Changeset 7824 for TI12-security


Ignore:
Timestamp:
19/01/11 10:52:35 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Completed all templates
  • Tested OpenID Provider setup from template. TODO: test remaining configurations as created by respective templates
  • ALL UNIT TESTS pass for ndg.security.*
  • fix from rel to abs file path for authorisation-service.ini, tidied unit test directory.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
1 added
6 deleted
26 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/Tests/ndgsecuredpylons/secured.ini

    r7155 r7824  
    7777# List of CA certificates used to verify the signatures of  
    7878# Attribute Certificates retrieved 
    79 pip.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     79pip.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    8080 
    8181# 
     
    9999 
    100100# For signature verification.  Provide a space separated list of file paths 
    101 pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     101pip.wssecurity.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    102102 
    103103# ValueType for the BinarySecurityToken added to the WSSE header 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7823 r7824  
    1515import string 
    1616import re 
    17 from urlparse import urlunsplit 
     17from urlparse import urlunsplit, urlparse 
    1818from paste.script.templates import Template, var 
    1919from paste.script.copydir import LaxTemplate 
     
    101101    to suit 
    102102    """ 
    103     DEFAULT_PORT_NUM = 7443 
    104103    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
    105104     
     
    111110        '/O=Site A/CN=Authorisation Service' 
    112111    AUTHORISATION_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    113     AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService' 
    114      
    115     MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = \ 
    116         _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL 
    117      
    118     ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = \ 
    119         _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL 
    120  
    121     MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = \ 
    122         _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL 
    123      
    124     ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = \ 
    125         _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL 
    126      
     112    AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService'     
    127113     
    128114    _template_dir = 'services' 
     
    132118               'client authentication services') 
    133119    vars = [ 
    134         var('portNumber', 
    135             'Port number to run service on (applies for running with paster ONLY)', 
    136             default=DEFAULT_PORT_NUM), 
    137              
    138120        var('baseURI', 
    139121            'Base URI for the service(s) [with no trailing slash]', 
     
