Changeset 7681


Ignore:
Timestamp:
01/11/10 14:32:19 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.0.1 - incl. updated Paster templates

  • Fix mutable keyword defaults
Location:
TI12-security/trunk/NDGSecurity/python
Files:
37 added
19 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/Tests

    • Property svn:ignore
      •  

        old new  
        11apache-mod-proxy 
        22curl 
         3esg_integration.tgz 
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration

    • Property svn:ignore
      •  

        old new  
        22resource.txt 
        33subject.txt 
         4esg_trusted_certificates 
         5esg_trusted_certificates.tar.gz 
         6pcmdi3.llnl.gov.crt 
         7verisign_root 
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_attributeserviceclient.cfg

    r7357 r7681  
    2626 
    2727# SSL Context Proxy settings 
    28 attributeQuery.sslCACertDir = %(here)s/ca 
     28attributeQuery.sslCACertDir = %(here)s/esg_trusted_certificates 
    2929attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
    3030attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
     
    4545 
    4646# SSL Context Proxy settings 
    47 attributeQuery.sslCACertDir = %(here)s/ca 
     47attributeQuery.sslCACertDir = %(here)s/esg_trusted_certificates 
    4848attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
    4949attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
     
    5757attributeQuery.subjectIdFormat = urn:esg:openid 
    5858attributeQuery.clockSkewTolerance = 1. 
    59 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 
     59attributeQuery.issuerName = /O=STFC/OU=BADC/CN=Test 
    6060attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string 
    6161attributeQuery.queryAttributes.1 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string 
     
    6464 
    6565# SSL Context Proxy settings 
    66 attributeQuery.sslCACertDir = %(here)s/ca 
    67 attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
    68 attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
    69 attributeQuery.sslValidDNs = /CN=pcmdi3.llnl.gov/OU=ICCD/O=Lawrence Livermore National Laboratory/L=Livermore/ST=California/C=US 
     66attributeQuery.sslCACertDir = %(here)s/esg_trusted_certificates 
     67#attributeQuery.sslCertFilePath = %(here)s/pki/test.crt 
     68#attributeQuery.sslPriKeyFilePath = %(here)s/pki/test.key 
     69#attributeQuery.sslValidDNs = /CN=pcmdi3.llnl.gov/OU=ICCD/O=Lawrence Livermore National Laboratory/L=Livermore/ST=California/C=US 
    7070 
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_attributeserviceclient.py

    r7357 r7681  
    6464         
    6565        self.assert_(response.status.statusCode.value==StatusCode.SUCCESS_URI) 
    66          
    67     def test01ncarAttributeQuery(self): 
    68         self._attributeQuery('test01ncarAttributeQuery') 
    69          
    70     def test02pcmdiAttributeQuery(self): 
    71         self._attributeQuery('test02pcmdiAttributeQuery') 
     66#         
     67#    def test01ncarAttributeQuery(self): 
     68#        self._attributeQuery('test01ncarAttributeQuery') 
     69#         
     70#    def test02pcmdiAttributeQuery(self): 
     71#        self._attributeQuery('test02pcmdiAttributeQuery') 
    7272         
    7373    def test03pcmdiProductionAttributeQuery(self): 
  • TI12-security/trunk/NDGSecurity/python/Tests/m2Crypto/httpsTest.py

    r7080 r7681  
    11#!/use/bin/env python 
    22from M2Crypto.httpslib import HTTPSConnection 
     3from M2Crypto import SSL 
    34 
    4 hostname = 'gabriel.badc.rl.ac.uk' 
    5 #hostname = 'grid.bodc.nerc.ac.uk' 
    6 path = '/openid' 
     5#hostname = 'gabriel.badc.rl.ac.uk' 
     6##hostname = 'grid.bodc.nerc.ac.uk' 
     7#path = '/openid' 
    78# 
    89#body = '''<SOAP-ENV:Envelope  
     
