Changeset 5433


Ignore:
Timestamp:
30/06/09 12:06:05 (11 years ago)
Author:
pjkersha
Message:

Fixes for OAI editor security integration.

Location:
TI12-security/trunk/python
Files:
6 edited
2 copied

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/msi.py

    r5397 r5433  
    290290        # List of CA certificates used to verify peer certificate with SSL 
    291291        # connections to Attribute Authority 
    292         self.sslCACertFilePathList=cfg.get(prefix+'sslCACertFilePathList', []) 
     292        self.sslCACertFilePathList = cfg.get(prefix+'sslCACertFilePathList',[]) 
    293293         
    294294        # List of CA certificates used to verify the signatures of  
     
    600600            log.debug("PDP.evaluate: Matching subject attributes %r against " 
    601601                      "resource attributes %r ...",  
    602                       matchingTarget.attributes, 
    603                       request.subject[Subject.ROLES_NS]) 
     602                      request.subject[Subject.ROLES_NS], 
     603                      matchingTarget.attributes) 
    604604             
    605605            status.append(PDP._match(matchingTarget.attributes,  
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

    r5182 r5433  
    3131from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 
    3232                                                SessionManagerServiceLocator 
    33  
    3433 
    3534 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/signaturehandler/__init__.py

    r5357 r5433  
    263263            self.caCertFilePathList = self.cfg['caCertFilePathList'] 
    264264         
    265         # Configure signature generation t oadd/omit a timestamp 
     265        # Configure signature generation to add/omit a timestamp 
    266266        self.addTimestamp = self.cfg['addTimestamp'] 
    267267         
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/signaturehandler/dom.py

    r5359 r5433  
    749749                                  caX509Stack=self._caX509Stack) 
    750750         
    751         self._verifyTimeStamp(parsedSOAP,  
    752                               ctxt, 
    753                               timestampMustBeSet=self.timestampMustBeSet, 
    754                               createdElemMustBeSet=self.createdElemMustBeSet, 
    755                               expiresElemMustBeSet=self.expiresElemMustBeSet)  
     751#        self._verifyTimeStamp(parsedSOAP,  
     752#                              ctxt, 
     753#                              timestampMustBeSet=self.timestampMustBeSet, 
     754#                              createdElemMustBeSet=self.createdElemMustBeSet, 
     755#                              expiresElemMustBeSet=self.expiresElemMustBeSet)  
    756756 
    757757        log.info("Signature OK")         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sessionmanager.py

    r5182 r5433  
    163163        @param raiseExcep: set to True to raise an exception if the session 
    164164        is invalid 
    165         @raise UserSessionNotBeforeTime: current time is before session  
     165        @raise UserSessionNotBeforeTimeError: current time is before session  
    166166        creation time 
    167167        @raise UserSessionExpired: session has expired 
     
    977977            return userSess 
    978978         
    979         except (UserSessionNotBeforeTime, X509CertInvalidNotBeforeTime), e: 
     979        except (UserSessionNotBeforeTimeError,X509CertInvalidNotBeforeTime), e: 
    980980            # ! Delete user session since it's user certificate is invalid 
    981981            self.deleteUserSession(userSess=userSess) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz.py

    r5357 r5433  
    354354        dictionary 
    355355        ''' 
     356         
     357#        # Pre-process list items splitting as needed 
     358#        _parseListItem = lambda item: [i.strip("\"'") for i in item.split()] 
     359#        if isinstance(local_conf.get('caCertFilePathList'), basestring): 
     360#            local_conf['caCertFilePathList'] = _parseListItem( 
     361#                                        local_conf['caCertFilePathList']) 
     362#             
     363#        if isinstance(local_conf.get('sslCACertFilePathList'), basestring): 
     364#            local_conf['sslCACertFilePathList'] = _parseListItem( 
     365#                                        local_conf['sslCACertFilePathList']) 
     366             
    356367        PIP.__init__(self, prefix=prefix, **local_conf) 
    357368         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/policy.xml-calum

    r5279 r5433  
    66        <URIPattern>^/test_securedURI*$</URIPattern> 
    77        <Attributes> 
    8             <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 
     8            <Attribute>urn:badc:security:authz:1.0:attr:guest</Attribute> 
    99        </Attributes> 
    1010        <AttributeAuthority> 
    11             <uri>http://localhost:7443/AttributeAuthority</uri> 
     11            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri> 
    1212        </AttributeAuthority> 
    1313    </Target> 
     
    1919        </Attributes> 
    2020        <AttributeAuthority> 
    21             <uri>http://localhost:7443/AttributeAuthority</uri> 
     21            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri> 
    2222        </AttributeAuthority> 
    2323    </Target> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini-calum

    r5355 r5433  
    6464# List of CA certificates used to verify the signatures of  
    6565# Attribute Certificates retrieved 
    66 pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
     66pip.caCertFilePathList=%(testConfigDir)s/ca/badc-ca.crt 
    6767 
    6868# 
     
    7878 
    7979# PEM encode cert 
    80 pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt 
     80#pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt 
     81pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-oai-editor.crt 
    8182 
    8283# PEM encoded private key file 
    83 pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key 
     84#pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key 
     85pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-oai-editor.key 
    8486 
    8587# Password protecting private key.  Leave blank if there is no password. 
     
    8789 
    8890# For signature verification.  Provide a space separated list of file paths 
    89 pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
     91pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/badc-ca.crt 
    9092 
    9193# ValueType for the BinarySecurityToken added to the WSSE header 
Note: See TracChangeset for help on using the changeset viewer.