Changeset 4692


Ignore:
Timestamp:
19/12/08 16:39:57 (11 years ago)
Author:
pjkersha
Message:

Refactoring of SSO service to enable use of local AA and SM instances via keys to environ.

Location:
TI12-security/trunk/python
Files:
9 added
28 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/etreewss/client/clnt.crt

    r4024 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 243 (0xf3) 
     4        Serial Number: 259 (0x103) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 11:42:41 2007 GMT 
    9             Not After : Dec 17 11:42:41 2008 GMT 
     8            Not Before: Dec 16 15:19:45 2008 GMT 
     9            Not After : Dec 15 15:19:45 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8: 
    39         eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28: 
    40         73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a: 
    41         16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58: 
    42         28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9: 
    43         c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba: 
    44         4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48: 
    45         6d:78 
     38        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 
     39        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 
     40        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 
     41        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 
     42        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 
     43        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 
     44        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 
     45        9e:5f 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0 
    49 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 
     49NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U 
     
    5555mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 
    5656SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB 
    58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 
    59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 
    60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 
     58Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 
     59LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 
     60ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/Tests/etreewss/server/server.crt

    r4024 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 244 (0xf4) 
     4        Serial Number: 260 (0x104) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 13:58:09 2007 GMT 
    9             Not After : Dec 17 13:58:09 2008 GMT 
     8            Not Before: Dec 16 15:20:55 2008 GMT 
     9            Not After : Dec 15 15:20:55 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=server 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         2b:b0:f6:d3:32:a7:61:d9:1e:07:39:8a:39:c9:7a:b4:dc:44: 
    39         c3:50:ba:2b:67:f6:12:8a:c0:49:91:bd:f2:fb:3f:3f:a2:0e: 
    40         21:5d:63:b6:73:90:2a:11:70:6b:d9:56:ce:29:b0:25:bb:13: 
    41         2f:8a:9e:55:af:a0:7c:9e:73:96:81:17:09:1a:d0:30:f8:1c: 
    42         34:34:ed:e3:7d:09:72:12:c7:37:37:8f:90:aa:79:55:6a:3a: 
    43         28:2f:98:de:d0:06:42:3e:a2:5a:d2:f4:6f:5f:29:00:3d:b2: 
    44         df:37:e7:17:f7:8a:a6:aa:82:e8:f9:21:47:84:9c:39:37:54: 
    45         6d:16 
     38        95:eb:24:bb:4e:4d:38:b8:0e:8d:0e:fa:27:61:0b:91:f7:9e: 
     39        a3:a7:a4:e0:d8:ba:57:3a:ee:df:54:50:80:26:19:f5:66:d7: 
     40        6c:83:64:eb:b3:1a:3b:dc:7a:08:49:db:3f:a1:9a:bf:03:08: 
     41        7f:b2:8c:28:eb:cf:79:d9:a3:f0:a4:7c:65:40:c5:fe:34:88: 
     42        7f:88:47:e2:4b:38:f4:d6:c6:91:69:9c:68:ca:ed:03:fc:fb: 
     43        83:c8:07:be:3c:33:be:24:87:aa:68:7f:38:18:e3:fc:97:ef: 
     44        8f:e4:6e:39:f8:3d:e2:97:91:4a:86:e8:39:52:01:b3:31:54: 
     45        d9:5d 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODEzNTgw 
    49 OVoXDTA4MTIxNzEzNTgwOVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MjA1 
     49NVoXDTEzMTIxNTE1MjA1NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZzZXJ2ZXIw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKh5yGjF6lxe3OL/g1lZdq 
     
