Changeset 7829 for TI12-security


Ignore:
Timestamp:
24/01/11 15:09:22 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Completed Attribute Service template and tested standalone
Location:
TI12-security/trunk/NDGSecurity/python
Files:
4 added
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/attributeauthority.py

    r7828 r7829  
    12921292                raise AttributeInterfaceConfigError('Bad format for SAML ' 
    12931293                                                    'attribute to SQL query ' 
    1294                                                     'look-up: %s' % e) 
     1294                                                    'look-up for attribute ' 
     1295                                                    'name %r: %s' %  
     1296                                                    (requestedAttribute.name, 
     1297                                                    e)) 
    12951298                 
    12961299            for val in attributeVals: 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7827 r7829  
    133133        @-echo Making substitutions for template variables ... 
    134134        sed -e s/'# Description:.*'/'# Description: Paster ini file for SAML/XACML based Authorisation Service'/ \ 
    135         -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{mountPoint\}'/ \ 
     135        -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{mountPath\}'/ \ 
    136136        -e s/'samlIssuerName =.*'/'samlIssuerName = %%\{issuerName}'/ \ 
    137137        -e s/'samlIssuerFormat =.*'/'samlIssuerFormat = %%\{issuerFormat}'/ \ 
     
    158158ATTR_SERVICE_DIRNAME = attributeservice/ 
    159159ATTR_SERVICE_SRC_DIR = ${TEST_CONFIG_SRC_DIR}attributeauthority/sitea/ 
     160ATTR_SERVICE_STATIC_CONTENT_SRC_DIR = ${ATTR_SERVICE_SRC_DIR}public/ 
    160161ATTR_SERVICE_SRC_INI_FILENAME = site-a.ini 
    161162ATTR_SERVICE_SRC_INI_FILEPATH = ${ATTR_SERVICE_SRC_DIR}${ATTR_SERVICE_SRC_INI_FILENAME} 
     
    164165ATTR_SERVICE_INI_FILEPATH_TMP = ${ATTR_SERVICE_DEST_DIR}${ATTR_SERVICE_INI_FILENAME} 
    165166ATTR_SERVICE_INI_TMPL_FILEPATH = ${ATTR_SERVICE_INI_FILEPATH_TMP}_tmpl 
     167ATTR_SERVICE_STATIC_CONTENT_DEST_DIR = ${ATTR_SERVICE_DEST_DIR}public/ 
    166168ATTR_SERVICE_PKI_DEST_DIR = ${ATTR_SERVICE_DEST_DIR}pki/ 
    167169ATTR_SERVICE_CA_DEST_DIR = ${ATTR_SERVICE_PKI_DEST_DIR}ca/ 
     
    176178        @-echo Making substitutions for template variables ... 
    177179        sed -e s/'# Description:.*'/'# Description: Paster ini file for SAML Attribute Service'/ \ 
     180        -e s/'dbConnectionString = .*'/'dbConnectionString = sqlite:\/\/\/%(here)s\/user.db'/ \ 
    178181        -e s/'port = .*'/'port = %%\{portNumber}'/ \ 
    179         -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = %%\{mountPoint\}'/ \ 
     182        -e s/'saml\.soapbinding\.mountPath.*'/'saml.soapbinding.mountPath = %%\{mountPath\}'/ \ 
    180183        -e s/'saml\.soapbinding\.issuerName.*'/'saml.soapbinding.issuerName = %%\{issuerName}'/ \ 
    181184        -e s/'saml\.soapbinding\.issuerFormat.*'/'saml\.soapbinding\.issuerFormat = %%\{issuerFormat}'/ \ 
    182         -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
    183         -e s/testConfigDir/here/g \ 
    184185        -e s/\(os\.path\.join\(\'%\(here\)s\'/\(os.path.join\(\'%%\{outputDir}\',\ \'log\'/ \ 
    185186        ${ATTR_SERVICE_INI_FILEPATH_TMP} > ${ATTR_SERVICE_INI_TMPL_FILEPATH} 
    186187        rm -f ${ATTR_SERVICE_INI_FILEPATH_TMP} 
    187188        @-echo 
     189        @-echo Copying static content directories and files ... 
     190        cp -r ${ATTR_SERVICE_STATIC_CONTENT_SRC_DIR} ${ATTR_SERVICE_STATIC_CONTENT_DEST_DIR} 
    188191        @-echo Create PKI directory and copying files ... 
    189192        -mkdir ${ATTR_SERVICE_PKI_DEST_DIR} 
     
