source: TI12-security/trunk/python/NDG/SessionMgrIO.py @ 686

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/NDG/SessionMgrIO.py@686
Revision 686, 24.2 KB checked in by pjkersha, 14 years ago (diff)

ndgSessionClient:

  • replaced getopt with more up to date optparse command line parser
  • authorisation request can now receive a cookie as input instead of having to inclue explicit

session ID etc.

  • included new options for session manager and client X.509 cert settings.

sessionMgrProperties.xml:
revised tags - sessMgrWSDL* -> sessMgrEncr* and new key sessionMgrPubKeyURI.

SessionMgrServer?: --nowsdlencrkey becomes --noencrkey

X509: fixed bug in init X500DN needed explicit m2CryptoX509Name keyword.

AttCert?: fixed bug in contains method: self.tags should be self.dat.

XMLMsg:
init now more robust in that if xmlTxt parse fails, it will try a decrypt call if a
private key is available.

SessionMgrIO:
AuthorisationReq? class modified to include encrSessMgrPubKeyURI tag.

SessionClient?:

  • Major re-working to allow inclusion of client public key (for encryption of responses) and

Session Manager public key as either a file or a URI. Part completed.

  • reqAuthorisation now takes a session cookie as input rather than individual ID, WSDL address

etc. ... args.

Session.py:

  • New cookie NDG-ID3 sets encrypted URI for Session Manager public key.
  • encrypt/decrypt static methods added to UserSessino? class - moved from SessionMgr? class

(encryptSessMgrWSDLuri and decryptSessMgrWSDLuri methods)

  • SessionMgr? now inherits from dict. File Properties are available as dictionary keys.
  • Added new method redirectAuthorisationReq() to SessionMgr? to encapsulate code for Session