    1213#<SOAP-ENV:Header></SOAP-ENV:Header> 
    1314#<SOAP-ENV:Body><ns1:getAttCert/></SOAP-ENV:Body>''' 
     15body = '''<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"> 
     16    <soap11:Header></soap11:Header> 
     17    <soap11:Body> 
     18        <samlp:AttributeQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" IssueInstant="2010-10-22T10:32:07.585451Z" ID="bf152f2e-d00f-44a3-93ea-968445bbeb4a"> 
     19            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">/O=STFC/OU=BADC/CN=Test</saml:Issuer> 
     20            <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> 
     21                <saml:NameID Format="urn:esg:openid">https://ceda.ac.uk/openid/Philip.Kershaw</saml:NameID> 
     22            </saml:Subject> 
     23            <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole"></saml:Attribute> 
     24            <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="LastName" Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"></saml:Attribute> 
     25            <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EmailAddress" Name="urn:esg:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string"></saml:Attribute> 
     26            <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="FirstName" Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"></saml:Attribute> 
     27        </samlp:AttributeQuery> 
     28    </soap11:Body> 
     29</soap11:Envelope> 
     30''' 
     31ctx = SSL.Context() 
     32ctx.load_verify_locations(capath=caDir) 
     33ctx.set_verify(SSL.verify_peer, 9) 
     34con = HTTPSConnection(hostname, ssl_context=ctx) 
     35con.putrequest('POST', path) 
     36con.putheader('Content-Type', 'text/xml') 
     37con.putheader('Content-Length', str(len(body))) 
     38con.endheaders() 
     39con.send(body) 
     40resp = con.getresponse() 
     41print resp.read() 
    1442 
    1543#con = HTTPSConnection(hostname) 
    16 #con.putrequest('POST', path) 
    17 #con.putheader('Content-Type', 'text/xml') 
    18 #con.putheader('Content-Length', str(len(body))) 
     44#con.putrequest('GET', path) 
    1945#con.endheaders() 
    20 #con.send(body) 
    2146#resp = con.getresponse() 
    2247#print resp.read() 
    23  
    24 con = HTTPSConnection(hostname) 
    25 con.putrequest('GET', path) 
    26 con.endheaders() 
    27 resp = con.getresponse() 
    28 print resp.read() 
  • TI12-security/trunk/NDGSecurity/python/Tests/pycurl/test_pycurl.py

    r7080 r7681  
    33import os 
    44#os.environ['CURL_CA_BUNDLE'] = '/home/pjkersha/Documents/BADC/Certificates/Cybertrust/cybertrustCombo.crt' 
    5 caPath = '/usr/local/ndg/ca/ndg-test-ca.crt' 
     5#caPath = '/usr/local/ndg/ca/ndg-test-ca.crt' 
     6caPath = '/workspace/ndg_security_python/Tests/esg_integration/esg_trusted_certificates' 
    67#url = 'https://ndg3beta.badc.rl.ac.uk/openid' 
    7 url = 'https://localhost/openid' 
     8#url = 'https://localhost/openid' 
     9url = 'https://pcmdi3.llnl.gov/esgcet/saml/soap/secure/attributeService.htm' 
    810print pycurl.version_info() 
    911for i in dir(pycurl): 
  • TI12-security/trunk/NDGSecurity/python/ndg_security/setup.cfg

    r7081 r7681  
    1818 
    1919[egg_info] 
    20 #tag_build = rc1  
     20tag_build = rc1  
    2121#tag_svn_revision = true 
    2222 
  • TI12-security/trunk/NDGSecurity/python/ndg_security/setup.py

    r7510 r7681  
    4242setup( 
    4343    name =                      'ndg_security', 
    44     version =                   '2.0.0', 
     44    version =                   '2.0.1', 
    4545    description =               'NERC DataGrid Security Utilities', 
    4646    long_description =          _longDescription, 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_client/setup.cfg

    r7079 r7681  
    1616 
    1717[egg_info] 
    18 #tag_build = rc1  
     18tag_build = rc1  
    1919#tag_svn_revision = true 
    2020 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_client/setup.py

    r7510 r7681  
    4646setup( 
    4747    name =                      'ndg_security_client', 
    48     version =                   '2.0.0', 
     48    version =                   '2.0.1', 
    4949    description =               'NERC DataGrid Security Client side interface', 
    5050    long_description =          _longDescription, 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/X509.py

    r7327 r7681  
    555555    def verifyCertChain(self,  
    556556                        x509Cert2Verify=None,  
    557                         caX509Stack=[], 
     557                        caX509Stack=None, 
    558558                        rejectSelfSignedCert=True): 
    559559        """Treat stack as a list of certificates in a chain of 
     