    196199        @-echo Copying test SQLite user database ... 
    197200        cp ${USERDB_FILEPATH} ${ATTR_SERVICE_DEST_DIR} 
     201        @-echo Clear out SVN directories ... 
     202        @-find ${ATTR_SERVICE_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
    198203        @-echo 
    199204        @-echo Done. 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7828 r7829  
    3333    '$' variables used for other purposes.""" 
    3434    delimiter = "%%" 
    35  
     35     
     36class TemplateBase(Template): 
     37    """Base Paste Template class sets a custom renderer""" 
     38     
     39    def template_renderer(self, content, vars, filename=None): 
     40        """Alternative renderer defined to enable use of '%%' prefix for template 
     41        variables.  NDG Security ini files already use '$' for other variables 
     42         
     43        @param content: template content 
     44        @type content: string 
     45        @param vars: variables to substituted into the template 
     46        @type vars: dict 
     47        @return: content with all variables substituted for 
     48        @rtype: string 
     49        """ 
     50        tmpl = DoublePercentTemplate(content) 
     51        return tmpl.substitute(**vars) 
    3652 
    3753"""@var _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL: Yadis XRDS entry for a MyProxy 
     
    93109 
    94110 
    95 class ServicesTemplate(Template): 
     111class ServicesTemplate(TemplateBase): 
    96112    """Make a template containing all the Security Services available with 
    97113    NDG Security.  These are provided together in one template but deployers 
     
    111127     
    112128    _template_dir = 'services' 
    113     summary = ('NERC DataGrid Security services full deployment template ' 
     129    summary = ('NDG Security services full deployment template ' 
    114130               'including the SAML Attribute and Authorisation Services, ' 
    115131               'OpenID Provider application, OpenID Relying Party and SSL ' 
     
    170186        ] 
    171187     
    172     def template_renderer(self, content, vars, filename=None): 
    173         """Alternative renderer defined to enable use of '%%' prefix for template 
    174         variables.  NDG Security ini files already use '$' for other variables 
    175          
    176         @param content: template content 
    177         @type content: string 
    178         @param vars: variables to substituted into the template 
    179         @type vars: dict 
    180         @return: content with all variables substituted for 
    181         @rtype: string 
    182         """ 
    183         tmpl = DoublePercentTemplate(content) 
    184         return tmpl.substitute(**vars) 
    185      
    186188    def pre(self, command, output_dir, vars): 
    187189        '''Extend to enable substitutions for OpenID Provider Yadis templates, 
     
    242244 
    243245         
    244 class SecuredAppTemplate(Template): 
     246class SecuredAppTemplate(TemplateBase): 
    245247    """Create a template for a secured application with authentication and 
    246248    authorisation filters""" 
     
    248250    _template_dir = 'secured_application' 
    249251    summary = ( 
    250         'Secure an application with NERC DataGrid Security ' 
     252        'NDG Security template for securing an application with ' 
    251253        'authentication and authorisation filters') 
    252254    vars = [ 
     
    267269 
    268270 
    269 class AttributeServiceTemplate(Template): 
     271class AttributeServiceTemplate(TemplateBase): 
    270272    """Paster template for the SAML attribute service""" 
    271273     
     
    276278     
    277279    _template_dir = 'attributeservice' 
    278     summary = 'Create an NDG Security SAML Attribute Service' 
     280    summary = 'NDG Security SAML Attribute Service template' 
    279281    vars = [ 
    280282        var('portNumber', 
     
    283285            default=DEFAULT_PORT), 
    284286             
    285         var('mountPoint',  
    286             ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     287        var('mountPath',  
     288            ('URI path to mount service i.e. "https://myhost/<mountPath>" [' 
     289             'Nb. for mod_wsgi path may be e.g. "https://myhost/<script alias ' 
     290             'path><mountPath>" !]'), 
    287291            default=DEFAULT_MOUNT_POINT), 
    288292 
     