Manager request forwarding. Includes code to pick up public key of session manager from cookie
to enable encryption of the forwarded request.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1"""NDG Session Manager Web Services helper classes for I/O between client
2and server
3
4NERC Data Grid Project
5
6P J Kershaw 14/12/05
7
8Copyright (C) 2005 CCLRC & NERC
9
10This software may be distributed under the terms of the Q Public License,
11version 1.0 or later.
12"""
13
14cvsID = '$Id$'
15
16# For new line symbol
17import os
18
19# Use _getframe to allow setting of attributes by derived class methods
20import sys
21
22# Filter out xml headers from returned attribute certificates in
23# AuthorisationResp
24import re
25
26from XMLMsg import *
27
28# For use with AuthorisationResp class
29from AttCert import *
30 
31
32#_____________________________________________________________________________
33class ConnectReqError(XMLMsgError):   
34    """Exception handling for NDG SessionMgr WS connect request class."""
35    pass
36
37
38#_____________________________________________________________________________
39class ConnectReq(XMLMsg):
40    """For client to Session Manager WS connect(): formats inputs for request
41    into XML and encrypts.
42   
43    For Session Manager enables decryption of result"""
44   
45    # Override base class class variables
46    xmlTagTmpl = {  "userName":          "",
47                    "pPhrase":           "",
48                    "proxyCert":         "",
49                    "sessID":            "",
50                    "getCookie":         "",
51                    "createServerSess":  "",
52                    "encrCert":          ""    }
53                       
54
55    def __init__(self, **xmlMsgKeys):
56        """XML for sending encrypted credentials to Session Manager connect
57       
58        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
59                       input as keywords then 'userName' and 'pPhrase' or
60                       'proxyCert' or 'sessID' must be input as the bare
61                       minimum required for SessionMgr connect request.
62        """
63       
64                               
65        # Check for encrypted text or valid credentials
66        if 'encrXMLtxt' not in xmlMsgKeys and 'xmlTxt' not in xmlMsgKeys:           
67
68            # XML tags input as keywords expected - check minimum
69            # required are present for SessionMgr connect request
70            if 'userName' not in xmlMsgKeys and 'pPhrase' not in xmlMsgKeys:
71                if 'proxyCert' not in xmlMsgKeys:
72                    if 'sessID' not in xmlMsgKeys:
73                        raise ConnectReqError(\
74                            "Credentials must be: \"userName\" and " + \
75                            "\"pPhrase\" or \"proxyCert\" or \"sessID\"")
76               
77        # Allow user credentials to be access like dictionary keys
78        super(self.__class__, self).__init__(**xmlMsgKeys)
79
80
81    #_________________________________________________________________________
82    def parseXML(self):
83        """Override base class implementation to include extra code
84        to parse extAttCertList tag"""
85       
86        rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
87        self['getCookie'] = bool(int(self['getCookie']))
88
89
90#_____________________________________________________________________________
91class ConnectRespError(XMLMsgError):   
92    """Exception handling for NDG SessionMgr WS connect response class."""
93    pass
94
95
96#_____________________________________________________________________________
97class ConnectResp(XMLMsg):
98    """For client to Session Manager WS connect(): formats connect response
99    from SessionMgr.
100   
101    For client, enables decryption of response"""
102   
103    # Override base class class variables
104    xmlTagTmpl = {  "proxyCert":   "",
105                    "sessCookie":  "",
106                    "errMsg":      ""    }
107                       
108
109    def __init__(self, **xmlMsgKeys):
110        """XML for receiving credentials from Session Manager connect call
111       
112        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
113                       input as keywords then 'proxyCert' or 'sessCookie'
114                       must be set.                       
