source: TI12-security/trunk/python/NDG/sessionMgr_services_server.py @ 737

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/NDG/sessionMgr_services_server.py@737
Revision 737, 6.8 KB checked in by pjkersha, 14 years ago (diff)

ndgSetup.sh: fixed slight typo.

mapConfig.xml: added pubKey tag to allow client to Attribute Authority to use it to encrypt
outbound messages to it.

ndgSessionClient.py:

  • include code to set public key of Attribute Authority so that Session Manager can encrypt

messages to it.

  • -r/--req-autho option now requires the AA WSDL URI. -a is now used to set the AA pub key
  • see previous point.

AttAuthorityIO.py:

  • Changed tag 'clntCert' to 'encrCert' so as to be consistent with SessionMgrIO.py code.

attAuthority_services_server.py:

  • Moved encrypt/decrypt code here from AttAuthority? class to be consistent with

sessionMgr_services_server.py.

AttAuthority?.py:

  • Now inherits from dict to allow convenient access to properties file parameters as dictionary

items.

  • Added code to include pubKey tag from mapConfig file in trustedHostInfo returned from

getTrustedHostInfo.

SessionMgrIO.py:

output XML.

  • Shifted test code into separate file in Tests/

SessionClient?.py:

  • Added aaPubKey to reqAuthorisation method - see above re. passing AA public key for

encryption of messages.

sessionMgr_services_server.py:

  • Changes to comments.

Session.py:

private key info of client to allow encrypt of responses from other WSs that SessionMgr? calls.
These are actually passed into CredWallet? instance of UserSession?.

  • AA Public key is passed into reqAuthorisation. This is written to a temp file for use by

XMLSec encryption code.

CredWallet?.py:

  • CredWalletAuthorisationDenied? - make sure extAttCertList gets set to []
  • Added pub/private functionality for encryption of messages to and from Attribute Authorities.
  • reqAuthorisation and getAATrustedHostInfo methods - read in client public key using

straight open/read: using X509Cert.asString() misses out the actual MIME encoded cert text(!)

  • Changed reqAuthorisation() - a required role is now optional with mapFromTrustedHosts flag set.

