Changeset 5678


Ignore:
Timestamp:
02/09/09 11:53:04 (10 years ago)
Author:
pjkersha
Message:

Working WSDL based Attribute Authority Client unit tests with new combined WSDL and SAML interfaces to Attribute Authority.

Location:
TI12-security/trunk/python
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/attributeauthority.py

    r5675 r5678  
    6767                    AttributeAuthorityMiddleware.ENVIRON_KEYNAME_CFG_OPTNAME 
    6868                     
    69         app_conf.pop(environKeyOptName, 
    70                      AttributeAuthorityMiddleware.DEFAULT_KEYNAME) 
     69        self.keyName = app_conf.pop(environKeyOptName, 
     70                                AttributeAuthorityMiddleware.DEFAULT_KEYNAME) 
    7171 
    7272        attrQueryIfaceEnvironKeyOptName = prefix + \ 
     
    212212                               "AttributeAuthoritySOAPBindingMiddleware") 
    213213    ENVIRON_KEYNAME_CFG_OPTNAME = 'environKeyName' 
    214               
     214     
    215215    def __init__(self, app): 
    216216        """Don't call AttributeAuthorityWS.__init__ - AttributeAuthority  
     
    220220        # Call this base class initialiser to set-up the environ attribute 
    221221        NDGSecurityMiddlewareBase.__init__(self, app, None) 
     222        AttributeAuthorityWS.__init__(self) 
    222223         
    223224        self.__keyName = None 
     
    281282        # Make the SOAP Binding wrapper pick up this Attribute Authority 
    282283        # specific SOAP Binding 
    283         soapBindingApp.serviceSOAPBindingKeyName = app_conf.get( 
    284                                    cls.ENVIRON_KEYNAME_CFG_OPTNAME, 
    285                                    cls.DEFAULT_ENVIRON_KEYNAME) 
     284        optName = attributeAuthoritySOAPBindingPrefix + \ 
     285                cls.ENVIRON_KEYNAME_CFG_OPTNAME 
     286        soapBindingApp.serviceSOAPBindingKeyName = app_conf.get(optName, 
     287                                                cls.DEFAULT_ENVIRON_KEYNAME) 
    286288         
    287289        # Instantiate this middleware and copy the environ key name setting for 
     
    292294        # envrion key name for the  
    293295        # ndg.security.server.attributeauthority.AttributeAuthority instance 
    294         app.attributeAuthorityKeyName = app_conf.get( 
    295                            cls.ATTRIBUTE_AUTHORITY_ENVIRON_KEYNAME_CFG_OPTNAME, 
     296        optName = attributeAuthoritySOAPBindingPrefix + \ 
     297                cls.ATTRIBUTE_AUTHORITY_ENVIRON_KEYNAME_CFG_OPTNAME 
     298                 
     299        app.attributeAuthorityKeyName = app_conf.get(optName, 
    296300                           cls.DEFAULT_ATTRIBUTE_AUTHORITY_ENVIRON_KEYNAME) 
    297          
     301 
     302             
     303        # Extract local WS-Security signature verification filter 
     304        optName = attributeAuthoritySOAPBindingPrefix + \ 
     305                            cls.WSSE_SIGNATURE_VERIFICATION_FILTER_ID_OPTNAME 
     306        app.wsseSignatureVerificationFilterID = app_conf.pop(optName, None) 
     307        if app.wsseSignatureVerificationFilterID is None: 
     308            log.warning('No "%s" option was set in the input config' %  
     309                        cls.WSSE_SIGNATURE_VERIFICATION_FILTER_ID_OPTNAME) 
     310        else:    
     311            log.info('Updated setting from "%s" option' %  
     312                     cls.WSSE_SIGNATURE_VERIFICATION_FILTER_ID_OPTNAME) 
     313                     
    298314        return app 
    299315  
     316    @NDGSecurityMiddlewareBase.initCall 
    300317    def __call__(self, environ, start_response): 
    301318        """Set a reference to self in environ for the SOAPBindingMiddleware  
     
