Changeset 7790 for TI12-security


Ignore:
Timestamp:
24/12/10 09:40:12 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Working unit tests for Attribute and Authorisation Service templates
Location:
TI12-security/trunk/NDGSecurity/python
Files:
17 added
3 deleted
10 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration

    • Property svn:ignore
      •  

        old new  
        66pcmdi3.llnl.gov.crt 
        77verisign_root 
         8test_attributeserviceclient-live.cfg 
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_attributeserviceclient.cfg

    r7775 r7790  
    3434#uri = https://esg2.prototype.ucar.edu/saml/soap/secure/attributeService.htm 
    3535uri = https://pcmdi3.llnl.gov/esgcet/saml/soap/secure/attributeService.htm 
    36 #subject = https://esg.prototype.ucar.edu/myopenid/testUser 
    37 subject = https://pcmdi3.llnl.gov/esgcet/myopenid/MElkington 
     36subject = https://esg.prototype.ucar.edu/myopenid/testUser 
    3837 
    3938attributeQuery.deserialise = ndg.security.common.saml_utils.esgf.xml.etree:ESGFResponseElementTree.fromXML 
     
    5453[test03pcmdiAttributeQuery] 
    5554uri = https://pcmdi3.llnl.gov/esgcet/saml/soap/secure/attributeService.htm 
    56 subject = https://ceda.ac.uk/openid/Philip.Kershaw 
     55subject =  
    5756 
    5857attributeQuery.deserialise = ndg.security.common.saml_utils.esgf.xml.etree:ESGFResponseElementTree.fromXML 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/utils

    • Property svn:ignore set to
      pyopenssl.py
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7786 r7790  
    5252SERVICE_OP_TMPL_DIR = ${SERVICE_OP_DIR}templates/ 
    5353SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP = ${SERVICE_OP_TMPL_DIR}serveryadis.xml 
     54SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH = ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
    5455SERVICE_OP_YADIS_TMPL_FILEPATH_TMP = ${SERVICE_OP_TMPL_DIR}yadis.xml 
    55 SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH = ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
    56 SERVICE_OP_YADIS_TMPL_FILEPATH = ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
     56SERVICE_OP_YADIS_TMPL_FILEPATH = ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP}_tmpl 
    5757 
    5858         
     
    9292                ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH} 
    9393        rm -f ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP} 
     94        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
     95        -e s/'<XRD>'/'%%\{extraXrdEntries}\n    <XRD>'/ \ 
     96                ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP} > \ 
     97                ${SERVICE_OP_YADIS_TMPL_FILEPATH} 
     98        rm -f ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP} 
    9499        @-echo 
    95100        @-echo Create PKI directory and copying files ... 
     
    137142        @-echo 
    138143        @-echo Create PKI directory and copying files ... 
    139         -mkdir ${AUTHZ_SERVICE_PKI_DEST_DIR} 
    140144        cp ${SERVER_CERT_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
    141145        cp ${SERVER_KEY_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
    142         -mkdir ${AUTHZ_SERVICE_CA_DEST_DIR} 
    143146        cp ${CA_SRC_DIR}* ${AUTHZ_SERVICE_CA_DEST_DIR} 
     147        @-echo Clear out SVN directories ... 
     148        @-find ${AUTHZ_SERVICE_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
    144149        @-echo 
    145150        @-echo Done. 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/openidprovider/templates/yadis.xml_tmpl

    r7637 r7790  
    11<?xml version="1.0" encoding="UTF-8"?> 
    22<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> 
    3     <XRD> 
    4         <Service priority="1"> 
    5             <Type>urn:esg:security:myproxy-service</Type> 
    6             <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI> 
    7             <LocalID>$user_url</LocalID> 
    8         </Service> 
    9     </XRD> 
    10     <XRD> 
    11         <Service priority="20"> 
    12             <Type>urn:esg:security:attribute-service</Type> 
    13             <URI>https://attributeservice.somewhere.ac.uk</URI> 
    14             <LocalID>$user_url</LocalID> 
    15         </Service> 
    16     </XRD> 
    17     <XRD> 
    18         <Service priority="30"> 
    19             <Type>urn:esg:security:attribute-service</Type> 
    20             <URI>https://attributeservice.somewheredifferent.ac.uk</URI> 
    21             <LocalID>$user_url</LocalID> 
    22         </Service> 
    23     </XRD> 
    24     <XRD> 
    25         <Service priority="19"> 
    26             <Type>urn:esg:security:attribute-service</Type> 
    27             <URI>https://localhost:7443/AttributeAuthority</URI> 
    28             <LocalID>$user_url</LocalID> 
    29         </Service> 
    30     </XRD> 
     3    %%{extraXrdEntries} 
    314    <XRD> 
    325        <Service priority="0"> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7786 r7790  
    3232 
    3333class ServicesTemplate(Template): 
    34     """Make a template containing all the Security Services avaliable with 
     34    """Make a template containing all the Security Services available with 
    3535    NDG Security.  These are provided together in one template but deployers 
    3636    should consider adapting this and dividing up into separate WSGI apps 
     
