source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py @ 1730

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py@1730
Revision 1730, 10.2 KB checked in by pjkersha, 15 years ago (diff)

server-config.tac: changes to AttAuthorityService? sub class - working
stub code (apart from soap_getHostInfo) and started adding in actual hook
up to AttAuthority? code.

AttAuthorityClientTest?.py: unit tests working with server side stub version.

common/AttAuthority/init.py: change wsdl refs to url. WSDL isn't actually
relevant here, only the url for the service to be accessed.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority client - client interface classes to the
3Attribute Authority.  These have been separated from their
4original location in the SecurityClient since they have the
5unusual place of being required by both client and server
6NDG security packages.  For the server side they are required
7as the CredWallet invoked by the Session Manager acts as a
8client to Attribute Authorities when negotiating the required
9Attribute Certificate.
10
11Make requests for Attribute Certificates used for authorisation
12
13NERC Data Grid Project
14
15P J Kershaw 17/11/06
16
17Copyright (C) 2006 CCLRC & NERC
18
19This software may be distributed under the terms of the Q Public License,
20version 1.0 or later.
21"""
22# Handling for public key retrieval
23import tempfile
24
25from AttAuthority_services import AttAuthorityServiceLocator
26
27
28#_____________________________________________________________________________
29class AttAuthorityClientError(Exception):
30    """Exception handling for AttribuSessionthorityClient class"""
31    pass
32
33
34#_____________________________________________________________________________
35class AttAuthorityClient(object):
36   
37    #_________________________________________________________________________
38    def __init__(self, 
39                 url=None, 
40                 aaPubKeyFilePath=None,
41                 clntPubKeyFilePath=None,
42                 clntPriKeyFilePath=None,
43                 tracefile=None):
44        """
45        url:                    WSDL URI for Attribute Authority WS.  Setting
46                                 it will set the Service Proxy
47        aaPubKeyFilePath:        Public key of Attribute Authority used to
48                                 encrypt the outgoing message if required -
49                                 set as a path on the local file system or as
50                                 a URI
51        clntPubKeyFilePath:      Public key of client.  This is passed to the
52                                 Attribute Authority so that it can encrypt
53                                 responses.  WARNING: if not set, responses
54                                 are returned as clear text
55        clntPriKeyFilePath:      Private key of client.  If clntPubKeyFilePath
56                                 is set, the private key is needed to decrypt
57                                 the response from the Attribute Authority
58        tracefile:               set to file object such as sys.stderr to
59                                 give extra WS debug information"""
60
61        self.__srv = None
62        self.__url = None
63        self.__aaPubKeyFilePath = None
64        self.__aaPubKeyFilePath = None
65        self.__clntPubKeyFilePath = None
66        self.__clntPubKey = None
67        self.__clntPriKeyFilePath = None
68       
69        self.__aaPubKeyTempFile = None
70       
71       
72        if url:
73            self.__setURL(url)
74           
75        if aaPubKeyFilePath:
76            self.__setAApubKeyFilePath(aaPubKeyFilePath)
77           
78        if clntPriKeyFilePath:
79            self.__setClntPriKeyFilePath(clntPriKeyFilePath)
80           
81        if clntPubKeyFilePath:
82            if clntPriKeyFilePath is None:
83                raise AttAuthorityClientError, \
84                    "A Client private key file is required as well a " + \
85                    "public key"
86                   
87            self.__setClntPubKeyFilePath(clntPubKeyFilePath)
88
89           
90        self.__tracefile = tracefile
91
92         
93        # Instantiate Attribute Authority WS proxy
94        if self.__url:
95            self.initService()
96       
97
98    #_________________________________________________________________________
99    def __setURL(self, url):
100       
101        if not isinstance(url, basestring):
102            raise AttAuthorityClientError, \
103                        "Attribute Authority WSDL URI must be a valid string"
104       
105        self.__url = url
106       
107    url = property(fset=__setURL, doc="Set Attribute Authority WSDL URI")
108
109
110    #_________________________________________________________________________
111    def __setAApubKeyFilePath(self, aaPubKeyFilePath):
112       
113        if not isinstance(aaPubKeyFilePath, basestring):
114            raise AttAuthorityClientError, \
115                "Attribute Authority public key URI must be a valid string"
116       
117        self.__aaPubKeyFilePath = aaPubKeyFilePath
118       
119    aaPubKeyFilePath = property(fset=__setAApubKeyFilePath,
120                                doc="Set Attribute Authority public key URI")
121
122 
123    #_________________________________________________________________________
124    def __setClntPubKeyFilePath(self, clntPubKeyFilePath):
125       
126        if not isinstance(clntPubKeyFilePath, basestring):
127            raise AttAuthorityClientError(\
128                "Client public key file path must be a valid string")
129       
130        self.__clntPubKeyFilePath = clntPubKeyFilePath
131        try:
132            self.__clntPubKey = open(self.__clntPubKeyFilePath).read()
133           