    5555FbpcpjemyU85R6h7K8Q7Wmoa841np+KRdMSnhQ6VX9PcgfcNdNEzsV+zxb7kblYq 
    5656JXUEDFWmNcJmdoWPUXwLtvdA3wwy15k+cvLVw3X4BmyTXrrK76uOjcroePMIJpHr 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAr 
    58 sPbTMqdh2R4HOYo5yXq03ETDULorZ/YSisBJkb3y+z8/og4hXWO2c5AqEXBr2VbO 
    59 KbAluxMvip5Vr6B8nnOWgRcJGtAw+Bw0NO3jfQlyEsc3N4+QqnlVajooL5je0AZC 
    60 PqJa0vRvXykAPbLfN+cX94qmqoLo+SFHhJw5N1RtFg== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQCV 
     586yS7Tk04uA6NDvonYQuR956jp6Tg2LpXOu7fVFCAJhn1Ztdsg2Trsxo73HoISds/ 
     59oZq/Awh/sowo68952aPwpHxlQMX+NIh/iEfiSzj01saRaZxoyu0D/PuDyAe+PDO+ 
     60JIeqaH84GOP8l++P5G45+D3il5FKhug5UgGzMVTZXQ== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.client/ndg/security/client/ndgSessionClient.py

    r4680 r4692  
    123123    parser.add_option("-r",  
    124124                      "--req-attr",  
    125                       dest="attAuthorityURI",  
     125                      dest="attributeAuthorityURI",  
    126126                      help=\ 
    127127"""Get a Session Manager to request authorisation from an Attribute Authority  
     
    358358            # Don't exit here - req-autho may have been set too 
    359359             
    360         if options.attAuthorityURI: 
     360        if options.attributeAuthorityURI: 
    361361            methodCall = True 
    362362 
     
    368368            authResp = sessClnt.reqAuthorisation(\ 
    369369                            sessCookie=options.sessCookie, 
    370                             aaWSDL=options.attAuthorityURI, 
     370                            aaWSDL=options.attributeAuthorityURI, 
    371371                            aaCert=options.aaCert, 
    372372                            mapFromTrustedHosts=options.mapFromTrustedHosts, 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/browse.py

    r4680 r4692  
    406406        try: 
    407407            # Make request for attribute certificate 
    408             attCert = self.smClnt.getAttCert(attAuthorityURI=aaURI, 
     408            attCert = self.smClnt.getAttCert(attributeAuthorityURI=aaURI, 
    409409                                             sessID=self.userSessID, 
    410410                                             reqRole=role) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/proftp.py

    r4680 r4692  
    303303        try: 
    304304            # Make request for attribute certificate 
    305             attCert = self.smClnt.getAttCert(attAuthorityURI=self.aaURI, 
     305            attCert = self.smClnt.getAttCert(attributeAuthorityURI=self.aaURI, 
    306306                                             sessID=self.userSessID) 
    307307            return attCert 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

    r4680 r4692  
    454454                   userX509Cert=None, 
    455455                   sessID=None, 
    456                    attAuthorityURI=None, 
     456                   attributeAuthorityURI=None, 
    457457                   reqRole=None, 
    458458                   mapFromTrustedHosts=True, 
     
    483483        userX509Cert in the case of a browser client. 
    484484         
    485         @type attAuthorityURI: string 
    486         @param attAuthorityURI: URI for Attribute Authority WS. 
     485        @type attributeAuthorityURI: string 
     486        @param attributeAuthorityURI: URI for Attribute Authority WS. 
    487487         
    488488        @type reqRole: string 
     
    520520            attCert, msg, extAttCertList = self.__srv.getAttCert(userX509Cert, 
    521521                                                           sessID,  
    522                                                            attAuthorityURI, 
     522                                                           attributeAuthorityURI, 
    523523                                                           reqRole, 
    524524                                                           mapFromTrustedHosts, 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

    r4521 r4692  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fc98c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c746c> 
    3232    def getAttCert(self, userId,userX509Cert,userAttCert): 
    3333 
     
    4646        return attCert,msg 
    4747 
    48     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fccac> 
     48    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c778c> 
    4949    def getHostInfo(self): 
    5050 
     