    297301            default=DEFAULT_ISSUER_FORMAT) 
    298302    ] 
    299      
    300  
    301 class AuthorisationServiceTemplate(Template): 
    302     """Paster template for the SAML authorisation service""" 
    303      
    304     DEFAULT_MOUNT_POINT = '/AuthorisationService' 
    305     DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    306     DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    307      
    308     _template_dir = 'authorisationservice' 
    309     summary = 'Create an NDG Security Authorisation Service' 
    310     vars = [ 
    311         var('mountPoint',  
    312             ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
    313             default=DEFAULT_MOUNT_POINT), 
    314  
    315         var('issuerName',  
    316             ('ID of this service used in SAML queries and responses'), 
    317             default=DEFAULT_ISSUER_NAME), 
    318  
    319         var('issuerFormat',  
    320             ('Format of issuerName string; if using the default, ensure that ' 
    321              'the issuerName value is a correctly formatted X.509 Subject ' 
    322              'Name'), 
    323             default=DEFAULT_ISSUER_FORMAT) 
    324     ] 
    325  
    326  
    327 class OpenIDProviderTemplate(Template): 
    328     """Paster template for OpenID Provider service""" 
    329     _template_dir = 'openidprovider' 
    330     summary = 'Create an NDG Security OpenID Provider' 
    331      
    332     DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
    333      
    334     vars = [ 
    335         var('baseURI', 
    336             'Base URI for the service [with no trailing slash]', 
    337             default=DEFAULT_URI), 
    338  
    339         var('beakerSessionCookieSecret',  
    340             'Secret for securing the OpenID Provider and SSL Client ' 
    341             'authentication session cookie', 
    342             default=base64.b64encode(os.urandom(32))[:32]), 
    343              
    344         var('myproxyServerURI', 
    345             'MyProxy Server address to advertise in OpenID Provider Yadis ' 
    346             'document - defaults to omit this entry', 
    347             default=''), 
    348              
    349         var('attributeServiceURI', 
    350             'Attribute Service address to advertise in OpenID Provider Yadis ' 
    351             'document - defaults to omit this entry', 
    352             default='') 
    353         ] 
    354      
    355     def template_renderer(self, content, vars, filename=None): 
    356         """Alternative renderer defined to enable use of '%%' prefix for template 
    357         variables.  NDG Security ini files already use '$' for other variables 
    358          
    359         @param content: template content 
    360         @type content: string 
    361         @param vars: variables to substituted into the template 
    362         @type vars: dict 
    363         @return: content with all variables substituted for 
    364         @rtype: string 
    365         """ 
    366         tmpl = DoublePercentTemplate(content) 
    367         return tmpl.substitute(**vars) 
    368303 
    369304    def pre(self, command, output_dir, vars): 
    370         '''Extend to enable substitutions for OpenID Provider Yadis templates, 
    371         port number and fix log file path setting 
     305        '''Extend to fix log file path setting and check mount point setting 
    372306         
    373307        @param command: command to create template 
     