    188170            'document', 
    189171            default=True) 
    190         ] 
    191      
    192     def __init__(self, *arg, **kw): 
    193         """Extend to enable custom setting for template substitution.  This  
    194         enables the special variable in service.ini_tmpl "userIdentifier" to 
    195         be ignored 
    196         """ 
    197         self._laxTemplatePattern = LaxTemplate.pattern 
    198         LaxTemplate.pattern = re.compile(r""" 
    199         \%%(?: 
    200           (?P<escaped>\$)             |   # Escape sequence of two delimiters 
    201           (?P<named>[_a-z][_a-z0-9]*) |   # delimiter and a Python identifier 
    202           {(?P<braced>.*?)}           |   # delimiter and a braced identifier 
    203           (?P<invalid>)                   # Other ill-formed delimiter exprs 
    204         ) 
    205         """) 
    206         super(ServicesTemplate, self).__init__(*arg, **kw) 
    207          
    208     def __del__(self): 
    209         """Restore default setting for template pattern to its original value 
    210         """ 
    211         LaxTemplate.pattern = self._laxTemplatePattern 
    212         _super = super(ServicesTemplate, self) 
    213         if hasattr(_super, "__del__"): 
    214             _super.__del__() 
    215  
    216     def pre(self, command, output_dir, vars): 
    217         '''Extend to enable substitutions for OpenID Provider Yadis templates'''   
    218          
    219         vars['yadisExtraXrdEntries'] = '' 
    220         vars['serveryadisExtraXrdEntries'] = '' 
    221          
    222         attributeServiceURI = vars['baseURI'] + vars[ 
    223                                 'attributeServiceMountPoint'].lstrip('/') 
    224          
    225         # Attribute Service entry added if flag was set 
    226         if vars['includeAttributeServiceInYadis']: 
    227             # yadis.xml_tmpl entry 
    228             vars['yadisExtraXrdEntries' 
    229                  ] += _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL.substitute( 
    230                         attributeServiceURI=attributeServiceURI) 
    231  
    232             # serveryadis.xml_tmpl entry 
    233             vars['serveryadisExtraXrdEntries' 
    234                  ] += _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    235                         attributeServiceURI=attributeServiceURI) 
    236  
    237         del vars['includeAttributeServiceInYadis'] 
    238          
    239         # MyProxy Server entry added if an endpoint was specified 
    240         if vars['myproxyServerURI']: 
    241             # yadis.xml_tmpl entry 
    242             vars['yadisExtraXrdEntries' 
    243                  ] += _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL.substitute( 
    244                             myproxyServerURI=vars['myproxyServerURI'])         
    245              
    246             vars['serveryadisExtraXrdEntries' 
    247                  ] += _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    248                         myproxyServerURI=vars['myproxyServerURI']) 
    249         del vars['myproxyServerURI']    
    250          
    251         super(ServicesTemplate, self).pre(command, output_dir, vars) 
    252  
    253          
    254 class SecuredAppTemplate(Template): 
    255     """Create a template for a secured application with authentication and 
    256     authorisation filters""" 
    257      
    258     _template_dir = 'secured_application' 
    259     summary = ( 
    260         'Secure an application with NERC DataGrid Security ' 
    261         'authentication and authorisation filters') 
    262     vars = [ 
    263         var('hostname',  
    264             ('Virtual host name to mount services on'), 
    265             default=_hostname), 
    266  
    267         var('authkitCookieSecret',  
    268             ('Cookie secret for AuthKit authentication middleware (if using a ' 
    269              'separate SSL based OpenID Relying Party then this value MUST ' 
    270              'agree with the one used for that ini file'), 
    271             default=base64.b64encode(os.urandom(32))[:32]), 
    272  
    273         var('beakerSessionSecret',  
    274             'Cookie secret for keeping security session state', 
    275             default=base64.b64encode(os.urandom(32))[:32]) 
    276     ] 
    277  
    278  
    279 class AttributeServiceTemplate(Template): 
    280     """Paster template for the SAML attribute service""" 
    281      
    282     DEFAULT_MOUNT_POINT = '/AttributeService' 
    283     DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    284     DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    285      
    286     _template_dir = 'attributeservice' 
    287     summary = 'Create an NDG Security SAML Attribute Service' 
    288     vars = [ 
    289         var('mountPoint',  
    290             ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
    291             default=DEFAULT_MOUNT_POINT), 
    292  
    293         var('issuerName',  
    294             ('ID of this service used in SAML queries and responses'), 
    295             default=DEFAULT_ISSUER_NAME), 
    296  
    297         var('issuerFormat',  
    298             ('Format of issuerName string; if using the default, ensure that ' 
    299              'the issuerName value is a correctly formatted X.509 Subject ' 
    300              'Name'), 
    301             default=DEFAULT_ISSUER_FORMAT) 
    302     ] 
    303      
    304  
    305 class AuthorisationServiceTemplate(Template): 
    306     """Paster template for the SAML authorisation service""" 
    307      
    308     DEFAULT_MOUNT_POINT = '/AuthorisationService' 
    309     DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    310     DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    311      
    312     _template_dir = 'authorisationservice' 
    313     summary = 'Create an NDG Security Authorisation Service' 
    314     vars = [ 
    315         var('mountPoint',  
    316             ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
    317             default=DEFAULT_MOUNT_POINT), 
    318  
    319         var('issuerName',  
    320             ('ID of this service used in SAML queries and responses'), 
    321             default=DEFAULT_ISSUER_NAME), 
    322  
    323         var('issuerFormat',  
    324             ('Format of issuerName string; if using the default, ensure that ' 
    325              'the issuerName value is a correctly formatted X.509 Subject ' 
    326              'Name'), 
    327             default=DEFAULT_ISSUER_FORMAT) 
    328     ] 
    329  
    330  
    331 class OpenIDProviderTemplate(Template): 
    332     """Paster template for OpenID Provider service""" 
    333     _template_dir = 'openidprovider' 
    334     summary = 'Create an NDG Security OpenID Provider' 
    335      
    336     DEFAULT_PORT_NUM = 7443 
    337     DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
    338      
    339     MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = \ 
    340         _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL 
    341      
    342     ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = \ 
    343         _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL 
    344  
    345     MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = \ 
    346         _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL 
    347      
    348     ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = \ 
    349         _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL 
    350      
    351     vars = [ 
    352         var('portNumber', 
    353             'Port number to run service on (applies for running with paster ONLY)', 
    354             default=DEFAULT_PORT_NUM), 
    355              
    356         var('baseURI', 
    357             'Base URI for the service [with no trailing slash]', 
    358             default=DEFAULT_URI), 
    359  
    360         var('beakerSessionCookieSecret',  
    361             'Secret for securing the OpenID Provider and SSL Client ' 
    362             'authentication session cookie', 
    363             default=base64.b64encode(os.urandom(32))[:32]), 
    364              
    365         var('myproxyServerURI', 
    366             'MyProxy Server address to advertise in OpenID Provider Yadis ' 
    367             'document - defaults to omit this entry', 
    368             default=''), 
    369              
    370         var('attributeServiceURI', 
    371             'Attribute Service address to advertise in OpenID Provider Yadis ' 
    372             'document - defaults to omit this entry', 
    373             default='') 
    374172        ] 
    375173     
     