    6464        return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN 
    6565 
    66     # op: <ZSI.wstools.WSDLTools.Message instance at 0x85037ec> 
     66    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cf2cc> 
    6767    def getTrustedHostInfo(self, role): 
    6868 
     
    7878        return trustedHosts 
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0x850396c> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cf44c> 
    8181    def getAllHostsInfo(self): 
    8282 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py

    r4513 r4692  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fad6c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c784c> 
    3232    def getSessionStatus(self, userDN,sessID): 
    3333 
     
    4444        return isAlive 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0x850208c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c7b4c> 
    4747    def connect(self, username,passphrase,createServerSess): 
    4848 
     
    6363        return userX509Cert,userPriKey,issuingCert,sessID 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502c0c> 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd6ec> 
    6666    def disconnect(self, userX509Cert,sessID): 
    6767 
     
    7777        return  
    7878 
    79     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502dac> 
    80     def getAttCert(self, userX509Cert,sessID,attAuthorityURI,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
     79    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd88c> 
     80    def getAttCert(self, userX509Cert,sessID,attributeAuthorityURI,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8181 
    8282        request = getAttCertInputMsg() 
    8383        request._userX509Cert = userX509Cert 
    8484        request._sessID = sessID 
    85         request._attAuthorityURI = attAuthorityURI 
     85        request._attributeAuthorityURI = attributeAuthorityURI 
    8686        request._reqRole = reqRole 
    8787        request._mapFromTrustedHosts = mapFromTrustedHosts 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py

    r4480 r4692  
    149149        def __init__(self, **kw): 
    150150            ns = ns0.getAttCert_Dec.schema 
    151             TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     151            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attributeAuthorityURI", aname="_attributeAuthorityURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    152152            kw["pname"] = ("urn:ndg:security:SessionManager","getAttCert") 
    153153            kw["aname"] = "_getAttCert" 
     
    161161                    self._userX509Cert = None 
    162162                    self._sessID = None 
    163                     self._attAuthorityURI = None 
     163                    self._attributeAuthorityURI = None 
    164164                    self._reqRole = None 
    165165                    self._mapFromTrustedHosts = None 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl

    r4480 r4692  
    6868                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    6969                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    70                     <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     70                    <xsd:element name="attributeAuthorityURI" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    7171                    <xsd:element name="reqRole" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    7272                    <xsd:element name="mapFromTrustedHosts" type="xsd:boolean" minOccurs="1" maxOccurs="1"/> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl

    r4688 r4692  
    2020# Attribute Authority settings 
    2121# 'name' setting MUST agree with map config file 'thisHost' name attribute 
    22 attributeAuthority.name: Site A 
     22attributeAuthority.name: ${attributeAuthorityID} 
    2323 
    2424# Lifetime is measured in seconds 
     
    4141 
    4242# Location of role mapping file 
    43 attributeAuthority.mapConfigFile: %(here)s/attributeauthority/siteAMapConfig.xml 
     43attributeAuthority.mapConfigFile: %(here)s/attributeauthority/mapConfig.xml 
    4444 
    4545# Settings for custom AAUserRoles derived class to get user roles for given  
     
    141141use = egg:Paste#http 
    142142host = 0.0.0.0 
    143 port = 5000 
     143port = 8000 
    144144 
    145145[app:mainApp] 
     
    160160set debug = false 
    161161 
    162 configfile = %(here)s/singleSignOnService/sso.cfg 
    163 #configfile = /home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso.cfg 
     162configfile = %(here)s/sso/sso.cfg 
    164163 
    165164# AuthKit Set-up 
     
    301300# Certificate associated with private key used to sign a message.  The sign  
    302301# method will add this to the BinarySecurityToken element of the WSSE header.   
    303 wssecurity.signingCertFilePath=%(here)s/server.crt 
     302wssecurity.signingCertFilePath=%(here)s/wssecurity/server.crt 
    304303 
    305304# PEM encoded private key file 
    306 wssecurity.signingPriKeyFilePath=%(here)s/server.key 
     305wssecurity.signingPriKeyFilePath=%(here)s/wssecurity/server.key 
    307306 
    308307# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/template.py

    r4688 r4692  
    22 
    33from paste.script.templates import Template, var, _skip_variables 
     4import os 
    45import socket 
    56_hostTuple = socket.gethostbyaddr(socket.gethostname()) 
     
