Ignore:
Timestamp:
11/02/10 17:09:02 (10 years ago)
Author:
pjkersha
Message:

Fix for ApacheSSLAuthnMiddleware - use comma separated list for accepted DNs. This enables DNs with fields containing spaces to be correctly parsed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/ssl.py

    r6440 r6557  
    5656    CACERT_FILEPATH_LIST_OPTNAME = 'caCertFilePathList' 
    5757    CLIENT_CERT_DN_MATCH_LIST_OPTNAME = 'clientCertDNMatchList' 
     58    CLIENT_CERT_DN_MATCH_LIST_SEP_PAT = re.compile(',\s*') 
    5859    SSL_KEYNAME_OPTNAME = 'sslKeyName' 
    5960    SSL_CLIENT_CERT_KEYNAME_OPTNAME = 'sslClientCertKeyName' 
     
    7879    AUTHN_SUCCEEDED_ENVIRON_KEYNAME = ('ndg.security.server.wsgi.ssl.' 
    7980                                       'ApacheSSLAuthnMiddleware.authenticated') 
    80      
     81 
    8182    def __init__(self, app, global_conf, prefix=PARAM_PREFIX, **app_conf): 
    8283         
     
    212213        if isinstance(value, basestring): 
    213214            # Try parsing a space separated list of file paths 
    214             self.__clientCertDNMatchList = [X500DN(dn=dn)  
    215                                             for dn in value.split()] 
     215            pat = ApacheSSLAuthnMiddleware.CLIENT_CERT_DN_MATCH_LIST_SEP_PAT 
     216            dnList = pat.split(value) 
     217            self.__clientCertDNMatchList = [X500DN(dn=dn) for dn in dnList] 
    216218             
    217219        elif isinstance(value, (list, tuple)): 
     
    225227                    raise TypeError('Expecting a string, or %r type for "%s" ' 
    226228                                    'list item; got %r' %  
    227                 (X500DN, 
    228                  ApacheSSLAuthnMiddleware.CLIENT_CERT_DN_MATCH_LIST_OPTNAME, 
    229                  type(dn))) 
     229                    (X500DN, 
     230                     ApacheSSLAuthnMiddleware.CLIENT_CERT_DN_MATCH_LIST_OPTNAME, 
     231                     type(dn))) 
    230232                     
    231233        else: 
Note: See TracChangeset for help on using the changeset viewer.