      
    71 # Rather than having to do: 
    72 #  
    73 # try: 
    74 #     wsgiClnt.connect(username, passphrase=p) 
    75 # except (ndg.security.server.sessionmanager.SessionNotFound, 
    76 #         ndg.security.common.sessionmanager.SessionNotFound), e: 
    77 #     #  do something 
    78 #     raise 
    7959SessionNotFound = (_SrvSessionNotFound, _ClntSessionNotFound) 
    8060 
     
    11696    a Session Manager instance in the same code stack available via an environ 
    11797    keyword 
     98     
     99    @type environKey: basestring 
     100    @cvar environKey: default WSGI environ keyword name for reference to a  
     101    local Session Manager instance.  Override with the environKey keyword to  
     102    __init__ 
     103     
     104    @type attributeAuthorityEnvironKey: basestring 
     105    @cvar attributeAuthorityEnvironKey: default WSGI environ keyword name for  
     106    reference to a local Attribute Authority instance used in calls to  
     107    getAttCert().  Override with the attributeAuthorityEnvironKey keyword to 
     108    __init__ 
    118109    """ 
    119110    environKey = "ndg.security.server.wsgi.sessionManagerFilter" 
    120  
     111    attributeAuthorityEnvironKey = WSGIAttributeAuthorityClient.environKey 
     112     
    121113    _refInEnviron = lambda self: self._environKey in self._environ 
    122114     
     
    130122 
    131123     
    132     def __init__(self, environKey=None, environ={}, **soapClientKw): 
     124    def __init__(self,  
     125                 environKey=None,  
     126                 attributeAuthorityEnvironKey=None, 
     127                 environ={},  
     128                 **soapClientKw): 
    133129  
    134130        log.debug("WSGISessionManagerClient.__init__ ...") 
    135131         
    136132        self._environKey = environKey or WSGISessionManagerClient.environKey 
    137          
     133        self._attributeAuthorityEnvironKey = attributeAuthorityEnvironKey or \ 
     134                        WSGISessionManagerClient.attributeAuthorityEnvironKey 
     135                         
    138136        # Standard WSGI environment dict 
    139137        self._environ = environ 
     
    171169            # Connect to local instance 
    172170            res = self.ref.connect(username=username, **kw) 
     171             
     172        elif self._soapClient is None:             
     173            raise WSGISessionManagerClientConfigError("No reference to a " 
     174                        "local Session Manager is set and no SOAP client " 
     175                        "to a remote service has been initialized") 
    173176        else: 
    174177            log.debug("Connecting to remote Session Manager service") 
     
    207210                 
    208211            self.ref.deleteUserSession(**kw) 
     212             
     213        elif self._soapClient is None:             
     214            raise WSGISessionManagerClientConfigError("No reference to a " 
     215                        "local Session Manager is set and no SOAP client " 
     216                        "to a remote service has been initialized") 
    209217        else: 
    210218            if 'userX509Cert' in kw: 
     
    226234        if self.refInEnviron: 
    227235            return self.ref.getSessionStatus(**kw) 
     236         
     237        elif self._soapClient is None:             
     238            raise WSGISessionManagerClientConfigError("No reference to a " 
     239                        "local Session Manager is set and no SOAP client " 
     240                        "to a remote service has been initialized") 
    228241        else: 
    229242            return self._soapClient.getSessionStatus(**kw) 
     
    249262               kw.get('attributeAuthority') is None: 
    250263                wsgiAttributeAuthorityClient = WSGIAttributeAuthorityClient( 
    251                                                         environ=self._environ) 
     264                                environ=self._environ, 
     265                                environKey=self._attributeAuthorityEnvironKey) 
    252266 
    253267                if wsgiAttributeAuthorityClient.refInEnviron: 
     
    259273                     
    260274            return self.ref.getAttCert(**kw) 
     275     
     276        elif self._soapClient is None:             
     277            raise WSGISessionManagerClientConfigError("No reference to a " 
     278                        "local Session Manager is set and no SOAP client " 
     279                        "to a remote service has been initialized") 
    261280        else: 
    262281            # Filter out keywords which apply to a Session Manager local  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4680 r4682  
    3131        """validation function""" 
    3232        try: 
    33             client = WSGISessionManagerClient(environ=environ) 
     33            client = WSGISessionManagerClient(environ=environ, 
     34                                        environKey=self.sessionManagerFilterID) 
    3435            res = client.connect(username, passphrase=password) 
    3536 
     
    6162    def __init__(self, app, globalConfig, **localConfig): 
    6263        self.app = app 
    63          
     64        self.sessionManagerFilterID = localConfig.get('sessionManagerFilterID') 
     65        self.attributeAuthorityFilterID = \ 
     66                                localConfig.get('attributeAuthorityFilterID') 
     67                                 
     68        CombinedServicesWSGI.httpBasicAuthentication.sessionManagerFilterID = \ 
     69            self.sessionManagerFilterID 
     70             
    6471    def __call__(self, environ, start_response): 
    6572         
     