    2223    summary = 'NERC DataGrid Security services deployment template' 
    2324    vars = vars 
    24      
     25 
     26    def write_files(self, command, output_dir, vars): 
     27        '''Extend to enable substitutions for Single Sign On Service config 
     28        file''' 
     29        if output_dir.startswith('./'): 
     30            outDir = output_dir.lstrip('./') 
     31        else: 
     32            outDir = output_dir 
     33             
     34        vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso') 
     35        super(DefaultDeploymentTemplate, self).write_files(command,  
     36                                                           output_dir,  
     37                                                           vars) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/certs/clnt.crt

    r3652 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 243 (0xf3) 
     4        Serial Number: 259 (0x103) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 11:42:41 2007 GMT 
    9             Not After : Dec 17 11:42:41 2008 GMT 
     8            Not Before: Dec 16 15:19:45 2008 GMT 
     9            Not After : Dec 15 15:19:45 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8: 
    39         eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28: 
    40         73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a: 
    41         16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58: 
    42         28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9: 
    43         c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba: 
    44         4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48: 
    45         6d:78 
     38        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 
     39        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 
     40        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 
     41        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 
     42        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 
     43        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 
     44        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 
     45        9e:5f 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0 
    49 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 
     49NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U 
     
    5555mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 
    5656SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB 
    58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 
    59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 
    60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 
     58Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 
     59LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 
     60ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg

    r4584 r4692  
    1818#sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager 
    1919sessionMgrURI: http://localhost:8000/SessionManager 
    20 attAuthorityURI: http://localhost:8000/AttributeAuthority 
     20attributeAuthorityURI: http://localhost:8000/AttributeAuthority 
    2121 
    2222# WS-Security signature handler - set a config file with 'wssCfgFilePath' 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

    r4587 r4692  
    116116            self.smURI = None 
    117117             
    118         if self.cfg.has_option(defSection, 'attAuthorityURI'):         
    119             self.aaURI = self.cfg.get(defSection, 'attAuthorityURI') 
     118        if self.cfg.has_option(defSection, 'sessionManagerEnvironKey'):         
     119            self.smEnvironKey = self.cfg.get(defSection,  
     120                                             'sessionManagerEnvironKey') 
     121        else: 
     122            self.smEnvironKey = None 
     123             
     124        if self.cfg.has_option(defSection, 'attributeAuthorityURI'):         
     125            self.aaURI = self.cfg.get(defSection, 'attributeAuthorityURI') 
    120126        else: 
    121127            self.aaURI = None 
     128             
     129        if self.cfg.has_option(defSection, 'attributeAuthorityEnvironKey'):         
     130            self.aaEnvironKey = self.cfg.get(defSection,  
     131                                             'attributeAuthorityEnvironKey') 
     132        else: 
     133            self.aaEnvironKey = None 
    122134         
    123135        # ... for SSL connections to security web services 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py

    r4680 r4692  
    5656                        environ=request.environ, 
    5757                        uri=session['ndgSec']['h'], 
     58                        environKey=self.cfg.smEnvironKey, 
     59                        attributeAuthorityEnvironKey=self.cfg.aaEnvironKey, 
    5860                        tracefile=self.cfg.tracefile, 
    5961                        httpProxyHost=self.cfg.httpProxyHost, 
     