    378312        @type vars: dict 
    379313        '''   
     314        vars['outputDir'] = os.path.abspath(output_dir) 
     315         
     316        # Fix for mount point in case leading slash was omitted. 
     317        if not vars['mountPath'].startswith('/'): 
     318            vars['mountPath'] = '/' + vars['mountPath'] 
     319             
     320 
     321class AuthorisationServiceTemplate(TemplateBase): 
     322    """Paster template for the SAML authorisation service""" 
     323     
     324    DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     325    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     326    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     327     
     328    _template_dir = 'authorisationservice' 
     329    summary = 'NDG Security Authorisation Service template' 
     330    vars = [ 
     331        var('mountPath',  
     332            ('URI path to mount service i.e. "https://myhost/<mountPath>" [' 
     333             'Nb. for mod_wsgi path may be e.g. "https://myhost/<script alias ' 
     334             'path><mountPath>" !]'), 
     335            default=DEFAULT_MOUNT_POINT), 
     336 
     337        var('issuerName',  
     338            ('ID of this service used in SAML queries and responses'), 
     339            default=DEFAULT_ISSUER_NAME), 
     340 
     341        var('issuerFormat',  
     342            ('Format of issuerName string; if using the default, ensure that ' 
     343             'the issuerName value is a correctly formatted X.509 Subject ' 
     344             'Name'), 
     345            default=DEFAULT_ISSUER_FORMAT) 
     346    ] 
     347 
     348    def pre(self, command, output_dir, vars): 
     349        '''Extend to fix log file path setting and check mount point setting 
     350         
     351        @param command: command to create template 
     352        @type command:  
     353        @param output_dir: output directory for template file(s) 
     354        @type output_dir: string 
     355        @param vars: variables to be substituted into template 
     356        @type vars: dict 
     357        '''   
     358        vars['outputDir'] = os.path.abspath(output_dir) 
     359         
     360        # Fix for mount point in case leading slash was omitted. 
     361        if not vars['mountPath'].startswith('/'): 
     362            vars['mountPath'] = '/' + vars['mountPath'] 
     363                 
     364 
     365class OpenIDProviderTemplate(TemplateBase): 
     366    """Paster template for OpenID Provider service""" 
     367    _template_dir = 'openidprovider' 
     368    summary = 'NDG Security OpenID Provider template' 
     369     
     370    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
     371     
     372    vars = [ 
     373        var('baseURI', 
     374            'Base URI for the service [with no trailing slash]', 
     375            default=DEFAULT_URI), 
     376 
     377        var('beakerSessionCookieSecret',  
     378            'Secret for securing the OpenID Provider and SSL Client ' 
     379            'authentication session cookie', 
     380            default=base64.b64encode(os.urandom(32))[:32]), 
     381             
     382        var('myproxyServerURI', 
     383            'MyProxy Server address to advertise in OpenID Provider Yadis ' 
     384            'document - defaults to omit this entry', 
     385            default=''), 
     386             
     387        var('attributeServiceURI', 
     388            'Attribute Service address to advertise in OpenID Provider Yadis ' 
     389            'document - defaults to omit this entry', 
     390            default='') 
     391        ] 
     392 
     393    def pre(self, command, output_dir, vars): 
     394        '''Extend to enable substitutions for OpenID Provider Yadis templates, 
     395        port number and fix log file path setting 
     396         
     397        @param command: command to create template 
     398        @type command:  
     399        @param output_dir: output directory for template file(s) 
     400        @type output_dir: string 
     401        @param vars: variables to be substituted into template 
     402        @type vars: dict 
     403        '''   
    380404         
    381405        # This sets the log file path 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/README

    r7077 r7829  
    55 
    66 - site-aa.ini: main configuration file for the service which also contains 
    7    Paste config to enable running the service with paster: 
     7   Paste config to enable running the service with paster (make sure to replace 
     8   %(here)s settings with the specific file path): 
    89    
    910   $ paster serve site-a.ini 
     
    1415    
    1516   This script can be used to test the service but the unit tests start up and 
    16    close down attribute authority instances atuomatically.  See:  
     17   close down attribute authority instances automatically.  See:  
    1718   ndg.security.test.unit.BaseTestCase 
    1819    
     
    2223    
    2324Initial version: P J Kershaw 14/05/09 
    24 Updated: P J Kershaw 11/03/10 
     25Updated: P J Kershaw 24/01/11 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r7828 r7829  
    2424port = 5000 
    2525 
    26 [app:mainApp] 
    27 paste.app_factory = ndg.security.test.config.attributeauthority.sitea.sitea_attributeauthority:app_factory 
     26[app:AttributeAuthorityStaticContent] 
     27use = egg:Paste#static 
     28document_root = %(here)s/public 
    2829 
    29 # Chain of SOAP Middleware filters - Nb. WS-Security filters apply to the SOAP 
    30 # Binding filter only. 
     30# Chain of Middleware filters 
    3131[pipeline:main] 
    32 pipeline = AttributeAuthorityFilter AttributeAuthoritySamlSoapBindingFilter mainApp 
     32pipeline = AttributeAuthorityFilter AttributeAuthoritySamlSoapBindingFilter AttributeAuthorityStaticContent 
    3333 
    3434 
     
    9292                                                           /O=NDG/OU=Security/CN=localhost 
    9393 
    94 # Settings for a test AttributeInterface class  
     94# Alternative test AttributeInterface class.  This uses fixed parameter values  
     95# instead of a database 
    9596#attributeAuthority.attributeInterface.modFilePath: %(here)s 
    9697#attributeAuthority.attributeInterface.className: sitea_attributeinterface.TestUserRoles 
     
