Changeset 6895
- Timestamp:
- 27/05/10 14:30:08 (11 years ago)
- Location:
- TI12-security/trunk/MyProxyServerUtils/myproxy/server
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxy-ws-logon.sh
r6893 r6895 1 1 #!/bin/bash 2 2 # 3 # Client script for web service interface to MyProxy logon 3 # Client script for web service interface to MyProxy logon based on openssl and 4 # curl 4 5 # 5 6 # @author P J Kershaw 25/05/2010 … … 10 11 # 11 12 # $Id$ 12 cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$0" -- "$@"` 13 cmdname=$(basename $0) 14 cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$cmdname" -- "$@"` 13 15 14 usage="Usage: myproxy-logon[-U MyProxy Web Service URI][-l username] ...\n16 usage="Usage: $cmdname [-U MyProxy Web Service URI][-l username] ...\n 15 17 \n 16 18 Options\n 17 -h | --help Displays usage\n 18 -U | --uri MyProxy web service URI\n 19 -l | --username <username> Username for the delegated proxy\n 20 -S | --stdin_pass pass password from stdin rather prompt from tty\n 21 -o | --out <path> Location of delegated proxy\n 22 (use '-' for stdout)\n 19 -h | --help\t\t\t\tDisplays usage\n 20 -U | --uri\t\t<uri>\t\tMyProxy web service URI\n 21 -l | --username\t<username>\tUsername for the delegated proxy (defaults to \$LOGNAME)\n 22 -S | --stdin_pass\t\t\tpass password from stdin rather prompt from tty\n 23 -o | --out\t\t<filepath>\tLocation of delegated proxy (default to stdout)\n 23 24 " 24 25 25 26 if [ $? != 0 ] ; then 26 echo $usage >&2 ;27 echo -e $usage >&2 ; 27 28 exit 1 ; 28 29 fi … … 32 33 while true ; do 33 34 case "$1" in 34 -h|--help) echo $usage ; exit 0 ;;35 -h|--help) echo -e $usage ; exit 0 ;; 35 36 -U|--uri) uri=$2 ; shift 2 ;; 36 37 -l|--username) username=$2 ; shift 2 ;; … … 43 44 44 45 if [ -z $uri ]; then 45 echo Give the URI for the MyProxy Logon web service ;46 echo $usage >&2 ;46 echo -e Give the URI for the MyProxy Logon web service ; 47 echo -e $usage >&2 ; 47 48 exit 1; 48 49 fi … … 92 93 # 1) -t 1 to ensure only one attempt is made 93 94 # 2) --auth-no-challenge force sending of username/password to allow for servers that may not issue an authentication challenge 94 wget $uri --http-user=$username --http-password=$password --post-file=$certreqfilepath --ca-directory=$cadir -O $outfilepath -t 1 --auth-no-challenge 95 if [ "$?" != "0" ]; then 96 cat $outfilepath 95 #wget $uri --http-user=$username --http-password=$password --post-file=$certreqfilepath --ca-directory=$cadir -O $outfilepath -t 1 --auth-no-challenge 96 response=$(curl $uri -u $username:$password -d "$(cat $certreqfilepath)" --capath $cadir -w " %{http_code}" -s -S) 97 responsemsg=$(echo "$response"|sed '$s/ *\([^ ]* *\)$//') 98 responsecode=$(echo $response|awk '{print $NF}') 99 if [ "$responsecode" != "200" ]; then 100 echo "$responsemsg" >&2 97 101 exit 1 98 102 fi 99 103 100 # Add key to output file 104 # Output certificate 105 echo "$responsemsg" > $outfilepath 106 107 # Add key 101 108 echo "$key" >> $outfilepath -
TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxy_ws.py
