source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py @ 1771

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py@1771
Revision 1771, 10.2 KB checked in by pjkersha, 13 years ago (diff)

Replaced references to 'PubKey?' with 'Cert' as this is more accurate - they refer to X.509 certs which
contain public keys.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority client - client interface classes to the
3Attribute Authority.  These have been separated from their
4original location in the SecurityClient since they have the
5unusual place of being required by both client and server
6NDG security packages.  For the server side they are required
7as the CredWallet invoked by the Session Manager acts as a
8client to Attribute Authorities when negotiating the required
9Attribute Certificate.
10
11Make requests for Attribute Certificates used for authorisation
12
13NERC Data Grid Project
14
15P J Kershaw 17/11/06
16
17Copyright (C) 2006 CCLRC & NERC
18
19This software may be distributed under the terms of the Q Public License,
20version 1.0 or later.
21"""
22__all__ = [
23    'AttAuthority_services',
24    'AttAuthority_services_types',
25    ]
26
27# Handling for public key retrieval
28import tempfile
29
30from AttAuthority_services import AttAuthorityServiceLocator
31
32
33#_____________________________________________________________________________
34class AttAuthorityClientError(Exception):
35    """Exception handling for AttribuSessionthorityClient class"""
36    pass
37
38
39#_____________________________________________________________________________
40class AttAuthorityClient(object):
41   
42    #_________________________________________________________________________
43    def __init__(self, 
44                 uri=None, 
45                 aaCertFilePath=None,
46                 clntCertFilePath=None,
47                 clntPriKeyFilePath=None,
48                 tracefile=None):
49        """
50        uri:                    WSDL URI for Attribute Authority WS.  Setting
51                                 it will set the Service Proxy
52        aaCertFilePath:        Public key of Attribute Authority used to
53                                 encrypt the outgoing message if required -
54                                 set as a path on the local file system or as
55                                 a URI
56        clntCertFilePath:      Public key of client.  This is passed to the
57                                 Attribute Authority so that it can encrypt
58                                 responses.  WARNING: if not set, responses
59                                 are returned as clear text
60        clntPriKeyFilePath:      Private key of client.  If clntCertFilePath
61                                 is set, the private key is needed to decrypt
62                                 the response from the Attribute Authority
63        tracefile:               set to file object such as sys.stderr to
64                                 give extra WS debug information"""
65
66        self.__srv = None
67        self.__uri = None
68        self.__aaCertFilePath = None
69        self.__aaCertFilePath = None
70        self.__clntCertFilePath = None
71        self.__clntCert = None
72        self.__clntPriKeyFilePath = None
73       
74        self.__aaCertTempFile = None
75       
76       
77        if uri:
78            self.__setURI(uri)
79           
80        if aaCertFilePath:
81            self.__setAAcertFilePath(aaCertFilePath)
82           
83        if clntPriKeyFilePath:
84            self.__setClntPriKeyFilePath(clntPriKeyFilePath)
85           
86        if clntCertFilePath:
87            if clntPriKeyFilePath is None:
88                raise AttAuthorityClientError, \
89                    "A Client private key file is required as well a " + \
90                    "public key"
91                   
92            self.__setClntCertFilePath(clntCertFilePath)
93
94           
95        self.__tracefile = tracefile
96
97         
98        # Instantiate Attribute Authority WS proxy
99        if self.__uri:
100            self.initService()
101       
102
103    #_________________________________________________________________________
104    def __setURI(self, uri):
105       
106        if not isinstance(uri, basestring):
107            raise AttAuthorityClientError, \
108                        "Attribute Authority WSDL URI must be a valid string"
109       
110        self.__uri = uri
111       
112    uri = property(fset=__setURI, doc="Set Attribute Authority WSDL URI")
113
114
115    #_________________________________________________________________________
116    def __setAAcertFilePath(self, aaCertFilePath):
117       
118        if not isinstance(aaCertFilePath, basestring):
119            raise AttAuthorityClientError, \
120                "Attribute Authority public key URI must be a valid string"
121       
122        self.__aaCertFilePath = aaCertFilePath
123       
124    aaCertFilePath = property(fset=__setAAcertFilePath,
125                                doc="Set Attribute Authority public key URI")
126
127 
128    #_________________________________________________________________________
129    def __setClntCertFilePath(self, clntCertFilePath):
130       
131        if not isinstance(clntCertFilePath, basestring):
132            raise AttAuthorityClientError(\
133                "Client public key file path must be a valid string")
134       
135        self.__clntCertFilePath = clntCertFilePath
136        try:
137            self.__clntCert = open(self.__clntCertFilePath).read()
138           
139        except IOError, (errNo, errMsg):
140            raise AttAuthorityClientError(\
