source: TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py @ 3942

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py@3942
Revision 3942, 7.5 KB checked in by pjkersha, 13 years ago (diff)

New release for deployment as egg version 0.9.1:

  • OpenID support in beta stage - this merely authenticates users and doesn't link them to any attributes from the Attribute Authority or Session Manager connection.
  • modular security for ows_server
  • HTTP Proxy support to enable WS client calls via HTTP proxy
  • Browse PDP now also logs access requests for public data - means OpenID based user access is logged.
Line 
1import os
2import logging
3log = logging.getLogger(__name__)
4
5from ZSI import _get_element_nsuri_name, EvaluateException, ParseException
6from ZSI.parse import ParsedSoap
7
8
9from ndg.security.server.AttAuthority.AttAuthority_services_server import \
10        AttAuthorityService as _AttAuthorityService
11
12from ndg.security.server.AttAuthority import AttAuthority, \
13        AttAuthorityAccessDenied
14       
15from ndg.security.common.wsSecurity import SignatureHandler
16from ndg.security.server.twisted import WSSecurityHandlerChainFactory, \
17        WSSecurityHandler
18
19from ndg.security.common.X509 import X509Cert, X509CertRead
20
21
22class Middleware(object):
23           
24    def __init__(self, app, app_conf):
25        log.debug("Middleware.__init__ ...")
26        self.attributeAuthorityWS = AttributeAuthorityWS()
27        self.app = app
28               
29    def __call__(self, environ, start_response):
30        log.debug("Middleware.__call__")
31       
32        # Apply filter for calls
33        if not environ['PATH_INFO'].startswith('/AttributeAuthority'):
34                return self.app(environ, start_response)
35       
36        log.debug("environ=%s" % environ)EDC567*()
37       
38        #ps = ParsedSoap()
39        #method =  getattr(self.attributeAuthorityWS, 'soap_%s' %
40        #                   _get_element_nsuri_name(ps.body_root)[-1])
41       
42
43        return self.app(environ, start_response)
44
45
46class AttributeAuthorityWS(_AttAuthorityService):
47
48    def __init__(self):
49       
50        # Stop in debugger at beginning of SOAP stub if environment variable
51        # is set
52        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
53        if self.__debug:
54                import pdb
55                pdb.set_trace()
56         
57        # Initialize Attribute Authority class - property file will be
58        # picked up from default location under $NDG_DIR directory
59        self.aa = AttAuthority()
60
61
62    def soap_getAttCert(self, ps, **kw):
63        '''Retrieve an Attribute Certificate
64       
65        @type ps: ZSI ParsedSoap
66        @param ps: client SOAP message
67        @rtype: tuple
68        @return: request and response objects'''
69        if self.__debug:
70                import pdb
71                pdb.set_trace()
72               
73        request, response = AttAuthorityService.soap_getAttCert(self, ps)
74
75        # Derive designated holder cert differently according to whether
76        # a signed message is expected from the client
77        if srv.aa['useSignatureHandler']:
78            # Get certificate corresponding to private key that signed the
79            # message - i.e. the user's proxy
80            holderCert = WSSecurityHandler.signatureHandler.verifyingCert
81        else:
82            # No signature from client - they must instead provide the
83            # designated holder cert via the UserCert input
84            holderCert = request.UserCert
85
86        try:   
87                attCert = self.aa.getAttCert(userId=request.UserId,
88                                         holderCert=holderCert,
89                                         userAttCert=request.UserAttCert) 
90                response.AttCert = attCert.toString()
91               
92        except AttAuthorityAccessDenied, e:
93            response.Msg = str(e)
94                       
95        return request, response
96       
97
98    def soap_getHostInfo(self, ps, **kw):
99        '''Get information about this host
100               
101        @type ps: ZSI ParsedSoap
102        @param ps: client SOAP message
103        @rtype: tuple
104        @return: request and response objects'''
105        if self.__debug:
106                import pdb
107                pdb.set_trace()
108               
109        request, response = AttAuthorityService.soap_getHostInfo(self, ps)
110       
111        response.Hostname = srv.aa.hostInfo.keys()[0]
112        response.AaURI = srv.aa.hostInfo[response.Hostname]['aaURI']
