Changeset 4692 for TI12-security

Timestamp:

19/12/08 16:39:57 (12 years ago)

Author:

pjkersha

Message:

Refactoring of SSO service to enable use of local AA and SM instances via keys to environ.

Location:

TI12-security/trunk/python

Files:

• Tests/etreewss/client/clnt.crt (modified) (3 diffs)
• Tests/etreewss/server/server.crt (modified) (3 diffs)
• ndg.security.client/ndg/security/client/ndgSessionClient.py (modified) (3 diffs)
• ndg.security.common/ndg/security/common/authz/pdp/browse.py (modified) (1 diff)
• ndg.security.common/ndg/security/common/authz/pdp/proftp.py (modified) (1 diff)
• ndg.security.common/ndg/security/common/sessionmanager.py (modified) (3 diffs)
• ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py (modified) (4 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py (modified) (4 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py (modified) (2 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl (modified) (1 diff)
• ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl (modified) (5 diffs)
• ndg.security.server/ndg/security/server/paster_templates/template.py (modified) (2 diffs)
• ndg.security.server/ndg/security/server/sso/certs/clnt.crt (modified) (3 diffs)
• ndg.security.server/ndg/security/server/sso/sso.cfg (modified) (1 diff)
• ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/sso/sso/controllers/login.py (modified) (3 diffs)
• ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py (modified) (2 diffs)
• ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py (modified) (2 diffs)
• ndg.security.test/ndg/security/test/authz/pdp/browse/clnt.crt (modified) (3 diffs)
• ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/certs/clnt.crt (modified) (3 diffs)
• ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg (modified) (1 diff)
• ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg (modified) (1 diff)
• ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py (modified) (5 diffs)
• ndg.security.test/ndg/security/test/data (added)
• ndg.security.test/ndg/security/test/data/README (added)
• ndg.security.test/ndg/security/test/data/pki (added)
• ndg.security.test/ndg/security/test/data/pki/ca (added)
• ndg.security.test/ndg/security/test/data/pki/ca/ndg-test-ca.crt (added)
• ndg.security.test/ndg/security/test/data/pki/wsse-clnt.crt (added)
• ndg.security.test/ndg/security/test/data/pki/wsse-clnt.key (added)
• ndg.security.test/ndg/security/test/data/pki/wsse-server.crt (added)
• ndg.security.test/ndg/security/test/data/pki/wsse-server.key (added)
• ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py (modified) (5 diffs)
• ndg.security.test/ndg/security/test/wssecurity/client/clnt.crt (modified) (3 diffs)
• ndg.security.test/ndg/security/test/wssecurity/server/server.crt (modified) (3 diffs)

TI12-security/trunk/python/Tests/etreewss/client/clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 243 (0xf3)
+        Serial Number: 259 (0x103)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 11:42:41 2007 GMT
-            Not After : Dec 17 11:42:41 2008 GMT
+            Not Before: Dec 16 15:19:45 2008 GMT
+            Not After : Dec 15 15:19:45 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:
-        eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:
-        73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:
-        16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:
-        28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:
-        c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:
-        4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:
-        6d:78
+        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
+        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
+        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
+        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
+        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
+        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
+        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
+        9e:5f
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0
-MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
+NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
@@ -55 +55 @@
 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB
-KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1
-90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme
-PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
+Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
+LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
+ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
 -----END CERTIFICATE-----

