source: TI12-security/tags/start/AAmap.py @ 380

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/tags/start/AAmap.py@8760
Revision 380, 3.7 KB checked in by lawrence, 15 years ago (diff)

Creating NDG security directory

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1#Copyright (C) 2004 CCLRC & NERC
2#    This software may be distributed under the terms of the
3#    Q Public License, version 1.0 or later
4#
5# Version 0.1 BNL November 12, 2004
6# At versions < 1 we expect the input mapping file to consist of three
7# element tuples, comma seperated
8#    remotehost remoterole localrole
9# Note that the remotehost should be the a string which includes
10# the distinguished name of the remote host, as serialised by the
11# AttributeToken code.
12
13from UserDict import UserDict
14from AccessToken import AccessToken
15from X500DN import X500DN
16
17class AAmap:
18    ''' This class handles the NDG role mapping for a web service. There
19    are two main methods which are supported by two main internal dictionaries
20    for efficiency:
21                         For the <map> method we need to be able to return
22    the local roles which are supported for the remotehost att certificate,
23    ie, construct a dictionary keyed by remotehost, with the values being
24    dictionaries which key the remoteroles onto local roles.
25                         For the <getTrustedHosts> method we need to be
26    a dictionary of what hosts are available for a given localrole
27    '''
28   
29    def __init__(self,path2mapfile,path2ourDN):
30        # we will need this for later
31        self._inputpath=path2mapfile
32        # get our own DN From a file, only needed once
33        f=open(path2ourDN,'r')
34        self.US=X500DN
35        self.US.deserialise(f.readline())
36        # now go get the map
37        self._rolemap={}
38        self._getmap={}
39        self._read()
40
41    def _read(self):
42        ''' Open and read the mapping information from a file, by
43        making two internal indices for efficiency: one dictionary
44        keyed by remotehost, and one keyed by localrole'''
45        f=open(self._inputpath,'r')
46        lines=f.readlines()
47        rh=X500DN()
48        for line in lines:
49            (remotehost,remoterole,localrole)=line.split(',')
50            remotehostDN=rh.deserialise(remotehost)
51            #first for the getTrustedHosts
52            if localrole in self._getmap.keys():
53                self._getmap[localrole].append(remotehost)
54            else:
55                self._getmap[localrole]=[remotehost]
56            # and now to do the map
57            if remotehost in self._rolemap.keys():
58                self._rolemap[remotehost][remoterole:localrole]
59            else:
60                self._rolemap[remotehost]={remoterole:localrole}
61        f.close()
62
63    def restart(self):
64        ''' Reread the information from the file '''
65        self._getmap.clear()
66        self._rolemap.clear()
67        self._read()
68    #
69    # public methods
70    #
71    def map(self,remotecert):
72        ''' Produces a local attribute cert from a remote certificate '''
73        # convert remotecert XML version into python object
74        Cert=AccessToken(dpat=remotecert)
75        # construct a new token
76        newToken=AccessToken(holder=Cert.holder,issuer=self.US)
77        # only add stuff to it if their cert was valid and signed
78        if Cert.checkSig() and Cert.checkValid():   
79            remotehost=Cert.issuer.serialise()
80            for item in remotecert.attributes:
81                for key in self._rolemap[remotehost]:
82                    newToken.add(self._rolemap[remotehost][remoterole])
83        # now sign ours
84        newToken.sign()
85        # serialise back into XML and give it back
86        return newToken.toxml()
87        ### How do we mark it as a time-limited attribute certificate ??? ###
88   
89    def getTrustedHosts(self,role):
90        #needs to be serialised into XML
91        list=self._getmap[role]
92        return list
93
94
95if __name__=='__main__':
96
97    print 'AAmap tests wont work yet ... need some input file '
98    map=AAmap('mapfile','ourDN')
99
100   
101
102   
103   
104
105   
106
107   
108
109       
110       
Note: See TracBrowser for help on using the repository browser.