    351368        return AttributeAuthorityWS.soap_getTrustedHostInfo(self, ps) 
    352369     
    353      
    354370    def _setAttributeAuthorityFromEnviron(self): 
    355371        self.aa = self.environ.get(self.attributeAuthorityKeyName) 
    356372        if self.aa is None: 
    357373            raise AttributeAuthoritySOAPBindingMiddlewareConfigError( 
    358                                 'No "%s" key found in environ' % self.keyName) 
     374                                            'No "%s" key found in environ' %  
     375                                            self.attributeAuthorityKeyName) 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/soap.py

    r5675 r5678  
    3737    SOAP_FAULT_SET_KEYNAME = 'ndg.security.server.wsgi.soap.soapFault' 
    3838    SOAP_ACTION_ENVIRON_KEYNAME = 'HTTP_SOAPACTION' 
     39     
     40    _str2Bool = lambda str: str.lower() in ["yes", "true", "t", "1"] 
     41    str2Bool = staticmethod(_str2Bool) 
    3942         
    4043    @classmethod 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/wssecurity.py

    r5675 r5678  
    4747        self.__signatureHandler = None 
    4848         
    49     def initialise(self, global_conf, **app_conf): 
     49    def initialise(self, global_conf, prefix='', **app_conf): 
    5050        """Set-up Signature filter attributes using a Paste app factory  
    5151        pattern.   
     
    6363        # Where possible remove keywords not applicable to SignatureHandler 
    6464        wsseCfgFilePath = app_conf.pop( 
    65                                 SignatureFilter.WSSE_CFG_FILEPATH_OPTNAME,  
    66                                 None) 
     65                        prefix+SignatureFilter.WSSE_CFG_FILEPATH_OPTNAME,  
     66                        None) 
    6767        wsseCfgFileSection = app_conf.pop( 
    68                                 SignatureFilter.WSSE_CFG_FILE_SECTION_OPTNAME,  
    69                                 None) 
     68                        prefix+SignatureFilter.WSSE_CFG_FILE_SECTION_OPTNAME,  
     69                        None) 
    7070        wsseCfgFilePrefix = app_conf.pop( 
    71                                 SignatureFilter.WSSE_CFG_FILE_PREFIX_OPTNAME,  
    72                                 None) 
     71                        prefix+SignatureFilter.WSSE_CFG_FILE_PREFIX_OPTNAME,  
     72                        None) 
    7373         
    7474        self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath, 
     
    115115        self.wsseSignatureVerificationFilterID = app_conf.pop( 
    116116            ApplySignatureFilter.WSSE_SIGNATURE_VERIFICATION_FILTERID_OPTNAME, 
    117             None) 
     117            '') 
    118118 
    119119    def _getWsseSignatureVerificationFilterID(self): 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/zsi.py

