Changeset 7775


Ignore:
Timestamp:
13/12/10 16:42:18 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • starting generic services template.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
3 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_attributeserviceclient.cfg

    r7708 r7775  
    3232 
    3333[test02pcmdiAttributeQuery] 
    34 uri = https://esg2.prototype.ucar.edu/saml/soap/secure/attributeService.htm 
    35 subject = https://esg.prototype.ucar.edu/myopenid/testUser 
     34#uri = https://esg2.prototype.ucar.edu/saml/soap/secure/attributeService.htm 
     35uri = https://pcmdi3.llnl.gov/esgcet/saml/soap/secure/attributeService.htm 
     36#subject = https://esg.prototype.ucar.edu/myopenid/testUser 
     37subject = https://pcmdi3.llnl.gov/esgcet/myopenid/MElkington 
    3638 
    3739attributeQuery.deserialise = ndg.security.common.saml_utils.esgf.xml.etree:ESGFResponseElementTree.fromXML 
     
    3941attributeQuery.clockSkewTolerance = 1. 
    4042attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 
    41 attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string 
    42 attributeQuery.queryAttributes.1 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string 
    43 attributeQuery.queryAttributes.2 = urn:esg:last:name, LastName, http://www.w3.org/2001/XMLSchema#string 
     43#attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string 
     44#attributeQuery.queryAttributes.1 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string 
     45#attributeQuery.queryAttributes.2 = urn:esg:last:name, LastName, http://www.w3.org/2001/XMLSchema#string 
    4446attributeQuery.queryAttributes.groupRole1 = urn:esg:group:role, GroupRole, groupRole 
    4547 
    4648# SSL Context Proxy settings 
    47 attributeQuery.sslCACertDir = %(here)s/esg_trusted_certificates 
    48 attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
    49 attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
    50 attributeQuery.sslValidDNs = /C=US/ST=Colorado/L=Boulder/O=University Corporation for Atmospheric Research/OU=Computational & Information Systems LaboratoryUniversity /CN=*.prototype.ucar.edu 
     49#attributeQuery.sslCACertDir = %(here)s/esg_trusted_certificates 
     50#attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
     51#attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
     52#attributeQuery.sslValidDNs = /C=US/ST=Colorado/L=Boulder/O=University Corporation for Atmospheric Research/OU=Computational & Information Systems LaboratoryUniversity /CN=*.prototype.ucar.edu 
    5153 
    52 [test03pcmdiProductionAttributeQuery] 
     54[test03pcmdiAttributeQuery] 
    5355uri = https://pcmdi3.llnl.gov/esgcet/saml/soap/secure/attributeService.htm 
    5456subject = https://ceda.ac.uk/openid/Philip.Kershaw 
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_attributeserviceclient.py

    r7698 r7775  
    6767#    def test01ncarAttributeQuery(self): 
    6868#        self._attributeQuery('test01ncarAttributeQuery') 
    69 #         
    70 #    def test02pcmdiAttributeQuery(self): 
    71 #        self._attributeQuery('test02pcmdiAttributeQuery') 
    7269         
    73     def test03pcmdiProductionAttributeQuery(self): 
    74         self._attributeQuery('test03pcmdiProductionAttributeQuery') 
     70    def test02pcmdiAttributeQuery(self): 
     71        self._attributeQuery('test02pcmdiAttributeQuery') 
     72         
     73    def test03pcmdiAttributeQuery(self): 
     74        self._attributeQuery('test03pcmdiAttributeQuery') 
    7575 
    7676        
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7733 r7775  
    1313ROOT_FILEPATH = ../../../../../ 
    1414DEST_DIR = ./ 
     15TEST_DIR = ${ROOT_FILEPATH}ndg_security_test/ndg/security/test/ 
     16TEST_CONFIG_SRC_DIR = ${TEST_DIR}config/ 
     17PKI_SRC_DIR = ${TEST_CONFIG_SRC_DIR}pki/ 
     18CA_SRC_DIR = ${PKI_SRC_DIR}ca/ 
     19SERVER_CERT_SRC_FILEPATH = ${PKI_SRC_DIR}localhost.crt 
     20SERVER_KEY_SRC_FILEPATH = ${PKI_SRC_DIR}localhost.key 
     21INTEGRATION_TEST_DIR = ${TEST_DIR}integration/ 
    1522 
    1623AUTHZ_SERVICE_DIRNAME = authorisationservice/ 
    17 TEST_CONFIG_SRC_DIR = ${ROOT_FILEPATH}ndg_security_test/ndg/security/test/config/ 
    1824AUTHZ_SERVICE_SRC_DIR = ${TEST_CONFIG_SRC_DIR}${AUTHZ_SERVICE_DIRNAME} 
    1925AUTHZ_SERVICE_DEST_DIR = ${DEST_DIR}${AUTHZ_SERVICE_DIRNAME} 
     
