Changeset 7817


Ignore:
Timestamp:
17/01/11 10:24:33 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • major progress on independent OpenID Provider template. Requires some fixes to Yadis templates to complete.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
35 added
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7796 r7817  
    205205OP_DEST_DIR = ${DEST_DIR}${OP_DIRNAME} 
    206206OP_INI_FILENAME = service.ini 
    207 OP_INI_FILEPATH_TMP = ${OP_DEST_DIR}${OP_INI_FILENAME} 
    208 OP_INI_TMPL_FILEPATH = ${OP_INI_FILEPATH_TMP}_tmpl 
     207OP_INI_FILEPATH_TMP = ${OP_DEST_DIR}openidprovider.ini 
     208OP_INI_TMPL_FILEPATH = ${OP_DEST_DIR}${OP_INI_FILENAME}_tmpl 
    209209OP_PKI_DEST_DIR = ${OP_DEST_DIR}pki/ 
    210210OP_CA_DEST_DIR = ${OP_PKI_DEST_DIR}ca/ 
     211OP_CONFIG_FILES = templates openidprovider.ini public 
     212OP_TMPL_DIR = ${OP_DEST_DIR}templates/ 
     213OP_SERVER_YADIS_TMPL_FILEPATH_TMP = ${OP_TMPL_DIR}serveryadis.xml 
     214OP_SERVER_YADIS_TMPL_FILEPATH = ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP}_tmpl 
     215OP_YADIS_TMPL_FILEPATH_TMP = ${OP_TMPL_DIR}yadis.xml 
     216OP_YADIS_TMPL_FILEPATH = ${OP_YADIS_TMPL_FILEPATH_TMP}_tmpl 
    211217 
    212218 
     
    216222        @-echo Copying templates, CSS and graphics and ini file ... 
    217223        mkdir ${OP_DEST_DIR} 
    218         cp -r ${OP_SRC_DIR}openidprovider/templates/ ${OP_DEST_DIR} 
    219         cp -r ${OP_SRC_DIR}public ${OP_DEST_DIR} 
    220         cp ${OP_SRC_DIR}securityservices.ini ${OP_INI_FILEPATH_TMP} 
     224        mkdir ${OP_DEST_DIR}log 
     225        @-echo Copying files ... 
     226        for i in ${OP_CONFIG_FILES} ; do \ 
     227                cp -r ${OP_SRC_DIR}$$i ${OP_DEST_DIR}; \ 
     228        done ; 
    221229        @-echo Making substitutions for template variables ... 
    222         sed -e s/'%(here)s\/openidprovider'/'%(here)s'/g \ 
    223         -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
    224         -e s/testConfigDir/here/g \ 
     230        sed -e s/'portNum = .*'/'portNum = %%\{portNumber}'/ \ 
     231        -e s/'baseURI =.*'/'baseURI = %%\{baseURI}'/ \ 
     232        -e s/'testConfigDir = %(here)s\/\.\.\/\.\.\/config'// \ 
     233        -e s/testConfigDir/here/g \ 
     234        -e s/'# Revision:.*'// \ 
     235        -e s/'beaker.session.secret =.*'/'beaker.session.secret = %%\{beakerSessionCookieSecret}'/ \ 
     236        -e s/\(os\.path\.join\(\'%\(here\)s\'/\(os.path.join\(\'%%\{outputDir}\'/ \ 
    225237        ${OP_INI_FILEPATH_TMP} > ${OP_INI_TMPL_FILEPATH} 
    226238        rm -f ${OP_INI_FILEPATH_TMP} 
     239        @-echo Making substitutions for Yadis templates ... 
     240        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
     241        -e s/'<XRD>'/'%%\{extraXrdEntries}\n    <XRD>'/ \ 
     242                ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP} > \ 
     243                ${OP_SERVER_YADIS_TMPL_FILEPATH} 
     244        rm -f ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP} 
     245        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
     246        -e s/'<XRD>'/'%%\{extraXrdEntries}\n    <XRD>'/ \ 
     247                ${OP_YADIS_TMPL_FILEPATH_TMP} > \ 
     248                ${OP_YADIS_TMPL_FILEPATH} 
     249        rm -f ${OP_YADIS_TMPL_FILEPATH_TMP} 
     250        @-echo 
     251        @-echo 
     252        @-echo Copying test SQLite user database ... 
     253        cp ${USERDB_FILEPATH} ${OP_DEST_DIR} 
    227254        @-echo 
    228255        @-echo Create PKI directory and copying files ... 
     