    573573        @type rejectSelfSignedCert: bool""" 
    574574         
     575        if caX509Stack is None: 
     576            caX509Stack = [] 
     577             
    575578        n2Validate = len(self) 
    576579        if x509Cert2Verify: 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/utils/m2crypto.py

    r7076 r7681  
    3636                 peerCertDN=None,  
    3737                 peerCertCN=None, 
    38                  acceptedDNs=[],  
    39                  caCertList=[], 
    40                  caCertFilePathList=[],  
     38                 acceptedDNs=None,  
     39                 caCertList=None, 
     40                 caCertFilePathList=None,  
    4141                 **kw): 
    4242        """Override parent class __init__ to enable setting of myProxyServerDN 
     
    6363        @param caCertFilePathList: same as caCertList except input as list 
    6464        of CA cert file paths""" 
     65         
     66        if acceptedDNs is None: 
     67            acceptedDNs = [] 
     68             
     69        if caCertList is None: 
     70            caCertList = [] 
     71             
     72        if caCertFilePathList is None: 
     73            caCertFilePathList = [] 
    6574         
    6675        SSL.Checker.Checker.__init__(self, **kw) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/setup.cfg

    r7076 r7681  
    1616 
    1717[egg_info] 
    18 #tag_build = rc1  
     18tag_build = rc1  
    1919#tag_svn_revision = true 
    2020 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/setup.py

    r7510 r7681  
    5959setup( 
    6060    name =                      'ndg_security_common', 
    61     version =                   '2.0.0', 
     61    version =                   '2.0.1', 
    6262    description =           'NERC DataGrid Security package containing common ' 
    6363                            'utilities used by both server and client ' 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/securedapp/application.ini_tmpl

    r7637 r7681  
    6666           AuthorisationSamlSoapBindingFilter 
    6767                   SessionMiddlewareFilter 
    68                    SSLCientAuthKitFilter 
     68                   SSLClientAuthKitFilter 
    6969                   SSLClientAuthenticationFilter 
    7070                   SSLCientAuthnRedirectResponseFilter 
     
    9191environ_key = %(beakerSessionKeyName)s 
    9292 
    93 [filter:SSLCientAuthKitFilter] 
     93[filter:SSLClientAuthKitFilter] 
    9494paste.filter_app_factory = authkit.authenticate:middleware 
    9595 
     
    121121#ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test 
    122122 
    123 # 'HTTP_' prefix is set when passed through a proxy 
    124 ssl.sslKeyName = HTTP_HTTPS 
    125 ssl.sslClientCertKeyName = HTTP_SSL_CLIENT_CERT 
     123# 'HTTP_' prefix is set when passed through an Apache proxy 
     124#ssl.sslKeyName = HTTP_HTTPS 
     125#ssl.sslClientCertKeyName = HTTP_SSL_CLIENT_CERT 
    126126 
    127127# Set the URI pattern match here to interrupt a redirect to the OpenID Relying  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.cfg

    r7077 r7681  
    1515 
    1616[egg_info] 
    17 #tag_build = rc1  
     17tag_build = rc1  
    1818#tag_svn_revision = true 
    1919 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.py

    r7572 r7681  
    1616 
    1717from setuptools import setup, find_packages 
    18  
    19 import os 
    2018 
    2119# Other packages needed by this server package 
     
    6866setup( 
    6967    name =                      'ndg_security_server', 
    70     version =                   '2.0.0', 
     68    version =                   '2.0.1', 
    7169    description =               'Server side components for running NERC DataGrid ' 
    7270                            'Security Services', 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/setup.cfg

    r7077 r7681  
    99# BSD - See LICENCE file for details 
    1010[egg_info] 
    11 #tag_build = rc1  
     11tag_build = rc1  
    1212#tag_svn_revision = true 
    1313 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/setup.py

    r7510 r7681  
    4343setup( 
    4444    name =                      'ndg_security_test', 
    45     version =                   '2.0.0', 
     45    version =                   '2.0.1', 
    4646    description =               'NERC DataGrid Security Unit and Integration tests', 
    4747    long_description =          _longDescription, 
Note: See TracChangeset for help on using the changeset viewer.