141                    "Reading certificate file \"%s\": %s" % \
142                    (self.__clntCertFilePath, errMsg))
143                               
144        except Exception, e:
145            raise AttAuthorityClientError, \
146                                    "Reading certificate file \"%s\": %s" % \
147                                    (self.__clntCertFilePath, str(e))
148       
149    clntCertFilePath = property(fset=__setClntCertFilePath,
150                                  doc="File path for client public key")
151
152 
153    #_________________________________________________________________________
154    def __setClntPriKeyFilePath(self, clntPriKeyFilePath):
155       
156        if not isinstance(clntPriKeyFilePath, basestring):
157            raise AttAuthorityClientError(\
158                "Client public key file path must be a valid string")
159       
160        self.__clntPriKeyFilePath = clntPriKeyFilePath
161       
162    clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,
163                                  doc="File path for client private key")
164
165
166    #_________________________________________________________________________
167    def __getAttAuthorityCert(self):
168        """Retrieve the public key from the URI"""
169       
170        # Don't proceed unless URI was set - user may have set public key via
171        # aaCertFilePath instead
172        if self.__aaCertFilePath is not None:
173            return
174               
175        try:
176            self.__aaCertTempFile = tempfile.NamedTemporaryFile()
177           
178            cert = self.getCert()
179            open(self.__aaCertTempFile.name, "w").write(cert)
180           
181            self.__aaCertFilePath = self.__aaCertTempFile.name
182           
183        except IOError, (errNo, errMsg):
184            raise AttAuthorityClientError, \
185                                "Writing public key to temp \"%s\": %s" % \
186                                (self.__aaCertTempFile.name, errMsg)                                                                     
187        except Exception, e:
188            raise AttAuthorityClientError, "Retrieving Attribute Authority "+\
189                                          "public key: %s" % str(e)
190   
191       
192    #_________________________________________________________________________
193    def initService(self, uri=None):
194        """Set the WS proxy for the Attribute Authority"""
195        if uri:
196            self.__setURI(uri)
197
198        try:
199            locator = AttAuthorityServiceLocator()
200            self.__srv = locator.getAttAuthority(self.__uri, 
201                                                 tracefile=self.__tracefile)
202        except HTTPResponse, e:
203            raise AttAuthorityClientError, \
204            "Error initialising WSDL Service for \"%s\": %s %s" % \
205                (self.__uri, e.status, e.reason)
206           
207        except Exception, e:
208            raise AttAuthorityClientError, \
209                "Initialising WSDL Service for \"%s\": %s" % \
210                 (self.__uri, str(e))
211
212                                   
213    #_________________________________________________________________________
214    def getHostInfo(self, clntPriKeyPwd=None):
215        """Get host information for the data provider which the
216        Attribute Authority represents
217       
218        """
219
220        # If Public key was not set, retrieve from server
221        self.__getAttAuthorityCert()
222           
223        try:   
224            resp = self.__srv.getHostInfo()
225
226        except Exception, e:
227            raise AttAuthorityClientError, "Error: " + str(e)
228
229        return resp
230
231                                   
232    #_________________________________________________________________________
233    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
234        """Get list of trusted hosts for an Attribute Authority
235       
236        """
237
238        # If Public key was not set, retrieve from server
239        self.__getAttAuthorityCert()
240           
241        try:   
242            # Pass encrypted request
243            resp = self.__srv.getTrustedHostInfo(role)
244
245        except Exception, e:
246            raise AttAuthorityClientError, "Error: " + str(e)
247
248        return resp
249   
250
251    #_________________________________________________________________________
252    def getAttCert(self, 
253                   proxyCert, 
254                   userAttCert=None, 
255                   clntPriKeyPwd=None):
256        """Request attribute certificate from NDG Attribute Authority Web
257        Service."""
258
259
260        # If Public key was not set, retrieve from server
261        self.__getAttAuthorityCert()
262
263
264        try:   
265            resp = self.__srv.getAttCert(proxyCert)
266                                     
267        except Exception, e:
268            raise AttAuthorityClientError, "Error: " + str(e)
269           
270        return resp
271
272                                   
273    #_________________________________________________________________________
274    def getCert(self):
275        """Retrieve the public key of the Attribute Authority"""
276       
277        try:   
278            cert = self.__srv.getCert()               
279            return cert
280       
281        except Exception, e:
282            raise AttAuthorityClientError, \
283                                    "Error retrieving public key: " + str(e) 
Note: See TracBrowser for help on using the repository browser.