113        response.AaDN = srv.aa.hostInfo[response.Hostname]['aaDN']
114        response.LoginURI = srv.aa.hostInfo[response.Hostname]['loginURI']
115        response.LoginServerDN = \
116                srv.aa.hostInfo[response.Hostname]['loginServerDN']
117        response.LoginRequestServerDN = \
118                srv.aa.hostInfo[response.Hostname]['loginRequestServerDN']
119
120        return request, response
121       
122
123    def soap_getAllHostsInfo(self, ps, **kw):
124        '''Get information about all hosts
125               
126        @type ps: ZSI ParsedSoap
127        @param ps: client SOAP message
128        @rtype: tuple
129        @return: request and response objects'''
130        if self.__debug:
131                import pdb
132                pdb.set_trace()
133               
134        request, response = AttAuthorityService.soap_getAllHostsInfo(self, ps)
135       
136
137        trustedHostInfo = srv.aa.getTrustedHostInfo()
138
139                # Convert ready for serialization
140               
141                # First get info for THIS Attribute Authority ...
142                # Nb. No role lsit applies here
143        hosts = [response.new_hosts()]
144       
145        hosts[0].Hostname = srv.aa.hostInfo.keys()[0]
146       
147        hosts[0].AaURI = \
148                srv.aa.hostInfo[hosts[0].Hostname]['aaURI']
149        hosts[0].AaDN = \
150                srv.aa.hostInfo[hosts[0].Hostname]['aaDN']
151
152        hosts[0].LoginURI = srv.aa.hostInfo[hosts[0].Hostname]['loginURI']
153        hosts[0].LoginServerDN = \
154                srv.aa.hostInfo[hosts[0].Hostname]['loginServerDN']
155        hosts[0].LoginRequestServerDN = \
156                srv.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN']
157       
158                # ... then append info for other trusted attribute authorities...
159        for hostname, hostInfo in trustedHostInfo.items():
160            host = response.new_hosts()
161                       
162            host.Hostname = hostname
163            host.AaURI = hostInfo['aaURI']
164            host.AaDN = hostInfo['aaDN']
165            host.LoginURI = hostInfo['loginURI']
166            host.LoginServerDN = hostInfo['loginServerDN']
167            host.LoginRequestServerDN=hostInfo['loginRequestServerDN']
168            host.RoleList = hostInfo['role']
169                       
170            hosts.append(host)
171                       
172        response.Hosts = hosts
173
174        return request, response
175
176
177    def soap_getTrustedHostInfo(self, ps, **kw):
178        '''Get information about other trusted hosts
179               
180        @type ps: ZSI ParsedSoap
181        @param ps: client SOAP message
182        @rtype: tuple
183        @return: request and response objects'''
184        if self.__debug:
185                import pdb
186                pdb.set_trace()
187               
188        request, response = \
189                        AttAuthorityService.soap_getTrustedHostInfo(self, ps)
190       
191        trustedHostInfo = srv.aa.getTrustedHostInfo(role=request.Role)
192
193                # Convert ready for serialization
194        trustedHosts = []
195        for hostname, hostInfo in trustedHostInfo.items():
196            trustedHost = response.new_trustedHosts()
197                       
198            trustedHost.Hostname = hostname
199            trustedHost.AaURI = hostInfo['aaURI']
200            trustedHost.AaDN = hostInfo['aaDN']
201            trustedHost.LoginURI = hostInfo['loginURI']
202            trustedHost.LoginServerDN = hostInfo['loginServerDN']
203            trustedHost.LoginRequestServerDN=hostInfo['loginRequestServerDN']
204            trustedHost.RoleList = hostInfo['role']
205                       
206            trustedHosts.append(trustedHost)
207                       
208        response.TrustedHosts = trustedHosts
209               
210        return request, response
211
212
213    def soap_getX509Cert(self, ps, **kw):
214        '''Retrieve Attribute Authority's X.509 certificate
215       
216        @type ps: ZSI ParsedSoap
217        @param ps: client SOAP message
218        @rtype: tuple
219        @return: request and response objects'''
220        if self.__debug:
221                import pdb
222                pdb.set_trace()
223               
224        request, response = AttAuthorityService.soap_getX509Cert(self, ps)
225       
226        x509Cert = X509CertRead(srv.aa['certFile'])
227        response.X509Cert = base64.encodestring(x509Cert.asDER())
228        return request, response
Note: See TracBrowser for help on using the repository browser.