    2127AUTHZ_SERVICE_INI_FILEPATH_TMP = ${AUTHZ_SERVICE_DEST_DIR}/${AUTHZ_SERVICE_INI_FILENAME} 
    2228AUTHZ_SERVICE_INI_TMPL_FILEPATH = ${AUTHZ_SERVICE_INI_FILEPATH_TMP}_tmpl 
    23 PKI_SRC_DIR = ${TEST_CONFIG_SRC_DIR}pki/ 
    24 SERVER_CERT_SRC_FILEPATH = ${PKI_SRC_DIR}localhost.crt 
    25 SERVER_KEY_SRC_FILEPATH = ${PKI_SRC_DIR}localhost.key 
    26 PKI_DEST_DIR = ${AUTHZ_SERVICE_DEST_DIR}pki/ 
    27 CA_SRC_DIR = ${PKI_SRC_DIR}ca/ 
    28 CA_DEST_DIR = ${PKI_DEST_DIR}ca/ 
     29AUTHZ_SERVICE_PKI_DEST_DIR = ${AUTHZ_SERVICE_DEST_DIR}pki/ 
     30AUTHZ_SERVICE_CA_DEST_DIR = ${AUTHZ_SERVICE_PKI_DEST_DIR}ca/ 
     31 
    2932 
    3033authorisation_service_tmpl: 
     
    4447        @-echo 
    4548        @-echo Create PKI directory and copying files ... 
    46         -mkdir ${PKI_DEST_DIR} 
    47         cp ${SERVER_CERT_SRC_FILEPATH} ${PKI_DEST_DIR} 
    48         cp ${SERVER_KEY_SRC_FILEPATH} ${PKI_DEST_DIR} 
    49         -mkdir ${CA_DEST_DIR} 
    50         cp ${CA_SRC_DIR}* ${CA_DEST_DIR} 
     49        -mkdir ${AUTHZ_SERVICE_PKI_DEST_DIR} 
     50        cp ${SERVER_CERT_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
     51        cp ${SERVER_KEY_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
     52        -mkdir ${AUTHZ_SERVICE_CA_DEST_DIR} 
     53        cp ${CA_SRC_DIR}* ${AUTHZ_SERVICE_CA_DEST_DIR} 
    5154        @-echo 
    5255        @-echo Done. 
     