    r5675 r5678  
    3737      
    3838class ZSIMiddleware(SOAPMiddleware): 
    39     '''Middleware configurable to a given ZSI SOAP binding'''   
     39    '''Middleware configurable to a given ZSI SOAP binding 
     40 
     41     @type SOAP_WRITER_KEYNAME: basestring 
     42     @cvar SOAP_WRITER_KEYNAME: environ key for ZSI SoapWriter instance 
     43     @type PARSED_SOAP_KEYNAME: basestring 
     44     @cvar PARSED_SOAP_KEYNAME: environ key for ZSI ParsedSoap instance 
     45     @type CHARSET_OPTNAME: basestring 
     46     @cvar CHARSET_OPTNAME: option name to for character set for output 
     47     @type DEFAULT_CHARSET: basestring 
     48     @cvar DEFAULT_CHARSET: default character setting is utf-8 
     49     @type PATH_OPTNAME: basestring 
     50     @cvar PATH_OPTNAME: option to set path for this endpoint (not including  
     51     domain name) 
     52     @type WRITE_RESPONSE_OPTNAME: basestring  
     53     @cvar WRITE_RESPONSE_OPTNAME: option name for flag to middleware to  
     54     serialise and output the SoapWriter instance 
     55     @type REFERENCED_FILTERS_OPTNAME: basestring 
     56     @cvar REFERENCED_FILTERS_OPTNAME: name for option to enable dereferencing  
     57     of other middleware via these environ keys 
     58     @type FILTER_ID_OPTNAME: basestring 
     59     @cvar FILTER_ID_OPTNAME: option name for environ key to enable other  
     60     middleware to reference this Filter 
     61     @type PUBLISHED_URI_OPTNAME: basestring 
     62     @cvar PUBLISHED_URI_OPTNAME: option name to define path for this endpoint 
     63     including domain name 
     64     @type READER_CLASS_OPTNAME: basestring 
     65     @cvar READER_CLASS_OPTNAME: option name for SOAP reader class 
     66     @type WRITERCLASS_OPTNAME: basestring 
     67     @cvar WRITERCLASS_OPTNAME: option name for SOAP writer class 
     68     '''   
    4069     
    4170    SOAP_WRITER_KEYNAME = 'ZSI.writer.SoapWriter' 
     
    4776    WRITE_RESPONSE_OPTNAME = 'writeResponse' 
    4877    REFERENCED_FILTERS_OPTNAME = 'referencedFilters' 
     78    FILTER_ID_OPTNAME = 'filterID' 
    4979    PUBLISHED_URI_OPTNAME = 'publishedURI' 
    5080    READER_CLASS_OPTNAME = 'readerclass' 
     
    6999 
    70100    def _setCharset(self, value): 
     101        if not isinstance(value, basestring): 
     102            raise TypeError('Expecting string type for "charset" got %r' % 
     103                            type(value)) 
    71104        self.__charset = value 
    72105 
     
    75108 
    76109    def _setPath(self, value): 
     110        if not isinstance(value, basestring): 
     111            raise TypeError('Expecting string type for "path" got %r' % 
     112                            type(value)) 
    77113        self.__path = value 
    78114 
     
    81117 
    82118    def _setPublishedURI(self, value): 
     119        if not isinstance(value, (basestring, type(None))): 
     120            raise TypeError('Expecting string or None type for "publishedURI" ' 
     121                            'got %r' % type(value)) 
    83122        self.__publishedURI = value 
    84123 
     
    99138 
    100139    def _setWriteResponseSet(self, value): 
     140        if not isinstance(value, bool): 
     141            raise TypeError('Expecting %r for "writeResponseSet" type got %r' % 
     142                            (bool, type(value))) 
     143         
    101144        self.__writeResponseSet = value 
    102145 
     
    105148 
    106149    def _setFilterID(self, value): 
     150        if not isinstance(value, (basestring, type(None))): 
     151            raise TypeError('Expecting string or None type for "filterID" got ' 
     152                            '%r' % type(value)) 
    107153        self.__filterID = value 
    108154 
     
    129175                            "referenced in environ by this identifier") 
    130176 
    131     def initialise(self, global_conf, prefix='soap.', **app_conf): 
     177    def initialise(self, global_conf, prefix='', **app_conf): 
    132178        """Set-up ZSI middleware interface attributes.  Overloaded base class  
    133179        method to enable custom settings from app_conf 
     
    143189        charsetOptName = prefix + ZSIMiddleware.CHARSET_OPTNAME 
    144190        if charsetOptName in app_conf: 
    145             self.charset = '; charset='+app_conf[charsetOptName] 
     191            self.charset = '; charset=' + app_conf[charsetOptName] 
    146192        else: 
    147193            self.charset = '; charset=utf-8' 
     