115        """       
116       
117        # Allow user credentials to be access like dictionary keys
118        super(self.__class__, self).__init__(**xmlMsgKeys)
119       
120                               
121        # Check for valid output credentials
122        # XML tags input as keywords expected - check minimum
123        # required are present for SessionMgr connect response
124        if 'proxyCert' not in self and 'sessCookie' not in self:           
125
126            # If no proxy cert or session cookie then it must be an error
127            if 'errMsg' not in self:
128                raise ConnectRespError(\
129                "Connect response document must contain: \"proxyCert\"" + \
130                " or \"sessCookie\" keywords")
131   
132
133#_____________________________________________________________________________
134class AddUserReqError(XMLMsgError):   
135    """Exception handling for NDG SessionMgr WS connect request class."""
136    pass
137
138
139#_____________________________________________________________________________
140class AddUserReq(XMLMsg):
141    """For client to Session Manager WS addUser(): formats inputs for request
142    into XML and encrypts.
143   
144    For Session Manager enables decryption of result"""
145   
146    # Override base class class variables
147    xmlTagTmpl = {  "userName":    "",
148                    "pPhrase":     "",
149                    "encrCert":    ""    }
150                       
151
152    def __init__(self, **xmlMsgKeys):
153        """XML for sending encrypted credentials to Session Manager connect
154       
155        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
156                       input as keywords then 'userName' and 'pPhrase'
157                       must be input as the bare minimum required for
158                       SessionMgr addUser request.
159        """
160       
161                               
162        # Check for encrypted text or valid credentials
163        if 'encrXMLtxt' not in xmlMsgKeys and 'xmlTxt' not in xmlMsgKeys:           
164
165            # XML tags input as keywords expected - check minimum
166            # required are present for SessionMgr connect request
167            if 'userName' not in xmlMsgKeys and 'pPhrase' not in xmlMsgKeys:
168                raise AddUserReqError(\
169                    "Credentials must include \"userName\" and \"pPhrase\"")
170               
171        # Allow user credentials to be access like dictionary keys
172        super(self.__class__, self).__init__(**xmlMsgKeys)
173     
174
175#_____________________________________________________________________________
176class AddUserRespError(XMLMsgError):   
177    """Exception handling for NDG SessionMgr WS addUser response class."""
178    pass
179
180
181#_____________________________________________________________________________
182class AddUserResp(XMLMsg):
183    """For client to Session Manager WS connect(): formats addUser response
184    from SessionMgr.
185   
186    For client, enables decryption of response"""
187   
188    # Override base class class variables
189    xmlTagTmpl = {"errMsg": ""}
190                       
191
192    def __init__(self, **xmlMsgKeys):
193        """XML for returning error status from Session Manager addUser()
194       
195        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
196                       input as keywords then 'proxyCert' or 'sessCookie'
197                       must be set.
198        """
199               
200        # Allow user credentials to be access like dictionary keys
201        super(self.__class__, self).__init__(**xmlMsgKeys)
202       
203                               
204        # Check valid output
205        if 'errMsg' not in self:           
206
207            # XML tags input as keywords expected - check minimum
208            # required are present for SessionMgr connect response
209            raise AddUserRespError(\
210                "AddUser response must contain \"errMsg\" keyword")
211       
212
213#_____________________________________________________________________________
214class AuthorisationReqError(XMLMsgError):   
215    """Exception handling for NDG SessionMgr WS authorisation request class.
216    """
217    pass
218
219
220#_____________________________________________________________________________
