Changeset 7786 for TI12-security


Ignore:
Timestamp:
20/12/10 17:06:25 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • unit test for generic services template - added support for Yadis templates
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates
Files:
1 added
7 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7784 r7786  
    2626USERDB_FILEPATH = ${TEST_CONFIG_SRC_DIR}${USERDB_FILENAME} 
    2727 
     28 
     29# OpenID Provider Specific Settings 
     30OP_SERVER_YADIS_TMPL_SRC_FILENAME = serveryadis.xml 
     31OP_YADIS_TMPL_SRC_FILENAME = yadis.xml 
    2832 
    2933# Generic Services Template Settings 
     
    4044SERVICE_SURPLUS_FILES = README __init__.* attributeinterface.* securedapp.* \ 
    4145        securityservicesapp.* request-filter.xml pep_result_handler *.pyc \ 
    42         openidprovider/associations/  openidprovider/beaker/ \ 
     46        authn/* openidprovider/associations/  openidprovider/beaker/ \ 
    4347        openidprovider/README openidprovider/nonces/ openidprovider/temp/ \ 
    44         openidrelyparty/store/ openidrelyparty/__init__.* 
     48        openidrelyparty/store/ openidrelyparty/__init__.* \ 
     49        pip-session-cache/* 
     50SERVICE_OP_DIRNAME = openidprovider/ 
     51SERVICE_OP_DIR = ${SERVICE_DEST_DIR}${SERVICE_OP_DIRNAME} 
     52SERVICE_OP_TMPL_DIR = ${SERVICE_OP_DIR}templates/ 
     53SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP = ${SERVICE_OP_TMPL_DIR}serveryadis.xml 
     54SERVICE_OP_YADIS_TMPL_FILEPATH_TMP = ${SERVICE_OP_TMPL_DIR}yadis.xml 
     55SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH = ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
     56SERVICE_OP_YADIS_TMPL_FILEPATH = ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
     57 
    4558         
    4659service_tmpl: ${SERVICE_SRC_DIR} 
     
    5265        @-find ${SERVICE_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
    5366        @-echo Remove unneeded files ... 
    54         -for i in ${SERVICE_SURPLUS_FILES} ; do \ 
     67        for i in ${SERVICE_SURPLUS_FILES} ; do \ 
    5568                rm -rf ${SERVICE_DEST_DIR}$$i ; \ 
    5669        done ; 
    57         @-echo Making substitutions for template variables ... 
    58         sed -e s/'portNum = .*'/'portNum = $$\{portNumber}'/ \ 
    59         -e s/'baseURI =.*'/'baseURI = $$\{baseURI}'/ \ 
    60         -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = $$\{attributeServiceMountPoint\}'/ \ 
    61         -e s/'saml\.mountPath.*'/'saml.mountPath = $$\{authorisationServiceMountPoint\}'/ \ 
    62         -e s/'saml\.soapbinding\.issuerName =.*'/'saml.soapbinding.issuerName = $$\{attributeServiceIssuerName}'/ \ 
    63         -e s/'saml\.issuerName =.*'/'samlIssuerName = $$\{authorisationServiceIssuerName}'/ \ 
    64         -e s/'saml\.soapbinding\.issuerFormat =.*'/'saml.soapbinding.issuerFormat = $$\{attributeServiceIssuerFormat}'/ \ 
    65         -e s/'saml\.issuerFormat =.*'/'saml.issuerFormat = $$\{authorisationServiceIssuerFormat}'/ \ 
    66         -e s/'authkitCookieSecret =.*'/'authkitCookieSecret = $$\{authkitCookieSecret}'/ \ 
    67         -e s/'beakerSessionCookieSecret =.*'/'beakerSessionCookieSecret = $$\{beakerSessionCookieSecret}'/ \ 
    68         -e s/'authkit.openid.session.secret = .*'/'authkit.openid.session.secret = $$\{openidRelyingPartyCookieSecret}'/ \ 
     70        @-echo Making substitutions for ini file template variables ... 
     71        sed -e s/'portNum = .*'/'portNum = %%\{portNumber}'/ \ 
     72        -e s/'baseURI =.*'/'baseURI = %%\{baseURI}'/ \ 
     73        -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = %%\{attributeServiceMountPoint\}'/ \ 
     74        -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{authorisationServiceMountPoint\}'/ \ 
     75        -e s/'saml\.soapbinding\.issuerName =.*'/'saml.soapbinding.issuerName = %%\{attributeServiceIssuerName}'/ \ 
     76        -e s/'saml\.issuerName =.*'/'samlIssuerName = %%\{authorisationServiceIssuerName}'/ \ 
     77        -e s/'saml\.soapbinding\.issuerFormat =.*'/'saml.soapbinding.issuerFormat = %%\{attributeServiceIssuerFormat}'/ \ 
     78        -e s/'saml\.issuerFormat =.*'/'saml.issuerFormat = %%\{authorisationServiceIssuerFormat}'/ \ 
     79        -e s/'authkitCookieSecret =.*'/'authkitCookieSecret = %%\{authkitCookieSecret}'/ \ 
     80        -e s/'beakerSessionCookieSecret =.*'/'beakerSessionCookieSecret = %%\{beakerSessionCookieSecret}'/ \ 
     81        -e s/'authkit.openid.session.secret = .*'/'authkit.openid.session.secret = %%\{openidRelyingPartyCookieSecret}'/ \ 
    6982        -e s/'testConfigDir = .*'// \ 
    7083        -e s/testConfigDir/here/g \ 
    7184        -e s/'# Revision:.*'//g \ 
    72         ${SERVICE_INI_FILEPATH_TMP} > ${SERVICE_INI_TMPL_FILEPATH} 
     85                ${SERVICE_INI_FILEPATH_TMP} > ${SERVICE_INI_TMPL_FILEPATH} 
    7386        rm -f ${SERVICE_INI_FILEPATH_TMP} 
     87        @-echo Making substitutions for OpenID Provider Yadis templates ... 
     88        @-echo Removing unneeded XRD entries ... 
     89        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
     90        -e s/'<XRD>'/'%%\{extraXrdEntries}\n    <XRD>'/ \ 
     91                ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP} > \ 
     92                ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH} 
     93        rm -f ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP} 
    7494        @-echo 
    7595        @-echo Create PKI directory and copying files ... 
     
