Changeset 7796 for TI12-security


Ignore:
Timestamp:
24/12/10 12:10:49 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Work on openidprovider integration test - OpenID RP test harness needs fix.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
3 added
1 deleted
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7790 r7796  
    201201 
    202202# Settings to create OpenID Provider template 
    203 OPENID_PROVIDER_DIRNAME = openidprovider/ 
    204 OPENID_PROVIDER_SRC_DIR = ${INTEGRATION_TEST_DIR}${OPENID_PROVIDER_DIRNAME} 
    205 OPENID_PROVIDER_DEST_DIR = ${DEST_DIR}${OPENID_PROVIDER_DIRNAME} 
    206 OPENID_PROVIDER_INI_FILENAME = service.ini 
    207 OPENID_PROVIDER_INI_FILEPATH_TMP = ${OPENID_PROVIDER_DEST_DIR}${OPENID_PROVIDER_INI_FILENAME} 
    208 OPENID_PROVIDER_INI_TMPL_FILEPATH = ${OPENID_PROVIDER_INI_FILEPATH_TMP}_tmpl 
    209 OPENID_PROVIDER_PKI_DEST_DIR = ${OPENID_PROVIDER_DEST_DIR}pki/ 
    210 OPENID_PROVIDER_CA_DEST_DIR = ${OPENID_PROVIDER_PKI_DEST_DIR}ca/ 
     203OP_DIRNAME = openidprovider/ 
     204OP_SRC_DIR = ${INTEGRATION_TEST_DIR}${OP_DIRNAME} 
     205OP_DEST_DIR = ${DEST_DIR}${OP_DIRNAME} 
     206OP_INI_FILENAME = service.ini 
     207OP_INI_FILEPATH_TMP = ${OP_DEST_DIR}${OP_INI_FILENAME} 
     208OP_INI_TMPL_FILEPATH = ${OP_INI_FILEPATH_TMP}_tmpl 
     209OP_PKI_DEST_DIR = ${OP_DEST_DIR}pki/ 
     210OP_CA_DEST_DIR = ${OP_PKI_DEST_DIR}ca/ 
    211211 
    212212 
     
    215215        @-echo 
    216216        @-echo Copying templates, CSS and graphics and ini file ... 
    217         mkdir ${OPENID_PROVIDER_DEST_DIR} 
    218         cp -r ${OPENID_PROVIDER_SRC_DIR}openidprovider/templates/ \ 
    219                 ${OPENID_PROVIDER_DEST_DIR} 
    220         cp -r ${OPENID_PROVIDER_SRC_DIR}public ${OPENID_PROVIDER_DEST_DIR} 
    221         cp ${OPENID_PROVIDER_SRC_DIR}securityservices.ini \ 
    222                 ${OPENID_PROVIDER_INI_FILEPATH_TMP} 
    223         @-echo Clear out SVN directories ... 
    224         -find ${OPENID_PROVIDER_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
     217        mkdir ${OP_DEST_DIR} 
     218        cp -r ${OP_SRC_DIR}openidprovider/templates/ ${OP_DEST_DIR} 
     219        cp -r ${OP_SRC_DIR}public ${OP_DEST_DIR} 
     220        cp ${OP_SRC_DIR}securityservices.ini ${OP_INI_FILEPATH_TMP} 
    225221        @-echo Making substitutions for template variables ... 
    226222        sed -e s/'%(here)s\/openidprovider'/'%(here)s'/g \ 
    227223        -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
    228224        -e s/testConfigDir/here/g \ 
    229         ${OPENID_PROVIDER_INI_FILEPATH_TMP} > ${OPENID_PROVIDER_INI_TMPL_FILEPATH} 
    230         rm -f ${OPENID_PROVIDER_INI_FILEPATH_TMP} 
    231         @-echo 
    232         @-echo Create PKI directory and copying files ... 
    233         -mkdir ${OPENID_PROVIDER_PKI_DEST_DIR} 
    234         cp ${SERVER_CERT_SRC_FILEPATH} ${OPENID_PROVIDER_PKI_DEST_DIR} 
    235         cp ${SERVER_KEY_SRC_FILEPATH} ${OPENID_PROVIDER_PKI_DEST_DIR} 
    236         -mkdir ${OPENID_PROVIDER_CA_DEST_DIR} 
    237         cp ${CA_SRC_DIR}* ${OPENID_PROVIDER_CA_DEST_DIR} 
     225        ${OP_INI_FILEPATH_TMP} > ${OP_INI_TMPL_FILEPATH} 
     226        rm -f ${OP_INI_FILEPATH_TMP} 
     227        @-echo 
     228        @-echo Create PKI directory and copying files ... 
     229        -mkdir ${OP_PKI_DEST_DIR} 
     230        cp ${SERVER_CERT_SRC_FILEPATH} ${OP_PKI_DEST_DIR} 
     231        cp ${SERVER_KEY_SRC_FILEPATH} ${OP_PKI_DEST_DIR} 
     232        -mkdir ${OP_CA_DEST_DIR} 
     233        cp ${CA_SRC_DIR}* ${OP_CA_DEST_DIR} 
     234        @-echo Clear out SVN directories ... 
     235        @-find ${AUTHZ_SERVICE_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
    238236        @-echo 
    239237        @-echo Done. 
     