    8592    @authorize(httpBasicAuthentication._userIn) 
    8693    def test_localSessionManagerGetSessionStatus(self, environ,start_response): 
    87         client = WSGISessionManagerClient(environ=environ) 
     94        client = WSGISessionManagerClient(environ=environ, 
     95                                        environKey=self.sessionManagerFilterID) 
    8896        stat=client.getSessionStatus(sessID=environ[client.environKey+'.user']) 
    8997        start_response('200 OK', [('Content-type', 'text/xml')]) 
     
    93101    @authorize(httpBasicAuthentication._userIn) 
    94102    def test_localSessionManagerDisconnect(self, environ, start_response): 
    95         client = WSGISessionManagerClient(environ=environ) 
     103        client = WSGISessionManagerClient(environ=environ, 
     104                                        environKey=self.sessionManagerFilterID) 
    96105        client.disconnect(sessID=environ[client.environKey+'.user']) 
    97106         
     
    103112    @authorize(httpBasicAuthentication._userIn) 
    104113    def test_localSessionManagerGetAttCert(self, environ, start_response): 
    105         client = WSGISessionManagerClient(environ=environ) 
     114        client = WSGISessionManagerClient(environ=environ, 
     115                environKey=self.sessionManagerFilterID, 
     116                attributeAuthorityEnvironKey=self.attributeAuthorityFilterID) 
     117 
    106118        attCert = client.getAttCert(sessID=environ[client.environKey+'.user']) 
    107119        start_response('200 OK', [('Content-type', 'text/xml')]) 
     
    109121 
    110122    def test_localAttributeAuthorityGetHostInfo(self, environ, start_response): 
    111         client = WSGIAttributeAuthorityClient(environ=environ) 
     123        client = WSGIAttributeAuthorityClient(environ=environ, 
     124                                    environKey=self.attributeAuthorityFilterID) 
    112125        hostInfo = client.getHostInfo() 
    113126        start_response('200 OK', [('Content-type', 'text/html')]) 
     
    118131                                                       environ,  
    119132                                                       start_response): 
    120         client = WSGIAttributeAuthorityClient(environ=environ) 
     133        client = WSGIAttributeAuthorityClient(environ=environ, 
     134                                    environKey=self.attributeAuthorityFilterID) 
    121135        role = environ.get('QUERY_STRING', '').split('=')[-1] or None 
    122136        hostInfo = client.getTrustedHostInfo(role=role) 
     
    128142                                                    environ,  
    129143                                                    start_response): 
    130         client = WSGIAttributeAuthorityClient(environ=environ) 
     144        client = WSGIAttributeAuthorityClient(environ=environ, 
     145                                    environKey=self.attributeAuthorityFilterID) 
    131146        hostInfo = client.getAllHostsInfo() 
    132147        start_response('200 OK', [('Content-type', 'text/html')]) 
     
    137152    def test_localAttributeAuthorityGetAttCert(self, environ, start_response): 
    138153         
    139         client = WSGIAttributeAuthorityClient(environ=environ) 
     154        client = WSGIAttributeAuthorityClient(environ=environ, 
     155                                    environKey=self.attributeAuthorityFilterID) 
    140156        username=CombinedServicesWSGI.httpBasicAuthentication._userIn.users[-1] 
    141157         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4672 r4682  
    3131 
    3232# All Attribute Certificates issued are recorded in this dir 
    33 attributeAuthority.attCertDir: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/attCertLog 
     33attributeAuthority.attCertDir: %(here)s/siteAAttributeAuthority/attCertLog 
    3434 
    3535# Files in attCertDir are stored using a rotating file handler 
     
    4141 
    4242# Location of role mapping file 
    43 attributeAuthority.mapConfigFile: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteAMapConfig.xml 
     43attributeAuthority.mapConfigFile: %(here)s/siteAAttributeAuthority/siteAMapConfig.xml 
    4444 
    4545# Settings for custom AAUserRoles derived class to get user roles for given  
    4646# user ID 
    47 attributeAuthority.userRolesModFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority 
     47attributeAuthority.userRolesModFilePath: %(here)s/siteAAttributeAuthority 
    4848attributeAuthority.userRolesModName: siteAUserRoles 
    4949attributeAuthority.userRolesClassName: TestUserRoles 
    5050 
    5151# Config for XML signature of Attribute Certificate 
    52 attributeAuthority.signingPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 
    53 attributeAuthority.signingCertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 
    54 attributeAuthority.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     52attributeAuthority.signingPriKeyFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.key 
     53attributeAuthority.signingCertFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.crt 
     54attributeAuthority.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    5555 
    5656#______________________________________________________________________________ 
     
