Ignore:
Timestamp:
04/03/10 10:55:47 (10 years ago)
Author:
pjkersha
Message:

Patched ndg.security.common.AttCert? so that it uses a proxy to ndg.security.common.XMLSec.XMLSecDoc for Python versions >= 2.5.5. This is to allow for PyXML incompatibility with later versions of Python. Disabling XMLSecDoc means that Attribute Certificates are not signed but the NDG Attribute Certificates are no longer used. SAML assertions take their place. NDG AC functionality will be deleted from the trunk.

Location:
TI12-security/branches/ndg-security-1.5.x
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_common/ndg/security/common/AttCert.py

    r5564 r6672  
    3030 
    3131# XML signature module based on M2Crypto, ZSI Canonicalization and DOM 
    32 from XMLSec import XMLSecDoc, InvalidSignature, getParentNode 
    33  
     32import sys 
     33import warnings 
     34if sys.version_info[:2] < (2, 5, 5): 
     35    from XMLSec import XMLSecDoc, InvalidSignature 
     36else: 
     37    msg = ("ndg.security.common.XMLSec not supported for Python versions 2.5.5 " 
     38           "or later because of PyXML incompatibility") 
     39    warnings.warn(msg) 
     40    class XMLSecDoc(object): 
     41        "XMLSecDoc Stub class: %s" % msg 
     42        def __init__(self): 
     43            self.filePath = None 
     44             
     45        def parse(self, *arg): 
     46            "XMLSecDoc Stub class parse: %s" % msg 
     47         
     48        def applyEnvelopedSignature(self, **kw): 
     49            "XMLSecDoc Stub class - no signature applied: %s" % msg 
     50        
     51        def verifyEnvelopedSignature(self, **kw): 
     52            "XMLSecDoc Stub class - no verification executed: %s" % msg 
     53         
     54        def toString(self): 
     55            "XMLSecDoc Stub class toString returns None: %s" % msg 
     56            return None 
     57         
     58    class InvalidSignature(Exception): 
     59        "XMLSecDoc.InvalidSignature Stub class: %s" % msg 
     60         
    3461from X509 import X500DN 
    3562from X509 import X500DNError 
     
    711738        try: 
    712739            self.__holderDN = X500DN(dn=self.__dat['holder']) 
    713  
     740        except IndexError: 
     741            warnings.warn("Error parsing Attribute Certificate holder as an " 
     742                          "X.500 DN, treating as a regular string instead") 
     743            self.__holderDN = None 
     744             
    714745        except X500DNError, x500dnErr: 
    715746            raise AttCertError, "Holder DN: %s" % x500dnErr 
     
    788819 
    789820         
    790         # Create string of all XML content         
    791         xmlTxt = '<attributeCertificate targetNamespace="%s">' % \ 
     821        # Create string of all XML content   
     822        try:       
     823            xmlTxt = '<attributeCertificate targetNamespace="%s">' % \ 
    792824                                                self.__class__.namespace + \ 
    793825""" 
     
    818850    </acInfo> 
    819851</attributeCertificate>""" 
     852        except: 
     853            return '' 
    820854 
    821855        # Return XML file content as a string 
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_common/ndg/security/common/credentialwallet.py

    r6512 r6672  
    6060# Authorisation - attribute certificate  
    6161from ndg.security.common.AttCert import AttCert, AttCertError 
    62 from ndg.security.common.wssecurity.signaturehandler.dom import SignatureHandler 
     62from ndg.security.common.wssecurity.signaturehandler.foursuite import \ 
     63                                                            SignatureHandler 
    6364 
    6465# generic parser to read INI/XML properties file 
     
    18541855            # Request Attribute Certificate from Attribute Authority 
    18551856            try: 
    1856                 attCert = self._getAttCert(extAttCert=extAttCert)                 
     1857                attCert = self._getAttCert(extAttCert=extAttCert) 
    18571858                # Access granted 
    18581859                return attCert 
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_server/ndg/security/server/attributeauthority.py

    r6644 r6672  
    1616import os 
    1717import re 
     18import traceback 
    1819 
    1920# For parsing of properties file 
     
    897898                                        separator=self.dnSeparator)             
    898899            except Exception, e: 
    899                  log.error("Holder X.509 Certificate DN: %s" % e) 
    900                  raise 
     900                log.error("Holder X.509 Certificate DN: %s" % e) 
     901                raise 
     902        else: 
     903            log.debug("No holder X.509 Certificate set, setting Attribute " 
     904                      "Certificate holder to userId=%r", userId) 
     905            attCert['holder'] = userId 
    901906             
    902907        # Set Issuer details from Attribute Authority 
     