221class AuthorisationReq(XMLMsg):
222    """For client to Session Manager WS reqAuthorisation(): formats inputs for
223    request into XML and encrypts.
224   
225    Session Manager enables decryption of result"""
226   
227    # Override base class class variables
228    xmlTagTmpl = {  "sessID":                 "",
229                    "encrSessMgrWSDLuri":     "",
230                    "encrSessMgrPubKeyURI":   "",
231                    "proxyCert":              "",
232                    "aaWSDL":                 "",
233                    "reqRole":                "",
234                    "mapFromTrustedHosts":    "",
235                    "rtnExtAttCertList":      "",
236                    "extAttCertList":         "",
237                    "extTrustedHostList":     "",
238                    "encrCert":               ""    }
239
240    def __init__(self, **xmlMsgKeys):
241        """XML for sending encrypted credentials to Session Manager
242        authorisation request
243       
244        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
245                       input as keywords then 'userName' and 'pPhrase' or
246                       'proxyCert' or 'sessID' must be input as the bare
247                       minimum required for SessionMgr connect request.
248        """
249                       
250        # Allow user credentials to be access like dictionary keys
251        super(self.__class__, self).__init__(**xmlMsgKeys)
252
253                               
254        # Check for encrypted text or valid credentials
255        if 'sessID' not in self and \
256           'encrSessMgrWSDLuri' not in self and \
257           'encrSessMgrPubKeyURI' not in self:
258            if 'proxyCert' not in self:
259                raise AuthorisationReqError(\
260                    "Authorisation request must include the credentials: " + \
261                    "\"sessID\", \"encrSessMgrWSDLuri\" and " + \
262                    "\"encrSessMgrPubKeyURI\" or \"proxyCert\"")
263               
264        if 'aaWSDL' not in self:           
265            raise AuthorisationReqError(\
266                "Authorisation request must include: \"aaWSDL\"")
267
268
269#_____________________________________________________________________________
270class AuthorisationRespError(XMLMsgError):   
271    """Exception handling for NDG SessionMgr WS connect response class."""
272    pass
273
274
275#_____________________________________________________________________________
276class AuthorisationResp(XMLMsg):
277    """For client to Session Manager WS connect(): formats authorisation
278    response from SessionMgr.
279   
280    For client, enables decryption of response"""
281   
282    # Override base class class variables
283    xmlTagTmpl = {  "attCert":           "",
284                    "extAttCertList":    "",
285                    "statCode":          "",
286                    "errMsg":            ""    }
287
288    accessGranted = 'AccessGranted'   
289    accessDenied = 'AccessDenied'
290    accessError = 'AccessError'
291
292
293    def __init__(self, **xmlMsgKeys):
294        """XML for receiving output from Session Manager authorisation call
295       
296        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
297                       input as keywords then 'errMsg' or 'statCode'
298                       must be set.
299        """       
300       
301        # Allow user credentials to be access like dictionary keys
302        super(self.__class__, self).__init__(**xmlMsgKeys)
303       
304                               
305        # Check for valid output credentials
306        if 'errMsg' not in self and 'statCode' not in self:           
307
308            # XML tags input as keywords expected - check minimum
309            # required are present for SessionMgr connect response
310            raise AuthorisationRespError(\
311                "Authorisation response must contain: \"errMsg\"" + \
312                " or \"statCode\" keywords")
313
314
315    #_________________________________________________________________________
316    def update(self, attCert=None, extAttCertList=None, **xmlTags):
317        """Override base class implementation to include extra code
318        to allow setting of extAttCertList tag"""
319
320        def setAttCert(attCert=None):
