Changeset 6447

Timestamp:

01/02/10 13:41:28 (11 years ago)

Author:

pjkersha

Message:

• fix for ndg.security.server.wsgi.authn.AuthnRedirectResponseMiddleware? - moved sslAuthnSucceeded from AuthKitRedirectResponseMiddleware? to this class.
• Caught bugs from re-run of unit tests: OpenID validation - missing OpenID regular expression pattern file; MyProxy? middleware fixes.

Location:

TI12-security/trunk/NDGSecurity/python

Files:

• ndg_security_server/ndg/security/server/wsgi/authn.py (modified) (2 diffs)
• ndg_security_server/ndg/security/server/wsgi/myproxy/__init__.py (modified) (3 diffs)
• ndg_security_test/ndg/security/test/unit/openid/relyingparty/validation/identityPatternWhitelist.cfg (added)
• ndg_security_test/ndg/security/test/unit/openid/relyingparty/validation/test_validation.py (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/myproxy/test.ini (modified) (2 diffs)
• ndg_security_test/ndg/security/test/unit/wsgi/myproxy/test_myproxy.py (modified) (3 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authn.py

@@ -325 +325 @@
     ndg.security.server.wsgi.openid.relyingparty.OpenIDRelyingPartyMiddleware 
     which performs a similar function.
-    """
+    """    
+    _sslAuthnSucceeded = lambda self: self.environ.get(
+                    AuthKitSSLAuthnMiddleware.AUTHN_SUCCEEDED_ENVIRON_KEYNAME,
+                    False)
+        
+    sslAuthnSucceeded = property(fget=_sslAuthnSucceeded,
+                                 doc="Boolean indicating SSL authentication "
+                                     "has succeeded in "
+                                     "AuthKitSSLAuthnMiddleware upstream of "
+                                     "this middleware")   
     
     @NDGSecurityMiddlewareBase.initCall
@@ -369 +378 @@
                                    "'REMOTE_USER' environment variable is set")
     
-    _sslAuthnSucceeded = lambda self: self.environ.get(
-                    AuthKitSSLAuthnMiddleware.AUTHN_SUCCEEDED_ENVIRON_KEYNAME,
-                    False)
-        
-    sslAuthnSucceeded = property(fget=_sslAuthnSucceeded,
-                                 doc="Boolean indicating SSL authentication "
-                                     "has succeeded in "
-                                     "AuthKitSSLAuthnMiddleware upstream of "
-                                     "this middleware")
-    
     def __init__(self, app, app_conf, **local_conf):
         super(AuthKitRedirectResponseMiddleware, self).__init__(app, app_conf,

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/myproxy/__init__.py

@@ -142 +142 @@
             """Wrap MyProxy logon method as a WSGI app
             """
-            if environ['HTTP_METHOD'] == 'GET':
+            if environ.get('REQUEST_METHOD') == 'GET':
                 # No certificate request passed with GET call
                 # TODO: retire this method? - keys are generated here instead of
@@ -148 +148 @@
                 certReq = None
                     
-            elif environ['HTTP_METHOD'] == 'POST':
+            elif environ.get('REQUEST_METHOD') == 'POST':
                 
                 pemCertReq = environ[
@@ -160 +160 @@
                 status = self.getStatusMessage(httplib.UNAUTHORIZED)
                 response = ("HTTP request method %r not recognised for this "
-                            "request " % environ['HTTP_METHOD'])
+                            "request " % environ.get('REQUEST_METHOD', 
+                                                     '<Not set>'))
                 
             try:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/openid/relyingparty/validation/test_validation.py

@@ -63 +63 @@
     x509CertFilePath = mkDataDirPath(os.path.join('pki', 'localhost.crt'))
     
-    def get_current_cert(self):
-        return X509.load_cert(X509StoreCtxPlaceHolder.x509CertFilePath)
+    def get1_chain(self):
+        return [X509.load_cert(X509StoreCtxPlaceHolder.x509CertFilePath)]
     
 class IdPValidationTestCase(BaseTestCase):

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/myproxy/test.ini

@@ -6 +6 @@
 [DEFAULT]
 username = testuser
-#password = 
+password = testpasswd
 
 [server:main]
@@ -23 +23 @@
 http.auth.basic.rePathMatchList = .*
 myproxy.logonFuncEnvKeyName = myProxyLogon
-#myproxy.client.hostname = localhost
-myproxy.client.hostname = glue.badc.rl.ac.uk
-myproxy.client.serverDN = /O=NDG/OU=BADC/CN=glue.badc.rl.ac.uk
+myproxy.client.hostname = localhost
+myproxy.client.serverDN = /O=NDG/OU=BADC/CN=localhost

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/myproxy/test_myproxy.py

@@ -20 +20 @@
 from paste.deploy import loadapp
 
-from M2Crypto import X509
+from M2Crypto import X509, RSA, EVP, m2
 
 from ndg.security.test.unit import BaseTestCase
@@ -210 +210 @@
         
         # Create key pair
+        nBitsForKey = 2048
         keys = RSA.gen_key(nBitsForKey, m2.RSA_F4)
         certReq = X509.Request()
@@ -224 +225 @@
         certReq.set_subject_name(x509Name)
         
-        certReq.sign(pubKey, messageDigest)
+        certReq.sign(pubKey, "md5")
 
         pemCertReq = certReq.as_pem()