Ignore:
Timestamp:
18/12/08 17:05:05 (11 years ago)
Author:
pjkersha
Message:
  • paster template - updated .ini_tmpl file adding $$ escapes for $ vars to be left in place
  • configfileparsers: added 'here' variable as default for INIPropertyFile class in the style of Paste Deploy ini file handling
  • WSGISessionManagerClient and WSGIAttributeAuthorityClient: more robust error handling and fixes for keying filter names from environ
  • Combined services tests: make use name substitution for section names
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4680 r4682  
    3131        """validation function""" 
    3232        try: 
    33             client = WSGISessionManagerClient(environ=environ) 
     33            client = WSGISessionManagerClient(environ=environ, 
     34                                        environKey=self.sessionManagerFilterID) 
    3435            res = client.connect(username, passphrase=password) 
    3536 
     
    6162    def __init__(self, app, globalConfig, **localConfig): 
    6263        self.app = app 
    63          
     64        self.sessionManagerFilterID = localConfig.get('sessionManagerFilterID') 
     65        self.attributeAuthorityFilterID = \ 
     66                                localConfig.get('attributeAuthorityFilterID') 
     67                                 
     68        CombinedServicesWSGI.httpBasicAuthentication.sessionManagerFilterID = \ 
     69            self.sessionManagerFilterID 
     70             
    6471    def __call__(self, environ, start_response): 
    6572         
     
    8592    @authorize(httpBasicAuthentication._userIn) 
    8693    def test_localSessionManagerGetSessionStatus(self, environ,start_response): 
    87         client = WSGISessionManagerClient(environ=environ) 
     94        client = WSGISessionManagerClient(environ=environ, 
     95                                        environKey=self.sessionManagerFilterID) 
    8896        stat=client.getSessionStatus(sessID=environ[client.environKey+'.user']) 
    8997        start_response('200 OK', [('Content-type', 'text/xml')]) 
     
    93101    @authorize(httpBasicAuthentication._userIn) 
    94102    def test_localSessionManagerDisconnect(self, environ, start_response): 
    95         client = WSGISessionManagerClient(environ=environ) 
     103        client = WSGISessionManagerClient(environ=environ, 
     104                                        environKey=self.sessionManagerFilterID) 
    96105        client.disconnect(sessID=environ[client.environKey+'.user']) 
    97106         
     
    103112    @authorize(httpBasicAuthentication._userIn) 
    104113    def test_localSessionManagerGetAttCert(self, environ, start_response): 
    105         client = WSGISessionManagerClient(environ=environ) 
     114        client = WSGISessionManagerClient(environ=environ, 
     115                environKey=self.sessionManagerFilterID, 
     116                attributeAuthorityEnvironKey=self.attributeAuthorityFilterID) 
     117 
    106118        attCert = client.getAttCert(sessID=environ[client.environKey+'.user']) 
    107119        start_response('200 OK', [('Content-type', 'text/xml')]) 
     
    109121 
    110122    def test_localAttributeAuthorityGetHostInfo(self, environ, start_response): 
    111         client = WSGIAttributeAuthorityClient(environ=environ) 
     123        client = WSGIAttributeAuthorityClient(environ=environ, 
     124                                    environKey=self.attributeAuthorityFilterID) 
    112125        hostInfo = client.getHostInfo() 
    113126        start_response('200 OK', [('Content-type', 'text/html')]) 
     
    118131                                                       environ,  
    119132                                                       start_response): 
    120         client = WSGIAttributeAuthorityClient(environ=environ) 
     133        client = WSGIAttributeAuthorityClient(environ=environ, 
     134                                    environKey=self.attributeAuthorityFilterID) 
    121135        role = environ.get('QUERY_STRING', '').split('=')[-1] or None 
    122136        hostInfo = client.getTrustedHostInfo(role=role) 
     
    128142                                                    environ,  
    129143                                                    start_response): 
    130         client = WSGIAttributeAuthorityClient(environ=environ) 
     144        client = WSGIAttributeAuthorityClient(environ=environ, 
     145                                    environKey=self.attributeAuthorityFilterID) 
    131146        hostInfo = client.getAllHostsInfo() 
    132147        start_response('200 OK', [('Content-type', 'text/html')]) 
     
    137152    def test_localAttributeAuthorityGetAttCert(self, environ, start_response): 
    138153         
    139         client = WSGIAttributeAuthorityClient(environ=environ) 
     154        client = WSGIAttributeAuthorityClient(environ=environ, 
     155                                    environKey=self.attributeAuthorityFilterID) 
    140156        username=CombinedServicesWSGI.httpBasicAuthentication._userIn.users[-1] 
    141157         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4672 r4682  
    3131 
    3232# All Attribute Certificates issued are recorded in this dir 
    33 attributeAuthority.attCertDir: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/attCertLog 
     33attributeAuthority.attCertDir: %(here)s/siteAAttributeAuthority/attCertLog 
    3434 
    3535# Files in attCertDir are stored using a rotating file handler 
     
    4141 
    4242# Location of role mapping file 
    43 attributeAuthority.mapConfigFile: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteAMapConfig.xml 
     43attributeAuthority.mapConfigFile: %(here)s/siteAAttributeAuthority/siteAMapConfig.xml 
    4444 
    4545# Settings for custom AAUserRoles derived class to get user roles for given  
    4646# user ID 
    47 attributeAuthority.userRolesModFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority 
     47attributeAuthority.userRolesModFilePath: %(here)s/siteAAttributeAuthority 
    4848attributeAuthority.userRolesModName: siteAUserRoles 
    4949attributeAuthority.userRolesClassName: TestUserRoles 
    5050 
    5151# Config for XML signature of Attribute Certificate 
    52 attributeAuthority.signingPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 
    53 attributeAuthority.signingCertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 
    54 attributeAuthority.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     52attributeAuthority.signingPriKeyFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.key 
     53attributeAuthority.signingCertFilePath: %(here)s/siteAAttributeAuthority/siteA-aa.crt 
     54attributeAuthority.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    5555 
    5656#______________________________________________________________________________ 
     