321            if isinstance(attCert, basestring):
322                return AttCertParse(attCert)
323           
324            elif isinstance(attCert, AttCert):
325                return attCert
326           
327            elif attCert is not None:
328                raise TypeError(\
329                    "extAttCertList must contain string or AttCert types")
330
331        if extAttCertList is not None:
332            if not isinstance(extAttCertList, list):
333                raise TypeError(\
334                    "\"extAttCertList\" must be of list type")
335     
336     
337            # Join into single string and filter out XML headers as 
338            # ElementTree doesn't like these nested into a doc                       
339            attCertList = map(setAttCert, extAttCertList)
340        else:
341            attCertList = None
342               
343        # Call super class update with revised attribute certificate list
344        super(self.__class__, self).update(attCert=setAttCert(attCert),
345                                           extAttCertList=attCertList,
346                                           **xmlTags)
347
348
349    #_________________________________________________________________________
350    def updateXML(self, **xmlTags):
351        """Override base class implementation to include extra code
352        to include extAttCertList tag"""
353       
354        # Update dictionary
355        self.update(**xmlTags)
356       
357        # Create XML formatted string ready for encryption
358        try:
359            xmlTxt = self.xmlHdr + os.linesep + \
360                "<" + self.__class__.__name__ + ">" + os.linesep
361               
362            for tag in xmlTags:
363                if isinstance(self[tag], AttCert):
364                    # Attribute Certificate received from Attribute Authority
365                    #
366                    # Remove any XML header -
367                    # update() call will have converted val to AttCert type
368                    text = self[tag].asString(stripXMLhdr=True)
369                 
370                elif isinstance(self[tag], list):
371                    # List of Attribute Certificates from other trusted hosts
372                    #
373                    # Call AttCert parse and return as Element type to append
374                    # as branches
375                    text = os.linesep.join([ac.asString(stripXMLhdr=True) \
376                                            for ac in self[tag]]) 
377               
378                elif isinstance(self[tag], bool):
379                    text = "%d" % self[tag]
380                else:       
381                    text = self[tag]
382
383                xmlTxt += "    <%s>%s</%s>%s" % (tag, text, tag, os.linesep)
384               
385            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep   
386            self.xmlTxt = xmlTxt
387
388        except Exception, e:
389            raise XMLMsgError("Creating XML: %s" % e)
390
391
392    #_________________________________________________________________________
393    def parseXML(self):
394        """Override base class implementation to include extra code
395        to parse extAttCertList tag"""
396       
397        rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
398       
399        extAttCertListElem = rootElem.find("extAttCertList")
400        if extAttCertListElem:
401
402            # Add attribute certificates as AttCert instances
403            try:
404                self['extAttCertList'] = \
405                    [AttCertParse(ElementTree.tostring(elem)) \
406                    for elem in extAttCertListElem]
407                   
408            except Exception, e:
409                raise AuthorisationRespError(\
410                    "Error parsing Ext. Attribute Certificate List: "+str(e))                               
411 
412                                       
413#_____________________________________________________________________________   
414if __name__ == "__main__":
415     # Client side - Set up input for SessionMgr WSDL connect()
416#    cr = ConnectReq(userName="WileECoyote",
417#                    pPhrase="ACME Road Runner catcher",
418#                    encrPubKeyFilePath="../certs/badc-aa-cert.pem")
419
420    # Server side - decrypt connectReq from connect() request
