Changeset 4159

Timestamp:

01/09/08 16:30:47 (13 years ago)

Author:

pjkersha

Message:

Makefile: fixed epydoc target log redirect
SOAP/WS-Security middleware: extended use of SOAP and WS-Security base classes for WSGI filters.

Location:

TI12-security/trunk/python

Files:

• Makefile (modified) (1 diff)
• Tests/pylonsAttributeAuthority/ndgsecurity/development.ini (modified) (2 diffs)
• ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/wsgi/openid_provider.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/wsgi/soap.py (modified) (5 diffs)
• ndg.security.server/ndg/security/server/wsgi/wssecurity.py (modified) (4 diffs)

TI12-security/trunk/python/Makefile

@@ -78 +78 @@
         ${EPYDOC} ./ndg.security.*/ndg -o ${EPYDOC_OUTDIR} \
         --name ${EPYDOC_NAME} ${EPYDOC_FRAMES_OPT} --include-log --graph=all -v \
-        >& ${EPYDOC_LOGFILE}
+        > ${EPYDOC_LOGFILE}
         
 # Generate SysV init scripts for Twisted based services

TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/development.ini

@@ -10 +10 @@
 smtp_server = localhost
 error_email_from = paste@localhost
-wsseCfgFilePath=wssecurity.cfg
+wsseCfgFilePath = ./wssecurity.cfg
 
 [server:main]
@@ -71 +71 @@
 qualname = ndgsecurity
 
+[logger_ndg]
+level = DEBUG
+handlers =
+qualname = ndg
+
 [handler_console]
 class = StreamHandler

TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py

@@ -290 +290 @@
         elif self.cfg.get('caCertFilePathList'):
             self.caCertFilePathList = self.cfg['caCertFilePathList']
-            
+
+        self._caX509Stack = []
+        
         self.addTimestamp = self.cfg['addTimestamp']
         

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

@@ -687 +687 @@
         @type identifier: basestring
         @param identifier: OpenID selected by user - for ID Select mode only
-        @rtype oidResponse: openid.server.server.OpenIDResponse
-        @return oidResponse: OpenID response object'''
+        @rtype: openid.server.server.OpenIDResponse
+        @return: OpenID response object'''
 
         oidResponse = oidRequest.answer(True, identity=identifier)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

@@ -22 +22 @@
 from ZSI.ServiceContainer import ServiceSOAPBinding
         
+class SOAPMiddlewareError(Exception):
+    """Base error handling exception for this module"""
+    
+class SOAPMiddlewareReadError(SOAPMiddlewareError):
+    """SOAP read error"""
+    
 class SOAPMiddleware(object):
     '''Middleware configurable to a given ZSI SOAP binding'''  
@@ -43 +49 @@
             # Check class inherits from ServiceSOAPBinding
             if not issubclass(serviceSOAPBindingClass, ServiceSOAPBinding):
-                raise TypeError(
-                    "%s class must be derived from ServiceSOAPBinding" % \
-                    self.app_conf['ServiceSOAPBindingClass'])
+                raise TypeError("%s class must be derived from "
+                                "ServiceSOAPBinding" % \
+                                self.app_conf['ServiceSOAPBindingClass'])
         else: 
             serviceSOAPBindingClass = ServiceSOAPBinding
                  
         self.serviceSOAPBinding = serviceSOAPBindingClass()
-        self.enableWSDLQuery = bool()
-        if self.app_conf.get('enableWSDLQuery', False) and \
-           hasattr(self.serviceSOAPBinding, '_wsdl'):
-            self.enableWSDLQuery = True
+        self.enableWSDLQuery = self.app_conf.get('enableWSDLQuery', False) and\
+                                hasattr(self.serviceSOAPBinding, '_wsdl')
 
        
@@ -72 +76 @@
         
         if environ.get('REQUEST_METHOD') == 'GET' and \
-           'wsdl' in dict(paste.request.parse_querystring(environ)):
+           environ.get('QUERY_STRING') == 'wsdl':
             if self.enableWSDLQuery:
                 wsdl = self.serviceSOAPBinding._wsdl
@@ -85 +89 @@
             return self.app(environ, start_response)
 
-        # Check for ParsedSoap object set in environment, if not present,
-        # make one
-        if 'ZSI.parse.ParsedSoap' in environ:
-            ps = environ['ZSI.parse.ParsedSoap']
-        else:
-            # TODO: allow for chunked data
-            soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH'])
-            log.debug("SOAP Request")
-            log.debug("_"*80)
-            log.debug(soapIn)
-            log.debug("_"*80)
+        ps = self.parse(environ)
             