    152153level=NOTSET 
    153154formatter=generic 
    154 #args=(os.path.join('%(here)s', 'service.log'), 'a', 10000, 2) 
    155 args=(os.path.join('./', 'service.log'), 'a', 10000, 2) 
     155args=(os.path.join('%(here)s', 'service.log'), 'a', 10000, 2) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/sitea_attributeauthority.py

    r7077 r7829  
    1212import os 
    1313from os.path import dirname, abspath, join 
     14import optparse 
     15from ndg.security.test.unit.wsgi import PasteDeployAppServer 
    1416 
    15 def infoApp(environ, start_response): 
    16     response = "NDG Security Attribute Authority Unit Tests: Site A Server" 
    17     start_response('200 OK', [('Content-type', 'text/plain'), 
    18                               ('Content-length', str(len(response)))]) 
    19     return [response] 
     17INI_FILENAME = 'site-a.ini' 
    2018 
    21 def app_factory(global_config, **local_conf): 
    22     return infoApp 
    2319 
    2420from ndg.security.test.unit import BaseTestCase 
     
    3127# To start the Site A Attribute Authority run  
    3228# $ paster serve site-a.ini or run this file as a script 
    33 # $ ./siteAServerApp.py [port #] 
     29# $ ./sitea_attributeauthority.py [--port #][--conf <config file path>] 
    3430if __name__ == '__main__': 
    3531    import sys 
    3632    import logging 
    37 #    logging.basicConfig(level=logging.DEBUG) 
     33         
     34    cfgFilePath = os.path.join(dirname(abspath(__file__)), INI_FILENAME)   
     35         
     36    parser = optparse.OptionParser() 
     37    parser.add_option("-p", 
     38                      "--port", 
     39                      dest="port", 
     40                      default=5000, 
     41                      type='int', 
     42                      help="port number to run under") 
    3843 
    39     if len(sys.argv) > 1: 
    40         port = int(sys.argv[1]) 
    41     else: 
    42         port = 5000 
    43          
    44     cfgFilePath = join(dirname(abspath(__file__)), 'site-a.ini') 
    45          
    46     from paste.httpserver import serve 
    47     from paste.deploy import loadapp 
    48     from paste.script.util.logging_config import fileConfig 
     44    parser.add_option("-c", 
     45                      "--conf", 
     46                      dest="configFilePath", 
     47                      default=cfgFilePath, 
     48                      help="Configuration file path") 
    4949     
    50     fileConfig(cfgFilePath) 
    51     app = loadapp('config:%s' % cfgFilePath) 
    52     serve(app, host='0.0.0.0', port=port) 
     50    # Initialise test user database 
     51    from ndg.security.test.unit import BaseTestCase 
     52    BaseTestCase.initDb() 
     53     
     54    opt = parser.parse_args()[0]         
     55    server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     56                                  port=opt.port)  
     57    server.start() 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securityservicesapp.py

    r7077 r7829  
    1212import os 
    1313from os.path import dirname, abspath, join 
    14        
     14import optparse  
     15      
    1516from OpenSSL import SSL 
    1617 
     
    1819from ndg.security.test.unit.wsgi import PasteDeployAppServer 
    1920 
    20 INI_FILEPATH = 'securityservices.ini' 
     21INI_FILENAME = 'securityservices.ini' 
    2122 
    2223os.environ['NDGSEC_INTEGRATION_TEST_DIR'] = os.path.dirname(os.path.dirname( 
     
    2425os.environ[BaseTestCase.configDirEnvVarName] = TEST_CONFIG_DIR 
    2526 
    26 import optparse 
     27 
    2728 
    2829# To start run  
     
    3031# $ ./securityservicesapp.py -h 
    3132if __name__ == '__main__':     
    32     cfgFileName = INI_FILEPATH 
     33    cfgFileName = INI_FILENAME 
    3334    cfgFilePath = os.path.join(dirname(abspath(__file__)), cfgFileName)   
    3435         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py

    r7827 r7829  
    3131                                                 ESGFDefaultQueryAttributes, 
    3232                                                 ESGFGroupRoleAttributeValue) 
     33from ndg.security.common.saml_utils.esgf.xml.etree import \ 
     34                                        ESGFResponseElementTree 
    3335from ndg.security.common.utils.etree import prettyPrint 
    3436from ndg.security.test.unit.attributeauthorityclient import \ 
     
    273275        response = binding.send(attributeQuery, _cfg['uri']) 
    274276         
    275         samlResponseElem = ResponseElementTree.toXML(response) 
     277        samlResponseElem = ESGFResponseElementTree.toXML(response) 
    276278         
    277279        print("SAML Response ...") 
Note: See TracChangeset for help on using the changeset viewer.