421#    cr = ConnectReq(encrXMLtxt=open("../Tests/xmlsec/connectReq.xml").read(),
422#                  encrPriKeyFilePath="../certs/badc-aa-key.pem",
423#                  encrPriKeyPwd="    ")
424
425    # Server side - make a connect response message
426#    cr1 = ConnectResp(sessCookie="A proxy certificate")
427#
428#    cr2 = ConnectResp(sessCookie="A session cookie",
429#                      encrPubKeyFilePath="../certs/badc-aa-cert.pem")
430                 
431#    import pdb
432#    pdb.set_trace()
433   
434    extAttCertList = [
435"""<?xml version="1.0"?>
436<attributeCertificate>
437    <acInfo>
438        <version>1.0</version>
439        <holder>/CN=pjkersha/O=NDG/OU=BADC</holder>
440        <issuer>/CN=Attribute Authority/O=NDG/OU=BADC</issuer>
441        <issuerName>BADC</issuerName>
442        <issuerSerialNumber>6578</issuerSerialNumber>
443    <validity>
444          <notBefore>2005 09 16 11 53 36</notBefore>
445        <notAfter>2005 09 16 19 53 29</notAfter>
446    </validity>
447    <attributes>
448        <roleSet>
449                <role>
450                <name>government</name>
451        </role>
452        </roleSet>
453    </attributes>
454    <provenance>original</provenance>
455    </acInfo>
456<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
457<SignedInfo>
458<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
459<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
460<Reference>
461<Transforms>
462<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
463</Transforms>
464<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
465<DigestValue>i1q2jwEDy0Sxc+ChxW9p4KCBynU=</DigestValue>
466</Reference>
467</SignedInfo>
468<SignatureValue>aXmExRkD4mZ9OdSlUcVUPIZ/r5v31Dq6IwU7Ox2/evd6maZeECVH4kGvGGez2VA5
469lKhghRqgmAPsgEfZlZ3XwFxxo8tQuY6pi19OqwLV51R5klysX6fKkyK2JVoUG8Y3
4707fACirNGZrZyf93X8sTvd02xN1DOTp7zt1afDsu3qGE=</SignatureValue>
471<KeyInfo>
472<X509Data>
473
474
475
476<X509Certificate>MIICKDCCAZGgAwIBAgICGbIwDQYJKoZIhvcNAQEEBQAwYTEMMAoGA1UEChMDTkRH
477MQ0wCwYDVQQLEwRCQURDMScwJQYDVQQLFB5uZGdwdXJzZWNhQGZvZWhuLmJhZGMu
478cmwuYWMudWsxGTAXBgNVBAMTEEdsb2J1cyBTaW1wbGUgQ0EwHhcNMDUwODExMTQ1
479NjM4WhcNMDYwODExMTQ1NjM4WjA7MQwwCgYDVQQKEwNOREcxDTALBgNVBAsTBEJB
480REMxHDAaBgNVBAMTE0F0dHJpYnV0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEB
481BQADgY0AMIGJAoGBALgmuDF/jKxKlCMqhF835Yge6rHxZFLby9BbXGsa2pa/1BAY
482xJUiou8sIXO7yaWaRP7M9FwW64Vdk+HQI5zluG2Gtx4MgKYElUDCgPYXsvAXg0QG
483bo0KSPr+X489j07HegXGjekNejLwwvB7qTSqxHjAaKAKL7vBfWf5mn0mlIwbAgMB
484AAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAmmqnd
485rj6mgbaruLepn5pyh8sQ+Qd7fwotW00rEBRYzJNUUObmIry5ZM5zuVMcaPSY57qY
486vWqnavydIPdu6N97/Tf/RLk8crLVOrqj2Mo0bwgnEnjmrQicIDsWj6bFNsX1kr6V
487MtUg6T1zo/Yz1aYgGcW4A/ws5tmcEHS0PUGIGA==</X509Certificate>
488<X509SubjectName>CN=Attribute Authority,OU=BADC,O=NDG</X509SubjectName>
489<X509IssuerSerial>
490<X509IssuerName>CN=Globus Simple CA,OU=ndgpurseca@foehn.badc.rl.ac.uk,OU=BADC,O=NDG</X509IssuerName>
491<X509SerialNumber>6578</X509SerialNumber>
492</X509IssuerSerial>
493</X509Data>
494</KeyInfo>
495</Signature></attributeCertificate>""",
496"""<?xml version="1.0"?>
497<attributeCertificate>
498    <acInfo>
499        <version>1.0</version>
500        <holder>/CN=pjkersha/O=NDG/OU=BADC</holder>
501        <issuer>/CN=Attribute Authority/O=NDG/OU=BADC</issuer>
502        <issuerName>BADC</issuerName>
503        <issuerSerialNumber>6578</issuerSerialNumber>
504    <validity>
505          <notBefore>2005 09 29 15 45 49</notBefore>
506        <notAfter>2005 09 29 23 45 49</notAfter>
507    </validity>
508    <attributes>
509        <roleSet>
510                <role>
511                <name>government</name>
512        </role>
513        </roleSet>
514    </attributes>
515    <provenance>original</provenance>
516    </acInfo>
517<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
518<SignedInfo>
519<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
520<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
521<Reference>
522<Transforms>
523<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
524</Transforms>
525<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
526<DigestValue>/Kw9IbBQuQAdNYAgvp2m01l663k=</DigestValue>
527</Reference>
528</SignedInfo>
529<SignatureValue>Q7lhq/jt+m2trRPyWrZ6BQcIibXrstVS/xKTAhR4puv7kVngIm64r45MJ2GQpQan