    158204        # This flag if set to True causes this handler to call the  
    159205        # start_response method and output the SOAP response 
    160         writeResponseOptName = ZSIMiddleware.WRITE_RESPONSE_OPTNAME 
    161         self.writeResponseSet = app_conf.get(writeResponseOptName, 
    162                                              'false').lower() == 'true' 
     206        writeResponseOptName = prefix + ZSIMiddleware.WRITE_RESPONSE_OPTNAME 
     207        self.writeResponseSet = ZSIMiddleware.str2Bool(app_conf.get( 
     208                                                    writeResponseOptName, '')) 
    163209 
    164210        # Check for a list of other filters to be referenced by this one 
    165         referencedFiltersOptName = ZSIMiddleware.REFERENCED_FILTERS_OPTNAME 
     211        referencedFiltersOptName = prefix + \ 
     212                                    ZSIMiddleware.REFERENCED_FILTERS_OPTNAME 
    166213        if referencedFiltersOptName in app_conf: 
    167214            # __call__  may reference any filters in environ keyed by these 
     
    170217                                            referencedFiltersOptName).split() 
    171218 
    172              
     219         
     220        filterIdOptName = prefix + ZSIMiddleware.FILTER_ID_OPTNAME 
     221        self.filterID = app_conf.pop(filterIdOptName, None) 
     222         
    173223        # The endpoint that this services will be referenced from externally. 
    174224        # e.g. the Session Manager client running locally can check the 
    175225        # input URI and compare with this value to see if the request is  
    176226        # actually to the local Session Manager instance 
    177         publishedUriOptName = ZSIMiddleware.PUBLISHED_URI_OPTNAME 
     227        publishedUriOptName = prefix + ZSIMiddleware.PUBLISHED_URI_OPTNAME 
    178228        self.publishedURI = app_conf.pop(publishedUriOptName, None) 
    179229         
    180         readerClassOptName = ZSIMiddleware.READER_CLASS_OPTNAME 
     230        readerClassOptName = prefix + ZSIMiddleware.READER_CLASS_OPTNAME 
    181231        if readerClassOptName in app_conf: 
    182232            readerClassName = app_conf.pop(readerClassOptName) 
     
    185235            self.readerClass = DomletteReader 
    186236             
    187         writerClassOptName = ZSIMiddleware.WRITERCLASS_OPTNAME 
     237        writerClassOptName = prefix + ZSIMiddleware.WRITERCLASS_OPTNAME 
    188238        if writerClassOptName in app_conf: 
    189239            writerClassName = app_conf.pop(writerClassOptName) 
     
    364414    DEFAULT_ENABLE_WSDL_QUERY_VALUE = False 
    365415    SOAP_METHOD_STRING = 'soap_%s' 
    366      
    367     _str2Bool = lambda str: str.lower() in ["yes", "true", "t", "1"] 
    368     str2Bool = staticmethod(_str2Bool) 
    369416     
    370417    def __init__(self, app): 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/zsi/attributeauthority/__init__.py

    r5648 r5678  
    3333class AttributeAuthorityWS(_AttributeAuthorityService): 
    3434    '''Attribute Authority ZSI SOAP Service Binding class''' 
    35  
     35     
     36    DEBUG_ENVIRON_VARNAME = 'NDGSEC_INT_DEBUG' 
     37    WSSE_SIGNATURE_VERIFICATION_FILTER_ID_OPTNAME = \ 
     38                                            'wsseSignatureVerificationFilterID' 
     39     
    3640    def __init__(self, **kw): 
     41        self.__wsseSignatureVerificationFilterID = None 
     42        self.__debug = None 
    3743         
    3844        # Stop in debugger at beginning of SOAP stub if environment variable  
    3945        # is set 
    40         self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG')) 
    41         if self.__debug: 
     46        self.debug = bool(os.environ.get( 
     47                                AttributeAuthorityWS.DEBUG_ENVIRON_VARNAME)) 
     48        if self.debug: 
    4249            import pdb 
    4350            pdb.set_trace() 
     