    387185        tmpl = DoublePercentTemplate(content) 
    388186        return tmpl.substitute(**vars) 
    389  
     187     
    390188    def pre(self, command, output_dir, vars): 
    391         '''Extend to enable substitutions for OpenID Provider Yadis templates 
    392         and fix log file path setting'''   
     189        '''Extend to enable substitutions for OpenID Provider Yadis templates, 
     190        port number and fix log file path setting 
     191         
     192        @param command: command to create template 
     193        @type command:  
     194        @param output_dir: output directory for template file(s) 
     195        @type output_dir: string 
     196        @param vars: variables to be substituted into template 
     197        @type vars: dict 
     198        '''   
     199         
     200        # This sets the log file path 
    393201        vars['outputDir'] = os.path.abspath(output_dir) 
    394202 
     203        # Cut out port number from base URI 
     204        uriParts = urlparse(vars['baseURI']) 
     205        netlocLastElem = uriParts.netloc.split(':')[-1] 
     206        if netlocLastElem.isdigit(): 
     207            vars['portNumber'] = netlocLastElem 
     208        else: 
     209            vars['portNumber'] = '' 
     210             
     211        vars['yadisExtraXrdEntries'] = '' 
     212        vars['serveryadisExtraXrdEntries'] = '' 
     213         
     214        attributeServiceURI = vars['baseURI'] + vars[ 
     215                                'attributeServiceMountPoint'].lstrip('/') 
     216         
     217        # Attribute Service entry added if flag was set 
     218        if vars['includeAttributeServiceInYadis']: 
     219            # yadis.xml_tmpl entry 
     220            vars['yadisExtraXrdEntries' 
     221                 ] += _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL.substitute( 
     222                        attributeServiceURI=attributeServiceURI) 
     223 
     224            # serveryadis.xml_tmpl entry 
     225            vars['serveryadisExtraXrdEntries' 
     226                 ] += _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
     227                        attributeServiceURI=attributeServiceURI) 
     228 
     229        del vars['includeAttributeServiceInYadis'] 
     230         
     231        # MyProxy Server entry added if an endpoint was specified 
     232        if vars['myproxyServerURI']: 
     233            # yadis.xml_tmpl entry 
     234            vars['yadisExtraXrdEntries' 
     235                 ] += _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL.substitute( 
     236                            myproxyServerURI=vars['myproxyServerURI'])         
     237             
     238            vars['serveryadisExtraXrdEntries' 
     239                 ] += _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
     240                        myproxyServerURI=vars['myproxyServerURI']) 
     241        del vars['myproxyServerURI']    
     242         
     243        super(ServicesTemplate, self).pre(command, output_dir, vars) 
     244 
     245         
     246class SecuredAppTemplate(Template): 
     247    """Create a template for a secured application with authentication and 
     248    authorisation filters""" 
     249     
     250    _template_dir = 'secured_application' 
     251    summary = ( 
     252        'Secure an application with NERC DataGrid Security ' 
     253        'authentication and authorisation filters') 
     254    vars = [ 
     255        var('hostname',  
     256            ('Virtual host name to mount services on'), 
     257            default=_hostname), 
     258 
     259        var('authkitCookieSecret',  
     260            ('Cookie secret for AuthKit authentication middleware (if using a ' 
     261             'separate SSL based OpenID Relying Party then this value MUST ' 
     262             'agree with the one used for that ini file'), 
     263            default=base64.b64encode(os.urandom(32))[:32]), 
     264 
     265        var('beakerSessionSecret',  
     266            'Cookie secret for keeping security session state', 
     267            default=base64.b64encode(os.urandom(32))[:32]) 
     268    ] 
     269 
     270 
     271class AttributeServiceTemplate(Template): 
     272    """Paster template for the SAML attribute service""" 
     273     
     274    DEFAULT_MOUNT_POINT = '/AttributeService' 
     275    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     276    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     277     
     278    _template_dir = 'attributeservice' 
     279    summary = 'Create an NDG Security SAML Attribute Service' 
     280    vars = [ 
     281        var('mountPoint',  
     282            ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     283            default=DEFAULT_MOUNT_POINT), 
     284 
     285        var('issuerName',  
     286            ('ID of this service used in SAML queries and responses'), 
