source: TI12-security/tags/stable-TI12-security-v0.63/python/ndgSetup.sh @ 737

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/tags/stable-TI12-security-v0.63/python/ndgSetup.sh@1038
Revision 737, 1.5 KB checked in by pjkersha, 14 years ago (diff)

ndgSetup.sh: fixed slight typo.

mapConfig.xml: added pubKey tag to allow client to Attribute Authority to use it to encrypt
outbound messages to it.

ndgSessionClient.py:

  • include code to set public key of Attribute Authority so that Session Manager can encrypt

messages to it.

  • -r/--req-autho option now requires the AA WSDL URI. -a is now used to set the AA pub key
  • see previous point.

AttAuthorityIO.py:

  • Changed tag 'clntCert' to 'encrCert' so as to be consistent with SessionMgrIO.py code.

attAuthority_services_server.py:

  • Moved encrypt/decrypt code here from AttAuthority? class to be consistent with

sessionMgr_services_server.py.

AttAuthority?.py:

  • Now inherits from dict to allow convenient access to properties file parameters as dictionary

items.

  • Added code to include pubKey tag from mapConfig file in trustedHostInfo returned from

getTrustedHostInfo.

SessionMgrIO.py:

output XML.

  • Shifted test code into separate file in Tests/

SessionClient?.py:

  • Added aaPubKey to reqAuthorisation method - see above re. passing AA public key for

encryption of messages.

sessionMgr_services_server.py:

  • Changes to comments.

Session.py:

private key info of client to allow encrypt of responses from other WSs that SessionMgr? calls.
These are actually passed into CredWallet? instance of UserSession?.

  • AA Public key is passed into reqAuthorisation. This is written to a temp file for use by

XMLSec encryption code.

CredWallet?.py:

  • CredWalletAuthorisationDenied? - make sure extAttCertList gets set to []
  • Added pub/private functionality for encryption of messages to and from Attribute Authorities.
  • reqAuthorisation and getAATrustedHostInfo methods - read in client public key using

straight open/read: using X509Cert.asString() misses out the actual MIME encoded cert text(!)

  • Changed reqAuthorisation() - a required role is now optional with mapFromTrustedHosts flag set.

It does help though with finding a suitable AttCert? for mapping.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1#! /bin/bash
2#
3# Set-up script for NDG security software
4#
5# Run this script to initialise the environment for
6# NDG security
7#
8# NERC Data Grid Project
9#
10# P J Kershaw 21/10/05
11#
12# Copyright (C) 2005 CCLRC & NERC
13#
14# This software may be distributed under the terms of the Q Public License,
15# version 1.0 or later.
16#
17# $Id$
18
19# NDG Installation directory
20export NDG_DIR=<NDG location>
21
22
23# NDG bin directory
24if [ ! `echo ${PATH} | grep "${NDG_DIR}/bin"` ]; then
25
26    export PATH=${NDG_DIR}/bin:$PATH
27fi
28
29
30# NDG shared libraries - set path here or alternatively use ldconfig $NDG_DIR/lib from
31# the command line to link the NDG shared libraries.
32#if [ ! `echo ${LD_LIBRARY_PATH} | grep "${NDG_DIR}/lib"` ]; then
33#
34#    export LD_LIBRARY_PATH=${NDG_DIR}/lib:$LD_LIBRARY_PATH
35#fi
36
37
38
39# NDG Custom Python installation
40if [ ! `echo ${PATH} | grep "${NDG_DIR}/<Python location>"` ]; then
41
42    export PATH=${NDG_DIR}/<Python location>:$PATH
43fi
44
45# Globus Toolkit and MyProxy Server
46export GLOBUS_LOCATION=<Globus location>
47export GPT_LOCATION=${GLOBUS_LOCATION}
48
49. ${GLOBUS_LOCATION}/etc/globus-user-env.sh
50
51export MYPROXY_SERVER=<hostname>
52
53# Set DN explicitly to ensure match with server certificate
54#export MYPROXY_SERVER_DN="<hostcert DN with '/' delimiters"
55
56
57if [ ! `echo ${PATH} | grep "${GLOBUS_LOCATION}/bin"` ]; then
58
59    export PATH=${PATH}:${GLOBUS_LOCATION}/bin
60fi
61
62
63# MySQL or other database
64if [ ! `echo ${PATH} | grep "<db location>"` ]; then
65
66    export PATH=<db location>:$PATH
67fi
Note: See TracBrowser for help on using the repository browser.