    241239openidprovider_tmpl_clean: 
    242240        @-echo Clearing OpenID Provider template ... 
    243         rm -rf ${OPENID_PROVIDER_DEST_DIR} 
     241        rm -rf ${OP_DEST_DIR} 
    244242 
    245243         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/__init__.py

    r7077 r7796  
    1 """NDG Security WSGI authorization integration testing package 
     1"""NDG Security OpenID Provider integration testing package 
    22 
    33NERC DataGrid Project 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidprovider.ini

    r7794 r7796  
    3232port = %(portNum)s 
    3333 
    34 # Uncomment and replace OpenIDProviderApp with OpenIDProviderFilterApp in the 
    35 # pipeline below if the RelyingParty filter is removed.   
     34# Use composite cascade construct to enable Provider app to pick up static  
     35# content   
    3636[filter-app:OpenIDProviderFilterApp] 
    3737use = egg:Paste#httpexceptions 
     
    163163 
    164164[handlers] 
    165 keys = console 
     165keys = console, logfile 
    166166 
    167167[formatters] 
    168 keys = generic 
     168keys = console, generic 
    169169 
    170170[logger_root] 
     
    181181args = (sys.stderr,) 
    182182level = NOTSET 
    183 formatter = generic 
     183formatter = console 
     184 
     185[handler_logfile] 
     186class = handlers.RotatingFileHandler 
     187level=NOTSET 
     188formatter=generic 
     189args=(os.path.join('%(here)s', 'log', 'openidprovider.log'), 'a', 100000, 10) 
    184190 
    185191[formatter_generic] 
     
    187193datefmt = %Y-%m-%d %H:%M:%S 
    188194 
     195# Skip date / time for this output as system logs picks up stderr and timestamps 
     196# it anyway 
     197[formatter_console] 
     198format = %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidprovider.py

    r7794 r7796  
    1818from ndg.security.test.unit.wsgi import PasteDeployAppServer 
    1919 
    20 INI_FILEPATH = 'openidprovider.ini' 
     20INI_FILENAME = 'openidprovider.ini' 
     21INI_FILEPATH = join(dirname(abspath(__file__)), INI_FILENAME) 
     22DEFAULT_PORT = 7443 
    2123 
    22 os.environ['NDGSEC_INTEGRATION_TEST_DIR'] = os.path.dirname(os.path.dirname( 
    23                                                                     __file__)) 
     24os.environ['NDGSEC_INTEGRATION_TEST_DIR'] = dirname(dirname(__file__)) 
    2425os.environ[BaseTestCase.configDirEnvVarName] = TEST_CONFIG_DIR 
    2526 
    2627import optparse 
    2728 
    28 # To start run  
    29 # $ paster serve services.ini or run this file as a script, see 
    30 # $ ./securityservicesapp.py -h 
     29# To start run: 
     30# 
     31# $ paster serve openidprovider.ini  
     32# 
     33# or run this file as a script, see: 
     34# 
     35# $ ./openidprovider.py -h 
    3136if __name__ == '__main__':     
    32     cfgFileName = INI_FILEPATH 
    33     cfgFilePath = os.path.join(dirname(abspath(__file__)), cfgFileName)   
    34          
    3537    parser = optparse.OptionParser() 
    3638    parser.add_option("-p", 
    3739                      "--port", 
    3840                      dest="port", 
    39                       default=7443, 
     41                      default=DEFAULT_PORT, 
    4042                      type='int', 
    4143                      help="port number to run under") 
     