    233260        cp ${CA_SRC_DIR}* ${OP_CA_DEST_DIR} 
    234261        @-echo Clear out SVN directories ... 
    235         @-find ${AUTHZ_SERVICE_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
     262        @-find ${OP_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
    236263        @-echo 
    237264        @-echo Done. 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/service.ini_tmpl

    r7786 r7817  
    7575#[composit:cascade] 
    7676#use = egg:Paste#cascade 
    77 #app1 = OpenIDProviderStaticContent 
     77#app1 = OpenIDProviderApp 
     78#app2 = OpenIDProviderStaticContent 
    7879#catch = 404 
    7980# 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7790 r7817  
    1 #!/usr/bin/env python 
    21"""NDG Security Paster template classes 
    32 
     
    3130 
    3231 
     32class DoublePercentTemplate(string.Template): 
     33    """Alternative template uses '%%' instead of '$' to denote template 
     34    variables.  This is used because some NDG Security templates contain 
     35    '$' variables used for other purposes.""" 
     36    delimiter = "%%" 
     37 
     38_MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = """<XRD> 
     39        <Service priority="10"> 
     40            <Type>urn:esg:security:myproxy-service</Type> 
     41            <URI>%%{myproxyServerURI}</URI> 
     42            <LocalID>$user_url</LocalID> 
     43        </Service> 
     44    </XRD> 
     45""" 
     46 
     47_ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = """<XRD> 
     48        <Service priority="20"> 
     49            <Type>urn:esg:security:attribute-service</Type> 
     50            <Type>urn:esg:security:attribute-service</Type> 
     51            <URI>%%{attributeServiceURI}</URI> 
     52            <LocalID>$user_url</LocalID> 
     53        </Service> 
     54    </XRD> 
     55""" 
     56 
     57_MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = """<XRD> 
     58        <Service priority="10"> 
     59            <Type>urn:esg:security:myproxy-service</Type> 
     60            <URI>%%{myproxyServerURI}</URI> 
     61        </Service> 
     62    </XRD> 
     63""" 
     64 
     65_ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = """<XRD> 
     66        <Service priority="20"> 
     67            <Type>urn:esg:security:attribute-service</Type> 
     68            <URI>%%{attributeServiceURI}</URI> 
     69        </Service> 
     70    </XRD> 
     71""" 
     72 
     73 
    3374class ServicesTemplate(Template): 
    3475    """Make a template containing all the Security Services available with 
     
    3879    """ 
    3980    DEFAULT_PORT_NUM = 7443 
    40     DEFAULT_URI = urlunsplit(('https', _hostname, '/', None, None)) 
     81    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
    4182     
    4283    ATTRIBUTE_SERVICE_DEFAULT_MOUNT_POINT = '/AttributeService' 
     
    4990    AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService' 
    5091     
    51     MYPROXY_SERVER_XRD_ENTRY_TMPL = """    <XRD> 
    52         <Service priority="10"> 
    53             <Type>urn:esg:security:myproxy-service</Type> 
    54             <URI>%%{myProxyServerURI}</URI> 
    55             <LocalID>$user_url</LocalID> 
    56         </Service> 
    57     </XRD> 
    58     """ 
    59      
    60     ATTRIBUTE_SERVICE_XRD_ENTRY_TMPL = """    <XRD> 
    61         <Service priority="20"> 
    62             <Type>urn:esg:security:attribute-service</Type> 
    63             <URI>%%{attributeServiceURI}</URI> 
    64             <LocalID>$user_url</LocalID> 
    65         </Service> 
    66     </XRD> 
    67     """ 
     92    MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = \ 
     93        _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL 
     94     
     95    ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = \ 
     96        _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL 
     97 
     98    MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = \ 
     99        _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL 
     100     
     101    ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = \ 
     102        _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL 
     103     
    68104     
    69105    _template_dir = 'services' 
     