TI12-security/trunk/python/Tests/etreewss/server/server.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 244 (0xf4)
+        Serial Number: 260 (0x104)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 13:58:09 2007 GMT
-            Not After : Dec 17 13:58:09 2008 GMT
+            Not Before: Dec 16 15:20:55 2008 GMT
+            Not After : Dec 15 15:20:55 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=server
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        2b:b0:f6:d3:32:a7:61:d9:1e:07:39:8a:39:c9:7a:b4:dc:44:
-        c3:50:ba:2b:67:f6:12:8a:c0:49:91:bd:f2:fb:3f:3f:a2:0e:
-        21:5d:63:b6:73:90:2a:11:70:6b:d9:56:ce:29:b0:25:bb:13:
-        2f:8a:9e:55:af:a0:7c:9e:73:96:81:17:09:1a:d0:30:f8:1c:
-        34:34:ed:e3:7d:09:72:12:c7:37:37:8f:90:aa:79:55:6a:3a:
-        28:2f:98:de:d0:06:42:3e:a2:5a:d2:f4:6f:5f:29:00:3d:b2:
-        df:37:e7:17:f7:8a:a6:aa:82:e8:f9:21:47:84:9c:39:37:54:
-        6d:16
+        95:eb:24:bb:4e:4d:38:b8:0e:8d:0e:fa:27:61:0b:91:f7:9e:
+        a3:a7:a4:e0:d8:ba:57:3a:ee:df:54:50:80:26:19:f5:66:d7:
+        6c:83:64:eb:b3:1a:3b:dc:7a:08:49:db:3f:a1:9a:bf:03:08:
+        7f:b2:8c:28:eb:cf:79:d9:a3:f0:a4:7c:65:40:c5:fe:34:88:
+        7f:88:47:e2:4b:38:f4:d6:c6:91:69:9c:68:ca:ed:03:fc:fb:
+        83:c8:07:be:3c:33:be:24:87:aa:68:7f:38:18:e3:fc:97:ef:
+        8f:e4:6e:39:f8:3d:e2:97:91:4a:86:e8:39:52:01:b3:31:54:
+        d9:5d
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODEzNTgw
-OVoXDTA4MTIxNzEzNTgwOVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MjA1
+NVoXDTEzMTIxNTE1MjA1NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZzZXJ2ZXIw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKh5yGjF6lxe3OL/g1lZdq
@@ -55 +55 @@
 FbpcpjemyU85R6h7K8Q7Wmoa841np+KRdMSnhQ6VX9PcgfcNdNEzsV+zxb7kblYq
 JXUEDFWmNcJmdoWPUXwLtvdA3wwy15k+cvLVw3X4BmyTXrrK76uOjcroePMIJpHr
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAr
-sPbTMqdh2R4HOYo5yXq03ETDULorZ/YSisBJkb3y+z8/og4hXWO2c5AqEXBr2VbO
-KbAluxMvip5Vr6B8nnOWgRcJGtAw+Bw0NO3jfQlyEsc3N4+QqnlVajooL5je0AZC
-PqJa0vRvXykAPbLfN+cX94qmqoLo+SFHhJw5N1RtFg==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQCV
+6yS7Tk04uA6NDvonYQuR956jp6Tg2LpXOu7fVFCAJhn1Ztdsg2Trsxo73HoISds/
+oZq/Awh/sowo68952aPwpHxlQMX+NIh/iEfiSzj01saRaZxoyu0D/PuDyAe+PDO+
+JIeqaH84GOP8l++P5G45+D3il5FKhug5UgGzMVTZXQ==
 -----END CERTIFICATE-----

TI12-security/trunk/python/ndg.security.client/ndg/security/client/ndgSessionClient.py

@@ -123 +123 @@
     parser.add_option("-r", 
                       "--req-attr", 
-                      dest="attAuthorityURI", 
+                      dest="attributeAuthorityURI", 
                       help=\
 """Get a Session Manager to request authorisation from an Attribute Authority 
@@ -358 +358 @@
             # Don't exit here - req-autho may have been set too
             
-        if options.attAuthorityURI:
+        if options.attributeAuthorityURI:
             methodCall = True
 
@@ -368 +368 @@
             authResp = sessClnt.reqAuthorisation(\
                             sessCookie=options.sessCookie,
-                            aaWSDL=options.attAuthorityURI,
+                            aaWSDL=options.attributeAuthorityURI,
                             aaCert=options.aaCert,
                             mapFromTrustedHosts=options.mapFromTrustedHosts,

TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/browse.py

@@ -406 +406 @@
         try:
             # Make request for attribute certificate
-            attCert = self.smClnt.getAttCert(attAuthorityURI=aaURI,
+            attCert = self.smClnt.getAttCert(attributeAuthorityURI=aaURI,
                                              sessID=self.userSessID,
                                              reqRole=role)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/proftp.py

@@ -303 +303 @@
         try:
             # Make request for attribute certificate
-            attCert = self.smClnt.getAttCert(attAuthorityURI=self.aaURI,
+            attCert = self.smClnt.getAttCert(attributeAuthorityURI=self.aaURI,
                                              sessID=self.userSessID)
             return attCert

TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

@@ -454 +454 @@
                    userX509Cert=None,
                    sessID=None,
-                   attAuthorityURI=None,
+                   attributeAuthorityURI=None,
                    reqRole=None,
                    mapFromTrustedHosts=True,
@@ -483 +483 @@
         userX509Cert in the case of a browser client.
         
-        @type attAuthorityURI: string
-        @param attAuthorityURI: URI for Attribute Authority WS.
+        @type attributeAuthorityURI: string
+        @param attributeAuthorityURI: URI for Attribute Authority WS.
         
         @type reqRole: string
@@ -520 +520 @@
             attCert, msg, extAttCertList = self.__srv.getAttCert(userX509Cert,
                                                            sessID, 
-                                                           attAuthorityURI,
+                                                           attributeAuthorityURI,
                                                            reqRole,
                                                            mapFromTrustedHosts,

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

@@ -29 +29 @@
         # no ws-addressing
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fc98c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c746c>
     def getAttCert(self, userId,userX509Cert,userAttCert):
 
@@ -46 +46 @@
         return attCert,msg
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fccac>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c778c>
     def getHostInfo(self):
 
@@ -64 +64 @@
         return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x85037ec>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cf2cc>
     def getTrustedHostInfo(self, role):
 
@@ -78 +78 @@
         return trustedHosts
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x850396c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cf44c>
     def getAllHostsInfo(self):
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py

@@ -29 +29 @@
         # no ws-addressing
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fad6c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c784c>
     def getSessionStatus(self, userDN,sessID):
 
@@ -44 +44 @@
         return isAlive
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x850208c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c7b4c>
     def connect(self, username,passphrase,createServerSess):
 
@@ -63 +63 @@
         return userX509Cert,userPriKey,issuingCert,sessID
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502c0c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd6ec>
     def disconnect(self, userX509Cert,sessID):
 
@@ -77 +77 @@
         return 
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502dac>
-    def getAttCert(self, userX509Cert,sessID,attAuthorityURI,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost):
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd88c>
+    def getAttCert(self, userX509Cert,sessID,attributeAuthorityURI,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost):
 
         request = getAttCertInputMsg()
         request._userX509Cert = userX509Cert
         request._sessID = sessID
-        request._attAuthorityURI = attAuthorityURI
+        request._attributeAuthorityURI = attributeAuthorityURI
         request._reqRole = reqRole
         request._mapFromTrustedHosts = mapFromTrustedHosts

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py

@@ -149 +149 @@
         def __init__(self, **kw):
             ns = ns0.getAttCert_Dec.schema
-            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))]
+            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attributeAuthorityURI", aname="_attributeAuthorityURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))]
             kw["pname"] = ("urn:ndg:security:SessionManager","getAttCert")
             kw["aname"] = "_getAttCert"
@@ -161 +161 @@
                     self._userX509Cert = None
                     self._sessID = None
-                    self._attAuthorityURI = None
+                    self._attributeAuthorityURI = None
                     self._reqRole = None
                     self._mapFromTrustedHosts = None

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl

@@ -68 +68 @@
                     <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
-                    <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+                    <xsd:element name="attributeAuthorityURI" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="reqRole" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="mapFromTrustedHosts" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>

TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl

@@ -20 +20 @@
 # Attribute Authority settings
 # 'name' setting MUST agree with map config file 'thisHost' name attribute
-attributeAuthority.name: Site A
+attributeAuthority.name: ${attributeAuthorityID}
 
 # Lifetime is measured in seconds
@@ -41 +41 @@
 
 # Location of role mapping file
-attributeAuthority.mapConfigFile: %(here)s/attributeauthority/siteAMapConfig.xml
+attributeAuthority.mapConfigFile: %(here)s/attributeauthority/mapConfig.xml
 
 # Settings for custom AAUserRoles derived class to get user roles for given 
@@ -141 +141 @@
 use = egg:Paste#http
 host = 0.0.0.0
-port = 5000
+port = 8000
 
 [app:mainApp]
@@ -160 +160 @@
 set debug = false
 
-configfile = %(here)s/singleSignOnService/sso.cfg
-#configfile = /home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso.cfg
+configfile = %(here)s/sso/sso.cfg
 
 # AuthKit Set-up
@@ -301 +300 @@
 # Certificate associated with private key used to sign a message.  The sign 
 # method will add this to the BinarySecurityToken element of the WSSE header.  
-wssecurity.signingCertFilePath=%(here)s/server.crt
+wssecurity.signingCertFilePath=%(here)s/wssecurity/server.crt
 
 # PEM encoded private key file
-wssecurity.signingPriKeyFilePath=%(here)s/server.key
+wssecurity.signingPriKeyFilePath=%(here)s/wssecurity/server.key
 
 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a

TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/template.py

@@ -2 +2 @@
 
 from paste.script.templates import Template, var, _skip_variables
+import os
 import socket
 _hostTuple = socket.gethostbyaddr(socket.gethostname())
@@ -22 +23 @@
     summary = 'NERC DataGrid Security services deployment template'
     vars = vars
-    
+
+    def write_files(self, command, output_dir, vars):
+        '''Extend to enable substitutions for Single Sign On Service config
+        file'''
+        if output_dir.startswith('./'):
+            outDir = output_dir.lstrip('./')
+        else:
+            outDir = output_dir
+            
+        vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso')
+        super(DefaultDeploymentTemplate, self).write_files(command, 
+                                                           output_dir, 
+                                                           vars)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/certs/clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 243 (0xf3)
+        Serial Number: 259 (0x103)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 11:42:41 2007 GMT
-            Not After : Dec 17 11:42:41 2008 GMT
+            Not Before: Dec 16 15:19:45 2008 GMT
+            Not After : Dec 15 15:19:45 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:
-        eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:
-        73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:
-        16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:
-        28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:
-        c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:
-        4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:
-        6d:78
+        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
+        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
+        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
+        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
+        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
+        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
+        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
+        9e:5f
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0
-MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
+NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
@@ -55 +55 @@
 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB
-KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1
-90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme
-PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
+Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
+LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
+ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
 -----END CERTIFICATE-----

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg

@@ -18 +18 @@
 #sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager
 sessionMgrURI: http://localhost:8000/SessionManager
-attAuthorityURI: http://localhost:8000/AttributeAuthority
+attributeAuthorityURI: http://localhost:8000/AttributeAuthority
 
 # WS-Security signature handler - set a config file with 'wssCfgFilePath'

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

@@ -116 +116 @@
             self.smURI = None
             
-        if self.cfg.has_option(defSection, 'attAuthorityURI'):        
-            self.aaURI = self.cfg.get(defSection, 'attAuthorityURI')
+        if self.cfg.has_option(defSection, 'sessionManagerEnvironKey'):        
+            self.smEnvironKey = self.cfg.get(defSection, 
+                                             'sessionManagerEnvironKey')
+        else:
+            self.smEnvironKey = None
+            
+        if self.cfg.has_option(defSection, 'attributeAuthorityURI'):        
+            self.aaURI = self.cfg.get(defSection, 'attributeAuthorityURI')
         else:
             self.aaURI = None
+            
+        if self.cfg.has_option(defSection, 'attributeAuthorityEnvironKey'):        
+            self.aaEnvironKey = self.cfg.get(defSection, 
+                                             'attributeAuthorityEnvironKey')
+        else:
+            self.aaEnvironKey = None
         
