source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py @ 1990

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py@1990
Revision 1990, 11.1 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
started integration with AttAuthority? class and getAttCert method.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • Update documentation
  • make properties file path default to $NDG_DIR/conf/attAuthorityProperties.xml
  • Remove refs to AttAuthorityIO class - remove reqKeys in methods and use explicit keywords

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:
SessionMgr? client interface - cosmetic changes to method names

python/ndg.security.common/ndg/security/common/X509.py: fix to exception
handlers - they only need to inherit from Exception, no further specialisation
is required.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
Preparing for unit tests and integration of AttAuthority? class with web service
server side code. Added clntPriKeyPwd property and associated set method; changes to method names.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority client - client interface classes to the
3Attribute Authority.  These have been separated from their
4original location in the SecurityClient since they have the
5unusual place of being required by both client and server
6NDG security packages.  For the server side they are required
7as the CredWallet invoked by the Session Manager acts as a
8client to Attribute Authorities when negotiating the required
9Attribute Certificate.
10
11Make requests for Attribute Certificates used for authorisation
12
13NERC Data Grid Project
14
15@author P J Kershaw 17/11/06
16
17@copyright (C) 2006 CCLRC & NERC
18
19@license This software may be distributed under the terms of the Q Public
20License, version 1.0 or later.
21"""
22__all__ = [
23    'AttAuthority_services',
24    'AttAuthority_services_types',
25    ]
26
27# Handling for public key retrieval
28import tempfile
29
30from AttAuthority_services import AttAuthorityServiceLocator
31from ndg.security.common.wsSecurity import SignatureHandler
32
33
34#_____________________________________________________________________________
35class AttAuthorityClientError(Exception):
36    """Exception handling for AttributeAuthorityClient class"""
37    pass
38
39
40#_____________________________________________________________________________
41class AttAuthorityClient(object):
42    """Client interface to Attribute Authority web service"""
43   
44    #_________________________________________________________________________
45    def __init__(self, 
46                 uri=None, 
47                 srvCertFilePath=None,
48                 clntCertFilePath=None,
49                 clntPriKeyFilePath=None,
50                 tracefile=None):
51        """
52        @type uri: string
53        @param uri: URI for Attribute Authority WS.  Setting it will also
54        initialise the Service Proxy
55       
56        @type srvCertFilePath: string
57        @param srvCertFilePath: X.509 certificate of Attribute Authority use to
58        verify the signatures of responses. This is unnecessary if the
59        response includes the certificate.
60       
61        @type clntCertFilePath:string
62        @param clntCertFilePath: X.509 certificate of client.  Passed in
63        SOAP WS-Security header to enable the AA to verify the signature of
64        this client's requests.
65       
66        clntPriKeyFilePath:      Private key of client.  If clntCertFilePath
67                                 is set, the private key is needed to decrypt
68                                 the response from the Attribute Authority
69        tracefile:               set to file object such as sys.stderr to
70                                 give extra WS debug information"""
71
72        self.__srv = None
73        self.__uri = None
74        self.__srvCertFilePath = None
75        self.__srvCertFilePath = None
76        self.__clntCertFilePath = None
77        self.__clntCert = None
78        self.__clntPriKeyFilePath = None
79        self.__clntPriKeyPwd = None
80        self.__srvCertTempFile = None
81       
82       
83        if uri:
84            self.__setURI(uri)
85           
86        if srvCertFilePath:
87            self.__setSrvCertFilePath(srvCertFilePath)
88           
89        if clntPriKeyFilePath:
90            self.__setClntPriKeyFilePath(clntPriKeyFilePath)
91           
92        if clntCertFilePath:
93            if clntPriKeyFilePath is None:
94                raise AttAuthorityClientError, \
95                    "A Client private key file is required as well a " + \
96                    "public key"
97                   
98            self.__setClntCertFilePath(clntCertFilePath)
99
100           
101        self.__tracefile = tracefile
102
103         
104        # Instantiate Attribute Authority WS proxy
105        if self.__uri:
106            self.initService()
107       
108
109    #_________________________________________________________________________
110    def __setURI(self, uri):
111       
112        if not isinstance(uri, basestring):
113            raise AttAuthorityClientError, \
114                        "Attribute Authority WSDL URI must be a valid string"
115       
116        self.__uri = uri
117       
118    uri = property(fset=__setURI, doc="Set Attribute Authority WSDL URI")
119
120
121    #_________________________________________________________________________
122    def __setSrvCertFilePath(self, srvCertFilePath):
123       
124        if not isinstance(srvCertFilePath, basestring):
125            raise AttAuthorityClientError, \
126                "Attribute Authority public key URI must be a valid string"
127       
128        self.__srvCertFilePath = srvCertFilePath
129       
130    srvCertFilePath = property(fset=__setSrvCertFilePath,
131                              doc="Set Attribute Authority public key URI")
132
133 
134    #_________________________________________________________________________
135    def __setClntCertFilePath(self, clntCertFilePath):
136       
137        if not isinstance(clntCertFilePath, basestring):
138            raise AttAuthorityClientError, \
139                "Client public key file path must be a valid string"
140       
141        self.__clntCertFilePath = clntCertFilePath
142       
143        try:
144            self.__clntCert = open(self.__clntCertFilePath).read()
145           
146        except IOError, (errNo, errMsg):
147            raise AttAuthorityClientError, \