    109111        try:     
    110112            smClnt = WSGISessionManagerClient( 
    111                                      environ=request.environ, 
    112                                      uri=self.cfg.smURI, 
    113                                      tracefile=self.cfg.tracefile, 
    114                                      httpProxyHost=self.cfg.httpProxyHost, 
    115                                      noHttpProxyList=self.cfg.noHttpProxyList, 
    116                                      **self.cfg.wss) 
     113                        environ=request.environ, 
     114                        uri=self.cfg.smURI, 
     115                        environKey=self.cfg.smEnvironKey, 
     116                        attributeAuthorityEnvironKey=self.cfg.aaEnvironKey, 
     117                        tracefile=self.cfg.tracefile, 
     118                        httpProxyHost=self.cfg.httpProxyHost, 
     119                        noHttpProxyList=self.cfg.noHttpProxyList, 
     120                        **self.cfg.wss) 
    117121                                 
    118122            username = request.params['username'] 
     
    221225                                    environ=request.environ, 
    222226                                    uri=self.cfg.aaURI, 
     227                                    environKey=self.cfg.aaEnvironKey, 
    223228                                    tracefile=self.cfg.tracefile, 
    224229                                    httpProxyHost=self.cfg.httpProxyHost, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py

    r4587 r4692  
    127127                                        environ=pylons.request.environ, 
    128128                                        uri=cfg.aaURI, 
     129                                        environKey=self.cfg.aaEnvironKey, 
    129130                                        tracefile=cfg.tracefile, 
    130131                                        httpProxyHost=cfg.httpProxyHost, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

    r4680 r4692  
    421421                    else: 
    422422                        opt[filtOptName] = optVal 
    423                 else: 
    424                     # Options not starting with prefix are ignored 
    425                     log.debug("Skipping option \"%s\": it doesn't start with " 
    426                               "the prefix \"%s\"", optName, prefix) 
     423#                else: 
     424                    # Options not starting with prefix are ignored - omit debug 
     425                    # it's too verbose even for debug setting :) 
     426#                    log.debug("Skipping option \"%s\": it doesn't start with " 
     427#                              "the prefix \"%s\"", optName, prefix) 
    427428            else: 
    428429                filtOptName = '_'.join(optName.split('.')) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py

    r4480 r4692  
    7272                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
    7373                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
    74                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attAuthorityURI\" type=\"xsd:string\"/> 
     74                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attributeAuthorityURI\" type=\"xsd:string\"/> 
    7575                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"reqRole\" type=\"xsd:string\"/> 
    7676                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"mapFromTrustedHosts\" type=\"xsd:boolean\"/> 
     
    269269    def soap_getAttCert(self, ps): 
    270270        self.request = ps.Parse(getAttCertInputMsg.typecode) 
    271         parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
     271        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attributeAuthorityURI, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
    272272 
    273273        # If we have an implementation object use it 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

    r4680 r4692  
    190190        # If no Attribute Authority URI is set pick up local Attribute  
    191191        # instance Authority 
    192         if request.AttAuthorityURI is None: 
     192        if request.AttributeAuthorityURI is None: 
    193193            attributeAuthorityFilter = \ 
    194194                self.referencedWSGIFilters.get(self.attributeAuthorityFilterID) 
    195195                 
    196196            try: 
    197                 attributeAuthority = \ 
    198                     attributeAuthorityFilter.serviceSOAPBinding.aa 
     197                attributeAuthority= \ 
     198                                attributeAuthorityFilter.serviceSOAPBinding.aa 
    199199            except AttributeError, e: 
    200200                raise SessionManagerWSConfigError("No Attribute Authority URI " 
     
    210210                            userX509Cert=userX509Cert or request.UserX509Cert, 
    211211                            sessID=request.SessID, 
    212                             attributeAuthorityURI=request.AttAuthorityURI, 
     212                            attributeAuthorityURI=request.AttributeAuthorityURI, 
    213213                            attributeAuthority=attributeAuthority, 
    214214                            reqRole=request.ReqRole, 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/clnt.crt

    r4035 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 243 (0xf3) 
     4        Serial Number: 259 (0x103) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 11:42:41 2007 GMT 
    9             Not After : Dec 17 11:42:41 2008 GMT 
     8            Not Before: Dec 16 15:19:45 2008 GMT 
     9            Not After : Dec 15 15:19:45 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8: 
    39         eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28: 
    40         73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a: 
    41         16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58: 
    42         28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9: 
    43         c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba: 
    44         4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48: 
    45         6d:78 
     38        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 
     39        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 
     40        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 
     41        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 
     42        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 
     43        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 
     44        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 
     45        9e:5f 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0 
    49 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 
     49NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U 
     