    5659        rm -rf ${AUTHZ_SERVICE_DEST_DIR} 
    5760         
    58 clean: authorisation_service_tmpl_clean 
     61USERDB_FILENAME = user.db 
     62USERDB_FILEPATH = ${TEST_CONFIG_SRC_DIR}${USERDB_FILENAME} 
     63 
     64ATTR_SERVICE_DIRNAME = attributeservice/ 
     65ATTR_SERVICE_SRC_DIR = ${TEST_CONFIG_SRC_DIR}attributeauthority/sitea/ 
     66ATTR_SERVICE_SRC_INI_FILENAME = site-a.ini 
     67ATTR_SERVICE_SRC_INI_FILEPATH = ${ATTR_SERVICE_SRC_DIR}${ATTR_SERVICE_SRC_INI_FILENAME} 
     68ATTR_SERVICE_DEST_DIR = ${DEST_DIR}${ATTR_SERVICE_DIRNAME} 
     69ATTR_SERVICE_INI_FILENAME = attribute-service.ini 
     70ATTR_SERVICE_INI_FILEPATH_TMP = ${ATTR_SERVICE_DEST_DIR}${ATTR_SERVICE_INI_FILENAME} 
     71ATTR_SERVICE_INI_TMPL_FILEPATH = ${ATTR_SERVICE_INI_FILEPATH_TMP}_tmpl 
     72ATTR_SERVICE_PKI_DEST_DIR = ${ATTR_SERVICE_DEST_DIR}pki/ 
     73ATTR_SERVICE_CA_DEST_DIR = ${ATTR_SERVICE_PKI_DEST_DIR}ca/ 
     74 
     75 
     76attribute_service_tmpl: 
     77        @-echo Preparing Attribute Service template ... 
     78        @-echo 
     79        @-echo Copying test ini file ... 
     80        -mkdir ${ATTR_SERVICE_DEST_DIR} 
     81        cp -r ${ATTR_SERVICE_SRC_INI_FILEPATH} ${ATTR_SERVICE_INI_FILEPATH_TMP} 
     82        @-echo Making substitutions for template variables ... 
     83        sed -e s/'# Description:.*'/'# Description: Paster template for SAML Attribute Service'/ \ 
     84        -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = $$\{mountPoint\}'/ \ 
     85        -e s/'saml\.soapbinding\.issuerName.*'/'saml.soapbinding.issuerName = $$\{issuerName}'/ \ 
     86        -e s/'saml\.soapbinding\.issuerFormat.*'/'saml\.soapbinding\.issuerFormat = $$\{issuerFormat}'/ \ 
     87        -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
     88        -e s/testConfigDir/here/g \ 
     89        ${ATTR_SERVICE_INI_FILEPATH_TMP} > ${ATTR_SERVICE_INI_TMPL_FILEPATH} 
     90        rm -f ${ATTR_SERVICE_INI_FILEPATH_TMP} 
     91        @-echo 
     92        @-echo Create PKI directory and copying files ... 
     93        -mkdir ${ATTR_SERVICE_PKI_DEST_DIR} 
     94        cp ${SERVER_CERT_SRC_FILEPATH} ${ATTR_SERVICE_PKI_DEST_DIR} 
     95        cp ${SERVER_KEY_SRC_FILEPATH} ${ATTR_SERVICE_PKI_DEST_DIR} 
     96        -mkdir ${ATTR_SERVICE_CA_DEST_DIR} 
     97        cp ${CA_SRC_DIR}* ${ATTR_SERVICE_CA_DEST_DIR} 
     98        @-echo Copying test SQLite user database ... 
     99        cp ${USERDB_FILEPATH} ${ATTR_SERVICE_DEST_DIR} 
     100        @-echo 
     101        @-echo Done. 
     102         
     103attribute_service_tmpl_clean: 
     104        @-echo Clearing Authorisation Service template ... 
     105        rm -rf ${ATTR_SERVICE_DEST_DIR} 
     106         
     107 
     108# Settings to create OpenID Provider template 
     109OPENID_PROVIDER_DIRNAME = openidprovider/ 
     110OPENID_PROVIDER_SRC_DIR = ${INTEGRATION_TEST_DIR}${OPENID_PROVIDER_DIRNAME} 
     111OPENID_PROVIDER_DEST_DIR = ${DEST_DIR}${OPENID_PROVIDER_DIRNAME} 
     112OPENID_PROVIDER_INI_FILENAME = service.ini 
     113OPENID_PROVIDER_INI_FILEPATH_TMP = ${OPENID_PROVIDER_DEST_DIR}${OPENID_PROVIDER_INI_FILENAME} 
     114OPENID_PROVIDER_INI_TMPL_FILEPATH = ${OPENID_PROVIDER_INI_FILEPATH_TMP}_tmpl 
     115OPENID_PROVIDER_PKI_DEST_DIR = ${OPENID_PROVIDER_DEST_DIR}pki/ 
     116OPENID_PROVIDER_CA_DEST_DIR = ${OPENID_PROVIDER_PKI_DEST_DIR}ca/ 
     117 
     118 
     119openidprovider_tmpl: 
     120        @-echo Preparing OpenID Provider template ... 
     121        @-echo 
     122        @-echo Copying templates, CSS and graphics and ini file ... 
     123        mkdir ${OPENID_PROVIDER_DEST_DIR} 
     124        cp -r ${OPENID_PROVIDER_SRC_DIR}openidprovider/templates/ \ 
     125                ${OPENID_PROVIDER_DEST_DIR} 
     126        cp -r ${OPENID_PROVIDER_SRC_DIR}public ${OPENID_PROVIDER_DEST_DIR} 
     127        cp ${OPENID_PROVIDER_SRC_DIR}securityservices.ini \ 
     128                ${OPENID_PROVIDER_INI_FILEPATH_TMP} 
     129        @-echo Clear out SVN directories ... 
     130        -find ${OPENID_PROVIDER_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
     131        @-echo Making substitutions for template variables ... 
     132        sed -e s/'%(here)s\/openidprovider'/'%(here)s'/g \ 
     133        -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
     134        -e s/testConfigDir/here/g \ 
     135        ${OPENID_PROVIDER_INI_FILEPATH_TMP} > ${OPENID_PROVIDER_INI_TMPL_FILEPATH} 
     136        rm -f ${OPENID_PROVIDER_INI_FILEPATH_TMP} 
     137        @-echo 
     138        @-echo Create PKI directory and copying files ... 
     139        -mkdir ${OPENID_PROVIDER_PKI_DEST_DIR} 
     140        cp ${SERVER_CERT_SRC_FILEPATH} ${OPENID_PROVIDER_PKI_DEST_DIR} 
     141        cp ${SERVER_KEY_SRC_FILEPATH} ${OPENID_PROVIDER_PKI_DEST_DIR} 
     142        -mkdir ${OPENID_PROVIDER_CA_DEST_DIR} 
     143        cp ${CA_SRC_DIR}* ${OPENID_PROVIDER_CA_DEST_DIR} 
     144        @-echo 
     145        @-echo Done. 
     146         
     147openidprovider_tmpl_clean: 
     148        @-echo Clearing OpenID Provider template ... 
     149        rm -rf ${OPENID_PROVIDER_DEST_DIR} 
     150 
     151         
     152clean: authorisation_service_tmpl_clean attribute_service_tmpl_clean openidprovider_tmpl_clean 
     153 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7756 r7775  
    1414import socket 
    1515import base64 
    16 from paste.script.templates import Template, var, _skip_variables 
     16from paste.script.templates import Template, var 
    1717_hostTuple = socket.gethostbyaddr(socket.gethostname()) 
    1818try: 
     
