Changeset 6919 for TI12-security/trunk/MyProxyClient

Timestamp:

02/06/10 16:26:48 (11 years ago)

Author:

pjkersha

Message:

New MyProxyClient release 1.1.0

Location:

TI12-security/trunk/MyProxyClient

Files:

• README (modified) (1 diff)
• documentation/Makefile (modified) (1 diff)
• myproxy/client.py (modified) (3 diffs)
• myproxy/test/proxy.crt (added)
• myproxy/test/proxy.key (added)
• myproxy/test/test_myproxyclient.py (modified) (1 diff)
• setup.py (modified) (1 diff)

TI12-security/trunk/MyProxyClient/README

@@ -6 +6 @@
 * i.e. MyProxy C client libraries are not required for this package. 
 
-It uses M2Crypto to make an SSL connection to the server following the
+It uses pyOpenSSL to make an SSL connection to the server following the
 messaging interface as outlined in: http://grid.ncsa.uiuc.edu/myproxy/protocol/
 

TI12-security/trunk/MyProxyClient/documentation/Makefile

@@ -15 +15 @@
 # Generate HTML from embedded epydoc text in source code.
 EPYDOC=epydoc
+EPYDOC_INDIR=../myproxy
 EPYDOC_OUTDIR=.
-EPYDOC_NAME='MyProxy Client'
+EPYDOC_NAME='NERC DataGrid SAML 2.0'
 EPYDOC_LOGFILE=epydoc.log
-EPYDOC_FRAMES_OPT=--no-frames
+EPYDOC_OPTS=--no-frames --include-log --graph=all -v
+ZIP=zip
+ZIP_OUTFILE=./documentation.zip
+ZIP_INFILES=./*.*
+
 epydoc:
-        ${EPYDOC} ../myproxy -o ${EPYDOC_OUTDIR} --name ${EPYDOC_NAME} \
-        ${EPYDOC_FRAMES_OPT} --include-log --graph=all -v > ${EPYDOC_LOGFILE}
-        
+        ${EPYDOC} ${EPYDOC_INDIR} -o ${EPYDOC_OUTDIR} --name ${EPYDOC_NAME} \
+        ${EPYDOC_OPTS} > ${EPYDOC_LOGFILE}
+    
+zip:
+        ${ZIP} ${ZIP_OUTFILE} ${ZIP_INFILES}    
+
 clean:
-        rm -f *.txt *.html *.gif
+        rm -f *.txt *.html *.gif *.css *.js *.png *.log

TI12-security/trunk/MyProxyClient/myproxy/client.py

@@ -105 +105 @@
                       peerCert.get_subject())
                 
-            return errorStatus
+            return False
             
         elif errorDepth == 0:
@@ -119 +119 @@
                     log.error('No "hostname" or "certDN" set to check peer '
                               'certificate against')
-                    return errorStatus
+                    return False
                     
                 cn = self.cnPrefix + self.hostname
                 if peerCertSubj.commonName == cn:
-                    return successStatus
+                    return True
                 else:
                     log.error('Peer certificate CN %r doesn\'t match the '
                               'expected CN %r', peerCertSubj.commonName, cn)
-                    return errorStatus
+                    return False
             else:
                 if peerCertDN == self.certDN:
-                    return successStatus
+                    return True
                 else:
                     log.error('Peer certificate DN %r doesn\'t match the '
                               'expected DN %r', peerCertDN, self.certDN)
-                    return errorStatus
+                    return False
         else:
-            return successStatus
+            return True
              
     def _getCertDN(self):
@@ -705 +705 @@
         if verifyPeerWithTrustRoots:
             context.load_verify_locations(None, self.caCertDir)
-            verifyMode = SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT
-        else:
-            log.warning("SSL Context verify mode set to SSL.VERIFY_NONE")
-            verifyMode = SSL.VERIFY_NONE
             
         # Verify peer's (MyProxy server) certificate
-        context.set_verify(verifyMode, self.__serverSSLCertVerify)
+        context.set_verify(SSL.VERIFY_PEER, self.__serverSSLCertVerify)
              
         if certFile:

TI12-security/trunk/MyProxyClient/myproxy/test/test_myproxyclient.py

@@ -308 +308 @@
         
             client = MyProxyClient()
-            
+             
             connection = None
-            errorStatus = 1
-            successStatus = 0
+            errorStatus = False
+            successStatus = True
             errorDepth = 0
             peerCertStr = open(self.__class__.HOSTCERT_FILEPATH).read()

TI12-security/trunk/MyProxyClient/setup.py

@@ -28 +28 @@
 setup(
     name =              'MyProxyClient',
-    version =           '1.0.0',
+    version =           '1.1.0',
     description =       'MyProxy Client',
-    long_description =  '''Pure Python implementation of MyProxy client '''
-    '''interface.
-    
-    This version replaces M2Crypto with PyOpenSSL as the OpenSSL wrapper.
-    Get trust roots is now added.  A stub for Put has been added but not 
-    implemented as unfortunately the PyOpenSSL X.%09 extensions interface does
-    not support the required proxyCertInfo extension required for proxy
-    certificates.
-    ''',
+    long_description =  '''
+Python implementation of the client interface to the MyProxy credential 
+management service (http://grid.ncsa.illinois.edu/myproxy/).
+
+The code has been extended from an original program myproxy_logon by Tom Uram of
+ANL.
+''',
     author =            'Philip Kershaw',
     author_email =      'Philip.Kershaw@stfc.ac.uk',