    5555mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 
    5656SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB 
    58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 
    59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 
    60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 
     58Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 
     59LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 
     60ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/certs/clnt.crt

    r4587 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 243 (0xf3) 
     4        Serial Number: 259 (0x103) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 11:42:41 2007 GMT 
    9             Not After : Dec 17 11:42:41 2008 GMT 
     8            Not Before: Dec 16 15:19:45 2008 GMT 
     9            Not After : Dec 15 15:19:45 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8: 
    39         eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28: 
    40         73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a: 
    41         16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58: 
    42         28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9: 
    43         c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba: 
    44         4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48: 
    45         6d:78 
     38        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 
     39        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 
     40        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 
     41        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 
     42        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 
     43        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 
     44        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 
     45        9e:5f 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0 
    49 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 
     49NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U 
     
    5555mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 
    5656SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB 
    58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 
    59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 
    60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 
     58Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 
     59LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 
     60ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg

    r4587 r4692  
    1616 
    1717# Service addresses 
    18 #sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager 
    1918sessionMgrURI: http://localhost:8000/SessionManager 
    2019 
    2120# If the Attribute Authority URI is commented out the service will try to  
    2221# connect to an Attribute Authority instance in the local WSG stack 
    23 #attAuthorityURI: http://localhost:8000/AttributeAuthority 
     22#attributeAuthorityURI: http://localhost:8000/AttributeAuthority 
    2423 
    2524# WS-Security signature handler - set a config file with 'wssCfgFilePath' 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

    r4680 r4692  
    1010# $Id:$ 
    1111[setUp] 
     12logLevel = ERROR 
    1213uri = http://localhost:8000/SessionManager 
    1314# alternate port for testing with tcpmon 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

    r4680 r4692  
    1616__revision__ = '$Id: test_sessionmanagerclient.py 4437 2008-11-18 12:34:25Z pjkersha $' 
    1717import logging 
    18 logging.basicConfig(level=logging.DEBUG) 
     18 
    1919 
    2020import unittest 
     
    106106        except KeyError: 
    107107            sslCACertList = [] 
    108              
     108         
     109        # Set logging 
     110        try: 
     111            logLevel = getattr(logging, self.cfg['setUp']['logLevel']) 
     112        except AttributeError: 
     113            raise AttributeError("logLevel=%s not recognised, try one of: " 
     114                                 "CRITICAL, ERROR, WARNING, INFO, DEBUG or " 
     115                                 "NOTSET" % self.cfg['setUp']['logLevel']) 
     116             
     117        logging.basicConfig(level=logLevel) 
     118         
    109119        # Instantiate WS proxy 
    110120        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'], 
     
    236246         
    237247        attCert = self.clnt.getAttCert(sessID=self.sessID,  
    238                                        attAuthorityURI=thisSection['aaURI']) 
     248                                       attributeAuthorityURI=thisSection['aaURI']) 
    239249         
    240250        print "Attribute Certificate:\n%s" % attCert  
     
    269279         
    270280        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
    271         attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
     281        attCert = self.clnt.getAttCert(attributeAuthorityURI=aaURI) 
    272282           
    273283        print("Attribute Certificate:\n%s" % attCert)   
     