    3434] 
    3535 
     36 
    3637class DefaultDeploymentTemplate(Template): 
    3738    _template_dir = 'default_deployment' 
     
    3940    vars = vars 
    4041 
    41 # Single Sign On Service not included in this template 
    42 #    def write_files(self, command, output_dir, vars): 
    43 #        '''Extend to enable substitutions for Single Sign On Service config 
    44 #        file''' 
    45 #        if output_dir.startswith('./'): 
    46 #            outDir = output_dir.lstrip('./') 
    47 #        else: 
    48 #            outDir = output_dir 
    49 #             
    50 #        vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso') 
    51 #        super(DefaultDeploymentTemplate, self).write_files(command,  
    52 #                                                           output_dir,  
    53 #                                                           vars) 
    5442         
    55 class FullDeploymentTemplate(Template): 
    56     _template_dir = 'full_deployment' 
     43class ServicesTemplate(Template): 
     44    """Make a template containing all the Security Services avaliable with 
     45    NDG Security.  These are provided together in one template but deployers 
     46    should consider adapting this and dividing up into separate WSGI apps 
     47    to suit 
     48    """ 
     49    _template_dir = 'services' 
    5750    summary = ('NERC DataGrid Security services full deployment template ' 
    58                'including the Single Sign On Service') 
     51               'including the SAML Attribute and Authorisation Services, ' 
     52               'OpenID Provider application, OpenID Relying Party and SSL ' 
     53               'client authentication services') 
    5954    vars = vars 
    60  
    61     def write_files(self, command, output_dir, vars): 
    62         '''Extend to enable substitutions for Single Sign On Service config 
    63         file''' 
    64         if output_dir.startswith('./'): 
    65             outDir = output_dir.lstrip('./') 
    66         else: 
    67             outDir = output_dir 
    68              
    69         vars['installDir'] = os.path.join(os.getcwd(), outDir) 
    70         super(FullDeploymentTemplate, self).write_files(command,  
    71                                                         output_dir,  
    72                                                         vars) 
    7355 
    7456         
     
    9375            default=base64.b64encode(os.urandom(32))[:32]) 
    9476    ] 
    95  
    96     def write_files(self, command, output_dir, vars): 
    97         '''Extend to enable substitutions for Single Sign On Service config 
    98         file''' 
    99         if output_dir.startswith('./'): 
    100             outDir = output_dir.lstrip('./') 
    101         else: 
    102             outDir = output_dir 
    103              
    104         vars['installDir'] = os.path.join(os.getcwd(), outDir) 
    105         super(FullDeploymentTemplate, self).write_files(command,  
    106                                                         output_dir,  
    107                                                         vars) 
    10877 
    10978         
     
    137106 
    138107       
     108class OpenIDProviderTemplate(Template): 
     109    """Paster template for OpenID Provider service""" 
     110     
     111    DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     112    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     113    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     114     
     115    _template_dir = 'authorisationservice' 
     116    summary = ( 
     117        'Template to create an NDG Security Authorisation Service') 
     118    vars = [ 
     119        var('mountPoint',  
     120            ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     121            default=DEFAULT_MOUNT_POINT), 
     122 
     123        var('issuerName',  
     124            ('ID of this service used in SAML queries and responses'), 
     125            default=DEFAULT_ISSUER_NAME), 
     126 
     127        var('issuerFormat',  
     128            ('Format of issuerName string; if using the default, ensure that ' 
     129             'the issuerName value is a correctly formatted X.509 Subject ' 
     130             'Name'), 
     131            default=DEFAULT_ISSUER_FORMAT) 
Note: See TracChangeset for help on using the changeset viewer.