         # ... for SSL connections to security web services

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py

@@ -56 +56 @@
                         environ=request.environ,
                         uri=session['ndgSec']['h'],
+                        environKey=self.cfg.smEnvironKey,
+                        attributeAuthorityEnvironKey=self.cfg.aaEnvironKey,
                         tracefile=self.cfg.tracefile,
                         httpProxyHost=self.cfg.httpProxyHost,
@@ -109 +111 @@
         try:    
             smClnt = WSGISessionManagerClient(
-                                     environ=request.environ,
-                                     uri=self.cfg.smURI,
-                                     tracefile=self.cfg.tracefile,
-                                     httpProxyHost=self.cfg.httpProxyHost,
-                                     noHttpProxyList=self.cfg.noHttpProxyList,
-                                     **self.cfg.wss)
+                        environ=request.environ,
+                        uri=self.cfg.smURI,
+                        environKey=self.cfg.smEnvironKey,
+                        attributeAuthorityEnvironKey=self.cfg.aaEnvironKey,
+                        tracefile=self.cfg.tracefile,
+                        httpProxyHost=self.cfg.httpProxyHost,
+                        noHttpProxyList=self.cfg.noHttpProxyList,
+                        **self.cfg.wss)
                                 
             username = request.params['username']
@@ -221 +225 @@
                                     environ=request.environ,
                                     uri=self.cfg.aaURI,
+                                    environKey=self.cfg.aaEnvironKey,
                                     tracefile=self.cfg.tracefile,
                                     httpProxyHost=self.cfg.httpProxyHost,

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py

@@ -127 +127 @@
                                         environ=pylons.request.environ,
                                         uri=cfg.aaURI,
+                                        environKey=self.cfg.aaEnvironKey,
                                         tracefile=cfg.tracefile,
                                         httpProxyHost=cfg.httpProxyHost,

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

@@ -421 +421 @@
                     else:
                         opt[filtOptName] = optVal
-                else:
-                    # Options not starting with prefix are ignored
-                    log.debug("Skipping option \"%s\": it doesn't start with "
-                              "the prefix \"%s\"", optName, prefix)
+#                else:
+                    # Options not starting with prefix are ignored - omit debug
+                    # it's too verbose even for debug setting :)
+#                    log.debug("Skipping option \"%s\": it doesn't start with "
+#                              "the prefix \"%s\"", optName, prefix)
             else:
                 filtOptName = '_'.join(optName.split('.'))

TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py

@@ -72 +72 @@
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
-                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attAuthorityURI\" type=\"xsd:string\"/>
+                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attributeAuthorityURI\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"reqRole\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"mapFromTrustedHosts\" type=\"xsd:boolean\"/>
@@ -269 +269 @@
     def soap_getAttCert(self, ps):
         self.request = ps.Parse(getAttCertInputMsg.typecode)
-        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)
+        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attributeAuthorityURI, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)
 
         # If we have an implementation object use it

TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

@@ -190 +190 @@
         # If no Attribute Authority URI is set pick up local Attribute 
         # instance Authority
-        if request.AttAuthorityURI is None:
+        if request.AttributeAuthorityURI is None:
             attributeAuthorityFilter = \
                 self.referencedWSGIFilters.get(self.attributeAuthorityFilterID)
                 
             try:
-                attributeAuthority = \
-                    attributeAuthorityFilter.serviceSOAPBinding.aa
+                attributeAuthority= \
+                                attributeAuthorityFilter.serviceSOAPBinding.aa
             except AttributeError, e:
                 raise SessionManagerWSConfigError("No Attribute Authority URI "
@@ -210 +210 @@
                             userX509Cert=userX509Cert or request.UserX509Cert,
                             sessID=request.SessID,
-                            attributeAuthorityURI=request.AttAuthorityURI,
+                            attributeAuthorityURI=request.AttributeAuthorityURI,
                             attributeAuthority=attributeAuthority,
                             reqRole=request.ReqRole,

TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 243 (0xf3)
+        Serial Number: 259 (0x103)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 11:42:41 2007 GMT
-            Not After : Dec 17 11:42:41 2008 GMT
+            Not Before: Dec 16 15:19:45 2008 GMT
+            Not After : Dec 15 15:19:45 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:
-        eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:
-        73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:
-        16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:
-        28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:
-        c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:
-        4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:
-        6d:78
+        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
+        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
+        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
+        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
+        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
+        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
+        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
+        9e:5f
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0
-MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
+NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
@@ -55 +55 @@
 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB
-KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1
-90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme
-PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
+Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
+LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
+ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
 -----END CERTIFICATE-----

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/certs/clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 243 (0xf3)
+        Serial Number: 259 (0x103)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 11:42:41 2007 GMT
-            Not After : Dec 17 11:42:41 2008 GMT
+            Not Before: Dec 16 15:19:45 2008 GMT
+            Not After : Dec 15 15:19:45 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:
-        eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:
-        73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:
-        16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:
-        28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:
-        c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:
-        4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:
-        6d:78
+        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
+        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
+        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
+        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
+        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
+        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
+        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
+        9e:5f
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0
-MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
+NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
@@ -55 +55 @@
 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB
-KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1
-90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme
-PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
+Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
+LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
+ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
 -----END CERTIFICATE-----

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg

@@ -16 +16 @@
 
 # Service addresses
-#sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager
 sessionMgrURI: http://localhost:8000/SessionManager
 
 # If the Attribute Authority URI is commented out the service will try to 
 # connect to an Attribute Authority instance in the local WSG stack
-#attAuthorityURI: http://localhost:8000/AttributeAuthority
+#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
 
 # WS-Security signature handler - set a config file with 'wssCfgFilePath'

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

@@ -10 +10 @@
 # $Id:$
 [setUp]
+logLevel = ERROR
 uri = http://localhost:8000/SessionManager
 # alternate port for testing with tcpmon

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

@@ -16 +16 @@
 __revision__ = '$Id: test_sessionmanagerclient.py 4437 2008-11-18 12:34:25Z pjkersha $'
 import logging
-logging.basicConfig(level=logging.DEBUG)
+
 
 import unittest
@@ -106 +106 @@
         except KeyError:
             sslCACertList = []
-            
+        
+        # Set logging
+        try:
+            logLevel = getattr(logging, self.cfg['setUp']['logLevel'])
+        except AttributeError:
+            raise AttributeError("logLevel=%s not recognised, try one of: "
+                                 "CRITICAL, ERROR, WARNING, INFO, DEBUG or "
+                                 "NOTSET" % self.cfg['setUp']['logLevel'])
+            
+        logging.basicConfig(level=logLevel)
+        
         # Instantiate WS proxy
         self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'],
@@ -236 +246 @@
         
         attCert = self.clnt.getAttCert(sessID=self.sessID, 
-                                       attAuthorityURI=thisSection['aaURI'])
+                                       attributeAuthorityURI=thisSection['aaURI'])
         
         print "Attribute Certificate:\n%s" % attCert 
@@ -269 +279 @@
         
         aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI']
-        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI)
+        attCert = self.clnt.getAttCert(attributeAuthorityURI=aaURI)
           
