Changeset 4855 for TI12-security


Ignore:
Timestamp:
20/01/09 16:39:49 (11 years ago)
Author:
pjkersha
Message:
  • Got rid of additional refs to Q Public licence in headers
  • Added ndg.security.server.wsgi.openid.relyingparty package and started OpenIDRelyingPartyMiddleware wrapper to AuthKit?
  • fixed classfactory import bug
  • tested Attribute Authority over SSL with mod_wsgi with AA and SM client unit tests
Location:
TI12-security/trunk/python
Files:
2 added
43 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/Echo/wsSecurity.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/GatekeeperTest.py

    r4770 r4855  
    1010Copyright (C) 2009 Science and Technology Facilities Council 
    1111 
    12 This software may be distributed under the terms of the Q Public License, 
    13 version 1.0 or later. 
    1412""" 
    1513import unittest 
  • TI12-security/trunk/python/Tests/SimpleCA/wsSecurity.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/dewsGatekeeper/wsSecurity.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/paste/deployment/services.ini

    r4841 r4855  
    1212use = egg:Paste#cascade 
    1313app1 = static 
     14app2 = pydap 
    1415catch = 404 
    1516 
    1617[app:static] 
    1718use = egg:Paste#static 
    18 document_root = %(here)s/public 
     19document_root = %(here)s/data 
     20 
     21[app:pydap] 
     22use = egg:dap 
     23name = My-Server 
     24root = %(here)s/data 
     25verbose = 0 
     26template = %(here)s/template 
    1927 
    2028[pipeline:main] 
    2129pipeline = PEPFilter 
    22            SSLClientAuthNFilter 
     30           SessionMiddlewareFilter 
    2331           mainApp 
    2432 
    2533[filter:PEPFilter] 
    2634paste.filter_app_factory = ndg.security.server.wsgi.pep:PEPMiddleware.filter_app_factory 
    27 mountPath = /ndg 
    28  
    29 [filter:SSLClientAuthNFilter] 
    30 paste.filter_app_factory = ndg.security.server.wsgi.ssl:SSLClientAuthNMiddleware.filter_app_factory 
    3135mountPath = / 
    3236 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/soap.py

    r4770 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/Tests/security.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412import os 
  • TI12-security/trunk/python/Tests/xDomainCredsTransfer.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/xmlsec/WS-Security/wsClient.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/xmlsec/WS-Security/wsInterface.py

    r4770 r4855  
    77Copyright (C) 2009 Science and Technology Facilities Council 
    88 
    9 This software may be distributed under the terms of the Q Public License, 
    10 version 1.0 or later. 
    119""" 
    1210 
  • TI12-security/trunk/python/Tests/xmlsec/WS-Security/wsSecurity.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/Tests/xmlsec/WS-Security/wsServer.py

    r4770 r4855  
    99Copyright (C) 2009 Science and Technology Facilities Council 
    1010 
    11 This software may be distributed under the terms of the Q Public License, 
    12 version 1.0 or later. 
    1311""" 
    1412 
  • TI12-security/trunk/python/ndg.security.client/ndg/security/client/ndgSessionClient.py

    r4840 r4855  
    44authorisation 
    55 
    6 NERC Data Grid Project 
    7  
    8 This software may be distributed under the terms of the Q Public License, 
    9 version 1.0 or later. 
     6NERC DataGrid Project 
    107""" 
    118__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialrepository/__init__.py

    r4770 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r4840 r4855  
    7070        elif caCertFilePathList: 
    7171            self.caCertFilePathList = caCertFilePathList 
     72        else: 
     73            # Set default to enable len() test in __call__ 
     74            self.__caCertStack = () 
    7275             
    7376    def __call__(self, peerCert, host=None): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

    r4770 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/classfactory.py

    r4841 r4855  
    5555            if moduleFilePath: 
    5656                if not os.path.exists(moduleFilePath): 
    57                     raise IOError("Module file path '%s' doesn't exist" % \ 
     57                    raise IOError("Module file path '%s' doesn't exist" %  
    5858                                  moduleFilePath) 
    5959                           
     