    6262# 
    6363# CA certificates for Attribute Certificate signature validation 
    64 sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     64sessionManager.credentialWallet.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6565 
    6666# CA certificates for SSL connection peer cert. validation - required if 
    6767# connecting to an Attribute Authority over SSL 
    68 sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     68sessionManager.credentialWallet.sslCACertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    6969 
    7070# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     
    9595# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    9696# values should be delimited by a space 
    97 sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     97sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(here)s/ca/ndg-test-ca.crt 
    9898 
    9999# Signature of an outbound message 
     
    105105 
    106106# PEM encoded cert 
    107 sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/sm.crt 
     107sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(here)s/sessionmanager/sm.crt 
    108108 
    109109# ... or provide file path to PEM encoded private key file 
    110 sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/sm.key 
     110sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(here)s/sessionmanager/sm.key 
    111111 
    112112# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    134134# Specific settings for UserCertAuthN Session Manager authentication plugin 
    135135# This sets up PKI credentials for a single test account 
    136 sessionManager.authNService.userX509CertFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/user.crt 
    137 sessionManager.authNService.userPriKeyFilePath: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/sessionmanager/user.key 
     136sessionManager.authNService.userX509CertFilePath: %(here)s/sessionmanager/user.crt 
     137sessionManager.authNService.userPriKeyFilePath: %(here)s/sessionmanager/user.key 
    138138sessionManager.authNService.userPriKeyPwd: testpassword 
    139139 
     
    196196paste.filter_app_factory =  
    197197        ndg.security.test.combinedservices.serverapp:filter_app_factory 
    198  
     198sessionManagerFilterID = filter:SessionManagerFilter 
     199attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
    199200 
    200201#______________________________________________________________________________ 
     
    217218# identified by this prefix: 
    218219AttributeAuthority.propPrefix = attributeAuthority 
    219 AttributeAuthority.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    220 AttributeAuthority.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     220AttributeAuthority.propFilePath = %(here)s/services.ini 
     221AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    221222 
    222223# Provide an identifier for this filter so that main WSGI app  
    223224# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
    224225# directly 
    225 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     226referencedFilters = filter:wsseSignatureVerificationFilter 
    226227 
    227228# Path from URL for Attribute Authority in this Paste deployment 
     
    231232enableWSDLQuery = True 
    232233charset = utf-8 
    233 filterID = ndg.security.server.wsgi.attributeAuthorityFilter 
     234filterID = %(__name__)s 
    234235 
    235236#______________________________________________________________________________ 
     
    252253# by this prefix: 
    253254SessionManager.propPrefix = sessionManager 
    254 SessionManager.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
     255SessionManager.propFilePath = %(here)s/services.ini 
    255256 
    256257# This filter references other filters - a local Attribute Authority (optional) 
    257258# and a WS-Security signature verification filter (required if using signature 
    258259# to authenticate user in requests 
    259 SessionManager.attributeAuthorityFilterID = ndg.security.server.wsgi.attributeAuthorityFilter 
    260 SessionManager.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     260SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
     261SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    261262 
    262263# The SessionManagerWS SOAP interface class needs to know about these other  
    263264# filters 
    264 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01  
    265                                         ndg.security.server.wsgi.attributeAuthorityFilter 
     265referencedFilters = filter:wsseSignatureVerificationFilter  
     266                                        filter:AttributeAuthorityFilter 
    266267 
    267268# Path from URL for Session Manager in this Paste deployment 
     
    274275# Provide an identifier for this filter so that main WSGI app  
    275276# CombinedServicesWSGI can call this Session Manager directly 
    276 filterID = ndg.security.server.wsgi.sessionManagerFilter 
     277filterID = %(__name__)s 
    277278 
    278279#______________________________________________________________________________ 
     
    280281[filter:wsseSignatureVerificationFilter] 
    281282paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    282 filterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     283filterID = %(__name__)s 
    283284 
    284285# Settings for WS-Security SignatureHandler class used by this filter 
     
    286287 
    287288# Verify against known CAs - Provide a space separated list of file paths 
    288 wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
    289 #wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt 
     289wssecurity.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    290290 
    291291#______________________________________________________________________________ 
     
    296296# Reference the verification filter in order to be able to apply signature 
    297297# confirmation 
    298 referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
    299 wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     298referencedFilters = filter:wsseSignatureVerificationFilter 
     299wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    300300 
    301301# Last filter in chain of SOAP handlers writes the response 
     
    307307# Certificate associated with private key used to sign a message.  The sign  
    308308# method will add this to the BinarySecurityToken element of the WSSE header.   
    309 wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.crt 
     309wssecurity.signingCertFilePath=%(here)s/server.crt 
    310310 
    311311# PEM encoded private key file 
    312 wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/server.key 
     312wssecurity.signingPriKeyFilePath=%(here)s/server.key 
    313313 
    314314# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    399399# setting below is the default and can be omitted if it matches the filterID 
    400400# set for the Session Manager 
    401 #openid.provider.authN.environKey=ndg.security.server.wsgi.sessionManagerFilter 
     401#openid.provider.authN.environKey=filter:SessionManagerFilter 
    402402 
    403403# Database connection to enable check between username and OpenID identifier 
Note: See TracChangeset for help on using the changeset viewer.