    74110    vars = [ 
    75111        var('portNumber', 
    76             'Port number to run service on (applies to paster ONLY)', 
     112            'Port number to run service on (applies for running with paster ONLY)', 
    77113            default=DEFAULT_PORT_NUM), 
    78114             
     
    155191            _super.__del__() 
    156192 
    157     def write_files(self, command, output_dir, vars): 
     193    def pre(self, command, output_dir, vars): 
    158194        '''Extend to enable substitutions for OpenID Provider Yadis templates'''   
    159195        vars['extraXrdEntries'] = '' 
    160196         
    161         class XrdsTemplate(string.Template): 
    162             delimiter = "%%" 
    163                 
    164197        attributeServiceURI = vars['baseURI'] + vars[ 
    165198                                'attributeServiceMountPoint'].lstrip('/') 
    166199         
    167200        if vars['includeAttributeServiceInYadis']: 
    168             attributeServiceEntryTmpl = XrdsTemplate( 
     201            attributeServiceEntryTmpl = DoublePercentTemplate( 
    169202                            self.__class__.ATTRIBUTE_SERVICE_XRD_ENTRY_TMPL) 
    170203            vars['extraXrdEntries'] += attributeServiceEntryTmpl.substitute( 
     
    173206        del vars['includeAttributeServiceInYadis'] 
    174207        if vars['myproxyServerURI']: 
    175             myProxyServerEntryTmpl = XrdsTemplate( 
     208            myProxyServerEntryTmpl = DoublePercentTemplate( 
    176209                            self.__class__.MYPROXY_SERVER_XRD_ENTRY_TMPL) 
    177210            vars['extraXrdEntries'] += myProxyServerEntryTmpl.substitute( 
    178                             attributeServiceURI=vars['myproxyServerURI']) 
     211                            myproxyServerURI=vars['myproxyServerURI']) 
    179212         
    180213        del vars['myproxyServerURI']    
    181         super(ServicesTemplate, self).write_files(command, output_dir, vars) 
     214        super(ServicesTemplate, self).pre(command, output_dir, vars) 
    182215 
    183216         
     
    188221    _template_dir = 'secured_application' 
    189222    summary = ( 
    190         'Template to secure an application with NERC DataGrid Security ' 
     223        'Secure an application with NERC DataGrid Security ' 
    191224        'authentication and authorisation filters') 
    192225    vars = [ 
     