    4552        # Extract local WS-Security signature verification filter 
    4653        self.wsseSignatureVerificationFilterID = kw.pop( 
    47                                         'wsseSignatureVerificationFilterID',  
    48                                         None) 
     54            AttributeAuthorityWS.WSSE_SIGNATURE_VERIFICATION_FILTER_ID_OPTNAME,  
     55            None) 
    4956        if self.wsseSignatureVerificationFilterID is None: 
    5057            log.warning('No "wsseSignatureVerificationFilterID" option was ' 
     
    5360        # Initialise Attribute Authority class - property file will be 
    5461        # picked up from default location under $NDG_DIR directory 
    55         self.aa = AttributeAuthority.fromProperties(**kw) 
    56  
    57  
     62        if kw: 
     63            self.aa = AttributeAuthority.fromProperties(**kw) 
     64 
     65    def _get_debug(self): 
     66        return self.__debug 
     67 
     68    def _set_debug(self, value): 
     69        if not isinstance(value, bool): 
     70            raise TypeError('Expecting %r for "debug"; got %r' % 
     71                            (bool, type(value))) 
     72        self.__debug = value 
     73 
     74    debug = property(_get_debug, _set_debug,  
     75                     doc="Set to True to drop into the debugger for each SOAP " 
     76                         "callback") 
     77     
     78    def _get_aa(self): 
     79        return self.__aa 
     80     
     81    def _set_aa(self, val): 
     82        if not isinstance(val, AttributeAuthority): 
     83            raise TypeError('Expecting %r for "aa" attribute; got %r' % 
     84                            (AttributeAuthority, type(val))) 
     85        self.__aa = val 
     86             
     87    aa = property(fget=_get_aa, 
     88                  fset=_set_aa, 
     89                  doc="Attribute Authority instance") 
     90 
     91    def _get_wsseSignatureVerificationFilterID(self): 
     92        return self.__wsseSignatureVerificationFilterID 
     93 
     94    def _set_wsseSignatureVerificationFilterID(self, value): 
     95        if not isinstance(value, (basestring, type(None))): 
     96            raise TypeError('Expecting string or None type for ' 
     97                            '"wsseSignatureVerificationFilterID"; got %r' % 
     98                            type(value)) 
     99        self.__wsseSignatureVerificationFilterID = value 
     100 
     101    wsseSignatureVerificationFilterID = property( 
     102                                    _get_wsseSignatureVerificationFilterID,  
     103                                    _set_wsseSignatureVerificationFilterID,  
     104                                    doc="Reference the Signature Verification " 
     105                                        "filter upstream in the stack by " 
     106                                        "the WSGI environ with this keyword.  " 
     107                                        "The verification middleware must " 
     108                                        "likewise set a reference to itself " 
     109                                        "in the environ") 
     110     
    58111    def soap_getAttCert(self, ps): 
    59112        '''Retrieve an Attribute Certificate 
     
    63116        @rtype: ndg.security.common.zsi.attributeauthority.AttributeAuthority_services_types.getAttCertResponse_Holder 
    64117        @return: response''' 
    65         if self.__debug: 
     118        if self.debug: 
    66119            import pdb 
    67120            pdb.set_trace() 
     
    108161        @rtype: response 
    109162        @return: response''' 
    110         if self.__debug: 
     163        if self.debug: 
    111164            import pdb 
    112165            pdb.set_trace() 
     
    134187        @rtype: tuple 
    135188        @return: response object''' 
    136         if self.__debug: 
     189        if self.debug: 
    137190            import pdb 
    138191            pdb.set_trace() 
     
