Changeset 4171

Timestamp:

03/09/08 16:40:00 (11 years ago)

Author:

pjkersha

Message:

Fixes to SOAP and WS-Security middleware, added SOAP fault handling for exceptions

Location:

TI12-security/trunk/python

Files:

• Tests/pylonsAttributeAuthority/ndgsecurity/development.ini (modified) (2 diffs)
• ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py (modified) (2 diffs)
• ndg.security.server/ndg/security/server/SessionMgr/__init__.py (modified) (2 diffs)
• ndg.security.server/ndg/security/server/wsgi/openid_provider.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/wsgi/soap.py (modified) (7 diffs)
• ndg.security.server/ndg/security/server/wsgi/wssecurity.py (modified) (2 diffs)
• ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClientTest.py (modified) (1 diff)

TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/development.ini

@@ -33 +33 @@
 path = /AttributeAuthority
 enableWSDLQuery = True
+charset = utf-8
 
 [filter:wsseSignatureVerificationFilter]
@@ -54 +55 @@
 # Logging configuration
 [loggers]
-keys = root, ndgsecurity
+keys = root, ndgsecurity, ndg
 
 [handlers]

TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/BaseSignatureHandler.py

@@ -290 +290 @@
         elif self.cfg.get('caCertFilePathList'):
             self.caCertFilePathList = self.cfg['caCertFilePathList']
-
-        self._caX509Stack = []
         
         self.addTimestamp = self.cfg['addTimestamp']
@@ -660 +658 @@
         @type caCertList: M2Crypto.X509.X509 certificate objects'''
         
-        if not self.caCertIsSet:
+        if not hasattr(self, '_caX509Stack'):
             self._caX509Stack = X509Stack()
             

TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

@@ -1116 +1116 @@
         """Update existing properties from an input dictionary
         Check input keys are valid names"""
-        raise NotImplementedError, \
-            self.getRoles.__doc__.replace('\n       ','')
+        raise NotImplementedError(
+                            self.setProperties.__doc__.replace('\n       ',''))
 
 
@@ -1141 +1141 @@
         issuing certificate is only set if the user certificate is a proxy
         """
-        raise NotImplementedError, \
-            self.getRoles.__doc__.replace('\n       ','')
-            
+        raise NotImplementedError(self.logon.__doc__.replace('\n       ',''))
+            

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

@@ -341 +341 @@
         @rtype: basestring
         @return: WSGI response
-
         """
 

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

@@ -31 +31 @@
     '''Middleware configurable to a given ZSI SOAP binding'''  
     
+    soapWriterKey = 'ZSI.writer.SoapWriter'
+    parsedSOAPKey = 'ZSI.parse.ParsedSoap'
+    
     def __init__(self, app, app_conf, **kw):
         log.debug("SOAPMiddleware.__init__ ...")
@@ -36 +39 @@
         self.app_conf = app_conf
         self.app_conf.update(kw)
+        
+        if 'charset' in self.app_conf:
+            self.app_conf['charset'] = '; ' + self.app_conf['charset']
+        else:
+            self.app_conf['charset'] = '; charset=utf-8'
+
             
         if 'path' not in self.app_conf:
@@ -62 +71 @@
     def __call__(self, environ, start_response):
         log.debug("SOAPMiddleware.__call__")
-
+        
+        charset_ = self.app_conf['charset']
         def start_response_wrapper(status, response_hdrs, exc_info=None):
             '''Ensure text/xml content type and set content length'''
             
-            contentKeys = ('content-type', 'content-length')
+            log.debug("Altering content-type to text/xml...")
+            contentKeys = ('content-type',)#('content-type', 'content-length')
             response_hdrs_alt = [(name, val) for name, val in response_hdrs\
                                  if name.lower() not in contentKeys]
             
