source: TI12-security/trunk/python/NDG/attAuthority_services_server.py @ 737

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/NDG/attAuthority_services_server.py@737
Revision 737, 5.4 KB checked in by pjkersha, 14 years ago (diff)

ndgSetup.sh: fixed slight typo.

mapConfig.xml: added pubKey tag to allow client to Attribute Authority to use it to encrypt
outbound messages to it.

ndgSessionClient.py:

  • include code to set public key of Attribute Authority so that Session Manager can encrypt

messages to it.

  • -r/--req-autho option now requires the AA WSDL URI. -a is now used to set the AA pub key
  • see previous point.

AttAuthorityIO.py:

  • Changed tag 'clntCert' to 'encrCert' so as to be consistent with SessionMgrIO.py code.

attAuthority_services_server.py:

  • Moved encrypt/decrypt code here from AttAuthority? class to be consistent with

sessionMgr_services_server.py.

AttAuthority?.py:

  • Now inherits from dict to allow convenient access to properties file parameters as dictionary

items.

  • Added code to include pubKey tag from mapConfig file in trustedHostInfo returned from

getTrustedHostInfo.

SessionMgrIO.py:

output XML.

  • Shifted test code into separate file in Tests/

SessionClient?.py:

  • Added aaPubKey to reqAuthorisation method - see above re. passing AA public key for

encryption of messages.

sessionMgr_services_server.py:

  • Changes to comments.

Session.py:

private key info of client to allow encrypt of responses from other WSs that SessionMgr? calls.
These are actually passed into CredWallet? instance of UserSession?.

  • AA Public key is passed into reqAuthorisation. This is written to a temp file for use by

XMLSec encryption code.

CredWallet?.py:

  • CredWalletAuthorisationDenied? - make sure extAttCertList gets set to []
  • Added pub/private functionality for encryption of messages to and from Attribute Authorities.
  • reqAuthorisation and getAATrustedHostInfo methods - read in client public key using

straight open/read: using X509Cert.asString() misses out the actual MIME encoded cert text(!)

  • Changed reqAuthorisation() - a required role is now optional with mapFromTrustedHosts flag set.

It does help though with finding a suitable AttCert? for mapping.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1"""NDG Attribute Authority Web service server side interface.  Generated and
2adapted from:
3
4wsdl2dispatch -f attAuthority.wsdl
5
6NERC Data Grid Project
7
8P J Kershaw 19/01/06
9
10Copyright (C) 2006 CCLRC & NERC
11
12This software may be distributed under the terms of the Q Public License,
13version 1.0 or later.
14"""
15
16cvsID = '$Id$'
17
18from attAuthority_services import *
19from ZSI.ServiceContainer import ServiceSOAPBinding
20
21from AttAuthority import *
22
23# Create custom XML formatted error response where needed
24from AttAuthorityIO import *
25
26
27class attAuthority(ServiceSOAPBinding):
28    soapAction = {
29        'urn:attAuthority#getTrustedHostInfo': 'soap_getTrustedHostInfo',
30        'urn:attAuthority#reqAuthorisation': 'soap_reqAuthorisation',
31        }
32
33    def __init__(self, srv, debug=False, post='/attAuthority.wsdl', **kw):
34       
35        ServiceSOAPBinding.__init__(self, post)
36
37        # Link WS to underlying attribute authority class instance
38        if not isinstance(srv, AttAuthority):
39            AttAuthorityError("Expecting AttAuthority type")
40           
41        self.__srv = srv
42       
43        self.__debug = debug
44       
45
46    #_________________________________________________________________________
47    def soap_getTrustedHostInfo(self, ps):
48       
49        if self.__debug:
50            import pdb
51            pdb.set_trace()
52       
53        # input vals in request object
54        reqArgs = ps.Parse(trustedHostInfoRequestWrapper)
55        reqTxt = str(reqArgs._trustedHostInfoReq)
56       
57        # assign return values to response object
58        resp = trustedHostInfoResponseWrapper()
59       
60       
61        try:
62            # Decrypt and parse input
63            reqKeys = TrustedHostInfoReq(xmlTxt=reqTxt,
64                                     encrPriKeyFilePath=self.__srv['keyFile'],
65                                     encrPriKeyPwd=self.__srv['keyPwd'])
66                   
67            trustedHosts = self.__srv.getTrustedHostInfo(**reqKeys.xmlTags)
68            trustedHostInfoResp = TrustedHostInfoResp(\
69                                                   trustedHosts=trustedHosts)                                         
70        except Exception, e:
71            trustedHostInfoResp = TrustedHostInfoResp(errMsg=str(e))
72           
73           
74        try:
75            # Encrypt response and convert into XML formatted string
76            if 'encrCert' in reqKeys:
77               
78                # ConnectResp class expects the public key to be in a file
79                # - Copy public key string content into a temporary file
80                encrCertTmpFile = tempfile.NamedTemporaryFile()                   
81                open(encrCertTmpFile.name, "w").write(reqKeys['encrCert'])
82   
83                trustedHostInfoResp.encrypt(\
84                                    encrPubKeyFilePath=encrCertTmpFile.name)
85               
86        except Exception, e:
87            trustedHostInfoResp = TrustedHostInfoResp(\
88                                  statCode=TrustedHostInfoResp.accessError,
89                                  errMsg=str(e))
90
91       
92        # Convert response into encrypted XML formatted string   
93        resp._trustedHostInfoResp = trustedHostInfoResp()
94        return resp
95
96
97    #_________________________________________________________________________
98    def soap_reqAuthorisation(self, ps):
99
100        if self.__debug:
101            import pdb
102            pdb.set_trace()
103       
104        # input vals in request object
105        reqArgs = ps.Parse(authorisationRequestWrapper)
106        reqTxt = str(reqArgs._authorisationReq)
107
108        # assign return values to response object
109        resp = authorisationResponseWrapper()
110       
111               
112        try:
113            # Decrypt and parse input
114            reqKeys = AuthorisationReq(xmlTxt=reqTxt,
115                                     encrPriKeyFilePath=self.__srv['keyFile'],
116                                     encrPriKeyPwd=self.__srv['keyPwd'])
117
118            # Make request to local instance
119            attCert = self.__srv.authorise(**reqKeys.xmlTags)
120           
121            authResp = AuthorisationResp(\
122                                    credential=attCert,
123                                    statCode=AuthorisationResp.accessGranted)
124           
125        except AttAuthorityAccessDenied, e:
126            authResp = AuthorisationResp(errMsg=str(e),
127                                    statCode=AuthorisationResp.accessDenied)
128           
129        except Exception, e:
130            authResp = AuthorisationResp(errMsg=str(e),
131                                    statCode=AuthorisationResp.accessError)
132
133
134        try:
135            # Encrypt response and convert into XML formatted string
136            if 'encrCert' in reqKeys:
137               
138                # ConnectResp class expects the public key to be in a file
139                # - Copy public key string content into a temporary file
140                encrCertTmpFile = tempfile.NamedTemporaryFile()                   
141                open(encrCertTmpFile.name, "w").write(reqKeys['encrCert'])
142   
143                authResp.encrypt(encrPubKeyFilePath=encrCertTmpFile.name)
144               
145        except Exception, e:
146            authResp = AuthorisationResp(\
147                                      statCode=AuthorisationResp.accessError,
148                                      errMsg=str(e))
149
150       
151        # Convert response into encrypted XML formatted string   
152        resp._authorisationResp = authResp()                                                           
153        return resp
Note: See TracBrowser for help on using the repository browser.