    6262# 
    6363# CA certificates for Attribute Certificate signature validation 
    64 sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     64sessionManager.credentialWallet.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6565 
    6666# CA certificates for SSL connection peer cert. validation - required if 
    6767# connecting to an Attribute Authority over SSL 
    68 sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     68sessionManager.credentialWallet.sslCACertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6969 
    7070# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     
    9595# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    9696# values should be delimited by a space 
    97 sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     97sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    9898 
    9999# Signature of an outbound message 
     
    105105 
    106106# PEM encoded cert 
    107 sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/sm.crt 
     107sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(here)s/sessionmanager/sm.crt 
    108108 
    109109# ... or provide file path to PEM encoded private key file 
    110 sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/sm.key 
     110sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(here)s/sessionmanager/sm.key 
    111111 
    112112# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    134134# Specific settings for UserCertAuthN Session Manager authentication plugin 
    135135# This sets up PKI credentials for a single test account 
    136 sessionManager.authNService.userX509CertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/user.crt 
    137 sessionManager.authNService.userPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/user.key 
     136sessionManager.authNService.userX509CertFilePath: %(here)s/sessionmanager/user.crt 
     137sessionManager.authNService.userPriKeyFilePath: %(here)s/sessionmanager/user.key 
    138138sessionManager.authNService.userPriKeyPwd: testpassword 
    139139 
     
    196196paste.filter_app_factory =  
    197197        ndg.security.test.combinedservices.serverapp:filter_app_factory 
    198  
     198sessionManagerFilterID = filter:SessionManagerFilter 
     199attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
    199200 
    200201#______________________________________________________________________________ 
     
    217218# identified by this prefix: 
    218219AttributeAuthority.propPrefix = attributeAuthority 
    219 AttributeAuthority.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    220 AttributeAuthority.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     220AttributeAuthority.propFilePath = %(here)s/services.ini 
     221AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    221222 
    222223# Provide an identifier for this filter so that main WSGI app  
    223224# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
    224225# directly 
    225 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     226referencedFilters = filter:wsseSignatureVerificationFilter 
    226227 
    227228# Path from URL for Attribute Authority in this Paste deployment 
     
    231232enableWSDLQuery = True 
    232233charset = utf-8 
    233 filterID = ndg.security.server.wsgi.attributeAuthorityFilter 
     234filterID = %(__name__)s 
    234235 
    235236#______________________________________________________________________________ 
     
    252253# by this prefix: 
    253254SessionManager.propPrefix = sessionManager 
    254 SessionManager.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
     255SessionManager.propFilePath = %(here)s/services.ini 
    255256 
    256257# This filter references other filters - a local Attribute Authority (optional) 
    257258# and a WS-Security signature verification filter (required if using signature 
    258259# to authenticate user in requests 
    259 SessionManager.attributeAuthorityFilterID = ndg.security.server.wsgi.attributeAuthorityFilter 
    260 SessionManager.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     260SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
     261SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    261262 
    262263# The SessionManagerWS SOAP interface class needs to know about these other  
    263264# filters 
    264 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01  
    265                                         ndg.security.server.wsgi.attributeAuthorityFilter 
     265referencedFilters = filter:wsseSignatureVerificationFilter  
     266                                        filter:AttributeAuthorityFilter 
    266267 
    267268# Path from URL for Session Manager in this Paste deployment 
     
    274275# Provide an identifier for this filter so that main WSGI app  
    275276# CombinedServicesWSGI can call this Session Manager directly 
    276 filterID = ndg.security.server.wsgi.sessionManagerFilter 
     277filterID = %(__name__)s 
    277278 
    278279#______________________________________________________________________________ 
     
    280281[filter:wsseSignatureVerificationFilter] 
    281282paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    282 filterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     283filterID = %(__name__)s 
    283284 
    284285# Settings for WS-Security SignatureHandler class used by this filter 
     
    286287 
    287288# Verify against known CAs - Provide a space separated list of file paths 
    288 wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
    289 #wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt 
     289wssecurity.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    290290 
    291291#______________________________________________________________________________ 
     
    296296# Reference the verification filter in order to be able to apply signature 
    297297# confirmation 
    298 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
    299 wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     298referencedFilters = filter:wsseSignatureVerificationFilter 
     299wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    300300 
    301301# Last filter in chain of SOAP handlers writes the response 
     
    307307# Certificate associated with private key used to sign a message.  The sign  
    308308# method will add this to the BinarySecurityToken element of the WSSE header.   
    309 wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.crt 
     309wssecurity.signingCertFilePath=%(here)s/server.crt 
    310310 
    311311# PEM encoded private key file 
    312 wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.key 
     312wssecurity.signingPriKeyFilePath=%(here)s/server.key 
    313313 
    314314# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    399399# setting below is the default and can be omitted if it matches the filterID 
    400400# set for the Session Manager 
    401 #openid.provider.authN.environKey=ndg.security.server.wsgi.sessionManagerFilter 
     401#openid.provider.authN.environKey=filter:SessionManagerFilter 
    402402 
    403403# Database connection to enable check between username and OpenID identifier 
Note: See TracChangeset for help on using the changeset viewer.