source: TI12-security/trunk/python/Tests/m2Crypto/test_sslClntAuthN.py @ 4603

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/python/Tests/m2Crypto/test_sslClntAuthN.py@4603
Revision 4603, 2.3 KB checked in by pjkersha, 12 years ago (diff)

#1004: initial work on Security Filter:

  • started new SSLClientAuthNMiddleware WSGI to filter configured URL paths applying SSL client authentication. Gets SSL client certificate from Apache SSL_CLIENT_CERT environment variable and so to work it requires deployment in mod_wsgi with SSL in order to pick up environ.
  • AppLoaderMiddleware?: convenience utility enables mod_wsgi application to parse a Paste Deploy style ini file containing an app and app pipeline as required.
  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3#import socket, M2Crypto
4#from M2Crypto import SSL
5#from M2Crypto.httpslib import HTTPSConnection as _HTTPSConnection
6#
7#class VerifyCB(object):
8#    def __init__(self, ca):
9#        self.ca =ca
10#       
11#    def __call__(ok, store):
12#        cert = store.get_current_cert()
13#        mecert = M2Crypto.X509.load_cert(self.ca)
14#        if mecert.get_fingerprint(md="sha1") == \
15#            cert.get_fingerprint(md="sha1"):
16#            return True
17#        else:
18#            return ok
19#
20#class HTTPSConnection(_HTTPSConnection):
21#    # setting socket types
22#    address_family = socket.AF_INET
23#    socket_type = socket.SOCK_STREAM
24#
25#    def __init__(self, *args, **kw):
26#        _HTTPSConnection.__init__(self, *args, **kw)
27#        self.server_address = server_address
28#        self.connected = False
29#        self.cert = kw.pop('certFilePath')
30#        self.keyFilePath
31#        self.ca = ca
32#
33#    def connect(self):
34#        cert = self.cert
35#        certkey = self.certkey
36#
37#        # setup an SSL context.
38#        context = SSL.Context("sslv23")
39#        context.load_verify_locations(self.ca, "./")
40#       
41#        # setting verifying level
42#        context.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
43#                           1,
44#                           VerifyCB(self.ca))
45#       
46#        # load up certificate stuff.
47#        context.load_cert(cert, certkey)
48#       
49#        # setting callback so we can monitor our SSL
50#        context.set_info_callback()
51#       
52#        # create real socket
53#        real_sock = socket.socket(self.address_family, self.socket_type)
54#        connection = SSL.Connection(context, real_sock)
55#        self.socket = connection
56#        self.socket.connect(self.server_address)
57#        self.connected = True
58from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection
59
60if __name__ == "__main__":
61    import sys
62    if len(sys.argv) > 1:
63        from urlparse import urlparse
64        url = urlparse(sys.argv[1])
65        hostname = url.netloc
66        path = url.path
67    else:   
68        hostname = 'gabriel.badc.rl.ac.uk'
69        path = '/openid'
70       
71    con = HTTPSConnection(hostname, clntCertFilePath='./test.crt',
72                          clntPriKeyFilePath='./test.key')
73    con.putrequest('GET', path)
74    con.endheaders()
75    resp = con.getresponse()
76    print resp.read()
Note: See TracBrowser for help on using the repository browser.