    258291    ] 
    259292 
    260        
     293 
    261294class OpenIDProviderTemplate(Template): 
    262295    """Paster template for OpenID Provider service""" 
    263     _template_dir = 'openid-provider' 
    264     summary = ( 
    265         'Template to create an NDG Security Authorisation Service') 
    266  
     296    _template_dir = 'openidprovider' 
     297    summary = 'Create an NDG Security OpenID Provider' 
     298     
     299    DEFAULT_PORT_NUM = 7443 
     300    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
     301     
     302    MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = \ 
     303        _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL 
     304     
     305    ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = \ 
     306        _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL 
     307 
     308    MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = \ 
     309        _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL 
     310     
     311    ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = \ 
     312        _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL 
     313     
     314    vars = [ 
     315        var('portNumber', 
     316            'Port number to run service on (applies for running with paster ONLY)', 
     317            default=DEFAULT_PORT_NUM), 
     318             
     319        var('baseURI', 
     320            'Base URI for the service', 
     321            default=DEFAULT_URI), 
     322 
     323        var('beakerSessionCookieSecret',  
     324            'Secret for securing the OpenID Provider and SSL Client ' 
     325            'authentication session cookie', 
     326            default=base64.b64encode(os.urandom(32))[:32]), 
     327             
     328        var('myproxyServerURI', 
     329            'MyProxy Server address to advertise in OpenID Provider Yadis ' 
     330            'document - defaults to omit this entry', 
     331            default=''), 
     332             
     333        var('attributeServiceURI', 
     334            'Attribute Service address to advertise in OpenID Provider Yadis ' 
     335            'document - defaults to omit this entry', 
     336            default='') 
     337        ] 
     338     
     339    def template_renderer(self, content, vars, filename=None): 
     340        """Alternative renderer defined to enable use of '%%' prefix for template 
     341        variables.  NDG Security ini files already use '$' for other variables 
     342         
     343        @param content: template content 
     344        @type content: string 
     345        @param vars: variables to substituted into the template 
     346        @type vars: dict 
     347        @return: content with all variables substituted for 
     348        @rtype: string 
     349        """ 
     350        tmpl = DoublePercentTemplate(content) 
     351        return tmpl.substitute(**vars) 
     352 
     353    def pre(self, command, output_dir, vars): 
     354        '''Extend to enable substitutions for OpenID Provider Yadis templates 
     355        and fix log file path setting'''   
     356        vars['outputDir'] = os.path.abspath(output_dir) 
     357 
     358        vars['yadisExtraXrdEntries'] = '' 
     359        vars['serveryadisExtraXrdEntries'] = '' 
     360         
     361        if vars['attributeServiceURI']: 
     362            attributeServiceEntryTmpl = DoublePercentTemplate( 
     363                            self.__class__.MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL) 
     364            vars['extraXrdEntries'] += attributeServiceEntryTmpl.substitute( 
     365                            attributeServiceURI=vars['attributeServiceURI']) 
     366 
     367        del vars['attributeServiceURI'] 
     368        if vars['myproxyServerURI']: 
     369            myProxyServerEntryTmpl = DoublePercentTemplate( 
     370                            self.__class__.MYPROXY_SERVER_XRD_ENTRY_TMPL) 
     371            vars['extraXrdEntries'] += myProxyServerEntryTmpl.substitute( 
     372                            myproxyServerURI=vars['myproxyServerURI']) 
     373         
     374        del vars['myproxyServerURI']    
     375        super(OpenIDProviderTemplate, self).pre(command, output_dir, vars) 
     376 
     377 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.py

    r7790 r7817  
    3131    ndgsecurity_attribute_service=ndg.security.server.paster_templates.template:AttributeServiceTemplate 
    3232    ndgsecurity_authorisation_service=ndg.security.server.paster_templates.template:AuthorisationServiceTemplate 
    33     ndgsecurity_openidprovider_service=ndg.security.server.paster_templates.template:OpenIdProviderServiceTemplate 
     33    ndgsecurity_openidprovider_service=ndg.security.server.paster_templates.template:OpenIDProviderTemplate 
    3434""" 
    3535    
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openid_ssl/README

    r7794 r7817  
    1 Integration Tests for OpenID Relying Party and Provider (SSL based) 
     1Integration Tests for OpenID Relying Party (SSL based) and Provider  
    22=================================================================== 
    33A simple example application securedapp.py is secured with an Authentication 
    44handler which redirects unauthenticated requests to an OpenID Relying Party 
    5 application running in securityservicesapp.py over HTTPS.   
     5application running in securityservicesapp.py over HTTPS.  This configuration 
     6has advantages for maintaining an encrypted channel between Relying Party and  
     7Provider during the sign in process.  It also enables the Relying Party app 
     8to include other middleware requiring SSL such as an SSL Client authentication 
     9filter.  This is important for the ESGF security architecture where apps are 
     10secured with both OpenID and SSL client based authentication.  
    611 
    712To run: 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/paster_templates/test_paster_templates.py

    r7794 r7817  
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1111__revision__ = '$Id$' 
     12import logging 
     13logging.basicConfig(level=logging.DEBUG) 
     14log = logging.getLogger(__name__) 
     15 
    1216import unittest 
    13 from os import path, listdir 
     17from os import path, listdir, environ 
    1418import shutil 
    1519from paste.script.create_distro import CreateDistroCommand 
    1620         
     21_HERE_DIR = path.dirname(path.abspath(__file__)) 
     22_NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS = environ.get( 
     23    'NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS') 
    1724     
     25 
    1826class ServicesTemplateTestCase(unittest.TestCase): 
    1927    """Test create configuration for an application which bundles all the NDG  
    2028    Security Services 
    2129    """ 
    22     HERE_DIR = path.dirname(path.abspath(__file__)) 
     30    HERE_DIR = _HERE_DIR 
    2331    SERVICE_TMPL_NAME = 'ndgsecurity_services' 
    2432    SERVICE_CONF_DIR = 'services' 
     