     287            default=DEFAULT_ISSUER_NAME), 
     288 
     289        var('issuerFormat',  
     290            ('Format of issuerName string; if using the default, ensure that ' 
     291             'the issuerName value is a correctly formatted X.509 Subject ' 
     292             'Name'), 
     293            default=DEFAULT_ISSUER_FORMAT) 
     294    ] 
     295     
     296 
     297class AuthorisationServiceTemplate(Template): 
     298    """Paster template for the SAML authorisation service""" 
     299     
     300    DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     301    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     302    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     303     
     304    _template_dir = 'authorisationservice' 
     305    summary = 'Create an NDG Security Authorisation Service' 
     306    vars = [ 
     307        var('mountPoint',  
     308            ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     309            default=DEFAULT_MOUNT_POINT), 
     310 
     311        var('issuerName',  
     312            ('ID of this service used in SAML queries and responses'), 
     313            default=DEFAULT_ISSUER_NAME), 
     314 
     315        var('issuerFormat',  
     316            ('Format of issuerName string; if using the default, ensure that ' 
     317             'the issuerName value is a correctly formatted X.509 Subject ' 
     318             'Name'), 
     319            default=DEFAULT_ISSUER_FORMAT) 
     320    ] 
     321 
     322 
     323class OpenIDProviderTemplate(Template): 
     324    """Paster template for OpenID Provider service""" 
     325    _template_dir = 'openidprovider' 
     326    summary = 'Create an NDG Security OpenID Provider' 
     327     
     328    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
     329     
     330    vars = [ 
     331        var('baseURI', 
     332            'Base URI for the service [with no trailing slash]', 
     333            default=DEFAULT_URI), 
     334 
     335        var('beakerSessionCookieSecret',  
     336            'Secret for securing the OpenID Provider and SSL Client ' 
     337            'authentication session cookie', 
     338            default=base64.b64encode(os.urandom(32))[:32]), 
     339             
     340        var('myproxyServerURI', 
     341            'MyProxy Server address to advertise in OpenID Provider Yadis ' 
     342            'document - defaults to omit this entry', 
     343            default=''), 
     344             
     345        var('attributeServiceURI', 
     346            'Attribute Service address to advertise in OpenID Provider Yadis ' 
     347            'document - defaults to omit this entry', 
     348            default='') 
     349        ] 
     350     
     351    def template_renderer(self, content, vars, filename=None): 
     352        """Alternative renderer defined to enable use of '%%' prefix for template 
     353        variables.  NDG Security ini files already use '$' for other variables 
     354         
     355        @param content: template content 
     356        @type content: string 
     357        @param vars: variables to substituted into the template 
     358        @type vars: dict 
     359        @return: content with all variables substituted for 
     360        @rtype: string 
     361        """ 
     362        tmpl = DoublePercentTemplate(content) 
     363        return tmpl.substitute(**vars) 
     364 
     365    def pre(self, command, output_dir, vars): 
     366        '''Extend to enable substitutions for OpenID Provider Yadis templates, 
     367        port number and fix log file path setting 
     368         
     369        @param command: command to create template 
     370        @type command:  
     371        @param output_dir: output directory for template file(s) 
     372        @type output_dir: string 
     373        @param vars: variables to be substituted into template 
     374        @type vars: dict 
     375        '''   
     376         
     377        # This sets the log file path 
     378        vars['outputDir'] = os.path.abspath(output_dir) 
     379 
     380        # Cut out port number from base URI 
     381        uriParts = urlparse(vars['baseURI']) 
     382        netlocLastElem = uriParts.netloc.split(':')[-1] 
     383        if netlocLastElem.isdigit(): 
     384            vars['portNumber'] = netlocLastElem 
     385        else: 
     386            vars['portNumber'] = '' 
     387 
     388        # Set Yadis XRDS entries 
    395389        vars['yadisExtraXrdEntries'] = '' 
    396390        vars['serveryadisExtraXrdEntries'] = '' 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7822 r7824  
    1515# 
    1616[DEFAULT] 
    17 testConfigDir = ../../../config 
     17testConfigDir = %(here)s/../ 
    1818 
    1919# This apply if the service is run with paster otherwise it's ignored e.g. if  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini

    r7077 r7824  
    120120pip.attributeQuery.clockSkewTolerance = 0. 
    121121pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
    122 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
     122pip.attributeQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    123123pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    124124pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini

    r7708 r7824  
    118118pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid 
    119119pep.authzDecisionQuery.clockSkewTolerance = 0. 
    120 pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca 
     120pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    121121pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    122122pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openid_ssl/securityservices.ini

    r7153 r7824  
    5858attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key 
    5959attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt 
    60 attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0 
     60attributeAuthority.caCertFilePathList: %(testConfigDir)s/pki/ca/d573507a.0 
    6161 
    6262#______________________________________________________________________________ 
     
    6868# 
    6969# CA certificates for Attribute Certificate signature validation 
    70 sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     70sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    7171 
    7272# CA certificates for SSL connection peer cert. validation - required if 
    7373# connecting to an Attribute Authority over SSL 
    74 sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     74sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    7575 
    7676# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     
    101101# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    102102# values should be delimited by a space 
    103 sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0 
     103sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/pki/ca/d573507a.0 
    104104 
    105105# Signature of an outbound message 
     
    414414 
    415415# Verify against known CAs - Provide a space separated list of file paths 
    416 wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     416wssecurity.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    417417 
    418418#______________________________________________________________________________ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty/securityservices.ini

    r7077 r7824  
    5454openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key 
    5555openid.relyingparty.priKeyPwd =  
    56 openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca 
     56openid.relyingparty.caCertDirPath = %(testConfigDir)s/pki/ca 
    5757openid.relyingparty.providerWhitelistFilePath = 
    5858openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini

    r7153 r7824  
    7272openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key 
    7373openid.relyingparty.priKeyPwd =  
    74 openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca 
     74openid.relyingparty.caCertDirPath = %(testConfigDir)s/pki/ca 
    7575openid.relyingparty.providerWhitelistFilePath = 
    7676openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate 
     
    130130# List of CA certificates used to verify the signatures of  
    131131# Attribute Certificates retrieved 
    132 pip.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     132pip.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    133133 
    134134# 
     
    153153 
    154154# For signature verification.  Provide a space separated list of file paths 
    155 pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     155pip.wssecurity.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    156156 
    157157# ValueType for the BinarySecurityToken added to the WSSE header 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securityservices.ini

    r7153 r7824  
    212212attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key 
    213213attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt 
    214 attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0 
     214attributeAuthority.caCertFilePathList: %(testConfigDir)s/pki/ca/d573507a.0 
    215215 
    216216 
     
    225225 
    226226# Verify against known CAs - Provide a space separated list of file paths 
    227 wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0 
     227wssecurity.caCertFilePathList=%(testConfigDir)s/pki/ca/d573507a.0 
    228228 
    229229#______________________________________________________________________________ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/__init__.py

    r7517 r7824  
    9494                                            TEST_CONFIG_DIR) 
    9595     
    96     CACERT_DIR = os.path.join(NDGSEC_TEST_CONFIG_DIR, 'ca') 
    9796    PKI_DIR = os.path.join(NDGSEC_TEST_CONFIG_DIR, 'pki') 
     97    CACERT_DIR = os.path.join(PKI_DIR, 'ca') 
    9898    SSL_CERT_FILEPATH = os.path.join(PKI_DIR, 'localhost.crt') 
    9999    SSL_PRIKEY_FILEPATH = os.path.join(PKI_DIR, 'localhost.key') 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.cfg

    r7698 r7824  
    6666 
    6767# SSL Context Proxy settings 
    68 attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     68attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/pki/ca 
    6969attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt 
    7070attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py