    108128        @-echo Making substitutions for template variables ... 
    109129        sed -e s/'# Description:.*'/'# Description: Paster template'/ \ 
    110         -e s/'saml\.mountPath.*'/'saml.mountPath = $$\{mountPoint\}'/ \ 
    111         -e s/'samlIssuerName =.*'/'samlIssuerName = $$\{issuerName}'/ \ 
    112         -e s/'samlIssuerFormat =.*'/'samlIssuerFormat = $$\{issuerFormat}'/ \ 
     130        -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{mountPoint\}'/ \ 
     131        -e s/'samlIssuerName =.*'/'samlIssuerName = %%\{issuerName}'/ \ 
     132        -e s/'samlIssuerFormat =.*'/'samlIssuerFormat = %%\{issuerFormat}'/ \ 
    113133        -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
    114134        -e s/testConfigDir/here/g \ 
     
    151171        @-echo Making substitutions for template variables ... 
    152172        sed -e s/'# Description:.*'/'# Description: Paster template for SAML Attribute Service'/ \ 
    153         -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = $$\{mountPoint\}'/ \ 
    154         -e s/'saml\.soapbinding\.issuerName.*'/'saml.soapbinding.issuerName = $$\{issuerName}'/ \ 
    155         -e s/'saml\.soapbinding\.issuerFormat.*'/'saml\.soapbinding\.issuerFormat = $$\{issuerFormat}'/ \ 
     173        -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = %%\{mountPoint\}'/ \ 
     174        -e s/'saml\.soapbinding\.issuerName.*'/'saml.soapbinding.issuerName = %%\{issuerName}'/ \ 
     175        -e s/'saml\.soapbinding\.issuerFormat.*'/'saml\.soapbinding\.issuerFormat = %%\{issuerFormat}'/ \ 
    156176        -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
    157177        -e s/testConfigDir/here/g \ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/service.ini_tmpl

    r7784 r7786  
    2020# Settings global to all sections 
    2121[DEFAULT] 
    22 portNum = ${portNumber} 
     22portNum = %%{portNumber} 
    2323hostname = localhost 
    2424scheme = https 
    25 baseURI = ${baseURI} 
     25baseURI = %%{baseURI} 
    2626openIDProviderIDBase = openid/ 
    2727 
     