    187240        @rtype: tuple 
    188241        @return: response object''' 
    189         if self.__debug: 
     242        if self.debug: 
    190243            import pdb 
    191244            pdb.set_trace() 
  • TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r5674 r5678  
    1111 
    1212[DEFAULT] 
    13 # WS-Security settings in THIS file 
    14 wsseCfgFilePath = %(here)s/site-a.ini 
    15 wsseCfgFileSection = WS-Security 
    16 attributeAuthorityEnvironKeyName = 'attribute-authority' 
    17 attributeQueryInterfaceEnvironKeyName = 'attributeQueryInterface' 
     13attributeAuthorityEnvironKeyName = attribute-authority 
     14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface 
    1815 
    1916[server:main] 
     
    114111filterID = wsseSignatureVerificationFilter01 
    115112 
     113# Settings for WS-Security SignatureHandler class used by this filter 
     114wsseCfgFilePrefix = wssecurity 
     115 
     116# Verify against known CAs - Provide a space separated list of file paths 
     117wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
     118 
    116119[filter:wsseSignatureFilter] 
    117120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory 
     
    125128writeResponse = True 
    126129 
    127  
    128 [WS-Security] 
    129 # 
    130 # OUTBOUND MESSAGE CONFIG 
    131  
    132 # Signature of an outbound message 
     130# Settings for WS-Security SignatureHandler class used by this filter 
     131wsseCfgFilePrefix = wssecurity 
    133132 
    134133# Certificate associated with private key used to sign a message.  The sign  
    135134# method will add this to the BinarySecurityToken element of the WSSE header.   
    136 signingCertFilePath=%(here)s/siteA-aa.crt 
    137 #signingCertFilePath=%(here)s/java-ca-server.crt 
     135wssecurity.signingCertFilePath=%(here)s/siteA-aa.crt 
    138136 
    139137# PEM encoded private key file 
    140 signingPriKeyFilePath=%(here)s/siteA-aa.key 
    141 #signingPriKeyFilePath=%(here)s/java-ca-server.key 
     138wssecurity.signingPriKeyFilePath=%(here)s/siteA-aa.key 
    142139 
    143140# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    149146# binSecTokValType determines whether signingCert or signingCertChain  
    150147# attributes will be used. 
    151 reqBinSecTokValType=X509v3 
     148wssecurity.reqBinSecTokValType=X509v3 
    152149 
    153150# Add a timestamp element to an outbound message 
    154 addTimestamp=True 
     151wssecurity.addTimestamp=True 
    155152 
    156153# For WSSE 1.1 - service returns signature confirmation containing signature  
    157154# value sent by client 
    158 applySignatureConfirmation=True 
    159  
    160 # 
    161 # INBOUND MESSAGE CONFIG 
    162  
    163 # Provide a space separated list of file paths 
    164 caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
    165 #caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_TEST_CONFIG_DIR/ca/java-ca.crt 
     155wssecurity.applySignatureConfirmation=True 
    166156 
    167157 
  • TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini

    r5648 r5678  
    1111 
    1212[DEFAULT] 
    13 # WS-Security settings in THIS file 
    14 wsseCfgFilePath = %(here)s/site-b.ini 
    15 wsseCfgFileSection = WS-Security 
     13attributeAuthorityEnvironKeyName = attribute-authority 
     14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface 
    1615 
    1716[server:main] 
     
    2524# Chain of SOAP Middleware filters 
    2625[pipeline:main] 
    27 pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter wsseSignatureFilter mainApp 
     26pipeline = AttributeAuthorityFilter  
     27                   wsseSignatureVerificationFilter  
     28                   AttributeAuthorityWsdlSoapBindingFilter 
     29                   wsseSignatureFilter  
     30                   AttributeAuthoritySamlSoapBindingFilter 
     31                   mainApp 
     32 
    2833 
    2934 
    3035[filter:AttributeAuthorityFilter] 
    31 paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware 
    32 ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS 
    33 ServiceSOAPBindingPropPrefix = attributeAuthority 
    34 attributeAuthority.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01 
     36paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory 
     37prefix = attributeAuthority. 
     38 
     39# Key name by which the WSDL SOAP based interface may reference this 
     40# service 
     41attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s 
     42 
     43# Key name for the SAML SOAP binding based interface to reference this 
     44# service's attribute query method 
     45attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s 
    3546 
    3647# Attribute Authority settings 
     