    r7698 r7824  
    3131                                                 ESGFDefaultQueryAttributes, 
    3232                                                 ESGFGroupRoleAttributeValue) 
    33 from ndg.security.common.saml_utils.esgf.xml.etree import ( 
    34                                         ESGFGroupRoleAttributeValueElementTree, 
    35                                         ESGFResponseElementTree) 
    3633from ndg.security.common.utils.etree import prettyPrint 
    3734from ndg.security.test.unit.attributeauthorityclient import \ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_ctx_handler.cfg

    r7822 r7824  
    4949saml_ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt 
    5050saml_ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key 
    51 saml_ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     51saml_ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/pki/ca 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_pip.cfg

    r7822 r7824  
    4141saml_pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt 
    4242saml_pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key 
    43 saml_pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     43saml_pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/pki/ca 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/config.ini

    r7517 r7824  
    2121 
    2222# SSL settings 
    23 attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     23attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/pki/ca 
    2424attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt 
    2525attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/paster_templates/test_paster_templates.py

    r7822 r7824  
    4444        cmd.run([self.__class__.SERVICE_CONF_DIR,  
    4545                 '-t',  
    46                  self.__class__.SERVICE_TMPL_NAME]) 
     46                 self.__class__.SERVICE_TMPL_NAME, 
     47                 '-o', 
     48                 self.__class__.HERE_DIR]) 
    4749         
    4850        createdFiles = listdir(self.__class__.SERVICE_CONF_DIRPATH) 
     
    6668    ATTRIBUTE_SERVICE_CONF_DIR = 'attribute-service' 
    6769    ATTRIBUTE_SERVICE_CONF_DIRPATH = path.join(HERE_DIR,  
    68                                                 ATTRIBUTE_SERVICE_CONF_DIR) 
     70                                               ATTRIBUTE_SERVICE_CONF_DIR) 
    6971    ATTRIBUTE_SERVICE_CONF_DIR_FILES = ( 
    7072        'pki', 'attribute-service.ini', 'user.db' 
     
    7981        cmd.run([self.__class__.ATTRIBUTE_SERVICE_CONF_DIR,  
    8082                 '-t',  
    81                  self.__class__.ATTRIBUTE_SERVICE_TMPL_NAME]) 
     83                 self.__class__.ATTRIBUTE_SERVICE_TMPL_NAME, 
     84                 '-o', 
     85                 self.__class__.HERE_DIR]) 
    8286         
    8387        createdFiles = listdir( 
     
    115119        cmd.run([self.__class__.AUTHORISATION_SERVICE_CONF_DIR,  
    116120                 '-t',  
    117                  self.__class__.AUTHORISATION_SERVICE_TMPL_NAME]) 
     121                 self.__class__.AUTHORISATION_SERVICE_TMPL_NAME, 
     122                 '-o', 
     123                 self.__class__.HERE_DIR]) 
    118124         
    119125        createdFiles = listdir( 
     
    135141    """ 
    136142    HERE_DIR = _HERE_DIR 
    137     OP_SERVICE_TMPL_NAME = 'ndgsecurity_openidprovider_service' 
     143    OP_SERVICE_TMPL_NAME = 'ndgsecurity_openidprovider' 
    138144    OP_SERVICE_CONF_DIR = 'openidprovider' 
    139145    OP_SERVICE_CONF_DIRPATH = path.join(HERE_DIR, OP_SERVICE_CONF_DIR) 
     
    150156        cmd.run([self.__class__.OP_SERVICE_CONF_DIR,  
    151157                 '-t',  
    152                  self.__class__.OP_SERVICE_TMPL_NAME]) 
     158                 self.__class__.OP_SERVICE_TMPL_NAME, 
     159                 '-o', 
     160                 self.__class__.HERE_DIR]) 
    153161         
    154162        createdFiles = listdir( 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authn/ssl-test.ini

    r7153 r7824  
    6666paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware 
    6767prefix = ssl. 
    68 ssl.caCertFilePathList = %(testConfigDir)s/ca/d573507a.0 
     68ssl.caCertFilePathList = %(testConfigDir)s/pki/ca/d573507a.0 
    6969ssl.rePathMatchList = ^/ssl-client-authn.* 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini

    r7517 r7824  
    4848authz.pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid 
    4949authz.pep.authzDecisionQuery.clockSkewTolerance = 0. 
    50 authz.pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca 
     50authz.pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    5151authz.pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    5252authz.pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/request-filter.xml