-            ps = ParsedSoap(soapIn)
-        
         # Map SOAP Action to method in binding class
         method = getattr(self.serviceSOAPBinding, 
@@ -136 +128 @@
                environ.get('HTTP_SOAPACTION') is not None
         
+    @classmethod
+    def parse(cls, environ):
+        '''Parse SOAP message from environ['wsgi.input']
         
+        Reading from environ['wsgi.input'] may be a destructive process so the
+        content is saved in a ZSI.parse.ParsedSoap object for use by SOAP
+        handlers which follow in the chain
+        
+        environ['ZSI.parse.ParsedSoap'] may be set to a ParsedSoap object
+        parsed by a SOAP handler ahead of the current one in the chain.  In
+        this case, don't re-parse.  If NOT parsed, parse and set
+        'ZSI.parse.ParsedSoap' environ key'''
+        
+        # Check for ParsedSoap object set in environment, if not present,
+        # make one
+        ps = environ.get('ZSI.parse.ParsedSoap')
+        if ps is None:
+            # TODO: allow for chunked data
+            contentLength = int(environ['CONTENT_LENGTH'])
+            soapIn = environ['wsgi.input'].read(contentLength)
+            if len(soapIn) < contentLength:
+                raise SOAPMiddlewareReadError("Expecting %s content length; "
+                                              "received %d instead." % \
+                                              (environ['CONTENT_LENGTH'],
+                                               len(soapIn)))
+            
+            log.debug("SOAP Request for handler %r" % cls)
+            log.debug("_"*80)
+            log.debug(soapIn)
+            log.debug("_"*80)
+            
+            ps = ParsedSoap(soapIn)
+            environ['ZSI.parse.ParsedSoap'] = ps
+            
+        return environ['ZSI.parse.ParsedSoap']
+    
+       
 def makeFilter(app, app_conf):  
     from ndgsecurity.config.attributeauthority import AttributeAuthorityWS

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py

@@ -22 +22 @@
 from ndg.security.server.wsgi.soap import SOAPMiddleware
 
-class SignatureMiddleware(SOAPMiddleware):
-    '''Apply WS-Security digital signature to SOAP message'''
+class WSSecurityFilterError(Exception):
+    """Base exception class for WS-Security WSGI Filter"""
+    
+class WSSecurityFilterConfigError(WSSecurityFilterError):
+    """WS-Security Filter Config Error"""
+    
+class WSSecurityFilter(SOAPMiddleware):
     
     def __init__(self, app, app_conf):
         self.app = app
-        self.signatureHandler = SignatureHandler(
-                                        cfg=app_conf.get('wsseCfgFilePath'))
+        wsseCfgFilePath = app_conf.get('wsseCfgFilePath')
+        if not wsseCfgFilePath:
+            raise WSSecurityFilterConfigError("No configuration file set")
+        
+        self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath)
     
+    
+class SignatureFilter(WSSecurityFilter):
+    '''Apply WS-Security digital signature to SOAP message'''
     def __call__(self, environ, start_response):
         if not self.isSOAPMessage(environ):
@@ -44 +55 @@
         soapOut = str(sw)
         
-        return [soapOut]
+        return soapOut
     
 
-class SignatureVerificationMiddleware(SOAPMiddleware):
+class SignatureVerificationFilter(WSSecurityFilter):
     '''Verify WS-Security digital signature in SOAP message'''
-    
-    def __init__(self, app, app_conf):
-        log.debug("SignatureVerificationMiddleware.__init__ ...")
-        self.app = app
-        self.signatureHandler = SignatureHandler(
-                                        cfg=app_conf.get('wsseCfgFilePath'))
     
     def __call__(self, environ, start_response):
         if not self.isSOAPMessage(environ):
-            return self.app(environ, start_response)
-        
-        if 'SOAP_ACTION' not in environ:
             log.debug("Non-SOAP request: Skipping signature verification")
             return self.app(environ, start_response)
@@ -66 +68 @@
         log.debug("Verifying inbound message signature...")
        
-        # TODO: allow for chunked data
-        soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH'])
-        
-        ps = ParsedSoap(soapIn)
+        ps = self.parse(environ)
         self.signatureHandler.verify(ps)
         
@@ -79 +78 @@
 
 def makeSignatureVerificationFilter(app, global_conf):
-    return SignatureVerificationMiddleware(app, global_conf) 
+    return SignatureVerificationFilter(app, global_conf) 
 
 def makeSignatureFilter(app, global_conf):
-    return SignatureMiddleware(app, global_conf)
+    return SignatureFilter(app, global_conf)