    6363                sys.path.append(moduleFilePath) 
    6464 
    65 #            from paste.util.import_string import eval_import 
    66 #            mod = eval_import(moduleName) 
    6765             
    6866            # Import module name specified in properties file 
    69             importModule=__import__(moduleName,globals(),locals(),[className]) 
     67            importModule = __import__(moduleName) 
    7068            components = moduleName.split('.') 
    71             for components in components[1:]: 
    72                 module = getattr(module, part) 
     69            for component in components[1:]: 
     70                importModule = getattr(importModule, component) 
    7371 
    74             importClass = getattr(module, className) 
    75             #importClass = eval('importModule.'+className) 
     72            importClass = getattr(importModule, className) 
    7673        finally: 
    7774            # revert back to original sys path, if necessary 
     
    8279                             
    8380    except Exception, e: 
    84         raise ClassFactoryError('Error importing %s module: %s'%(moduleName,e)) 
     81        log.error('%s module import raised %s type exception: %s' %  
     82                  (moduleName, e.__class__, e)) 
     83        raise  
    8584 
    8685    # Check class inherits from AAproxy abstract base class 
     
    9796 
    9897    except Exception, e: 
    99         log.error("Error instantiating class, %s: %s"%(importClass.__name__,e)) 
     98        log.error("Instantiating class, %s: %s"%(importClass.__name__,e)) 
    10099        raise 
    101100             
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/__init__.py

    r4770 r4855  
    44NERC Data Grid Project 
    55 
    6 This software may be distributed under the terms of the Q Public License, 
    7 version 1.0 or later. 
    86""" 
    97__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/__init__.py

    r4770 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/__init__.py

    r4770 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/attributeauthority/attributeinterface.py_tmpl

    r4674 r4855  
    44NERC DataGrid Project 
    55""" 
    6 from ndg.security.server.attributeauthority import AAUserRoles 
     6from ndg.security.server.attributeauthority import AttributeInterface 
    77 
    88 
    9 class TestAttributeInterface(AAUserRoles): 
     9class TestAttributeInterface(AttributeInterface): 
    1010    """Test User Roles class dynamic import for Attribute Authority""" 
    1111 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl

    r4775 r4855  
    4444attributeAuthority.mapConfigFile: %(here)s/attributeauthority/mapConfig.xml 
    4545 
    46 # Settings for custom AAUserRoles derived class to get user roles for given  
     46# Settings for custom AttributeInterface derived class to get user roles for given  
    4747# user ID 
    4848attributeAuthority.userRolesModFilePath: %(here)s/attributeauthority 
     
    205205 
    206206# Basic Authentication interface to demonstrate capabilities 
    207 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.BasicAuthNInterface 
     207#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface 
    208208#openid.provider.authN.userCreds=pjk:test 
    209209#openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/full_deployment/attributeauthority/attributeinterface.py_tmpl

    r4773 r4855  
    44NERC DataGrid Project 
    55""" 
    6 from ndg.security.server.attributeauthority import AAUserRoles 
     6from ndg.security.server.attributeauthority import AttributeInterface 
    77 
    88 
    9 class TestAttributeInterface(AAUserRoles): 
     9class TestAttributeInterface(AttributeInterface): 
    1010    """Test User Roles class dynamic import for Attribute Authority""" 
    1111 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/full_deployment/services.ini_tmpl

    r4777 r4855  
    4545attributeAuthority.mapConfigFile: %(here)s/attributeauthority/mapConfig.xml 
    4646 
    47 # Settings for custom AAUserRoles derived class to get user roles for given  
     47# Settings for custom AttributeInterface derived class to get user roles for given  
    4848# user ID 
    4949attributeAuthority.userRolesModFilePath: %(here)s/attributeauthority 
     
    387387 
    388388# Basic Authentication interface to demonstrate capabilities 
    389 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.BasicAuthNInterface 
     389#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface 
    390390#openid.provider.authN.userCreds=pjk:test 
    391391#openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/__init__.py

    r4841 r4855  
    1616    """Base class for NDG Security Middleware classes""" 
    1717    propertyDefaults = { 
    18         'mountPath': '/', 
     18        'mountPath': None, 
    1919    } 
    2020     
     