    113113        var('beakerSessionCookieSecret',  
    114114            'Secret for securing the OpenID Provider and SSL Client ' 
    115             'authenticationsession cookie', 
     115            'authentication session cookie', 
    116116            default=base64.b64encode(os.urandom(32))[:32]), 
    117117             
     
    207207 
    208208 
    209 class AuthorisationServiceTemplate(Template): 
    210     """Paster template for the authorisation service""" 
    211      
    212     DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     209class AttributeServiceTemplate(Template): 
     210    """Paster template for the SAML attribute service""" 
     211     
     212    DEFAULT_MOUNT_POINT = '/AttributeService' 
    213213    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    214214    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    215215     
    216     _template_dir = 'authorisationservice' 
    217     summary = 'Create an NDG Security Authorisation Service' 
     216    _template_dir = 'attributeservice' 
     217    summary = 'Create an NDG Security SAML Attribute Service' 
    218218    vars = [ 
    219219        var('mountPoint',  
     
    231231            default=DEFAULT_ISSUER_FORMAT) 
    232232    ] 
     233     
     234 
     235class AuthorisationServiceTemplate(Template): 
     236    """Paster template for the SAML authorisation service""" 
     237     
     238    DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     239    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     240    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     241     
     242    _template_dir = 'authorisationservice' 
     243    summary = 'Create an NDG Security Authorisation Service' 
     244    vars = [ 
     245        var('mountPoint',  
     246            ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     247            default=DEFAULT_MOUNT_POINT), 
     248 
     249        var('issuerName',  
     250            ('ID of this service used in SAML queries and responses'), 
     251            default=DEFAULT_ISSUER_NAME), 
     252 
     253        var('issuerFormat',  
     254            ('Format of issuerName string; if using the default, ensure that ' 
     255             'the issuerName value is a correctly formatted X.509 Subject ' 
     256             'Name'), 
     257            default=DEFAULT_ISSUER_FORMAT) 
     258    ] 
    233259 
    234260       
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.py

    r7781 r7790  
    1717from setuptools import setup, find_packages 
    1818 
    19 # Other packages needed by this server package 
    20 _pkgDependencies = [ 
    21     'ndg_security_common', 
    22     'Paste', 
    23     'WebOb', 
    24     'beaker', 
    25     'AuthKit', 
    26     'MyProxyClient' 
    27 ] 
    28  
    2919_entryPoints = """ 
    3020    [console_scripts]  
     
    3323    [paste.app_factory] 
    3424    main=ndg.security.server.pylons.container.config.middleware:make_app 
     25     
    3526    [paste.app_install] 
    3627    main=pylons.util:PylonsInstaller 
    3728    [paste.paster_create_template] 
     29    ndgsecurity_securedapp=ndg.security.server.paster_templates.template:SecuredAppTemplate 
    3830    ndgsecurity_services=ndg.security.server.paster_templates.template:ServicesTemplate 
     31    ndgsecurity_attribute_service=ndg.security.server.paster_templates.template:AttributeServiceTemplate 
    3932    ndgsecurity_authorisation_service=ndg.security.server.paster_templates.template:AuthorisationServiceTemplate 
    40     """ 
     33    ndgsecurity_openidprovider_service=ndg.security.server.paster_templates.template:OpenIdProviderServiceTemplate 
     34""" 
    4135    
    4236_longDescription = """\ 
     
    7670    url =                       'http://proj.badc.rl.ac.uk/ndg/wiki/Security', 
    7771    license =               'BSD - See LICENCE file for details', 
    78     install_requires =          _pkgDependencies, 
     72    install_requires =          [   'ndg_security_common', 
     73                                'Paste', 
     74                                'WebOb', 
     75                                'beaker', 
     76                                'AuthKit', 
     77                            ], 
    7978    extras_require = { 
    80         'xacml':  ["ndg_xacml"] 
     79        'xacml':  ["ndg_xacml"], 
     80        'myproxy-saml-assertion-cert-ext-app': ['MyProxyClient'] 
    8181    }, 
    8282    # Set ndg.security.common dependency 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidprovider

    • Property svn:ignore set to
      associations
      beaker
      nonces
      temp
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit

    • Property svn:ignore set to
      pyopenssl
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/paster_templates/test_paster_templates.py

    r7781 r7790  
    1 ''' 
    2 Created on 18 Nov 2010 
     1#!/usr/bin/env python 
     2"""Unit tests for NDG Security paster templates 
    33 
    4 @author: pjkersha 
    5 ''' 
     4NERC DataGrid Project 
     5""" 
     6__author__ = "P J Kershaw" 
     7__date__ = "18/11/10" 
     8__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
     9__license__ = "BSD - see LICENSE file in top-level directory" 
     10__contact__ = "Philip.Kershaw@stfc.ac.uk" 
     11__revision__ = '$Id$' 
    612import unittest 
    713from os import path, listdir 
    814import shutil 
    915from paste.script.create_distro import CreateDistroCommand 
    10  
    11 from ndg.security.server.paster_templates.template import (ServicesTemplate, 
    12     AuthorisationServiceTemplate) 
    13       
    14  
     16         
     17     
    1518class ServicesTemplateTestCase(unittest.TestCase): 
    1619    """Test create configuration for an application which bundles all the NDG  
     
    4043        shutil.rmtree(self.__class__.SERVICE_CONF_DIRPATH, True) 
    4144            
     45 
     46class AttributeServiceTemplateTestCase(unittest.TestCase): 
     47    """Test creation of ini file and basic configuration settings for NDG  
     48    Security Attribute Service 
     49    """ 
     50    HERE_DIR = path.dirname(path.abspath(__file__)) 
     51    ATTRIBUTE_SERVICE_TMPL_NAME = 'ndgsecurity_attribute_service' 
     52    ATTRIBUTE_SERVICE_CONF_DIR = 'attribute-service' 
     53    ATTRIBUTE_SERVICE_CONF_DIRPATH = path.join(HERE_DIR,  
     54                                                ATTRIBUTE_SERVICE_CONF_DIR) 
     55    ATTRIBUTE_SERVICE_CONF_DIR_FILES = ( 
     56        'pki', 'attribute-service.ini', 'user.db' 
     57    ) 
     58     
     59    def test01Run(self): 
     60        cmd = CreateDistroCommand(None) 
     61        cmd.default_interactive = False 
     62        cmd.run([self.__class__.ATTRIBUTE_SERVICE_CONF_DIR,  
     63                 '-t',  
     64                 self.__class__.ATTRIBUTE_SERVICE_TMPL_NAME]) 
     65         
     66        createdFiles = listdir( 
     67                            self.__class__.ATTRIBUTE_SERVICE_CONF_DIRPATH) 
     68         
     69        for _file in self.__class__.ATTRIBUTE_SERVICE_CONF_DIR_FILES: 
     70            self.assert_(_file in createdFiles, "Missing file %r" % _file) 
     71 
     72    def tearDown(self): 
     73        shutil.rmtree(self.__class__.ATTRIBUTE_SERVICE_CONF_DIRPATH, True)  
     74                    
    4275 
    4376class AuthorisationServiceTemplateTestCase(unittest.TestCase): 
     
    69102 
    70103    def tearDown(self): 
    71         shutil.rmtree(self.__class__.AUTHORISATION_SERVICE_CONF_DIRPATH, True) 
     104        shutil.rmtree(self.__class__.AUTHORISATION_SERVICE_CONF_DIRPATH, True)           
    72105 
     106 
     107class OpenIdProviderTemplateTestCase(unittest.TestCase): 
     108    """Test creation of ini file and basic configuration settings for NDG  
     109    Security OpenID Provider Service 
     110    """ 
     111    HERE_DIR = path.dirname(path.abspath(__file__)) 
     112    OP_SERVICE_TMPL_NAME = 'ndgsecurity_openidprovider_service' 
     113    OP_SERVICE_CONF_DIR = 'openid-provider' 
     114    OP_SERVICE_CONF_DIRPATH = path.join(HERE_DIR, OP_SERVICE_CONF_DIR) 
     115    OP_SERVICE_CONF_DIR_FILES = ( 
     116        'pki', 'openidprovider-service.ini',  
     117    ) 
     118     
     119    def _test01Run(self): 
     120        cmd = CreateDistroCommand(None) 
     121        cmd.default_interactive = False 
     122        cmd.run([self.__class__.OP_SERVICE_CONF_DIR,  
     123                 '-t',  
     124                 self.__class__.OP_SERVICE_TMPL_NAME]) 
     125         
     126        createdFiles = listdir( 
     127                            self.__class__.OP_SERVICE_CONF_DIRPATH) 
     128         
     129        for _file in self.__class__.OP_SERVICE_CONF_DIR_FILES: 
     130            self.assert_(_file in createdFiles, "Missing file %r" % _file) 
     131 
     132    def _tearDown(self): 
     133        shutil.rmtree(self.__class__.OP_SERVICE_CONF_DIRPATH, True) 
     134         
    73135 
    74136if __name__ == "__main__": 
Note: See TracChangeset for help on using the changeset viewer.