    5252# because the cookie is shared between the secured app(s) and this app so that 
    5353# a user's OpenID can be communicated between them. 
    54 authkitCookieSecret = ${authkitCookieSecret} 
     54authkitCookieSecret = %%{authkitCookieSecret} 
    5555 
    5656# Secret for OpenID Provider cookie 
    57 beakerSessionCookieSecret = ${beakerSessionCookieSecret} 
     57beakerSessionCookieSecret = %%{beakerSessionCookieSecret} 
    5858 
    5959 
     
    219219authkit.openid.store.config=%(here)s/openidrelyingparty/store 
    220220authkit.openid.session.key = authkit_openid 
    221 authkit.openid.session.secret = ${openidRelyingPartyCookieSecret} 
     221authkit.openid.session.secret = %%{openidRelyingPartyCookieSecret} 
    222222 
    223223# Key name for dereferencing beaker.session object held in environ 
     
    460460 
    461461# Path following the FQDN from which this service will be mounted 
    462 saml.soapbinding.mountPath = ${attributeServiceMountPoint} 
     462saml.soapbinding.mountPath = %%{attributeServiceMountPoint} 
    463463 
    464464# The key name for the environ dict item holding the Attribute Authority's  
     
    482482 
    483483# The URI path for this service 
    484 saml.mountPath = ${authorisationServiceMountPoint} 
     484saml.mountPath = %%{authorisationServiceMountPoint} 
    485485 
    486486# The key name in environ which the upstream authorisation service must assign 
     
    494494 
    495495# Sets the identity of THIS authorisation service when filling in SAML responses 
    496 samlIssuerName = ${authorisationServiceIssuerName} 
    497 saml.issuerFormat = ${authorisationServiceIssuerFormat} 
     496samlIssuerName = %%{authorisationServiceIssuerName} 
     497saml.issuerFormat = %%{authorisationServiceIssuerFormat} 
    498498 
    499499#______________________________________________________________________________ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7784 r7786  
    1414import socket 
    1515import base64 
     16import string 
     17import re 
    1618from urlparse import urlunsplit 
    1719from paste.script.templates import Template, var 
     20from paste.script.copydir import LaxTemplate 
     21 
    1822_hostTuple = socket.gethostbyaddr(socket.gethostname()) 
    1923try: 
     
    2529     
    2630from ndg.saml.saml2.core import Issuer     
    27  
    28 import re 
    29 from paste.script.copydir import LaxTemplate 
    3031 
    3132 
     
    4748    AUTHORISATION_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    4849    AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     50     
     51    MYPROXY_SERVER_XRD_ENTRY_TMPL = """    <XRD> 
     52        <Service priority="10"> 
     53            <Type>urn:esg:security:myproxy-service</Type> 
     54            <URI>%%{myProxyServerURI}</URI> 
     55            <LocalID>$user_url</LocalID> 
     56        </Service> 
     57    </XRD> 
     58    """ 
     59     
     60    ATTRIBUTE_SERVICE_XRD_ENTRY_TMPL = """    <XRD> 
     61        <Service priority="20"> 
     62            <Type>urn:esg:security:attribute-service</Type> 
     63            <URI>%%{attributeServiceURI}</URI> 
     64            <LocalID>$user_url</LocalID> 
     65        </Service> 
     66    </XRD> 
     67    """ 
    4968     
    5069    _template_dir = 'services' 
     
    7493            ATTRIBUTE_SERVICE_DEFAULT_ISSUER_NAME), 
    7594             
     95        var('attributeServiceIssuerFormat', 
     96            'SAML Issuer Name field for Attribute Service SAML responses', 
     97            ATTRIBUTE_SERVICE_DEFAULT_ISSUER_FORMAT), 
     98             
    7699        var('authorisationServiceIssuerName', 
    77100            'SAML Issuer Name field for Authorisation Service SAML responses', 
    78101            AUTHORISATION_SERVICE_DEFAULT_ISSUER_NAME), 
    79              
    80         var('attributeServiceIssuerFormat', 
    81             'SAML Issuer Name field for Attribute Service SAML responses', 
    82             ATTRIBUTE_SERVICE_DEFAULT_ISSUER_FORMAT), 
    83102             
    84103        var('authorisationServiceIssuerFormat', 
     
