Changeset 6895 for TI12-security


Ignore:
Timestamp:
27/05/10 14:30:08 (9 years ago)
Author:
pjkersha
Message:
  • Working myproxy-ws-logon.sh MyProxy? logon web service client script.
  • Also integrated with unit test which launches the WSGI app by starting it running over HTTPS with paster in a separate thread and then queries it with the client script.
Location:
TI12-security/trunk/MyProxyServerUtils/myproxy/server
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxy-ws-logon.sh

    r6893 r6895  
    11#!/bin/bash 
    22# 
    3 # Client script for web service interface to MyProxy logon 
     3# Client script for web service interface to MyProxy logon based on openssl and 
     4# curl 
    45# 
    56# @author P J Kershaw 25/05/2010 
     
    1011# 
    1112# $Id$ 
    12 cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$0" -- "$@"` 
     13cmdname=$(basename $0) 
     14cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$cmdname" -- "$@"` 
    1315 
    14 usage="Usage: myproxy-logon [-U MyProxy Web Service URI][-l username] ...\n 
     16usage="Usage: $cmdname [-U MyProxy Web Service URI][-l username] ...\n 
    1517\n 
    1618   Options\n 
    17        -h | --help                       Displays usage\n 
    18        -U | --uri                        MyProxy web service URI\n 
    19        -l | --username        <username> Username for the delegated proxy\n 
    20        -S | --stdin_pass                 pass password from stdin rather prompt from tty\n 
    21        -o | --out             <path>     Location of delegated proxy\n 
    22                                          (use '-' for stdout)\n 
     19       -h | --help\t\t\t\tDisplays usage\n 
     20       -U | --uri\t\t<uri>\t\tMyProxy web service URI\n 
     21       -l | --username\t<username>\tUsername for the delegated proxy (defaults to \$LOGNAME)\n 
     22       -S | --stdin_pass\t\t\tpass password from stdin rather prompt from tty\n 
     23       -o | --out\t\t<filepath>\tLocation of delegated proxy (default to stdout)\n 
    2324" 
    2425 
    2526if [ $? != 0 ] ; then 
    26     echo $usage >&2 ; 
     27    echo -e $usage >&2 ; 
    2728    exit 1 ; 
    2829fi 
     
    3233while true ; do 
    3334    case "$1" in 
    34         -h|--help) echo $usage ; exit 0 ;; 
     35        -h|--help) echo -e $usage ; exit 0 ;; 
    3536        -U|--uri) uri=$2 ; shift 2 ;; 
    3637        -l|--username) username=$2 ; shift 2 ;; 
     
    4344 
    4445if [ -z $uri ]; then 
    45     echo Give the URI for the MyProxy Logon web service ; 
    46     echo $usage >&2 ; 
     46    echo -e Give the URI for the MyProxy Logon web service ; 
     47    echo -e $usage >&2 ; 
    4748    exit 1; 
    4849fi 
     
    9293# 1) -t 1 to ensure only one attempt is made 
    9394# 2) --auth-no-challenge force sending of username/password to allow for servers that may not issue an authentication challenge 
    94 wget $uri --http-user=$username --http-password=$password --post-file=$certreqfilepath --ca-directory=$cadir -O $outfilepath -t 1 --auth-no-challenge 
    95 if [ "$?" != "0" ]; then 
    96     cat $outfilepath 
     95#wget $uri --http-user=$username --http-password=$password --post-file=$certreqfilepath --ca-directory=$cadir -O $outfilepath -t 1 --auth-no-challenge 
     96response=$(curl $uri -u $username:$password -d "$(cat $certreqfilepath)" --capath $cadir -w " %{http_code}" -s -S) 
     97responsemsg=$(echo "$response"|sed '$s/ *\([^ ]* *\)$//') 
     98responsecode=$(echo $response|awk '{print $NF}') 
     99if [ "$responsecode" != "200" ]; then 
     100    echo "$responsemsg" >&2 
    97101    exit 1 
    98102fi 
    99103 
    100 # Add key to output file 
     104# Output certificate 
     105echo "$responsemsg" > $outfilepath 
     106 
     107# Add key  
    101108echo "$key" >> $outfilepath 
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxy_ws.py

    r6893 r6895  
    1717THIS_DIR = path.dirname(__file__) 
    1818INI_FILENAME = 'myproxywsgi.ini' 
    19 INI_FILEPATH = path.join(THIS_DIR, INI_FILENAME)   
    20 SSLCERT_FILEPATH = 'localhost.crt' 
    21 SSLKEY_FILEPATH = 'localhost.key' 
     19INI_FILEPATH = path.join(THIS_DIR, INI_FILENAME)  
     20SSLCERT_FILEPATH = path.join(THIS_DIR, 'localhost.crt') 
     21SSLKEY_FILEPATH = path.join(THIS_DIR, 'localhost.key') 
    2222PORTNUM = 7443 
    23 WITH_SSL = True 
     23WITH_SSL = True # Set to False to run over HTTP 
    2424 
    2525if __name__ == "__main__": 
     26    # Provide a port number as command line argument or accept the default 
     27    # PORTNUM 
    2628    if len(sys.argv) > 1: 
    2729        port = sys.argv[1] 
     