    5052                      "--conf", 
    5153                      dest="configFilePath", 
    52                       default=cfgFilePath, 
     54                      default=INI_FILEPATH, 
    5355                      help="Configuration file path") 
    5456     
    5557    # Initialise test user database 
    56     from ndg.security.test.unit import BaseTestCase 
    5758    BaseTestCase.initDb() 
    5859     
     
    6061     
    6162    if opt.withSSL.lower() == 'true': 
    62         certFilePath = os.path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR,  
    63                                     'pki',  
    64                                     'localhost.crt') 
    65         priKeyFilePath = os.path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR,  
    66                                       'pki',  
    67                                       'localhost.key') 
     63        certFilePath = join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'pki',  
     64                            'localhost.crt') 
     65        priKeyFilePath = join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'pki',  
     66                              'localhost.key') 
    6867         
    6968        ssl_context = SSL.Context(SSL.SSLv23_METHOD) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidrelyingparty.ini

    r7794 r7796  
    7575# Reference security configuration settings                                                    
    7676securityConfigDir=%(here)s                                                                     
    77 #securityConfigDir=/usr/local/ndg-security/etc                                                 
    7877beakerSessionKeyName = beaker.session.ndg.security                                             
    7978                                                                                               
    80 hostname = q.cmip5.ceda.ac.uk                                                                  
    8179scheme = http                                                                                  
    82 baseURI = %(scheme)s://%(hostname)s                                                            
     80hostname = localhost    
     81port = 7443                                                              
     82baseURI = %(scheme)s://%(hostname)s:%(port)s                                                           
    8383openIDProviderIDBase = /openid                                                                 
    8484 
    8585# Initial OpenID set in the Relying Party's OpenID text box 
    86 openIDProviderIDSelectURI = https://ceda.ac.uk/openid/      
     86openIDProviderIDSelectURI = https://localhost:7443/openid/      
    8787 
    8888# Logout URI used by AuthKit and SessionHandlerMiddleware 
     
    9393host = 0.0.0.0       
    9494port = 6080          
    95                      
    96 [app:CMIP5qApp]      
    97 paste.app_factory = cmip5q.wsgi:app_factory 
     95 
    9896 
    9997# Pipeline with security filters to protect the application 
    10098[pipeline:main]                                             
    101 pipeline = BeakerSessionFilter                              
    102            OpenIDRelyingPartyFilter                         
    103            SessionHandlerFilter                             
    104            AuthorizationFilter                              
    105            CMIP5qApp                                        
    106  
     99pipeline = BeakerSessionFilter  
     100        OpenIDRelyingPartyFilter  
     101        SessionHandlerFilter 
     102        TestHarnessApp                                        
     103 
     104[app:TestHarnessApp] 
     105paste.app_factory =  
     106        ndg.security.test.integration.openidprovider.openidrelyingparty:OpenIdRelyingPartyTestHarnessApp.app_factory 
    107107 
    108108[filter:BeakerSessionFilter] 
     
    114114# WSGI environ key name 
    115115environ_key = %(beakerSessionKeyName)s 
    116 beaker.session.secret = iPCb3xS4XvekARyrkbJxB+wy4cAcXm5zQXRQTGMhV+Q 
    117 beaker.cache.data_dir = %(here)s/authn/beaker/cache                 
    118 beaker.session.data_dir = %(here)s/authn/beaker/sessions            
     116beaker.session.secret = VI2sMm6LkG9QWnXcA2gtd27QILki77fq 
     117beaker.cache.data_dir = %(here)s/openidrelyingparty/beaker/cache                 
     118beaker.session.data_dir = %(here)s/openidrelyingparty/beaker/sessions            
    119119 
    120120 
     
    127127 
    128128 
    129  
    130129[filter:OpenIDRelyingPartyFilter] 
    131130paste.filter_app_factory =  
     
    154153openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png 
    155154 
    156 cache_dir = %(here)s/data 
     155cache_dir = %(here)s/openidrelyingparty/data 
    157156 
    158157# AuthKit Set-up 
     
    163162authkit.cookie.name=ndg.security.auth 
    164163 
    165 authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
     164authkit.cookie.secret=hxyjnMT5lgW4HN4Y7DUxQghQl9D1dPJD 
    166165authkit.cookie.signoutpath = /logout 
    167166#authkit.cookie.params.domain = .localhost 
     
    220219 
    221220[handlers] 
    222 keys = console,logfile 
     221keys = console, logfile 
    223222 
    224223[formatters] 
     
