Changeset 7784

Timestamp:

16/12/10 17:11:24 (10 years ago)

Author:

pjkersha

Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

• Working unit test for generic services template

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates

Files:

• Makefile (modified) (3 diffs)
• services/log (added)
• services/openidprovider/associations (deleted)
• services/openidprovider/beaker (deleted)
• services/openidprovider/nonces (deleted)
• services/openidprovider/temp (deleted)
• services/openidrelyingparty/store (modified) (1 prop)
• services/service.ini_tmpl (modified) (8 diffs)
• template.py (modified) (3 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

@@ -39 +39 @@
 SERVICE_CA_DEST_DIR = ${SERVICE_PKI_DEST_DIR}ca/
 SERVICE_SURPLUS_FILES = README __init__.* attributeinterface.* securedapp.* \
-        securityservicesapp.* request-filter.xml pep_result_handler *.pyc
-
+        securityservicesapp.* request-filter.xml pep_result_handler *.pyc \
+        openidprovider/associations/  openidprovider/beaker/ \
+        openidprovider/README openidprovider/nonces/ openidprovider/temp/ \
+        openidrelyparty/store/ openidrelyparty/__init__.*
+        
 service_tmpl: ${SERVICE_SRC_DIR}
         @-echo Preparing Generic Services template ...
@@ -66 +69 @@
         -e s/'testConfigDir = .*'// \
         -e s/testConfigDir/here/g \
+        -e s/'# Revision:.*'//g \
         ${SERVICE_INI_FILEPATH_TMP} > ${SERVICE_INI_TMPL_FILEPATH}
         rm -f ${SERVICE_INI_FILEPATH_TMP}
@@ -99 +103 @@
         @-echo Preparing Authorisation Service template ...
         @-echo
-        @-echo Copying test ini file ...
+        @-echo Copying test ini file and other configuration files ...
+        mkdir ${AUTHZ_SERVICE_DEST_DIR}
         cp -r ${AUTHZ_SERVICE_SRC_DIR}* ${AUTHZ_SERVICE_DEST_DIR}
         @-echo Making substitutions for template variables ...

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/service.ini_tmpl

@@ -16 +16 @@
 # license:      BSD - see LICENSE file in top-level directory
 # Contact:      Philip.Kershaw@stfc.ac.uk
-# Revision:     $Id: securityservices.ini 7709 2010-11-05 16:54:17Z pjkersha $
+
 
 # Settings global to all sections
@@ -55 +55 @@
 
 # Secret for OpenID Provider cookie
-beakerSessionSecret = ${beakerSessionSecret}
+beakerSessionCookieSecret = ${beakerSessionCookieSecret}
 
 
@@ -100 +100 @@
 paste.filter_app_factory=beaker.middleware:SessionMiddleware
 beaker.session.key = openid
-beaker.session.secret = %(beakerSessionSecret)s
+beaker.session.secret = %(beakerSessionCookieSecret)s
 
 # If you'd like to fine-tune the individual locations of the cache data dirs
@@ -140 +140 @@
 # Apply verification against a list of trusted CAs.  To skip this step, comment
 # out or remove this item.  e.g. set CA verification in the Apache config file.
-ssl.caCertFilePathList = %(here)s/ca/d573507a.0
+ssl.caCertFilePathList = %(here)s/pki/ca/d573507a.0
 
 # Apply whitelisting of client certificate DNs.  This should never be needed in
@@ -219 +219 @@
 authkit.openid.store.config=%(here)s/openidrelyingparty/store
 authkit.openid.session.key = authkit_openid
-authkit.openid.session.secret = random string
+authkit.openid.session.secret = ${openidRelyingPartyCookieSecret}
 
 # Key name for dereferencing beaker.session object held in environ
@@ -580 +580 @@
 authz.ctx_handler.pip.attributeQuery.sslCertFilePath = %(here)s/pki/localhost.crt
 authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = %(here)s/pki/localhost.key
-authz.ctx_handler.pip.attributeQuery.sslCACertDir = %(here)s/ca
+authz.ctx_handler.pip.attributeQuery.sslCACertDir = %(here)s/pki/ca
 
 #______________________________________________________________________________
@@ -588 +588 @@
 
 [handlers]
-keys = console
+keys = console, logfile
 
 [formatters]
@@ -612 +612 @@
 datefmt = %Y-%m-%d %H:%M:%S
 
+[handler_logfile]
+class = handlers.RotatingFileHandler
+level=NOTSET
+formatter=generic
+args=(os.path.join('%(here)s', 'log', 'service.log'), 'a', 50000, 2)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

@@ -26 +26 @@
 from ndg.saml.saml2.core import Issuer    
 
+import re
+from paste.script.copydir import LaxTemplate
+
 
 class ServicesTemplate(Template):
@@ -40 +43 @@
     ATTRIBUTE_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT
     
-    AUTHORISATION_SERVICE_DEFAULT_ISSUER_NAME = '/O=Site A/CN=Authorisation Service'
+    AUTHORISATION_SERVICE_DEFAULT_ISSUER_NAME = \
+        '/O=Site A/CN=Authorisation Service'
     AUTHORISATION_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT
     AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService'
@@ -97 +101 @@
             default=base64.b64encode(os.urandom(32))[:32])    
         ]
-            
+    
+    def __init__(self, *arg, **kw):
+        """Extend to enable custom setting for template substitution.  This 
+        enables the special variable in service.ini_tmpl "userIdentifier" to
+        be ignored
+        """
+        self._laxTemplatePatternSave = LaxTemplate.pattern
+        LaxTemplate.pattern = re.compile(r"""
+            \$(?:
+              (?P<escaped>\$)             |   # Escape sequence of two delimiters
+              (?P<named>[_a-z][_a-z0-9]*) |   # delimiter and a Python identifier
+              {(?P<braced>.*?(?!userIdentifier))} |   # delimiter and a braced identifier
+              (?P<invalid>)                   # Other ill-formed delimiter exprs
+            )
+            """)
+        super(ServicesTemplate, self).__init__(*arg, **kw)
+        
+    def __del__(self):
+        """Restore default setting for template pattern to its original value
+        """
+        LaxTemplate.pattern = self._laxTemplatePatternSave
+        super(ServicesTemplate, self).__del__()
+
         
 class SecuredAppTemplate(Template):