Ignore:
Timestamp:
23/09/09 17:34:01 (10 years ago)
Author:
pjkersha
Message:

Testing SSL Client Authentication middleware with session and redirect middleware to enable wget support for NDG Security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/openid/relyingparty/__init__.py

    r5555 r5757  
    2424 
    2525from ndg.security.server.wsgi import NDGSecurityMiddlewareBase 
    26 from ndg.security.server.wsgi.authn import AuthNRedirectMiddleware 
     26from ndg.security.server.wsgi.authn import AuthnRedirectMiddleware 
    2727from ndg.security.common.utils.classfactory import instantiateClass 
    2828 
     
    3737    This middleware is to be hosted in it's own security middleware stack. 
    3838    WSGI middleware applications to be protected can be hosted in a separate 
    39     stack.  The AuthNRedirectMiddleware filter can respond to a HTTP  
     39    stack.  The AuthnRedirectMiddleware filter can respond to a HTTP  
    4040    401 response from this stack and redirect to this middleware to initiate 
    41     OpenID based sign in.  AuthNRedirectMiddleware passes a query 
     41    OpenID based sign in.  AuthnRedirectMiddleware passes a query 
    4242    argument in its request containing the URI return address for this  
    4343    middleware to return to following OpenID sign in. 
     
    144144         
    145145        # Check for return to argument in query key value pairs 
    146         self._return2URIKey = AuthNRedirectMiddleware.return2URIArgName + '=' 
     146        self._return2URIKey = AuthnRedirectMiddleware.RETURN2URI_ARGNAME + '=' 
    147147     
    148148        super(OpenIDRelyingPartyMiddleware, self).__init__(app,  
     
    174174         
    175175        # Check for return to address in URI query args set by  
    176         # AuthNRedirectMiddleware in application code stack 
     176        # AuthnRedirectMiddleware in application code stack 
    177177        if environ['REQUEST_METHOD'] == "GET": 
    178178            params = dict(parse_querystring(environ)) 
     
    180180            params = {} 
    181181         
    182         quotedReferrer=params.get(AuthNRedirectMiddleware.return2URIArgName,'') 
     182        quotedReferrer=params.get(AuthnRedirectMiddleware.RETURN2URI_ARGNAME,'') 
    183183        referrer = urllib.unquote(quotedReferrer) 
    184184        referrerPathInfo = urlsplit(referrer)[2] 
     
    248248             
    249249            @type preVerifyOK: int 
    250             @param preVerifyOK: If a verification error is found, this parameter  
    251             will be set to 0 
     250            @param preVerifyOK: If a verification error is found, this  
     251            parameter will be set to 0 
    252252            @type x509StoreCtx: M2Crypto.X509_Store_Context 
    253             @param x509StoreCtx: locate the certificate to be verified and perform  
    254             additional verification steps as needed 
     253            @param x509StoreCtx: locate the certificate to be verified and  
     254            perform additional verification steps as needed 
    255255            @rtype: int 
    256256            @return: controls the strategy of the further verification process.  
    257             - If verify_callback returns 0, the verification process is immediately  
    258             stopped with "verification failed" state. If SSL_VERIFY_PEER is set,  
    259             a verification failure alert is sent to the peer and the TLS/SSL  
    260             handshake is terminated.  
    261             - If verify_callback returns 1, the verification process is continued.  
    262             If verify_callback always returns 1, the TLS/SSL handshake will not be  
    263             terminated with respect to verification failures and the connection  
    264             will be established. The calling process can however retrieve the error 
    265             code of the last verification error using SSL_get_verify_result or  
    266             by maintaining its own error storage managed by verify_callback. 
     257            - If verify_callback returns 0, the verification process is  
     258            immediately stopped with "verification failed" state. If  
     259            SSL_VERIFY_PEER is set, a verification failure alert is sent to the 
     260            peer and the TLS/SSL handshake is terminated.  
     261            - If verify_callback returns 1, the verification process is  
     262            continued.  
     263            If verify_callback always returns 1, the TLS/SSL handshake will not 
     264            be terminated with respect to verification failures and the  
     265            connection  
     266            will be established. The calling process can however retrieve the  
     267            error code of the last verification error using  
     268            SSL_get_verify_result or by maintaining its own error storage  
     269            managed by verify_callback. 
    267270            ''' 
    268271            if preVerifyOK == 0: 
    269                 # Something is wrong with the certificate don't bother proceeding 
    270                 # any further 
     272                # Something is wrong with the certificate don't bother  
     273                # proceeding any further 
    271274                log.error("verifyCallback: pre-verify OK flagged an error " 
    272275                          "with the peer certificate, returning error state " 
Note: See TracChangeset for help on using the changeset viewer.