    249248level=NOTSET 
    250249formatter=generic 
    251 args=(os.path.join('%(here)s', 'log', 'server.log'), 'a', 100000, 10) 
     250args=(os.path.join('%(here)s', 'log', 'service.log'), 'a', 100000, 10) 
    252251 
    253252[formatter_generic] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidrelyingparty.py

    r7793 r7796  
    1111__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1212__revision__ = "$Id: securedapp.py 7077 2010-06-24 15:38:19Z pjkersha $" 
     13from os import path 
     14import optparse 
     15 
     16from ndg.security.test.unit.wsgi import PasteDeployAppServer 
    1317 
    1418    
     
    2125    return OpenIdTestHarnessApp(app, globalConfig, **localConfig) 
    2226 
    23 class OpenIdTestHarnessApp(object): 
     27class OpenIdRelyingPartyTestHarnessApp(object): 
    2428    """This class simulates the application to be secured by the NDG Security 
    25     authorization middleware 
     29    OpenID Relying Party middleware 
    2630    """ 
    2731    method = { 
     
    3236    header = """        <h1>OpenID Provider Integration Tests:</h1> 
    3337        <p>These tests require the OpenID Provider application to be 
    34         running.  See securityserviceapp.py and securityservices.ini in the  
     38        running.  See openidprovider.py and openidprovider.ini in the  
    3539        ndg/security/test/integration/openidprovider/ integration test  
    3640        directory.</p> 
    3741        <h2>To Run:</h2> 
    3842        <p>Try any of the links below.  When prompt for username and password, 
    39         enter one of the sets of credentials from securityservices.ini 
    40         openid.provider.authN.userCreds section.  The defaults are: 
     43        enter one of the sets of credentials: 
    4144        </p> 
    4245        <p>pjk/testpassword</p> 
     
    7275    </body> 
    7376</html> 
    74 """ % (OpenIdTestHarnessApp.header, 
     77""" % (self.__class__.header, 
    7578       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    7679                 for link,name in self.method.items() if name != 'default']), 
     
    8891    </body> 
    8992</html> 
    90 """ % (OpenIdTestHarnessApp.header, 
     93""" % (self.__class__.header, 
    9194       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    9295                 for link,name in self.method.items() if name != 'default']) 
     
    157160    def filter_app_factory(cls, app, globalConfig, **localConfig): 
    158161        return cls(app, globalConfig, **localConfig) 
     162    
    159163     
     164INI_FILENAME = 'openidrelyingparty.ini' 
     165INI_FILEPATH = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME) 
     166DEFAULT_PORT = 7080 
     167 
    160168# To start run  
    161 # $ paster serve services.ini or run this file as a script 
    162 # $ ./securedapp.py [port #] 
     169# 
     170# $ paster serve openidrelyingparty.ini  
     171# 
     172# or run this file as a script, see: 
     173# 
     174# $ ./openidrelyingparty.py -h 
    163175if __name__ == '__main__': 
    164     import sys 
    165     import os 
    166     from os.path import dirname, abspath 
    167     import logging 
    168     logging.basicConfig(level=logging.DEBUG) 
     176    parser = optparse.OptionParser() 
     177    parser.add_option("-p", 
     178                      "--port", 
     179                      dest="port", 
     180                      default=DEFAULT_PORT, 
     181                      type='int', 
     182                      help="port number to run under") 
    169183 
    170     if len(sys.argv) > 1: 
    171         port = int(sys.argv[1]) 
    172     else: 
    173         port = 7080 
    174          
    175     cfgFilePath = os.path.join(dirname(abspath(__file__)), 'securedapp.ini') 
    176          
    177     from paste.httpserver import serve 
    178     from paste.deploy import loadapp 
    179     from paste.script.util.logging_config import fileConfig 
     184    parser.add_option("-c", 
     185                      "--conf", 
     186                      dest="configFilePath", 
     187                      default=INI_FILEPATH, 
     188                      help="Configuration file path") 
    180189     
    181     fileConfig(cfgFilePath) 
    182     app = loadapp('config:%s' % cfgFilePath) 
    183     serve(app, host='0.0.0.0', port=port) 
     190    opt = parser.parse_args()[0] 
     191     
     192    server = PasteDeployAppServer(cfgFilePath=opt.configFilePath, port=opt.port)  
     193    server.start() 
     194    
Note: See TracChangeset for help on using the changeset viewer.