Changeset 4159
- Timestamp:
- 01/09/08 16:30:47 (13 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/Makefile
r3994 r4159 78 78 ${EPYDOC} ./ndg.security.*/ndg -o ${EPYDOC_OUTDIR} \ 79 79 --name ${EPYDOC_NAME} ${EPYDOC_FRAMES_OPT} --include-log --graph=all -v \ 80 > &${EPYDOC_LOGFILE}80 > ${EPYDOC_LOGFILE} 81 81 82 82 # Generate SysV init scripts for Twisted based services -
TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/development.ini
r4152 r4159 10 10 smtp_server = localhost 11 11 error_email_from = paste@localhost 12 wsseCfgFilePath =wssecurity.cfg12 wsseCfgFilePath = ./wssecurity.cfg 13 13 14 14 [server:main] … … 71 71 qualname = ndgsecurity 72 72 73 [logger_ndg] 74 level = DEBUG 75 handlers = 76 qualname = ndg 77 73 78 [handler_console] 74 79 class = StreamHandler -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py
r4133 r4159 290 290 elif self.cfg.get('caCertFilePathList'): 291 291 self.caCertFilePathList = self.cfg['caCertFilePathList'] 292 292 293 self._caX509Stack = [] 294 293 295 self.addTimestamp = self.cfg['addTimestamp'] 294 296 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py
r4155 r4159 687 687 @type identifier: basestring 688 688 @param identifier: OpenID selected by user - for ID Select mode only 689 @rtype oidResponse: openid.server.server.OpenIDResponse690 @return oidResponse: OpenID response object'''689 @rtype: openid.server.server.OpenIDResponse 690 @return: OpenID response object''' 691 691 692 692 oidResponse = oidRequest.answer(True, identity=identifier) -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py
r4152 r4159 22 22 from ZSI.ServiceContainer import ServiceSOAPBinding 23 23 24 class SOAPMiddlewareError(Exception): 25 """Base error handling exception for this module""" 26 27 class SOAPMiddlewareReadError(SOAPMiddlewareError): 28 """SOAP read error""" 29 24 30 class SOAPMiddleware(object): 25 31 '''Middleware configurable to a given ZSI SOAP binding''' … … 43 49 # Check class inherits from ServiceSOAPBinding 44 50 if not issubclass(serviceSOAPBindingClass, ServiceSOAPBinding): 45 raise TypeError( 46 "%s class must be derived fromServiceSOAPBinding" % \47 self.app_conf['ServiceSOAPBindingClass'])51 raise TypeError("%s class must be derived from " 52 "ServiceSOAPBinding" % \ 53 self.app_conf['ServiceSOAPBindingClass']) 48 54 else: 49 55 serviceSOAPBindingClass = ServiceSOAPBinding 50 56 51 57 self.serviceSOAPBinding = serviceSOAPBindingClass() 52 self.enableWSDLQuery = bool() 53 if self.app_conf.get('enableWSDLQuery', False) and \ 54 hasattr(self.serviceSOAPBinding, '_wsdl'): 55 self.enableWSDLQuery = True 58 self.enableWSDLQuery = self.app_conf.get('enableWSDLQuery', False) and\ 59 hasattr(self.serviceSOAPBinding, '_wsdl') 56 60 57 61 … … 72 76 73 77 if environ.get('REQUEST_METHOD') == 'GET' and \ 74 'wsdl' in dict(paste.request.parse_querystring(environ)):78 environ.get('QUERY_STRING') == 'wsdl': 75 79 if self.enableWSDLQuery: 76 80 wsdl = self.serviceSOAPBinding._wsdl … … 85 89 return self.app(environ, start_response) 86 90 87 # Check for ParsedSoap object set in environment, if not present, 88 # make one 89 if 'ZSI.parse.ParsedSoap' in environ: 90 ps = environ['ZSI.parse.ParsedSoap'] 91 else: 92 # TODO: allow for chunked data 93 soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH']) 94 log.debug("SOAP Request") 95 log.debug("_"*80) 96 log.debug(soapIn) 97 log.debug("_"*80) 91 ps = self.parse(environ) 98 92 99 ps = ParsedSoap(soapIn)100 101 93 # Map SOAP Action to method in binding class 102 94 method = getattr(self.serviceSOAPBinding, … … 136 128 environ.get('HTTP_SOAPACTION') is not None 137 129 130 @classmethod 131 def parse(cls, environ): 132 '''Parse SOAP message from environ['wsgi.input'] 138 133 134 Reading from