148                    "Reading certificate file \"%s\": %s" % \
149                    (self.__clntCertFilePath, errMsg)
150                               
151        except Exception, e:
152            raise AttAuthorityClientError, \
153                                    "Reading certificate file \"%s\": %s" % \
154                                    (self.__clntCertFilePath, str(e))
155       
156    clntCertFilePath = property(fset=__setClntCertFilePath,
157                                doc="File path for client public key")
158
159 
160    #_________________________________________________________________________
161    def __setClntPriKeyFilePath(self, clntPriKeyFilePath):
162       
163        if not isinstance(clntPriKeyFilePath, basestring):
164            raise AttAuthorityClientError(\
165                "Client public key file path must be a valid string")
166       
167        self.__clntPriKeyFilePath = clntPriKeyFilePath
168       
169    clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,
170                                  doc="File path for client private key")
171
172 
173    #_________________________________________________________________________
174    def __setClntPriKeyPwd(self, clntPriKeyPwd):
175       
176        if not isinstance(clntPriKeyPwd, basestring):
177            raise SessionMgrClientError, \
178                        "Client private key password must be a valid string"
179       
180        self.__clntPriKeyPwd = clntPriKeyPwd
181       
182    clntPriKeyPwd = property(fset=__setClntPriKeyPwd,
183                         doc="Password protecting client private key file")
184
185    #_________________________________________________________________________
186    def __getSrvCert(self):
187        """Retrieve the public key from the URI"""
188       
189        # Don't proceed unless URI was set - user may have set public key via
190        # srvCertFilePath instead
191        if self.__srvCertFilePath is not None:
192            return
193               
194        try:
195            self.__srvCertTempFile = tempfile.NamedTemporaryFile()
196           
197            cert = self.getX509Cert()
198            open(self.__srvCertTempFile.name, "w").write(cert)
199           
200            self.__srvCertFilePath = self.__srvCertTempFile.name
201           
202        except IOError, (errNo, errMsg):
203            raise AttAuthorityClientError, \
204                                "Writing public key to temp \"%s\": %s" % \
205                                (self.__srvCertTempFile.name, errMsg)                                                                     
206        except Exception, e:
207            raise AttAuthorityClientError, "Retrieving Attribute Authority "+\
208                                          "public key: %s" % str(e)
209   
210       
211    #_________________________________________________________________________
212    def initService(self, uri=None):
213        """Set the WS proxy for the Attribute Authority"""
214        if uri:
215            self.__setURI(uri)
216
217        # WS-Security Signature handler object is passed to binding
218        signatureHandler = SignatureHandler(\
219                                    certFilePath=self.__smCertFilePath,
220                                    priKeyFilePath=self.__clntPriKeyFilePath,
221                                    priKeyPwd=self.__clntPriKeyPwd)
222
223        try:
224            locator = AttAuthorityServiceLocator()
225            self.__srv = locator.getAttAuthority(self.__uri, 
226                                                 tracefile=self.__tracefile)
227        except HTTPResponse, e:
228            raise AttAuthorityClientError, \
229                "Error initialising WSDL Service for \"%s\": %s %s" % \
230                (self.__uri, e.status, e.reason)
231           
232        except Exception, e:
233            raise AttAuthorityClientError, \
234                "Initialising WSDL Service for \"%s\": %s" % \
235                 (self.__uri, str(e))
236
237                                   
238    #_________________________________________________________________________
239    def getHostInfo(self, clntPriKeyPwd=None):
240        """Get host information for the data provider which the
241        Attribute Authority represents
242       
243        """
244
245        # If Public key was not set, retrieve from server
246        self.__getSrvX509Cert()
247           
248        try:   
249            resp = self.__srv.getHostInfo()
250
251        except Exception, e:
252            raise AttAuthorityClientError, "Error: " + str(e)
253
254        return resp
255
256                                   
257    #_________________________________________________________________________
258    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
259        """Get list of trusted hosts for an Attribute Authority
260       
261        """
262
263        # If Public key was not set, retrieve from server
264        self.__getSrvX509Cert()
265           
266        try:   
267            # Pass encrypted request
268            resp = self.__srv.getTrustedHostInfo(role)
269
270        except Exception, e:
271            raise AttAuthorityClientError, "Error: " + str(e)
272
273        return resp
274   
275
276    #_________________________________________________________________________
277    def getAttCert(self, 
278                   proxyCert, 
279                   userAttCert=None, 
280                   clntPriKeyPwd=None):
281        """Request attribute certificate from NDG Attribute Authority Web
282        Service."""
283
284
285        # If Public key was not set, retrieve from server
286        self.__getSrvX509Cert()
287
288
289        try:   
290            resp = self.__srv.getAttCert(proxyCert)
291                                     
292        except Exception, e:
293            raise AttAuthorityClientError, "Error: " + str(e)
294           
295        return resp
296
297                                   
298    #_________________________________________________________________________
299    def getX509Cert(self):
300        """Retrieve the public key of the Attribute Authority"""
301       
302        try:   
303            cert = self.__srv.getX509Cert()               
304            return cert
305       
306        except Exception, e:
307            raise AttAuthorityClientError, \
308                                    "Error retrieving public key: " + str(e) 
Note: See TracBrowser for help on using the repository browser.