Changeset 5067 for TI12-security


Ignore:
Timestamp:
05/03/09 16:39:34 (11 years ago)
Author:
pjkersha
Message:
  • fixed bug in OpenID Provider Yadis XML template for idselect mode requests i.e. user provides their provider URI instead of their full identity URI.
  • added OpenID Provider standalone test to integration tests. TODO: re-test integrated OpenID Provider and Relying Party WSGIs in combined stack.
Location:
TI12-security/trunk/python
Files:
19 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/__init__.py

    r4840 r5067  
    1 """NDG Security wssecurity package - contains signature handler and config 
    2  
    3 NERC Data Grid Project 
     1"""NDG Security WS-Security package - contains signature handler and config 
     2 
     3NERC DataGrid Project 
    44""" 
    55__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/signaturehandler/__init__.py

    r5062 r5067  
    22sharing of common code 
    33 
    4 NERC Data Grid Project 
     4NERC DataGrid Project 
    55""" 
    66__author__ = "C Byrom" 
     
    3737 
    3838import ZSI 
    39 from ZSI.wstools.Namespaces import DSIG, ENCRYPTION, WSU, WSA200403, \ 
    40                                    SOAP, SCHEMA # last included for xsi 
    41  
     39from ZSI.wstools.Namespaces import ENCRYPTION, WSU 
    4240from ZSI.wstools.Namespaces import OASIS as _OASIS 
    4341 
     
    6260    '''Try different utility namespace for use with WebSphere''' 
    6361    #UTILITY = "http://schemas.xmlsoap.org/ws/2003/06/utility" 
    64     UTILITY = \ 
    65 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
     62    UTILITY = ("http://docs.oasis-open.org/wss/2004/01/" 
     63               "oasis-200401-wss-wssecurity-utility-1.0.xsd") 
    6664 
    6765class OASIS(_OASIS): 
    6866    # wss4j 1.5.3 
    69     WSSE11 = \ 
    70         "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" 
     67    WSSE11 = ("http://docs.oasis-open.org/wss/" 
     68              "oasis-wss-wssecurity-secext-1.1.xsd") 
    7169    # wss4j 1.5.1 
    72     #WSSE11 = "http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd" 
     70#    WSSE11 = ("http://docs.oasis-open.org/wss/2005/xx/" 
     71#              "oasis-2005xx-wss-wssecurity-secext-1.1.xsd") 
    7372 
    7473 
     
    122121    @type b64EncSignatureValue: string/None""" 
    123122 
    124     _binSecTokEncType = \ 
    125 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
     123    _binSecTokEncType = ("http://docs.oasis-open.org/wss/2004/01/" 
     124                         "oasis-200401-wss-soap-message-security-1.0#" 
     125                         "Base64Binary") 
    126126     
    127127    binSecTokValType = { 
     
    240240        # Filter keywords if a prefix is set removing any that don't start with 
    241241        # the prefix given 
    242 #        if cfgFilePrefix: 
    243 #            pfxWithDot = cfgFilePrefix+'.' 
    244 #            kw = dict([(k.replace(pfxWithDot, ''), v) for k, v in kw.items()  
    245 #                       if k.startswith(pfxWithDot)]) 
    246 #                     
    247242        self.cfg.update(kw, prefix=cfgFilePrefix) 
    248243         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

    r5057 r5067  
    386386        self.oidserver = server.Server(store, self.urls['url_openidserver']) 
    387387 
    388 #    @classmethod 
    389 #    def main_app(cls, global_conf, **app_conf): 
    390 #        '''Provide Paste main_app function signature for inclusion in Paste ini 
    391 #        files 
    392 #        @type global_conf: dict         
    393 #        @param global_conf: PasteDeploy configuration dictionary 
    394 #        @type app_conf: dict 
    395 #        @param app_conf: keyword dictionary - must follow format of defOpt  
    396 #        class variable'''    
    397 #         
    398 #        openIDProviderApp = cls(None, global_conf, **app_conf) 
    399 #         
    400 #        # Make an application to handle invalid URLs making use of the  
    401 #        # rendering object created in the OpenID Provider initialisation 
    402 #        def app(environ, start_response): 
    403 #            msg = "Page not found" 
    404 #            response = openIDProviderApp.render.errorPage(environ,  
    405 #                                                          start_response,  
    406 #                                                          msg,  
    407 #                                                          code=404) 
    408 #            return response 
    409 #         
    410 #        # Update the OpenID Provider object with the new app 
    411 #        openIDProviderApp.app = app 
    412 #         
    413 #        return openIDProviderApp 
    414388         
    415389    @classmethod 
     