    145145                            (", ".join(badOpt))) 
    146146 
     147    def setMountPath(self, mountPath=None, environ=None): 
     148        if mountPath: 
     149            self._mountPath = mountPath 
     150        else: 
     151            if environ is None: 
     152                environ = self._environ 
     153             
     154            self._mountPath = environ.get('SCRIPT_URL') 
     155            if self._mountPath is None: 
     156                raise AttributeError("SCRIPT_URL key not set in environ: " 
     157                                     "'mountPath' is set to None") 
     158             
     159        if self._mountPath != '/': 
     160            self._mountPath = self._mountPath.rstrip('/') 
     161         
     162    def _getMountPath(self): 
     163        return self._mountPath 
     164     
     165    mountPath = property(fget=_getMountPath, 
     166                        fset=setMountPath, 
     167                        doc="URL path as assigned to SCRIPT_URL environ key") 
     168 
    147169    def setPathInfo(self, pathInfo=None, environ=None): 
    148170        if pathInfo: 
     
    153175             
    154176            self._pathInfo = environ['PATH_INFO'] 
    155             if self._pathInfo != '/': 
    156                 self._pathInfo.rstrip('/') 
     177             
     178        if self._pathInfo != '/': 
     179            self._pathInfo = self._pathInfo.rstrip('/') 
    157180         
    158181    def _getPathInfo(self): 
     
    168191            self._path = path 
    169192        else: 
    170             self._path = self.mountPath.rstrip() + self._pathInfo 
    171             if self._path != '/': 
    172                 self._path.rstrip('/') 
     193            self._path = self.mountPath.rstrip('/') + self._pathInfo 
     194             
     195        if self._path != '/': 
     196            self._path = self._path.rstrip('/') 
    173197         
    174198    def _getPath(self): 
     
    211235                             "to which this middleware is to be applied") 
    212236     
    213     sslServerDNKeyName = 'SSL_SERVER_S_DN' 
    214  
    215     _isSSLRequest = lambda self: bool(self.environ.get( 
    216                                 NDGSecurityPathFilter.sslServerDNKeyName)) 
     237    sslKeyName = 'HTTPS' 
     238 
     239    _isSSLRequest = lambda self: self.environ.get( 
     240                                NDGSecurityPathFilter.sslKeyName) == '1' 
    217241    isSSLRequest = property(fget=_isSSLRequest, 
    218242                            doc="Approximation for is an SSL request boolean " 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authn.py

    r4838 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

    r4775 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "P J Kershaw" 
    119__date__ = "01/08/08" 
    1210__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     11__license__ = "BSD - see top-level directory for LICENSE file" 
    1312__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1413__revision__ = "$Id$" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/basic.py

    r4770 r4855  
    88NERC Data Grid Project 
    99 
    10 This software may be distributed under the terms of the Q Public License, 
    11 version 1.0 or later. 
    1210""" 
    1311__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py

    r4770 r4855  
    77NERC Data Grid Project 
    88 
    9 This software may be distributed under the terms of the Q Public License, 
    10 version 1.0 or later. 
    119""" 
    1210__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/__init__.py

    r4775 r4855  
    44NERC Data Grid Project 
    55 
    6 This software may be distributed under the terms of the Q Public License, 
    7 version 1.0 or later. 
    86""" 
    97__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/pep/__init__.py

    r4841 r4855  
    1919class PEPMiddleware(NDGSecurityPathFilter): 
    2020    """WSGI Middleware to enforce a security policy for a given request URL 
    21     """    
     21     
     22    B{This class must be run under Apache mod_wsgi} 
     23 
     24    - This class uses SSL_SERVER_S_DN environment variable if available.  To 
     25    set, set Apache SSL with StdEnvVars option for the SSLOptions directive. 
     26    """   
     27    sslServerDNKeyName = 'SSL_SERVER_S_DN' 
     28      
    2229    def __init__(self, *arg, **kw): 
    2330        log.debug("Initialising PEPMiddleware ...") 
     