    2931        port = PORTNUM 
    3032         
    31     certFilePath = path.join(THIS_DIR, SSLCERT_FILEPATH) 
    32     priKeyFilePath = path.join(THIS_DIR, SSLKEY_FILEPATH) 
    33      
    3433    if WITH_SSL: 
    3534        ssl_context = SSL.Context(SSL.SSLv23_METHOD) 
    3635        ssl_context.set_options(SSL.OP_NO_SSLv2) 
    3736     
    38         ssl_context.use_privatekey_file(priKeyFilePath) 
    39         ssl_context.use_certificate_file(certFilePath) 
     37        ssl_context.use_privatekey_file(SSLKEY_FILEPATH) 
     38        ssl_context.use_certificate_file(SSLCERT_FILEPATH) 
    4039    else: 
    4140        ssl_context = None 
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxywsgi.ini

    r6894 r6895  
    2222myproxy.logonFuncEnvKeyName = MYPROXY_LOGON_FUNC 
    2323myproxy.rePathMatchList = /logon 
    24 myproxy.client.hostname = localhost 
     24#myproxy.client.hostname = localhost 
     25myproxy.client.hostname = myproxy.ceda.ac.uk 
    2526myproxy.client.caCertDir = /etc/grid-security/certificates 
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/test_myproxywsgi.cfg

    r6893 r6895  
    1414[test01Logon] 
    1515username: pjk 
    16 password = mypassword 
     16#password = mypassword 
    1717uri = https://localhost:10443/logon 
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/test_myproxywsgi_with_paster.py

    r6893 r6895  
    1919logging.basicConfig(level=logging.DEBUG) 
    2020 
    21 from OpenSSL import SSL 
     21from OpenSSL import SSL, crypto 
    2222 
    2323from myproxy.server.test import PasteDeployAppServer 
     
    3939    SCRIPT_URI_OPTNAME = '--uri' 
    4040    SCRIPT_USER_OPTNAME = '--username' 
    41     SCRIPT_PASSWD_OPTNAME = '--stdin_pass' 
    42     SCRIPT_OUTPUT_OPTNAME = '--out' 
    4341    SCRIPT_STDIN_PASS = '--stdin_pass' 
    4442     
     
    8078                              env={'X509_CERT_DIR':self.__class__.THIS_DIR}) 
    8179        stdoutdata, stderrdata = p2.communicate() 
    82 #        self.failIf(status[-1] != 0, "Expecting 0 exit status for %r" % cmd) 
    83         print stdoutdata 
    84   
     80        self.failIf(len(stderrdata) > 0, "An error message was returned: %s" %  
     81                    stderrdata) 
     82        print("stdout = %s" % stdoutdata) 
     83         
     84        cert = crypto.load_certificate(crypto.FILETYPE_PEM, stdoutdata) 
     85        subj = cert.get_subject() 
     86        self.assert_(subj) 
     87        self.assert_(subj.CN) 
     88        print("Returned certificate subject CN=%r" % subj.CN) 
     89         
    8590    def addService(self, *arg, **kw): 
    8691        """Utility for setting up threads to run Paste HTTP based services with 
  • TI12-security/trunk/MyProxyServerUtils/myproxy/server/wsgi/httpbasicauth.py

    r6893 r6895  
    174174        username, password = self._parseCredentials(environ) 
    175175        if username is None: 
    176             log.info('No username set in HTTP Authorization header') 
    177             return self.setErrorResponse(start_response) 
     176            log.error('No username set in HTTP Authorization header') 
     177            return self.setErrorResponse(start_response,  
     178                                         msg="No username set\n") 
    178179         
    179180        authenticateFunc = environ.get(self.authnFuncEnvironKeyName) 
     
    215216        status = '%d %s' % (code, httplib.responses[code]) 
    216217        if msg is None: 
    217             response = status 
     218            response = "%s\n" % status 
    218219        else: 
    219220            response = msg 
Note: See TracChangeset for help on using the changeset viewer.