environ['wsgi.input'] may be a destructive process so the 135 content is saved in a ZSI.parse.ParsedSoap object for use by SOAP 136 handlers which follow in the chain 137 138 environ['ZSI.parse.ParsedSoap'] may be set to a ParsedSoap object 139 parsed by a SOAP handler ahead of the current one in the chain. In 140 this case, don't re-parse. If NOT parsed, parse and set 141 'ZSI.parse.ParsedSoap' environ key''' 142 143 # Check for ParsedSoap object set in environment, if not present, 144 # make one 145 ps = environ.get('ZSI.parse.ParsedSoap') 146 if ps is None: 147 # TODO: allow for chunked data 148 contentLength = int(environ['CONTENT_LENGTH']) 149 soapIn = environ['wsgi.input'].read(contentLength) 150 if len(soapIn) < contentLength: 151 raise SOAPMiddlewareReadError("Expecting %s content length; " 152 "received %d instead." % \ 153 (environ['CONTENT_LENGTH'], 154 len(soapIn))) 155 156 log.debug("SOAP Request for handler %r" % cls) 157 log.debug("_"*80) 158 log.debug(soapIn) 159 log.debug("_"*80) 160 161 ps = ParsedSoap(soapIn) 162 environ['ZSI.parse.ParsedSoap'] = ps 163 164 return environ['ZSI.parse.ParsedSoap'] 165 166 139 167 def makeFilter(app, app_conf): 140 168 from ndgsecurity.config.attributeauthority import AttributeAuthorityWS -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py
r4152 r4159 22 22 from ndg.security.server.wsgi.soap import SOAPMiddleware 23 23 24 class SignatureMiddleware(SOAPMiddleware): 25 '''Apply WS-Security digital signature to SOAP message''' 24 class WSSecurityFilterError(Exception): 25 """Base exception class for WS-Security WSGI Filter""" 26 27 class WSSecurityFilterConfigError(WSSecurityFilterError): 28 """WS-Security Filter Config Error""" 29 30 class WSSecurityFilter(SOAPMiddleware): 26 31 27 32 def __init__(self, app, app_conf): 28 33 self.app = app 29 self.signatureHandler = SignatureHandler( 30 cfg=app_conf.get('wsseCfgFilePath')) 34 wsseCfgFilePath = app_conf.get('wsseCfgFilePath') 35 if not wsseCfgFilePath: 36 raise WSSecurityFilterConfigError("No configuration file set") 37 38 self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath) 31 39 40 41 class SignatureFilter(WSSecurityFilter): 42 '''Apply WS-Security digital signature to SOAP message''' 32 43 def __call__(self, environ, start_response): 33 44 if not self.isSOAPMessage(environ): … … 44 55 soapOut = str(sw) 45 56 46 return [soapOut]57 return soapOut 47 58 48 59 49 class SignatureVerification Middleware(SOAPMiddleware):60 class SignatureVerificationFilter(WSSecurityFilter): 50 61 '''Verify WS-Security digital signature in SOAP message''' 51 52 def __init__(self, app, app_conf):53 log.debug("SignatureVerificationMiddleware.__init__ ...")54 self.app = app55 self.signatureHandler = SignatureHandler(56 cfg=app_conf.get('wsseCfgFilePath'))57 62 58 63 def __call__(self, environ, start_response): 59 64 if not self.isSOAPMessage(environ): 60 return self.app(environ, start_response)61 62 if 'SOAP_ACTION' not in environ:63 65 log.debug("Non-SOAP request: Skipping signature verification") 64 66 return self.app(environ, start_response) … … 66 68 log.debug("Verifying inbound message signature...") 67 69 68 # TODO: allow for chunked data 69 soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH']) 70 71 ps = ParsedSoap(soapIn) 70 ps = self.parse(environ) 72 71 self.signatureHandler.verify(ps) 73 72 … … 79 78 80 79 def makeSignatureVerificationFilter(app, global_conf): 81 return SignatureVerification Middleware(app, global_conf)80 return SignatureVerificationFilter(app, global_conf) 82 81 83 82 def makeSignatureFilter(app, global_conf): 84 return Signature Middleware(app, global_conf)83 return SignatureFilter(app, global_conf)
Note: See TracChangeset
for help on using the changeset viewer.