r6893 r6895 17 17 THIS_DIR = path.dirname(__file__) 18 18 INI_FILENAME = 'myproxywsgi.ini' 19 INI_FILEPATH = path.join(THIS_DIR, INI_FILENAME) 20 SSLCERT_FILEPATH = 'localhost.crt'21 SSLKEY_FILEPATH = 'localhost.key'19 INI_FILEPATH = path.join(THIS_DIR, INI_FILENAME) 20 SSLCERT_FILEPATH = path.join(THIS_DIR, 'localhost.crt') 21 SSLKEY_FILEPATH = path.join(THIS_DIR, 'localhost.key') 22 22 PORTNUM = 7443 23 WITH_SSL = True 23 WITH_SSL = True # Set to False to run over HTTP 24 24 25 25 if __name__ == "__main__": 26 # Provide a port number as command line argument or accept the default 27 # PORTNUM 26 28 if len(sys.argv) > 1: 27 29 port = sys.argv[1] … … 29 31 port = PORTNUM 30 32 31 certFilePath = path.join(THIS_DIR, SSLCERT_FILEPATH)32 priKeyFilePath = path.join(THIS_DIR, SSLKEY_FILEPATH)33 34 33 if WITH_SSL: 35 34 ssl_context = SSL.Context(SSL.SSLv23_METHOD) 36 35 ssl_context.set_options(SSL.OP_NO_SSLv2) 37 36 38 ssl_context.use_privatekey_file( priKeyFilePath)39 ssl_context.use_certificate_file( certFilePath)37 ssl_context.use_privatekey_file(SSLKEY_FILEPATH) 38 ssl_context.use_certificate_file(SSLCERT_FILEPATH) 40 39 else: 41 40 ssl_context = None -
TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/myproxywsgi.ini
r6894 r6895 22 22 myproxy.logonFuncEnvKeyName = MYPROXY_LOGON_FUNC 23 23 myproxy.rePathMatchList = /logon 24 myproxy.client.hostname = localhost 24 #myproxy.client.hostname = localhost 25 myproxy.client.hostname = myproxy.ceda.ac.uk 25 26 myproxy.client.caCertDir = /etc/grid-security/certificates -
TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/test_myproxywsgi.cfg
r6893 r6895 14 14 [test01Logon] 15 15 username: pjk 16 password = mypassword16 #password = mypassword 17 17 uri = https://localhost:10443/logon -
TI12-security/trunk/MyProxyServerUtils/myproxy/server/test/test_myproxywsgi_with_paster.py
r6893 r6895 19 19 logging.basicConfig(level=logging.DEBUG) 20 20 21 from OpenSSL import SSL 21 from OpenSSL import SSL, crypto 22 22 23 23 from myproxy.server.test import PasteDeployAppServer … … 39 39 SCRIPT_URI_OPTNAME = '--uri' 40 40 SCRIPT_USER_OPTNAME = '--username' 41 SCRIPT_PASSWD_OPTNAME = '--stdin_pass'42 SCRIPT_OUTPUT_OPTNAME = '--out'43 41 SCRIPT_STDIN_PASS = '--stdin_pass' 44 42 … … 80 78 env={'X509_CERT_DIR':self.__class__.THIS_DIR}) 81 79 stdoutdata, stderrdata = p2.communicate() 82 # self.failIf(status[-1] != 0, "Expecting 0 exit status for %r" % cmd) 83 print stdoutdata 84 80 self.failIf(len(stderrdata) > 0, "An error message was returned: %s" % 81 stderrdata) 82 print("stdout = %s" % stdoutdata) 83 84 cert = crypto.load_certificate(crypto.FILETYPE_PEM, stdoutdata) 85 subj = cert.get_subject() 86 self.assert_(subj) 87 self.assert_(subj.CN) 88 print("Returned certificate subject CN=%r" % subj.CN) 89 85 90 def addService(self, *arg, **kw): 86 91 """Utility for setting up threads to run Paste HTTP based services with -
TI12-security/trunk/MyProxyServerUtils/myproxy/server/wsgi/httpbasicauth.py
r6893 r6895 174 174 username, password = self._parseCredentials(environ) 175 175 if username is None: 176 log.info('No username set in HTTP Authorization header') 177 return self.setErrorResponse(start_response) 176 log.error('No username set in HTTP Authorization header') 177 return self.setErrorResponse(start_response, 178 msg="No username set\n") 178 179 179 180 authenticateFunc = environ.get(self.authnFuncEnvironKeyName) … … 215 216 status = '%d %s' % (code, httplib.responses[code]) 216 217 if msg is None: 217 response = status218 response = "%s\n" % status 218 219 else: 219 220 response = msg
Note: See TracChangeset
for help on using the changeset viewer.