source: TI12-security/trunk/NDGSecurity/python/Tests/m2Crypto/test_sslClntAuthN.py @ 6440

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/Tests/m2Crypto/test_sslClntAuthN.py@6440
Revision 6440, 2.3 KB checked in by pjkersha, 11 years ago (diff)
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3#import socket, M2Crypto
4#from M2Crypto import SSL
5#from M2Crypto.httpslib import HTTPSConnection as _HTTPSConnection
6#
7#class VerifyCB(object):
8#    def __init__(self, ca):
9#        self.ca =ca
10#       
11#    def __call__(ok, store):
12#        cert = store.get_current_cert()
13#        mecert = M2Crypto.X509.load_cert(self.ca)
14#        if mecert.get_fingerprint(md="sha1") == \
15#            cert.get_fingerprint(md="sha1"):
16#            return True
17#        else:
18#            return ok
19#
20#class HTTPSConnection(_HTTPSConnection):
21#    # setting socket types
22#    address_family = socket.AF_INET
23#    socket_type = socket.SOCK_STREAM
24#
25#    def __init__(self, *args, **kw):
26#        _HTTPSConnection.__init__(self, *args, **kw)
27#        self.server_address = server_address
28#        self.connected = False
29#        self.cert = kw.pop('certFilePath')
30#        self.keyFilePath
31#        self.ca = ca
32#
33#    def connect(self):
34#        cert = self.cert
35#        certkey = self.certkey
36#
37#        # setup an SSL context.
38#        context = SSL.Context("sslv23")
39#        context.load_verify_locations(self.ca, "./")
40#       
41#        # setting verifying level
42#        context.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
43#                           1,
44#                           VerifyCB(self.ca))
45#       
46#        # load up certificate stuff.
47#        context.load_cert(cert, certkey)
48#       
49#        # setting callback so we can monitor our SSL
50#        context.set_info_callback()
51#       
52#        # create real socket
53#        real_sock = socket.socket(self.address_family, self.socket_type)
54#        connection = SSL.Connection(context, real_sock)
55#        self.socket = connection
56#        self.socket.connect(self.server_address)
57#        self.connected = True
58from ndg.security.common.utils.m2crypto import HTTPSConnection
59
60if __name__ == "__main__":
61    import sys
62    if len(sys.argv) > 1:
63        from urlparse import urlparse
64        url = urlparse(sys.argv[1])
65        hostname = url.netloc
66        path = url.path
67    else:   
68        hostname = 'gabriel.badc.rl.ac.uk'
69        path = '/openid'
70       
71    con = HTTPSConnection(hostname, clntCertFilePath='./test.crt',
72                          clntPriKeyFilePath='./test.key')
73    con.putrequest('GET', path)
74    con.endheaders()
75    resp = con.getresponse()
76    print resp.read()
Note: See TracBrowser for help on using the repository browser.