    10531058            return attCert 
    10541059         
    1055         except Exception, e: 
     1060        except Exception: 
    10561061            raise AttributeAuthorityError('New Attribute Certificate "%s": %s'% 
    1057                                           (attCert.filePath, e)) 
     1062                                          (attCert.filePath,  
     1063                                           traceback.format_exc())) 
    10581064 
    10591065    def samlAttributeQuery(self, attributeQuery): 
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_server/ndg/security/server/zsi/attributeauthority/__init__.py

    r6069 r6672  
    2727    AttributeAuthorityAccessDenied 
    2828     
    29 from ndg.security.common.wssecurity.signaturehandler.dom import SignatureHandler 
     29from ndg.security.common.wssecurity.signaturehandler.foursuite import \ 
     30                                                            SignatureHandler 
    3031from ndg.security.common.X509 import X509Cert, X509CertRead 
    3132 
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

    r6637 r6672  
    1 <?xml version="1.0" encoding="utf-8"?> 
    2 <attributeCertificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" targetNamespace="urn:ndg:security:attributeCertificate"> 
     1<attributeCertificate targetNamespace="urn:ndg:security:attributeCertificate"> 
    32    <acInfo> 
    43        <version>1.0</version> 
    5         <holder>/CN=server/O=NDG Security Test/OU=WS-Security Unittest</holder> 
    6         <issuer>/CN=AttributeAuthority/O=NDG Security Test/OU=Site A</issuer> 
     4        <holder>/O=NDG Security Test/OU=WS-Security Unittest/CN=server</holder> 
     5        <issuer>/O=NDG Security Test/OU=Site A/CN=AttributeAuthority</issuer> 
    76        <issuerName>Site A</issuerName> 
    87        <issuerSerialNumber>253</issuerSerialNumber>  
    98        <userId>testuser</userId> 
    109        <validity> 
    11             <notBefore>2010 02 24 16 27 53</notBefore>  
    12             <notAfter>2010 02 25 00 27 53</notAfter>  
     10            <notBefore>2010 03 04 10 13 26</notBefore>  
     11            <notAfter>2010 03 04 18 13 26</notAfter>  
    1312        </validity> 
    1413        <attributes> 
     
    3332        <provenance>original</provenance>  
    3433    </acInfo> 
    35 <ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>o7ULDHEgL9VF+pxrpxvq6wUZix4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>oFmYBQ2wTNHU6dGoNEZOMtOV6C9IPRkSoLKCJ9Ktg5vscegd5U3KDuQe2YyEZPlKyN+mlgMsaXOu 
    36 45Ngq1pKsKY2yg7rPRAC4J1gbNapJFmnJ4ro/HIYeiRUXSbWhcdyZOa6v1uDmjZmcUkhCjWjyLkZ 
    37 qq/+s/Yx3cV2Wgl2qNM=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    38 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy 
    39 NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
    40 DzANBgNVBAsTBlNpdGUgQTEbMBkGA1UEAxMSQXR0cmlidXRlQXV0aG9yaXR5MIGf 
    41 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCntf+hUxFKXx/KY3LXy/RYc/yqhfIL 
    42 M8h95c14n/WdSqh8rK3VxkUu5gujlEgCHafI2AjNZJZqJfKG7ZucYmRcnXbCX1qP 
    43 IGKa+TllbIWdsa5y/IF/Do2AoPMJnTNJ2U1IBfPQXbO5Sd49OvfTi4Cldk89872R 
    44 IuzPmLIDcFydgQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcN 
    45 AQEEBQADgYEAWD04scBB91kWT8qXKZyN2EZ5nBFqs6REXtI+ddOaZt7VtiaHYMXA 
    46 mcRW/kCw8YgS+Ull+mZpAwpWUU9kR/A5dbiIDDRbxlz4BJCeMgkO/OxU31zmvqqa 
    47 23UyGXPhtaTuo8DG2uSr5XDk6GnJ5sb0WB3UgsRh7V4ryWkStImCSGY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></attributeCertificate> 
     34</attributeCertificate> 
  • TI12-security/branches/ndg-security-1.5.x/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

    r6512 r6672  
    200200        # user ID should be the same as that set for the wallet 
    201201        assert(attCert.userId == credWallet.userId) 
    202         print("Attribute Certificate:\n%s" % attCert)   
    203202 
    204203    def test08Pickle(self): 
Note: See TracChangeset for help on using the changeset viewer.