    3138        # TODO: Is a security session set? 
    3239        if True: 
     40            log.info('No security session is set') 
     41        else: 
     42            log.info('Security session is set') 
    3343            if self.isSSLRequest: 
     44                 
    3445                response = self._redirectFromHTTPS2HTTP(start_response) 
    3546                if response is not None: 
     
    4455            # User is logged in - Redirect to HTTP based URL and complete 
    4556            # Policy enforcement 
    46             if self.isSSLRequest: 
    47                 response = self._redirectFromHTTPS2HTTP(start_response) 
    48                 if response is not None: 
    49                     return response 
     57            pass 
     58#            if self.isSSLRequest: 
     59#                response = self._redirectFromHTTPS2HTTP(start_response) 
     60#                if response is not None: 
     61#                    return response 
    5062             
    5163        return self._setResponse(environ, start_response) 
     
    6173                serverName = dn['CN'] 
    6274            url = 'http://' + serverName + self.mountPath + self.pathInfo 
    63             print >> self.environ['wsgi.errors'], "redirecting to [%s]" % url 
    6475            return self._redirect(start_response, url) 
    6576         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

    r4770 r4855  
    33NERC Data Grid Project 
    44 
    5 This software may be distributed under the terms of the Q Public License, 
    6 version 1.0 or later. 
    75""" 
    86__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/ssl.py

    r4841 r4855  
    88NERC Data Grid Project 
    99 
    10 This software may be distributed under the terms of the Q Public License, 
    11 version 1.0 or later. 
    1210""" 
    1311__author__ = "P J Kershaw" 
     
    7977         
    8078        if not self.isSSLRequest: 
    81             log.debug("ignoring path [%s] - assuming non-SSL request" %  
    82                       self.path) 
     79            log.debug("ignoring request - assuming non-SSL") 
    8380            return self._setResponse(environ, start_response) 
    8481             
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

    r4770 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4770 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/attAuthorityClientTest.cfg

    r4770 r4855  
    1111# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1212# setting for test6GetMappedAttCert 
    13 uri = http://localhost:5000/AttributeAuthority 
     13#uri = http://localhost:5000/AttributeAuthority 
    1414 
    1515# With TCP Mon: 
    1616#uri = http://localhost:4999/AttributeAuthority 
    1717 
     18# Over SSL with mod_wsgi 
     19#uri = https://localhost/ndg/AttributeAuthority 
     20 
    1821# For https connections only.  !Omit ssl* settings if using http! 
    1922# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    2023# same as peer hostname.  
    21 sslPeerCertCN = AttributeAuthority 
     24sslPeerCertCN =  
    2225sslCACertFilePathList = $NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt 
    2326 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4775 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4777 r4855  
    398398 
    399399# Basic Authentication interface to demonstrate capabilities 
    400 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.BasicAuthNInterface 
     400#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface 
    401401#openid.provider.authN.userCreds=pjk:test 
    402402#openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/siteAServerApp.py

    r4770 r4855  
    44NERC Data Grid Project 
    55 
    6 This software may be distributed under the terms of the Q Public License, 
    7 version 1.0 or later. 
    86""" 
    97__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/siteBServerApp.py

    r4770 r4855  
    44NERC Data Grid Project 
    55 
    6 This software may be distributed under the terms of the Q Public License, 
    7 version 1.0 or later. 
    86""" 
    97__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/sessionmanager/sessionManagerServerApp.py

    r4770 r4855  
    44NERC Data Grid Project 
    55 
    6 This software may be distributed under the terms of the Q Public License, 
    7 version 1.0 or later. 
    86""" 
    97__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/noseTests.py

    r4770 r4855  
    55NERC Data Grid Project 
    66 
    7 This software may be distributed under the terms of the Q Public License, 
    8 version 1.0 or later. 
    97""" 
    108__author__ = "C Byrom" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg

    r4770 r4855  
    3131[test06GetAttCertWithSessID] 
    3232aaURI = http://localhost:5000/AttributeAuthority 
     33 
     34# Test over SSL using mod_wsgi 
     35#aaURI = https://localhost/ndg/AttributeAuthority 
     36 
    3337acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 
    3438 
     
    4650[test10GetAttCertWithUserX509Cert] 
    4751aaURI = http://localhost:5000/AttributeAuthority 
     52 
     53# Test over SSL using mod_wsgi 
     54#aaURI = https://localhost/ndg/AttributeAuthority 
    4855 
    4956[wsse] 
Note: See TracChangeset for help on using the changeset viewer.