    98117             
    99118        var('openidRelyingPartyCookieSecret', 
    100             'Secret for secuing OpenID Relying Party session cookie', 
    101             default=base64.b64encode(os.urandom(32))[:32])     
     119            'Secret for securing OpenID Relying Party session cookie', 
     120            default=base64.b64encode(os.urandom(32))[:32]), 
     121             
     122        var('myproxyServerURI', 
     123            'MyProxy Server address to advertise in OpenID Provider Yadis ' 
     124            'document - defaults to omit this entry', 
     125            default=''), 
     126             
     127        var('includeAttributeServiceInYadis', 
     128            'Include Attribute Service address in OpenID Provider Yadis ' 
     129            'document', 
     130            default=True) 
    102131        ] 
    103132     
     
    107136        be ignored 
    108137        """ 
    109         self._laxTemplatePatternSave = LaxTemplate.pattern 
     138        self._laxTemplatePattern = LaxTemplate.pattern 
    110139        LaxTemplate.pattern = re.compile(r""" 
    111             \$(?: 
    112               (?P<escaped>\$)             |   # Escape sequence of two delimiters 
    113               (?P<named>[_a-z][_a-z0-9]*) |   # delimiter and a Python identifier 
    114               {(?P<braced>.*?(?!userIdentifier))} |   # delimiter and a braced identifier 
    115               (?P<invalid>)                   # Other ill-formed delimiter exprs 
    116             ) 
    117             """) 
     140        \%%(?: 
     141          (?P<escaped>\$)             |   # Escape sequence of two delimiters 
     142          (?P<named>[_a-z][_a-z0-9]*) |   # delimiter and a Python identifier 
     143          {(?P<braced>.*?)}          |   # delimiter and a braced identifier 
     144          (?P<invalid>)                   # Other ill-formed delimiter exprs 
     145        ) 
     146        """) 
    118147        super(ServicesTemplate, self).__init__(*arg, **kw) 
    119148         
     
    121150        """Restore default setting for template pattern to its original value 
    122151        """ 
    123         LaxTemplate.pattern = self._laxTemplatePatternSave 
    124         super(ServicesTemplate, self).__del__() 
     152        LaxTemplate.pattern = self._laxTemplatePattern 
     153        _super = super(ServicesTemplate, self) 
     154        if hasattr(_super, "__del__"): 
     155            _super.__del__() 
     156 
     157    def write_files(self, command, output_dir, vars): 
     158        '''Extend to enable substitutions for OpenID Provider Yadis templates'''   
     159        vars['extraXrdEntries'] = '' 
     160         
     161        class XrdsTemplate(string.Template): 
     162            delimiter = "%%" 
     163                
     164        attributeServiceURI = vars['baseURI'] + vars[ 
     165                                'attributeServiceMountPoint'].lstrip('/') 
     166         
     167        if vars['includeAttributeServiceInYadis']: 
     168            attributeServiceEntryTmpl = XrdsTemplate( 
     169                            self.__class__.ATTRIBUTE_SERVICE_XRD_ENTRY_TMPL) 
     170            vars['extraXrdEntries'] += attributeServiceEntryTmpl.substitute( 
     171                            attributeServiceURI=attributeServiceURI) 
     172 
     173        del vars['includeAttributeServiceInYadis'] 
     174        if vars['myproxyServerURI']: 
     175            myProxyServerEntryTmpl = XrdsTemplate( 
     176                            self.__class__.MYPROXY_SERVER_XRD_ENTRY_TMPL) 
     177            vars['extraXrdEntries'] += myProxyServerEntryTmpl.substitute( 
     178                            attributeServiceURI=vars['myproxyServerURI']) 
     179         
     180        del vars['myproxyServerURI']    
     181        super(ServicesTemplate, self).write_files(command, output_dir, vars) 
    125182 
    126183         
Note: See TracChangeset for help on using the changeset viewer.