    2937     
    3038    def test01Run(self): 
     39        log.debug("_"*80) 
     40        log.debug("Creating Services template ...") 
     41        log.debug("_"*80) 
    3142        cmd = CreateDistroCommand(None) 
    3243        cmd.default_interactive = False 
     
    4152 
    4253    def tearDown(self): 
     54        if _NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS: 
     55            return 
     56 
    4357        shutil.rmtree(self.__class__.SERVICE_CONF_DIRPATH, True) 
    4458            
     
    4862    Security Attribute Service 
    4963    """ 
    50     HERE_DIR = path.dirname(path.abspath(__file__)) 
     64    HERE_DIR = _HERE_DIR 
    5165    ATTRIBUTE_SERVICE_TMPL_NAME = 'ndgsecurity_attribute_service' 
    5266    ATTRIBUTE_SERVICE_CONF_DIR = 'attribute-service' 
     
    5872     
    5973    def test01Run(self): 
     74        log.debug("_"*80) 
     75        log.debug("Creating Attribute Service template ...") 
     76        log.debug("_"*80) 
    6077        cmd = CreateDistroCommand(None) 
    6178        cmd.default_interactive = False 
     
    7188 
    7289    def tearDown(self): 
     90        if _NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS: 
     91            return 
     92 
    7393        shutil.rmtree(self.__class__.ATTRIBUTE_SERVICE_CONF_DIRPATH, True)  
    7494                    
     
    7898    Security Authorisation Service 
    7999    """ 
    80     HERE_DIR = path.dirname(path.abspath(__file__)) 
     100    HERE_DIR = _HERE_DIR 
    81101    AUTHORISATION_SERVICE_TMPL_NAME = 'ndgsecurity_authorisation_service' 
    82102    AUTHORISATION_SERVICE_CONF_DIR = 'authorisation-service' 
     
    88108     
    89109    def test01Run(self): 
     110        log.debug("_"*80) 
     111        log.debug("Creating Authorisation Service template ...") 
     112        log.debug("_"*80) 
    90113        cmd = CreateDistroCommand(None) 
    91114        cmd.default_interactive = False 
     
    101124 
    102125    def tearDown(self): 
     126        if _NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS: 
     127            return 
     128 
    103129        shutil.rmtree(self.__class__.AUTHORISATION_SERVICE_CONF_DIRPATH, True)           
    104130 
     
    108134    Security OpenID Provider Service 
    109135    """ 
    110     HERE_DIR = path.dirname(path.abspath(__file__)) 
     136    HERE_DIR = _HERE_DIR 
    111137    OP_SERVICE_TMPL_NAME = 'ndgsecurity_openidprovider_service' 
    112     OP_SERVICE_CONF_DIR = 'openid-provider' 
     138    OP_SERVICE_CONF_DIR = 'openidprovider' 
    113139    OP_SERVICE_CONF_DIRPATH = path.join(HERE_DIR, OP_SERVICE_CONF_DIR) 
    114140    OP_SERVICE_CONF_DIR_FILES = ( 
    115         'pki', 'openidprovider-service.ini',  
     141        'pki', 'service.ini', 'user.db', 'templates', 'public', 'log' 
    116142    ) 
    117143     
    118     def _test01Run(self): 
     144    def test01Run(self): 
     145        log.debug("_"*80) 
     146        log.debug("Creating OpenID Provider Service template ...") 
     147        log.debug("_"*80) 
    119148        cmd = CreateDistroCommand(None) 
    120149        cmd.default_interactive = False 
     
    129158            self.assert_(_file in createdFiles, "Missing file %r" % _file) 
    130159 
    131     def _tearDown(self): 
     160    def tearDown(self): 
     161        if _NDGSEC_UNITTEST_KEEP_PASTER_CONF_DIRS: 
     162            return 
     163 
    132164        shutil.rmtree(self.__class__.OP_SERVICE_CONF_DIRPATH, True) 
    133165         
Note: See TracChangeset for help on using the changeset viewer.