source: TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py @ 3955

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py@3955
Revision 3955, 7.2 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/share/ndg-aa: added option for http_proxy setting

python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py: make layout section optional

python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py: TypeError? check to ensure request object is accessible

python/ndg.security.server/ndg/security/server/SessionMgr/init.py: allow defaults for 'wssRefInclNS' and 'wssSignedInfoInclNS' properties in case they're not set

security/python/Makefile: added target for making SysV init scripts

python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/*... more experiments for generic SOAP WSGI Middleware

python/ndg.security.common/ndg/security/common/authz/pdp/browse.py: important fix - permissive policy for schema types that are not recognised.

Line 
1import os, sys
2import base64
3import logging
4log = logging.getLogger(__name__)
5
6
7
8from ndg.security.server.AttAuthority.AttAuthority_services_server import \
9        AttAuthorityService as _AttAuthorityService
10
11from ndg.security.server.AttAuthority import AttAuthority, \
12        AttAuthorityAccessDenied
13       
14from ndg.security.common.wsSecurity import SignatureHandler
15from ndg.security.common.X509 import X509Cert, X509CertRead
16
17from ndgsecurity.config.soap import SOAPMiddleware
18
19#class AttributeAuthorityMiddleware(object):
20#         
21#    def __init__(self, app, app_conf):
22#        log.debug("AttributeAuthorityMiddleware.__init__ ...")
23#        self.app = SOAPMiddleware(app, app_conf,
24#                                                                 ServiceSOAPBinding=AttributeAuthorityWS(),
25#                                                                 pathInfo='/AttributeAuthority')
26#               
27#    def __call__(self, environ, start_response):
28#               log.debug("AttributeAuthorityMiddleware.__call__")                             
29#
30#               #start_response("200 OK", [('Content-type', 'text/xml')])
31#               return self.app(environ, start_response)
32       
33
34class AttributeAuthorityWS(_AttAuthorityService):
35
36    def __init__(self):
37       
38        # Stop in debugger at beginning of SOAP stub if environment variable
39        # is set
40        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
41        if self.__debug:
42                import pdb
43                pdb.set_trace()
44         
45        # Initialize Attribute Authority class - property file will be
46        # picked up from default location under $NDG_DIR directory
47        self.aa = AttAuthority()
48
49
50    def soap_getAttCert(self, ps, **kw):
51        '''Retrieve an Attribute Certificate
52       
53        @type ps: ZSI ParsedSoap
54        @param ps: client SOAP message
55        @rtype: tuple
56        @return: request and response objects'''
57        if self.__debug:
58                import pdb
59                pdb.set_trace()
60               
61        request, response = _AttAuthorityService.soap_getAttCert(self, ps)
62
63        # Derive designated holder cert differently according to whether
64        # a signed message is expected from the client
65        if self.aa['useSignatureHandler']:
66            # Get certificate corresponding to private key that signed the
67            # message - i.e. the user's proxy
68            holderCert = WSSecurityHandler.signatureHandler.verifyingCert
69        else:
70            # No signature from client - they must instead provide the
71            # designated holder cert via the UserCert input
72            holderCert = request.UserCert
73
74        try:   
75                attCert = self.aa.getAttCert(userId=request.UserId,
76                                         holderCert=holderCert,
77                                         userAttCert=request.UserAttCert) 
78                response.AttCert = attCert.toString()
79               
80        except AttAuthorityAccessDenied, e:
81            response.Msg = str(e)
82                       
83        return request, response
84       
85
86    def soap_getHostInfo(self, ps, **kw):
87        '''Get information about this host
88               
89        @type ps: ZSI ParsedSoap
90        @param ps: client SOAP message
91        @rtype: tuple
92        @return: request and response objects'''
93        if self.__debug:
94                import pdb
95                pdb.set_trace()
96               
97        request, response = _AttAuthorityService.soap_getHostInfo(self, ps)
98       
99        response.Hostname = self.aa.hostInfo.keys()[0]