It does help though with finding a suitable AttCert? for mapping.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1"""NDG Session Manager Web service server side interface.  Generated and
2adapted from:
3
4wsdl2dispatch -f sessionMgr.wsdl
5
6NERC Data Grid Project
7
8P J Kershaw 18/12/05
9
10Copyright (C) 2005 CCLRC & NERC
11
12This software may be distributed under the terms of the Q Public License,
13version 1.0 or later.
14"""
15
16cvsID = '$Id$'
17
18from ZSI.ServiceContainer import ServiceSOAPBinding
19
20# wsdl2py generated
21from sessionMgr_services import *
22
23from Session import *
24
25# Create custom XML formatted error response where needed
26from SessionMgrIO import *
27
28
29class sessionMgr(ServiceSOAPBinding):
30    soapAction = {
31        'urn:sessionMgr#addUser': 'soap_addUser',
32        'urn:sessionMgr#connect': 'soap_connect',
33        'urn:sessionMgr#reqAuthorisation': 'soap_reqAuthorisation',
34        }
35
36    def __init__(self, srv, debug=False, post='/sessionMgr.wsdl', **kw):
37       
38        ServiceSOAPBinding.__init__(self, post)
39
40        # Link WS to underlying session manager class instance
41        if not isinstance(srv, SessionMgr):
42            SessionMgrError("Expecting SessionMgr type")
43           
44        self.__srv = srv
45       
46        self.__debug = debug
47       
48       
49    #_________________________________________________________________________
50    def soap_addUser(self, ps):
51        """SOAP interface to NDG Session Manager WS addUser."""
52       
53        if self.__debug:
54            import pdb
55            pdb.set_trace()
56
57        # input vals in request object
58        reqArgs = ps.Parse(addUserRequestWrapper)
59        reqTxt = str(reqArgs._addUserReq)
60
61        # assign return values to response object
62        resp = addUserResponseWrapper()
63
64       
65        try:
66            # Decrypt and parse input
67            reqKeys = AddUserReq(xmlTxt=reqTxt,
68                                 encrPriKeyFilePath=self.__srv['keyFile'],
69                                 encrPriKeyPwd=self.__srv['keyPPhrase'])
70       
71            # New user request for Session Manager
72            addUserResp = self.__srv.addUser(**reqKeys.xmlTags)
73
74        except Exception, e:
75            # Nb. catch exception here so that error message will be encrypted
76            # if 'encrCert' key was set
77            addUserResp = AddUserResp(errMsg=str(e))
78
79
80        try:
81            # Encrypt response and convert into XML formatted string
82            if 'encrCert' in reqKeys:
83               
84                # ConnectResp class expects the public key to be in a file
85                # - Copy public key string content into a temporary file
86                encrCertTmpFile = tempfile.NamedTemporaryFile()                   
87                open(encrCertTmpFile.name, "w").write(reqKeys['encrCert'])
88   
89                addUserResp.encrypt(encrPubKeyFilePath=encrCertTmpFile.name)
90               
91        except Exception, e:
92            addUserResp = AddUserResp(errMsg=str(e))
93       
94
95        # Convert response into encrypted XML formatted string
96        resp._addUserResp = addUserResp()
97        return resp
98
99
100    #_________________________________________________________________________
101    def soap_connect(self, ps):
102        """SOAP interface to NDG Session Manager WS connect."""
103       
104        if self.__debug:
105            import pdb
106            pdb.set_trace()
107           
108        # input vals in request object
109        reqArgs = ps.Parse(connectRequestWrapper)
110        reqTxt = str(reqArgs._connectReq)
111
112        # assign return values to response object
113        resp = connectResponseWrapper()
114
115       
116        try:
117            # Decrypt and parse input
118            reqKeys = ConnectReq(xmlTxt=reqTxt,
119                                 encrPriKeyFilePath=self.__srv['keyFile'],
120                                 encrPriKeyPwd=self.__srv['keyPPhrase'])
121       
122            # Request a connection from the Session Manager
123            connectResp = self.__srv.connect(**reqKeys.xmlTags) 
124
125        except Exception, e:
126            # Nb. catch exception here so that error message will be encrypted
127            # if 'encrCert' key was set
128            connectResp = ConnectResp(errMsg=str(e))
129
130
131        try:
132            # Encrypt response and convert into XML formatted string
133            if 'encrCert' in reqKeys:
134               
135                # ConnectResp class expects the public key to be in a file
136                # - Copy public key string content into a temporary file
137                encrCertTmpFile = tempfile.NamedTemporaryFile()                   
138                open(encrCertTmpFile.name, "w").write(reqKeys['encrCert'])
139   
140                connectResp.encrypt(encrPubKeyFilePath=encrCertTmpFile.name)
141               
142        except Exception, e:
143            connectResp = ConnectResp(errMsg=str(e))
144                   
145                                       
146        resp._connectResp = connectResp()       
147        return resp
148
149
150    #_________________________________________________________________________
151    def soap_reqAuthorisation(self, ps):
152        """Make an authorisation request via the session manager"""
153       
154        if self.__debug:
155            import pdb
156            pdb.set_trace()
157           
158        # input vals in request object
159        reqArgs = ps.Parse(authorisationRequestWrapper)
160        reqTxt = str(reqArgs._authorisationReq)
161       
162        # assign return values to response object
163        resp = authorisationResponseWrapper()
164
165       
166        try:
167            # Decrypt and parse input
168            reqKeys = AuthorisationReq(xmlTxt=reqTxt,
169                                     encrPriKeyFilePath=self.__srv['keyFile'],
170                                     encrPriKeyPwd=self.__srv['keyPPhrase'])
171           
172            # Make request to local instance     
173            authResp = self.__srv.reqAuthorisation(**reqKeys.xmlTags)
174
175        except Exception, e:
176            # Nb. catch exception here so that error message will be encrypted
177            # if 'encrCert' key was set
178            authResp = AuthorisationResp(errMsg=str(e))
179
180
181        try:
182            # Encrypt response and convert into XML formatted string
183            if 'encrCert' in reqKeys:
184               
185                # ConnectResp class expects the public key to be in a file
186                # - Copy public key string content into a temporary file
187                encrCertTmpFile = tempfile.NamedTemporaryFile()                   
188                open(encrCertTmpFile.name, "w").write(reqKeys['encrCert'])
189   
190                authResp.encrypt(encrPubKeyFilePath=encrCertTmpFile.name)
191               
192        except Exception, e:
193            authResp = AuthorisationResp(\
194                                      statCode=AuthorisationResp.accessError,
195                                      errMsg=str(e))
196
197       
198        # Convert response into encrypted XML formatted string   
199        resp._authorisationResp = authResp()                                                           
200        return resp
201
Note: See TracBrowser for help on using the repository browser.