    400410 
    401411 
    402 class CombinedServicesTestSuite(unittest.TestSuite): 
    403      
    404     def __init__(self): 
    405         map = map(CombinedServicesTestCase, 
    406             ( 
    407             "test01Connect", 
    408             "test02GetSessionStatus", 
    409             "test03ConnectNoCreateServerSess", 
    410             "test04DisconnectWithSessID", 
    411             "test05DisconnectWithUserX509Cert", 
    412             "test06GetAttCertWithSessID", 
    413             "test07GetAttCertWithUserX509Cert", 
    414             "test08GetAttCertFromLocalAttributeAuthority", 
    415             "test09WSGILocalSessionManagerInstanceConnect", 
    416             "test10WSGILocalSessionManagerInstanceGetSessionStatus", 
    417             "test11WSGILocalSessionManagerInstanceDisconnect", 
    418             "test12WSGILocalSessionManagerInstanceGetAttCert", 
    419             "test13WSGILocalAttributeAuthorityInstanceGetHostInfo", 
    420             "test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo", 
    421             "test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo" 
    422             )) 
    423         unittest.TestSuite.__init__(self, map) 
    424              
    425                                                      
    426412if __name__ == "__main__": 
    427413    unittest.main()         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

    r4680 r4692  
    220220         
    221221        attCert = self.clnt.getAttCert(sessID=self.sessID,  
    222                                        attAuthorityURI=thisSection['aaURI']) 
     222                                       attributeAuthorityURI=thisSection['aaURI']) 
    223223         
    224224        print "Attribute Certificate:\n%s" % attCert  
     
    239239        try: 
    240240            attCert = self.clnt.getAttCert(sessID=self.sessID,  
    241                                            attAuthorityURI=aaURI, 
     241                                           attributeAuthorityURI=aaURI, 
    242242                                           mapFromTrustedHosts=False) 
    243243        except AttributeRequestDenied, e: 
     
    257257        aaURI = self.cfg['test08GetMappedAttCertWithSessID']['aaURI'] 
    258258         
    259         attCert=self.clnt.getAttCert(sessID=self.sessID, attAuthorityURI=aaURI) 
     259        attCert=self.clnt.getAttCert(sessID=self.sessID, attributeAuthorityURI=aaURI) 
    260260         
    261261        print "Attribute Certificate:\n%s" % attCert   
     
    277277         
    278278        attCert = self.clnt.getAttCert(sessID=self.sessID,  
    279                                        attAuthorityURI=aaURI, 
     279                                       attributeAuthorityURI=aaURI, 
    280280                                       extAttCertList=[extAttCert]) 
    281281           
     
    309309         
    310310        aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI'] 
    311         attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
     311        attCert = self.clnt.getAttCert(attributeAuthorityURI=aaURI) 
    312312           
    313313        print("Attribute Certificate:\n%s" % attCert)   
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/client/clnt.crt

    r3676 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 243 (0xf3) 
     4        Serial Number: 259 (0x103) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 11:42:41 2007 GMT 
    9             Not After : Dec 17 11:42:41 2008 GMT 
     8            Not Before: Dec 16 15:19:45 2008 GMT 
     9            Not After : Dec 15 15:19:45 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8: 
    39         eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28: 
    40         73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a: 
    41         16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58: 
    42         28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9: 
    43         c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba: 
    44         4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48: 
    45         6d:78 
     38        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d: 
     39        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf: 
     40        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18: 
     41        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3: 
     42        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f: 
     43        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2: 
     44        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8: 
     45        9e:5f 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0 
    49 MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0 
     49NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U 
     
    5555mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE 
    5656SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB 
    58 KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1 
    59 90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme 
    60 PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj 
     58Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L 
     59LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY 
     60ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw== 
    6161-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/server/server.crt

    r4238 r4692  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 244 (0xf4) 
     4        Serial Number: 260 (0x104) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 18 13:58:09 2007 GMT 
    9             Not After : Dec 17 13:58:09 2008 GMT 
     8            Not Before: Dec 16 15:20:55 2008 GMT 
     9            Not After : Dec 15 15:20:55 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=server 
    1111        Subject Public Key Info: 
     