    467441            raise TypeError("Invalid input option(s) set: %s" %  
    468442                            (", ".join(badOptNames))) 
    469              
     443 
     444 
     445    def _isAnIdentityURI(self, uri=None): 
     446        """Check input URI is an identity URI.  Use to determine whether a 
     447        RP discovery request has been made based on a provided user OpenID.  
     448        i.e. do_id / do_yadis should be invoked - see __call__ method for  
     449        details.  It assumes that identity the component of the OpenID URI is 
     450        the last part of the path: 
     451         
     452        <http/https>://<domainname>/<path>/<user identifier> 
     453         
     454        e.g. 
     455         
     456        https://badc.rl.ac.uk/openid/johnsmith 
     457         
     458        This method should be overridden in a derived class if some 
     459        other means of representing identity URIs is required. e.g. 
     460         
     461        https://johnsmith.badc.rl.ac.uk 
     462         
     463        @type uri: basestring 
     464        @param uri: URI to be tested 
     465        @rtype: bool 
     466        @return: return True if the given URI is an identity URI, otherwise 
     467        False 
     468        """ 
     469        if uri is None: 
     470            uri = self.path 
     471             
     472        return uri.rsplit('/', 1)[0] in (self.paths['path_id'],  
     473                                         self.paths['path_yadis']) 
     474 
     475    def _parseIdentityURI(self): 
     476        return self.path.rsplit('/', 1) 
     477     
    470478    @NDGSecurityMiddlewareBase.initCall 
    471479    def __call__(self, environ, start_response): 
     
    486494                                            self.session_middleware) 
    487495 
    488         self.path = environ.get('PATH_INFO').rstrip('/') 
    489         self.environ = environ 
    490         self.start_response = start_response 
     496        # Beware path is a property and invokes the _setPath method 
     497#        self.path = environ.get('PATH_INFO').rstrip('/') 
     498#        self.environ = environ 
     499#        self.start_response = start_response 
    491500        self.session = environ[self.session_middleware] 
    492501        self._render.session = self.session 
     
    498507            return self._app(environ, start_response) 
    499508             
    500         elif self.path.startswith(self.paths['path_id']) or \ 
    501              self.path.startswith(self.paths['path_yadis']): 
     509        elif self._isAnIdentityURI(): 
    502510             
    503511            # Match against path minus ID as this is not known in advance             
    504             pathMatch = self.path[:self.path.rfind('/')] 
     512            pathMatch, userId = self._parseIdentityURI() 
    505513        else: 
    506514            pathMatch = self.path 
     
    11901198<xrds:XRDS 
    11911199    xmlns:xrds="xri://$xrds" 
    1192     xmlns="xri://$xrd*($OptNameSfx*2.0)"> 
     1200    xmlns="xri://$xrd*($v*2.0)"> 
    11931201  <XRD> 
    11941202 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/templates/ndg/security/ndgPage.kid

    r4565 r5067  
    77        <title py:content="c.title">title</title> 
    88                ${XML(c.headExtras)} 
    9         <!--! The following includes the javascript, note that the XML 
    10         function is needed to avoid escaping the < character --> 
    11 <!--   
    12         <?python 
    13             # Fudge for WebHelpers migration to 0.6.1 
    14             if hasattr(h, 'javascript_include_tag'): 
    15                 javascript_include_tag = h.javascript_include_tag 
    16             else: 
    17                 javascript_include_tag = h.rails.javascript_include_tag 
    18         ?> 
    19         ${XML(javascript_include_tag(builtins=True))} 
    20         <script type="text/javascript" src="${c.baseURL}/js/toggleDiv.js"/> 
    21 --> 
    229        <link media="all, screen" href="${c.baseURL}/layout/ndg2.css" type="text/css" rel="stylesheet"/> 
    2310        <link rel="icon" type="image/ico" href="${c.baseURL}/layout/favicon.jpg" /> 
     
    4128                    ?> 
    4229                    <li class="$status"><span class="pagetab"> 
    43 <!--   
    44                     ${XML(h.link_to_if(linkto,tab[0],tab[1]))} 
    45 --> 
    4630                    </span></li>  
    4731                 </span> 
Note: See TracChangeset for help on using the changeset viewer.