100        response.AaURI = self.aa.hostInfo[response.Hostname]['aaURI']
101        response.AaDN = self.aa.hostInfo[response.Hostname]['aaDN']
102        response.LoginURI = self.aa.hostInfo[response.Hostname]['loginURI']
103        response.LoginServerDN = \
104                self.aa.hostInfo[response.Hostname]['loginServerDN']
105        response.LoginRequestServerDN = \
106                self.aa.hostInfo[response.Hostname]['loginRequestServerDN']
107
108        return request, response
109       
110
111    def soap_getAllHostsInfo(self, ps, **kw):
112        '''Get information about all hosts
113               
114        @type ps: ZSI ParsedSoap
115        @param ps: client SOAP message
116        @rtype: tuple
117        @return: request and response objects'''
118        if self.__debug:
119                import pdb
120                pdb.set_trace()
121               
122        request, response = _AttAuthorityService.soap_getAllHostsInfo(self, ps)
123       
124
125        trustedHostInfo = self.aa.getTrustedHostInfo()
126
127                # Convert ready for serialization
128               
129                # First get info for THIS Attribute Authority ...
130                # Nb. No role lsit applies here
131        hosts = [response.new_hosts()]
132       
133        hosts[0].Hostname = self.aa.hostInfo.keys()[0]
134       
135        hosts[0].AaURI = \
136                self.aa.hostInfo[hosts[0].Hostname]['aaURI']
137        hosts[0].AaDN = \
138                self.aa.hostInfo[hosts[0].Hostname]['aaDN']
139
140        hosts[0].LoginURI = self.aa.hostInfo[hosts[0].Hostname]['loginURI']
141        hosts[0].LoginServerDN = \
142                self.aa.hostInfo[hosts[0].Hostname]['loginServerDN']
143        hosts[0].LoginRequestServerDN = \
144                self.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN']
145       
146                # ... then append info for other trusted attribute authorities...
147        for hostname, hostInfo in trustedHostInfo.items():
148            host = response.new_hosts()
149                       
150            host.Hostname = hostname
151            host.AaURI = hostInfo['aaURI']
152            host.AaDN = hostInfo['aaDN']
153            host.LoginURI = hostInfo['loginURI']
154            host.LoginServerDN = hostInfo['loginServerDN']
155            host.LoginRequestServerDN=hostInfo['loginRequestServerDN']
156            host.RoleList = hostInfo['role']
157                       
158            hosts.append(host)
159                       
160        response.Hosts = hosts
161
162        return request, response
163
164
165    def soap_getTrustedHostInfo(self, ps, **kw):
166        '''Get information about other trusted hosts
167               
168        @type ps: ZSI ParsedSoap
169        @param ps: client SOAP message
170        @rtype: tuple
171        @return: request and response objects'''
172        if self.__debug:
173                import pdb
174                pdb.set_trace()
175               
176        request, response = \
177                        _AttAuthorityService.soap_getTrustedHostInfo(self, ps)
178       
179        trustedHostInfo = self.aa.getTrustedHostInfo(role=request.Role)
180
181                # Convert ready for serialization
182        trustedHosts = []
183        for hostname, hostInfo in trustedHostInfo.items():
184            trustedHost = response.new_trustedHosts()
185                       
186            trustedHost.Hostname = hostname
187            trustedHost.AaURI = hostInfo['aaURI']
188            trustedHost.AaDN = hostInfo['aaDN']
189            trustedHost.LoginURI = hostInfo['loginURI']
190            trustedHost.LoginServerDN = hostInfo['loginServerDN']
191            trustedHost.LoginRequestServerDN=hostInfo['loginRequestServerDN']
192            trustedHost.RoleList = hostInfo['role']
193                       
194            trustedHosts.append(trustedHost)
195                       
196        response.TrustedHosts = trustedHosts
197               
198        return request, response
199
200
201    def soap_getX509Cert(self, ps, **kw):
202        '''Retrieve Attribute Authority's X.509 certificate
203       
204        @type ps: ZSI ParsedSoap
205        @param ps: client SOAP message
206        @rtype: tuple
207        @return: request and response objects'''
208        if self.__debug:
209                import pdb
210                pdb.set_trace()
211               
212        request, response = _AttAuthorityService.soap_getX509Cert(self, ps)
213       
214        x509Cert = X509CertRead(self.aa['certFile'])
215        response.X509Cert = base64.encodestring(x509Cert.asDER())
216        return request, response
Note: See TracBrowser for help on using the repository browser.