    3333                Exponent: 65537 (0x10001) 
    3434        X509v3 extensions: 
    35             Netscape Cert Type: 
     35            Netscape Cert Type:  
    3636                SSL Client, SSL Server, S/MIME, Object Signing 
    3737    Signature Algorithm: md5WithRSAEncryption 
    38         2b:b0:f6:d3:32:a7:61:d9:1e:07:39:8a:39:c9:7a:b4:dc:44: 
    39         c3:50:ba:2b:67:f6:12:8a:c0:49:91:bd:f2:fb:3f:3f:a2:0e: 
    40         21:5d:63:b6:73:90:2a:11:70:6b:d9:56:ce:29:b0:25:bb:13: 
    41         2f:8a:9e:55:af:a0:7c:9e:73:96:81:17:09:1a:d0:30:f8:1c: 
    42         34:34:ed:e3:7d:09:72:12:c7:37:37:8f:90:aa:79:55:6a:3a: 
    43         28:2f:98:de:d0:06:42:3e:a2:5a:d2:f4:6f:5f:29:00:3d:b2: 
    44         df:37:e7:17:f7:8a:a6:aa:82:e8:f9:21:47:84:9c:39:37:54: 
    45         6d:16 
     38        95:eb:24:bb:4e:4d:38:b8:0e:8d:0e:fa:27:61:0b:91:f7:9e: 
     39        a3:a7:a4:e0:d8:ba:57:3a:ee:df:54:50:80:26:19:f5:66:d7: 
     40        6c:83:64:eb:b3:1a:3b:dc:7a:08:49:db:3f:a1:9a:bf:03:08: 
     41        7f:b2:8c:28:eb:cf:79:d9:a3:f0:a4:7c:65:40:c5:fe:34:88: 
     42        7f:88:47:e2:4b:38:f4:d6:c6:91:69:9c:68:ca:ed:03:fc:fb: 
     43        83:c8:07:be:3c:33:be:24:87:aa:68:7f:38:18:e3:fc:97:ef: 
     44        8f:e4:6e:39:f8:3d:e2:97:91:4a:86:e8:39:52:01:b3:31:54: 
     45        d9:5d 
    4646-----BEGIN CERTIFICATE----- 
    47 MIICizCCAfSgAwIBAgICAPQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    48 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODEzNTgw 
    49 OVoXDTA4MTIxNzEzNTgwOVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     47MIICizCCAfSgAwIBAgICAQQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     48MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MjA1 
     49NVoXDTEzMTIxNTE1MjA1NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    5050HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZzZXJ2ZXIw 
    5151ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKh5yGjF6lxe3OL/g1lZdq 
     
    5555FbpcpjemyU85R6h7K8Q7Wmoa841np+KRdMSnhQ6VX9PcgfcNdNEzsV+zxb7kblYq 
    5656JXUEDFWmNcJmdoWPUXwLtvdA3wwy15k+cvLVw3X4BmyTXrrK76uOjcroePMIJpHr 
    57 AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAr 
    58 sPbTMqdh2R4HOYo5yXq03ETDULorZ/YSisBJkb3y+z8/og4hXWO2c5AqEXBr2VbO 
    59 KbAluxMvip5Vr6B8nnOWgRcJGtAw+Bw0NO3jfQlyEsc3N4+QqnlVajooL5je0AZC 
    60 PqJa0vRvXykAPbLfN+cX94qmqoLo+SFHhJw5N1RtFg== 
     57AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQCV 
     586yS7Tk04uA6NDvonYQuR956jp6Tg2LpXOu7fVFCAJhn1Ztdsg2Trsxo73HoISds/ 
     59oZq/Awh/sowo68952aPwpHxlQMX+NIh/iEfiSzj01saRaZxoyu0D/PuDyAe+PDO+ 
     60JIeqaH84GOP8l++P5G45+D3il5FKhug5UgGzMVTZXQ== 
    6161-----END CERTIFICATE----- 
Note: See TracChangeset for help on using the changeset viewer.