134        except IOError, (errNo, errMsg):
135            raise AttAuthorityClientError(\
136                    "Reading certificate file \"%s\": %s" % \
137                    (self.__clntPubKeyFilePath, errMsg))
138                               
139        except Exception, e:
140            raise AttAuthorityClientError, \
141                                    "Reading certificate file \"%s\": %s" % \
142                                    (self.__clntPubKeyFilePath, str(e))
143       
144    clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath,
145                                  doc="File path for client public key")
146
147 
148    #_________________________________________________________________________
149    def __setClntPriKeyFilePath(self, clntPriKeyFilePath):
150       
151        if not isinstance(clntPriKeyFilePath, basestring):
152            raise AttAuthorityClientError(\
153                "Client public key file path must be a valid string")
154       
155        self.__clntPriKeyFilePath = clntPriKeyFilePath
156       
157    clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,
158                                  doc="File path for client private key")
159
160
161    #_________________________________________________________________________
162    def __getAttAuthorityPubKey(self):
163        """Retrieve the public key from the URI"""
164       
165        # Don't proceed unless URI was set - user may have set public key via
166        # aaPubKeyFilePath instead
167        if self.__aaPubKeyFilePath is not None:
168            return
169               
170        try:
171            self.__aaPubKeyTempFile = tempfile.NamedTemporaryFile()
172           
173            pubKey = self.getPubKey()
174            open(self.__aaPubKeyTempFile.name, "w").write(pubKey)
175           
176            self.__aaPubKeyFilePath = self.__aaPubKeyTempFile.name
177           
178        except IOError, (errNo, errMsg):
179            raise AttAuthorityClientError, \
180                                "Writing public key to temp \"%s\": %s" % \
181                                (self.__aaPubKeyTempFile.name, errMsg)                                                                     
182        except Exception, e:
183            raise AttAuthorityClientError, "Retrieving Attribute Authority "+\
184                                          "public key: %s" % str(e)
185   
186       
187    #_________________________________________________________________________
188    def initService(self, url=None):
189        """Set the WS proxy for the Attribute Authority"""
190        if url:
191            self.__setURL(url)
192
193        try:
194            locator = AttAuthorityServiceLocator()
195            self.__srv = locator.getAttAuthority(self.__url, 
196                                                 tracefile=self.__tracefile)
197        except HTTPResponse, e:
198            raise AttAuthorityClientError, \
199            "Error initialising WSDL Service for \"%s\": %s %s" % \
200                (self.__url, e.status, e.reason)
201           
202        except Exception, e:
203            raise AttAuthorityClientError, \
204                "Initialising WSDL Service for \"%s\": %s" % \
205                 (self.__url, str(e))
206
207                                   
208    #_________________________________________________________________________
209    def getHostInfo(self, clntPriKeyPwd=None):
210        """Get host information for the data provider which the
211        Attribute Authority represents
212       
213        """
214
215        # If Public key was not set, retrieve from server
216        self.__getAttAuthorityPubKey()
217           
218        try:   
219            resp = self.__srv.getHostInfo()
220
221        except Exception, e:
222            raise AttAuthorityClientError, "Error: " + str(e)
223
224        return resp
225
226                                   
227    #_________________________________________________________________________
228    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
229        """Get list of trusted hosts for an Attribute Authority
230       
231        """
232
233        # If Public key was not set, retrieve from server
234        self.__getAttAuthorityPubKey()
235           
236        try:   
237            # Pass encrypted request
238            resp = self.__srv.getTrustedHostInfo(role)
239
240        except Exception, e:
241            raise AttAuthorityClientError, "Error: " + str(e)
242
243        return resp
244   
245
246    #_________________________________________________________________________
247    def getAttCert(self, 
248                   proxyCert, 
249                   userAttCert=None, 
250                   clntPriKeyPwd=None):
251        """Request attribute certificate from NDG Attribute Authority Web
252        Service."""
253
254
255        # If Public key was not set, retrieve from server
256        self.__getAttAuthorityPubKey()
257
258
259        try:   
260            resp = self.__srv.getAttCert(proxyCert)
261                                     
262        except Exception, e:
263            raise AttAuthorityClientError, "Error: " + str(e)
264           
265        return resp
266
267                                   
268    #_________________________________________________________________________
269    def getPubKey(self):
270        """Retrieve the public key of the Attribute Authority"""
271       
272        try:   
273            pubKey = self.__srv.getPubKey()               
274            return pubKey
275       
276        except Exception, e:
277            raise AttAuthorityClientError, \
278                                    "Error retrieving public key: " + str(e) 
Note: See TracBrowser for help on using the repository browser.