    r7822 r7824  
    2828                --> 
    2929                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
     30                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost/(?!layout).*$</AttributeValue> 
    3031                    <ResourceAttributeDesignator 
    3132                        AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
    3233                        DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> 
    33                     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost/(?!layout).*$</AttributeValue> 
    3434                </ResourceMatch> 
    3535            </Resource> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/saml-test.ini

    r7517 r7824  
    3535pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid 
    3636pep.authzDecisionQuery.clockSkewTolerance = 0. 
    37 pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca 
     37pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    3838pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    3939pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py

    r7705 r7824  
    5050    def __init__(self, app, global_conf, **app_conf): 
    5151        self.queryInterfaceKeyName = app_conf[ 
    52             TestAuthorisationServiceMiddleware.QUERY_INTERFACE_KEYNAME_OPTNAME] 
     52            self.__class__.QUERY_INTERFACE_KEYNAME_OPTNAME] 
    5353        self._app = app 
    5454     
     
    126126 
    127127class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware): 
     128    """Test implementation demonstrates how handler middleware can be extended 
     129    to set a redirect response following an access denied decision""" 
    128130     
    129131    @NDGSecurityMiddlewareBase.initCall 
    130132    def __call__(self, environ, start_response): 
    131          
     133 
    132134        queryString = environ.get('QUERY_STRING', '') 
    133135        if 'admin=1' in queryString: 
     
    211213        """    
    212214        BaseTestCase.__init__(self, *args, **kwargs) 
    213  
    214         wsgiapp = loadapp('config:'+self.__class__.INI_FILE,  
    215                           relative_to=self.__class__.THIS_DIR) 
    216         self.app = paste.fixture.TestApp(wsgiapp) 
    217215         
    218216        self.__class__.INI_FILEPATH = os.path.join(self.__class__.THIS_DIR,  
    219217                                                   self.__class__.INI_FILE) 
    220          
     218#  
     219#        wsgiapp = loadapp('config:'+self.__class__.INI_FILE,  
     220#                          relative_to=self.__class__.THIS_DIR) 
     221  
     222        wsgiapp = loadapp('config:'+self.__class__.INI_FILEPATH) 
     223         
     224        self.app = paste.fixture.TestApp(wsgiapp) 
     225        
    221226        self.startSiteAAttributeAuthority(withSSL=True, 
    222227            port=self.__class__.SITEA_SSL_ATTRIBUTEAUTHORITY_PORTNUM) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/client_proxy/test_client_proxy.py

    r7822 r7824  
    3939        return result 
    4040 
    41 httpserver.serve(HTTPMiddleware(TransparentProxy()), "0.0.0.0", port=8088) 
     41# Disable for now to avoid nose picking it up and hanging the test run. 
     42#httpserver.serve(HTTPMiddleware(TransparentProxy()), "0.0.0.0", port=8088) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini

    r7698 r7824  
    7777attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key 
    7878attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt 
    79 attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0 
     79attributeAuthority.caCertFilePathList: %(testConfigDir)s/pki/ca/d573507a.0 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-service.ini

    r7517 r7824  
    4949authz.pip.attributeQuery.subjectIdFormat = urn:esg:openid 
    5050authz.pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
    51 authz.pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
     51authz.pip.attributeQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    5252authz.pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    5353authz.pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/ssl/test.ini

    r7153 r7824  
    2121paste.filter_app_factory = ndg.security.server.wsgi.ssl:ApacheSSLAuthnMiddleware 
    2222prefix = ssl. 
    23 ssl.caCertFilePathList = %(testConfigDir)s/ca/d573507a.0 
     23ssl.caCertFilePathList = %(testConfigDir)s/pki/ca/d573507a.0 
    2424ssl.rePathMatchList = ^/secured/.*$ ^/restrict.* 
    2525ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=test, /O=localhost/OU=local client/CN=test 2 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/x509/x509Test.cfg

    r7153 r7824  
    1414certfile: $NDGSEC_TEST_CONFIG_DIR/pki/user.crt 
    1515proxycertfile: $NDGSEC_X509_UNITTEST_DIR/proxy.crt 
    16 cacertfile: $NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0 
     16cacertfile: $NDGSEC_TEST_CONFIG_DIR/pki/ca/d573507a.0 
    1717 
Note: See TracChangeset for help on using the changeset viewer.