Changeset 7637


Ignore:
Timestamp:
20/10/10 22:10:08 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.0.1 - incl. updated Paster templates

  • started adding new templates
  • Important fix over 2.0.0 for parsing of certificates DNs in wsgi ssl module.
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server
Files:
51 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/__init__.py

    r7077 r7637  
     1"""NDG Security Paster templates package 
     2 
     3NERC DataGrid Project 
     4""" 
     5__author__ = "P J Kershaw" 
     6__date__ = "20/10/2010" 
     7__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
     8__license__ = "BSD - see top-level directory for LICENSE file" 
     9__contact__ = "Philip.Kershaw@stfc.ac.uk" 
     10__revision__ = "$Id$" 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7077 r7637  
    11#!/usr/bin/env python 
     2"""NDG Security Paster template classes 
    23 
    3 from paste.script.templates import Template, var, _skip_variables 
     4NERC DataGrid Project 
     5""" 
     6__author__ = "P J Kershaw" 
     7__date__ = "20/10/2010" 
     8__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
     9__license__ = "BSD - see top-level directory for LICENSE file" 
     10__contact__ = "Philip.Kershaw@stfc.ac.uk" 
     11__revision__ = "$Id$" 
     12 
    413import os 
    514import socket 
     15import base64 
     16from paste.script.templates import Template, var, _skip_variables 
    617_hostTuple = socket.gethostbyaddr(socket.gethostname()) 
    718try: 
     
    6071                                                        output_dir,  
    6172                                                        vars) 
     73 
     74         
     75class SecuredAppTemplate(Template): 
     76    _template_dir = 'full_deployment' 
     77    summary = ( 
     78        'Template to secure an application with NERC DataGrid Security ' 
     79        'authentication and authorisation filters') 
     80    vars = [ 
     81        var('hostname',  
     82            ('Virtual host name to mount services on'), 
     83            default=_hostname), 
     84 
     85        var('authkitCookieSecret',  
     86            ('Cookie secret for AuthKit authentication middleware (if using a ' 
     87             'separate SSL based OpenID Relying Party then this value MUST ' 
     88             'agree with the one used for that ini file'), 
     89            default=base64.b64encode(os.urandom(32))[:32]), 
     90 
     91        var('beakerSessionSecret',  
     92            ('Cookie secret for keeping security session state'), 
     93            default=base64.b64encode(os.urandom(32))[:32]) 
     94    ] 
     95 
     96    def write_files(self, command, output_dir, vars): 
     97        '''Extend to enable substitutions for Single Sign On Service config 
     98        file''' 
     99        if output_dir.startswith('./'): 
     100            outDir = output_dir.lstrip('./') 
     101        else: 
     102            outDir = output_dir 
     103             
     104        vars['installDir'] = os.path.join(os.getcwd(), outDir) 
     105        super(FullDeploymentTemplate, self).write_files(command,  
     106                                                        output_dir,  
     107                                                        vars) 
     108        
     109         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/openid/relyingparty/validation.py

    r7077 r7637  
    319319         
    320320    def initialize(self, ctx, **parameters): 
    321         '''@raise ConfigException:'''  
     321        '''@param ctx: SSL context 
     322        @type ctx: M2Crypto.SSL.Context 
     323        @param parameters: dictionary of parameters read from configuration 
     324        file 
     325        @type parameters: dict 
     326        '''  
    322327        for name, val in parameters.items(): 
    323328            setattr(self, name, os.path.expandvars(val)) 
    324329              
    325330        ctx.load_verify_locations(capath=self.caCertDirPath) 
    326         if self.certFilePath is not None and self.priKeyFilePath is not None: 
     331        if self.certFilePath and self.priKeyFilePath: 
    327332            ctx.load_cert(self.certFilePath,  
    328333                          keyfile=self.priKeyFilePath,  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/ssl.py

    r7077 r7637  
    2626from ndg.security.server.wsgi import NDGSecurityMiddlewareBase 
    2727from ndg.security.common.X509 import X509Stack, X509Cert, X509CertError, X500DN 
    28 from ndg.security.common.utils.classfactory import instantiateClass 
    2928     
    3029 
     
    445444            # Update session cookie with user ID 
    446445            self._setUser() 
     446            log.debug("AuthKitSSLAuthnMiddleware: set environ['REMOTE_USER'] = " 
     447                      "%r" % environ.get('REMOTE_USER')) 
    447448             
    448449        # ... isValidCert will log warnings/errors no need to flag the False 
     
    457458        """ 
    458459        commonName = self.clientCert.dn['CN'] 
    459         if len(commonName) > 0: 
     460        if isinstance(commonName, basestring): 
     461            userId = commonName 
     462        else: 
    460463            # Proxy certificate will have multiple CNs 
    461464            userId = commonName[0] 
    462         else: 
    463             userId = commonName 
    464          
     465             
    465466        self.environ[ 
    466467            AuthKitSSLAuthnMiddleware.USERNAME_ENVIRON_KEYNAME] = userId 
Note: See TracChangeset for help on using the changeset viewer.