530QaVdVuOl8QPX8ila0j8sIz47FtriRWZ8fCssFYWR/7n3AKjNd22ChAshxHfZCJY4
531fzJSXgEN+FN0ArOWT49FbhDVf7LEGO+MR+TP+ZKt6uY=</SignatureValue>
532<KeyInfo>
533<X509Data>
534
535
536
537<X509Certificate>MIICKDCCAZGgAwIBAgICGbIwDQYJKoZIhvcNAQEEBQAwYTEMMAoGA1UEChMDTkRH
538MQ0wCwYDVQQLEwRCQURDMScwJQYDVQQLFB5uZGdwdXJzZWNhQGZvZWhuLmJhZGMu
539cmwuYWMudWsxGTAXBgNVBAMTEEdsb2J1cyBTaW1wbGUgQ0EwHhcNMDUwODExMTQ1
540NjM4WhcNMDYwODExMTQ1NjM4WjA7MQwwCgYDVQQKEwNOREcxDTALBgNVBAsTBEJB
541REMxHDAaBgNVBAMTE0F0dHJpYnV0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEB
542BQADgY0AMIGJAoGBALgmuDF/jKxKlCMqhF835Yge6rHxZFLby9BbXGsa2pa/1BAY
543xJUiou8sIXO7yaWaRP7M9FwW64Vdk+HQI5zluG2Gtx4MgKYElUDCgPYXsvAXg0QG
544bo0KSPr+X489j07HegXGjekNejLwwvB7qTSqxHjAaKAKL7vBfWf5mn0mlIwbAgMB
545AAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAmmqnd
546rj6mgbaruLepn5pyh8sQ+Qd7fwotW00rEBRYzJNUUObmIry5ZM5zuVMcaPSY57qY
547vWqnavydIPdu6N97/Tf/RLk8crLVOrqj2Mo0bwgnEnjmrQicIDsWj6bFNsX1kr6V
548MtUg6T1zo/Yz1aYgGcW4A/ws5tmcEHS0PUGIGA==</X509Certificate>
549<X509SubjectName>CN=Attribute Authority,OU=BADC,O=NDG</X509SubjectName>
550<X509IssuerSerial>
551<X509IssuerName>CN=Globus Simple CA,OU=ndgpurseca@foehn.badc.rl.ac.uk,OU=BADC,O=NDG</X509IssuerName>
552<X509SerialNumber>6578</X509SerialNumber>
553</X509IssuerSerial>
554</X509Data>
555</KeyInfo>
556</Signature></attributeCertificate>""",
557"""<?xml version="1.0"?>
558<attributeCertificate>
559    <acInfo>
560        <version>1.0</version>
561        <holder>/CN=pjkersha/O=NDG/OU=BADC</holder>
562        <issuer>/CN=Attribute Authority/O=NDG/OU=BADC</issuer>
563        <issuerName>BADC</issuerName>
564        <issuerSerialNumber>6578</issuerSerialNumber>
565    <validity>
566          <notBefore>2005 09 16 10 19 32</notBefore>
567        <notAfter>2005 09 16 18 19 14</notAfter>
568    </validity>
569    <attributes>
570        <roleSet>
571                <role>
572                <name>government</name>
573        </role>
574        </roleSet>
575    </attributes>
576    <provenance>original</provenance>
577    </acInfo>
578<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
579<SignedInfo>
580<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
581<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
582<Reference>
583<Transforms>
584<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
585</Transforms>
586<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
587<DigestValue>tvftcf7fevu4PQqK2PhGFVzZlFo=</DigestValue>
588</Reference>
589</SignedInfo>
590<SignatureValue>cga7gcRSeKkI8+k5HiRdfxDz0wRA741lRaI0FCZ0e7rJH3IwxEv6C3fNB0a8Slgv
591R2/1b+xCHtNX0jaMLDnAv/AvtC8DfcV8yiDZOAQ/qXDkASB2OHDo6qM+Zlkf97U+
592dbjIuZ6bgXa2c9OlT9PUiCcDZt6uLmiu//28ZnFy7Pw=</SignatureValue>
593<KeyInfo>
594<X509Data>
595
596
597
598<X509Certificate>MIICKDCCAZGgAwIBAgICGbIwDQYJKoZIhvcNAQEEBQAwYTEMMAoGA1UEChMDTkRH
599MQ0wCwYDVQQLEwRCQURDMScwJQYDVQQLFB5uZGdwdXJzZWNhQGZvZWhuLmJhZGMu
600cmwuYWMudWsxGTAXBgNVBAMTEEdsb2J1cyBTaW1wbGUgQ0EwHhcNMDUwODExMTQ1
601NjM4WhcNMDYwODExMTQ1NjM4WjA7MQwwCgYDVQQKEwNOREcxDTALBgNVBAsTBEJB
602REMxHDAaBgNVBAMTE0F0dHJpYnV0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEB
603BQADgY0AMIGJAoGBALgmuDF/jKxKlCMqhF835Yge6rHxZFLby9BbXGsa2pa/1BAY
604xJUiou8sIXO7yaWaRP7M9FwW64Vdk+HQI5zluG2Gtx4MgKYElUDCgPYXsvAXg0QG
605bo0KSPr+X489j07HegXGjekNejLwwvB7qTSqxHjAaKAKL7vBfWf5mn0mlIwbAgMB
606AAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAmmqnd
607rj6mgbaruLepn5pyh8sQ+Qd7fwotW00rEBRYzJNUUObmIry5ZM5zuVMcaPSY57qY
608vWqnavydIPdu6N97/Tf/RLk8crLVOrqj2Mo0bwgnEnjmrQicIDsWj6bFNsX1kr6V
609MtUg6T1zo/Yz1aYgGcW4A/ws5tmcEHS0PUGIGA==</X509Certificate>
610<X509SubjectName>CN=Attribute Authority,OU=BADC,O=NDG</X509SubjectName>
611<X509IssuerSerial>
612<X509IssuerName>CN=Globus Simple CA,OU=ndgpurseca@foehn.badc.rl.ac.uk,OU=BADC,O=NDG</X509IssuerName>
613<X509SerialNumber>6578</X509SerialNumber>
614</X509IssuerSerial>
615</X509Data>
616</KeyInfo>
617</Signature></attributeCertificate>"""
618]
619
620    ar1 = AuthorisationResp(extAttCertList=extAttCertList,
621                            statCode=AuthorisationResp.accessDenied,
622                            errMsg="User is not registered at data centre")
623#    import pdb
624#    pdb.set_trace()                         
625
626    ar2 = AuthorisationResp(xmlTxt=str(ar1))
627   
628    # check XMLSecDoc.__del__ error
629    del ar1
630    del ar2
631   
Note: See TracBrowser for help on using the repository browser.