-            response_hdrs_alt += [('content-type', 'text/xml'),
-                                  ('content-length', str(len(self.soapOut)))]
+            response_hdrs_alt += [('content-type', 'text/xml'+charset_)]
+
                             
             return start_response(status, response_hdrs_alt, exc_info)
@@ -100 +111 @@
             req, resp = method(ps)
         except Exception, e:
-            self._writeFault(req, resp)
-        
-        # Serialize output using SOAP writer class
-        sw = SoapWriter()
-        sw.serialize(resp)
+            sw = self.exception2SOAPFault(e)
+        else: 
+            # Serialize output using SOAP writer class
+            sw = SoapWriter()
+            sw.serialize(resp)
         
         # Make SoapWriter object available to any SOAP filters that follow
-        environ['ZSI.writer.SoapWriter'] = sw
+        environ[SOAPMiddleware.soapWriterKey] = sw
         self.soapOut = str(sw)
         
@@ -114 +125 @@
         log.debug(self.soapOut)
         log.debug("_"*80)
-#                
-#        if soap is not None:
-#            return self._writeResponse(request, soap)
+
+        return self.app(environ, start_response_wrapper)
+
+
+    def exception2SOAPFault(self, e):
+        '''Convert an exception into a SOAP fault message'''
+        soapFault = fault.FaultFromException(e, None)
+        sw = SoapWriter()
+        soapFault.serialize(sw)
+        return sw
+    
         
-        app = self.app(environ, start_response_wrapper)
-        #start_response("200 OK", [('Content-type', 'text/xml')])
-        return self.soapOut
-
     @classmethod
     def isSOAPMessage(cls, environ):
@@ -143 +158 @@
         # Check for ParsedSoap object set in environment, if not present,
         # make one
-        ps = environ.get('ZSI.parse.ParsedSoap')
+        ps = environ.get(SOAPMiddleware.parsedSOAPKey)
         if ps is None:
             # TODO: allow for chunked data
@@ -160 +175 @@
             
             ps = ParsedSoap(soapIn)
-            environ['ZSI.parse.ParsedSoap'] = ps
+            environ[SOAPMiddleware.parsedSOAPKey] = ps
             
-        return environ['ZSI.parse.ParsedSoap']
+        return environ[SOAPMiddleware.parsedSOAPKey]
     
-       
+    @classmethod
+    def getSOAPWriter(cls, environ):
+        '''Access SoapWriter object set in environment by this classes' call
+        method'''
+        
+        sw = environ.get(SOAPMiddleware.soapWriterKey)
+        if sw is None:
+            raise KeyError("Expecting '%s' key in environ: missing call to "
+                           "SOAPMiddleware?" % SOAPMiddleware.soapWriterKey)
+        return sw
+    
+     
 def makeFilter(app, app_conf):  
-    from ndgsecurity.config.attributeauthority import AttributeAuthorityWS
-    
-    return SOAPMiddleware(app, app_conf,
-                          ServiceSOAPBinding=AttributeAuthorityWS(),
-                          path='/AttributeAuthority')
+    return SOAPMiddleware(app, app_conf)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py

@@ -48 +48 @@
         app = self.app(environ, start_response)
 
-        if 'ZSI.writer.SoapWriter' not in environ:
-            raise KeyError("Expecting 'ZSI.writer.SoapWriter' key in environ")
+        sw = self.getSOAPWriter(environ)
+        self.signatureHandler.sign(sw)
+        self.soapOut = str(sw)
         
-        sw = environ['ZSI.writer.SoapWriter']
-        self.signatureHandler.sign(sw)
-        soapOut = str(sw)
-        
-        return soapOut
+#        try:
+#            start_response('200 OK', 
+#                           [('Content-Length', str(len(self.soapOut))),
+#                            ('Content-type', 'text/xml')])
+#        except Exception, e:
+#            raise
+        return self.soapOut
     
 
@@ -73 +76 @@
         # Pass on in environment as an efficiency measure for any following
         # SOAP Middleware
-        environ['ZSI.parse.ParsedSoap'] = ps
         return self.app(environ, start_response)
 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClientTest.py

@@ -16 +16 @@
 import os, sys, getpass, re
 from ConfigParser import SafeConfigParser
+import logging
+logging.basicConfig()
 
 from ndg.security.common.AttAuthority import AttAuthorityClient