    7081attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
    7182 
    72 referencedFilters = wsseSignatureVerificationFilter01 
    73 path = /AttributeAuthority 
    74 enableWSDLQuery = True 
    75 charset = utf-8 
     83 
     84# SOAP WSDL Based Binding to the Attribute Authority 
     85[filter:AttributeAuthorityWsdlSoapBindingFilter] 
     86paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory 
     87prefix = service.soap.binding. 
     88attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding. 
     89 
     90service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01 
     91service.soap.binding.path = /AttributeAuthority 
     92service.soap.binding.enableWSDLQuery = True 
     93service.soap.binding.charset = utf-8 
     94service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware 
     95 
     96attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s 
     97attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01 
     98 
     99 
     100# SAML SOAP Binding to the Attribute Authority 
     101[filter:AttributeAuthoritySamlSoapBindingFilter] 
     102paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory 
     103prefix = saml.soapbinding. 
     104 
     105saml.soapbinding.pathMatchList = /attributeauthority/saml 
     106saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
     107 
    76108 
    77109[filter:wsseSignatureVerificationFilter] 
    78 paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
     110paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory 
    79111filterID = wsseSignatureVerificationFilter01 
    80112 
     113# Settings for WS-Security SignatureHandler class used by this filter 
     114wsseCfgFilePrefix = wssecurity 
     115 
     116# Verify against known CAs - Provide a space separated list of file paths 
     117wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
     118 
    81119[filter:wsseSignatureFilter] 
    82 paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
     120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory 
    83121 
    84122# Reference the verification filter in order to be able to apply signature 
    85 # confirmation - not needed if applySignatureConfirmation is set to False - see 
    86 # WS-Security section below... 
    87 #referencedFilters = wsseSignatureVerificationFilter01 
    88 #wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01 
     123# confirmation 
     124referencedFilters = wsseSignatureVerificationFilter01 
     125wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01 
    89126 
    90127# Last filter in chain SOAP handlers writes the response 
    91128writeResponse = True 
    92129 
    93  
    94 [WS-Security] 
    95 # 
    96 # OUTBOUND MESSAGE CONFIG 
    97  
    98 # Signature of an outbound message 
     130# Settings for WS-Security SignatureHandler class used by this filter 
     131wsseCfgFilePrefix = wssecurity 
    99132 
    100133# Certificate associated with private key used to sign a message.  The sign  
    101134# method will add this to the BinarySecurityToken element of the WSSE header.   
    102 signingCertFilePath=%(here)s/siteB-aa.crt 
     135wssecurity.signingCertFilePath=%(here)s/siteB-aa.crt 
    103136 
    104137# PEM encoded private key file 
    105 signingPriKeyFilePath=%(here)s/siteB-aa.key 
     138wssecurity.signingPriKeyFilePath=%(here)s/siteB-aa.key 
    106139 
    107140# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    113146# binSecTokValType determines whether signingCert or signingCertChain  
    114147# attributes will be used. 
    115 reqBinSecTokValType=X509v3 
     148wssecurity.reqBinSecTokValType=X509v3 
    116149 
    117150# Add a timestamp element to an outbound message 
    118 addTimestamp=True 
     151wssecurity.addTimestamp=True 
    119152 
    120153# For WSSE 1.1 - service returns signature confirmation containing signature  
    121154# value sent by client 
    122 applySignatureConfirmation=False 
     155wssecurity.applySignatureConfirmation=True 
    123156 
    124 # 
    125 # INBOUND MESSAGE CONFIG 
    126  
    127 # Provide a space separated list of file paths 
    128 caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
    129157 
    130158# Logging configuration 
Note: See TracChangeset for help on using the changeset viewer.