         print("Attribute Certificate:\n%s" % attCert)  
@@ -400 +410 @@
 
 
-class CombinedServicesTestSuite(unittest.TestSuite):
-    
-    def __init__(self):
-        map = map(CombinedServicesTestCase,
-            (
-            "test01Connect",
-            "test02GetSessionStatus",
-            "test03ConnectNoCreateServerSess",
-            "test04DisconnectWithSessID",
-            "test05DisconnectWithUserX509Cert",
-            "test06GetAttCertWithSessID",
-            "test07GetAttCertWithUserX509Cert",
-            "test08GetAttCertFromLocalAttributeAuthority",
-            "test09WSGILocalSessionManagerInstanceConnect",
-            "test10WSGILocalSessionManagerInstanceGetSessionStatus",
-            "test11WSGILocalSessionManagerInstanceDisconnect",
-            "test12WSGILocalSessionManagerInstanceGetAttCert",
-            "test13WSGILocalAttributeAuthorityInstanceGetHostInfo",
-            "test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo",
-            "test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo"
-            ))
-        unittest.TestSuite.__init__(self, map)
-            
-                                                    
 if __name__ == "__main__":
     unittest.main()        

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

@@ -220 +220 @@
         
         attCert = self.clnt.getAttCert(sessID=self.sessID, 
-                                       attAuthorityURI=thisSection['aaURI'])
+                                       attributeAuthorityURI=thisSection['aaURI'])
         
         print "Attribute Certificate:\n%s" % attCert 
@@ -239 +239 @@
         try:
             attCert = self.clnt.getAttCert(sessID=self.sessID, 
-                                           attAuthorityURI=aaURI,
+                                           attributeAuthorityURI=aaURI,
                                            mapFromTrustedHosts=False)
         except AttributeRequestDenied, e:
@@ -257 +257 @@
         aaURI = self.cfg['test08GetMappedAttCertWithSessID']['aaURI']
         
-        attCert=self.clnt.getAttCert(sessID=self.sessID, attAuthorityURI=aaURI)
+        attCert=self.clnt.getAttCert(sessID=self.sessID, attributeAuthorityURI=aaURI)
         
         print "Attribute Certificate:\n%s" % attCert  
@@ -277 +277 @@
         
         attCert = self.clnt.getAttCert(sessID=self.sessID, 
-                                       attAuthorityURI=aaURI,
+                                       attributeAuthorityURI=aaURI,
                                        extAttCertList=[extAttCert])
           
@@ -309 +309 @@
         
         aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI']
-        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI)
+        attCert = self.clnt.getAttCert(attributeAuthorityURI=aaURI)
           
         print("Attribute Certificate:\n%s" % attCert)  

TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/client/clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 243 (0xf3)
+        Serial Number: 259 (0x103)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 11:42:41 2007 GMT
-            Not After : Dec 17 11:42:41 2008 GMT
+            Not Before: Dec 16 15:19:45 2008 GMT
+            Not After : Dec 15 15:19:45 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        c1:2b:11:0e:c3:fe:3e:f2:87:ee:48:e5:f1:29:9c:1f:a3:d8:
-        eb:f9:3a:d4:af:75:c7:b4:39:e0:b2:83:5e:ee:71:7c:fc:28:
-        73:fb:e4:62:7e:96:7b:f1:c3:b7:a4:94:b5:f7:41:a4:32:6a:
-        16:4b:8c:60:36:0c:c1:79:62:51:aa:79:fa:1e:8c:a0:82:58:
-        28:c6:cf:da:9b:79:eb:3a:f3:bf:e2:4a:8e:c2:f3:55:3f:b9:
-        c6:0e:55:ea:a9:79:9e:3c:d2:d1:07:6c:81:90:2f:a9:54:ba:
-        4a:7e:3c:f0:7c:86:c5:e0:b3:71:a5:48:a8:77:e3:83:b6:48:
-        6d:78
+        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
+        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
+        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
+        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
+        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
+        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
+        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
+        9e:5f
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0
-MVoXDTA4MTIxNzExNDI0MVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
+NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
@@ -55 +55 @@
 mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
 SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQDB
-KxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ78cO3pJS1
-90GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXme
-PNLRB2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
+Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
+LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
+ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
 -----END CERTIFICATE-----

TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/server/server.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 244 (0xf4)
+        Serial Number: 260 (0x104)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: O=NDG, OU=BADC, CN=Test CA
         Validity
-            Not Before: Dec 18 13:58:09 2007 GMT
-            Not After : Dec 17 13:58:09 2008 GMT
+            Not Before: Dec 16 15:20:55 2008 GMT
+            Not After : Dec 15 15:20:55 2013 GMT
         Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=server
         Subject Public Key Info:
@@ -33 +33 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            Netscape Cert Type:
+            Netscape Cert Type: 
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        2b:b0:f6:d3:32:a7:61:d9:1e:07:39:8a:39:c9:7a:b4:dc:44:
-        c3:50:ba:2b:67:f6:12:8a:c0:49:91:bd:f2:fb:3f:3f:a2:0e:
-        21:5d:63:b6:73:90:2a:11:70:6b:d9:56:ce:29:b0:25:bb:13:
-        2f:8a:9e:55:af:a0:7c:9e:73:96:81:17:09:1a:d0:30:f8:1c:
-        34:34:ed:e3:7d:09:72:12:c7:37:37:8f:90:aa:79:55:6a:3a:
-        28:2f:98:de:d0:06:42:3e:a2:5a:d2:f4:6f:5f:29:00:3d:b2:
-        df:37:e7:17:f7:8a:a6:aa:82:e8:f9:21:47:84:9c:39:37:54:
-        6d:16
+        95:eb:24:bb:4e:4d:38:b8:0e:8d:0e:fa:27:61:0b:91:f7:9e:
+        a3:a7:a4:e0:d8:ba:57:3a:ee:df:54:50:80:26:19:f5:66:d7:
+        6c:83:64:eb:b3:1a:3b:dc:7a:08:49:db:3f:a1:9a:bf:03:08:
+        7f:b2:8c:28:eb:cf:79:d9:a3:f0:a4:7c:65:40:c5:fe:34:88:
+        7f:88:47:e2:4b:38:f4:d6:c6:91:69:9c:68:ca:ed:03:fc:fb:
+        83:c8:07:be:3c:33:be:24:87:aa:68:7f:38:18:e3:fc:97:ef:
+        8f:e4:6e:39:f8:3d:e2:97:91:4a:86:e8:39:52:01:b3:31:54:
+        d9:5d
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAPQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODEzNTgw
-OVoXDTA4MTIxNzEzNTgwOVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+MIICizCCAfSgAwIBAgICAQQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MjA1
+NVoXDTEzMTIxNTE1MjA1NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
 HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZzZXJ2ZXIw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKh5yGjF6lxe3OL/g1lZdq
@@ -55 +55 @@
 FbpcpjemyU85R6h7K8Q7Wmoa841np+KRdMSnhQ6VX9PcgfcNdNEzsV+zxb7kblYq
 JXUEDFWmNcJmdoWPUXwLtvdA3wwy15k+cvLVw3X4BmyTXrrK76uOjcroePMIJpHr
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAr
-sPbTMqdh2R4HOYo5yXq03ETDULorZ/YSisBJkb3y+z8/og4hXWO2c5AqEXBr2VbO
-KbAluxMvip5Vr6B8nnOWgRcJGtAw+Bw0NO3jfQlyEsc3N4+QqnlVajooL5je0AZC
-PqJa0vRvXykAPbLfN+cX94qmqoLo+SFHhJw5N1RtFg==
+AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQCV
+6yS7Tk04uA6NDvonYQuR956jp6Tg2LpXOu7fVFCAJhn1Ztdsg2Trsxo73HoISds/
+oZq/Awh/sowo68952aPwpHxlQMX+NIh/iEfiSzj01saRaZxoyu0D/PuDyAe+PDO+
+JIeqaH84GOP8l++P5G45+D3il5FKhug5UgGzMVTZXQ==
 -----END CERTIFICATE-----