source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthorityClient/__init__.py @ 1724

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthorityClient/__init__.py@1724
Revision 1724, 10.3 KB checked in by pjkersha, 14 years ago (diff)

Setting up client, server and unit tests for Attribute Authority.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority client - client interface classes to the
3Attribute Authority.  These have been separated from their
4original location in the SecurityClient since they have the
5unusual place of being required by both client and server
6NDG security packages.  For the server side they are required
7as the CredWallet invoked by the Session Manager acts as a
8client to Attribute Authorities when negotiating the required
9Attribute Certificate.
10
11Make requests for Attribute Certificates used for authorisation
12
13NERC Data Grid Project
14
15P J Kershaw 17/11/06
16
17Copyright (C) 2006 CCLRC & NERC
18
19This software may be distributed under the terms of the Q Public License,
20version 1.0 or later.
21"""
22from AttAuthority_services import AttAuthorityServiceLocator
23
24
25#_____________________________________________________________________________
26class AttAuthorityClientError(Exception):
27    """Exception handling for AttribuSessionthorityClient class"""
28    pass
29
30
31#_____________________________________________________________________________
32class AttAuthorityClient(object):
33   
34    #_________________________________________________________________________
35    def __init__(self, 
36                 wsdl=None, 
37                 aaPubKeyFilePath=None,
38                 clntPubKeyFilePath=None,
39                 clntPriKeyFilePath=None,
40                 traceFile=None):
41        """
42        wsdl:                    WSDL URI for Attribute Authority WS.  Setting
43                                 it will set the Service Proxy
44        aaPubKeyFilePath:        Public key of Attribute Authority used to
45                                 encrypt the outgoing message if required -
46                                 set as a path on the local file system or as
47                                 a URI
48        clntPubKeyFilePath:      Public key of client.  This is passed to the
49                                 Attribute Authority so that it can encrypt
50                                 responses.  WARNING: if not set, responses
51                                 are returned as clear text
52        clntPriKeyFilePath:      Private key of client.  If clntPubKeyFilePath
53                                 is set, the private key is needed to decrypt
54                                 the response from the Attribute Authority
55        traceFile:               set to file object such as sys.stderr to
56                                 give extra WS debug information"""
57
58        self.__srv = None
59        self.__wsdl = None
60        self.__aaPubKeyFilePath = None
61        self.__aaPubKeyFilePath = None
62        self.__clntPubKeyFilePath = None
63        self.__clntPubKey = None
64        self.__clntPriKeyFilePath = None
65       
66        self.__aaPubKeyTempFile = None
67       
68       
69        if wsdl:
70            self.__setWSDL(wsdl)
71           
72        if aaPubKeyFilePath:
73            self.__setAApubKeyFilePath(aaPubKeyFilePath)
74           
75        if clntPriKeyFilePath:
76            self.__setClntPriKeyFilePath(clntPriKeyFilePath)
77           
78        if clntPubKeyFilePath:
79            if clntPriKeyFilePath is None:
80                raise AttAuthorityClientError, \
81                    "A Client private key file is required as well a " + \
82                    "public key"
83                   
84            self.__setClntPubKeyFilePath(clntPubKeyFilePath)
85
86           
87        self.__traceFile = traceFile
88
89         
90        # Instantiate Attribute Authority WS proxy
91        if self.__wsdl:
92            self.initService()
93       
94
95    #_________________________________________________________________________
96    def __setWSDL(self, wsdl):
97       
98        if not isinstance(wsdl, basestring):
99            raise AttAuthorityClientError, \
100                        "Attribute Authority WSDL URI must be a valid string"
101       
102        self.__wsdl = wsdl
103       
104    wsdl = property(fset=__setWSDL,doc="Set Attribute Authority WSDL URI")
105
106
107    #_________________________________________________________________________
108    def __setAApubKeyFilePath(self, aaPubKeyFilePath):
109       
110        if not isinstance(aaPubKeyFilePath, basestring):
111            raise AttAuthorityClientError, \
112                "Attribute Authority public key URI must be a valid string"
113       
114        self.__aaPubKeyFilePath = aaPubKeyFilePath
115       
116    aaPubKeyFilePath = property(fset=__setAApubKeyFilePath,
117                                doc="Set Attribute Authority public key URI")
118
119 
120    #_________________________________________________________________________
121    def __setClntPubKeyFilePath(self, clntPubKeyFilePath):
122       
123        if not isinstance(clntPubKeyFilePath, basestring):
124            raise AttAuthorityClientError(\
125                "Client public key file path must be a valid string")
126       
127        self.__clntPubKeyFilePath = clntPubKeyFilePath
128        try:
129            self.__clntPubKey = open(self.__clntPubKeyFilePath).read()
130           
131        except IOError, (errNo, errMsg):
132            raise AttAuthorityClientError(\
133                    "Reading certificate file \"%s\": %s" % \
134                    (self.__clntPubKeyFilePath, errMsg))
135                               
136        except Exception, e:
137            raise AttAuthorityClientError, \
138                                    "Reading certificate file \"%s\": %s" % \
139                                    (self.__clntPubKeyFilePath, str(e))
140       
141    clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath,
142                                  doc="File path for client public key")
143
144 
145    #_________________________________________________________________________
146    def __setClntPriKeyFilePath(self, clntPriKeyFilePath):
147       
148        if not isinstance(clntPriKeyFilePath, basestring):
149            raise AttAuthorityClientError(\
150                "Client public key file path must be a valid string")
151       
152        self.__clntPriKeyFilePath = clntPriKeyFilePath
153       
154    clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,
155                                  doc="File path for client private key")
156
157
158    #_________________________________________________________________________
159    def __getAttAuthorityPubKey(self):
160        """Retrieve the public key from the URI"""
161       
162        # Don't proceed unless URI was set - user may have set public key via
163        # aaPubKeyFilePath instead
164        if self.__aaPubKeyFilePath is not None:
165            return
166               
167        try:
168            self.__aaPubKeyTempFile = tempfile.NamedTemporaryFile()
169           
170            pubKey = self.getPubKey()
171            open(self.__aaPubKeyTempFile.name, "w").write(pubKey)
172           
173            self.__aaPubKeyFilePath = self.__aaPubKeyTempFile.name
174           
175        except IOError, (errNo, errMsg):
176            raise AttAuthorityClientError, \
177                                "Writing public key to temp \"%s\": %s" % \
178                                (self.__aaPubKeyTempFile.name, errMsg)                                                                     
179        except Exception, e:
180            raise AttAuthorityClientError, "Retrieving Attribute Authority "+\
181                                          "public key: %s" % str(e)
182   
183       
184    #_________________________________________________________________________
185    def initService(self, wsdl=None):
186        """Set the WS proxy for the Attribute Authority"""
187        if wsdl:
188            self.__setWSDL(wsdl)
189
190        try:
191            locator = AttAuthorityServiceLocator()
192            self.__srv = locator.getAttAuthority(self.__wsdl, 
193                                                 tracefile=self.__traceFile)
194        except HTTPResponse, e:
195            raise AttAuthorityClientError, \
196            "Error initialising WSDL Service for \"%s\": %s %s" % \
197                (self.__wsdl, e.status, e.reason)
198           
199        except Exception, e:
200            raise AttAuthorityClientError, \
201                "Initialising WSDL Service for \"%s\": %s" % \
202                 (self.__wsdl, str(e))
203
204                                   
205    #_________________________________________________________________________
206    def getHostInfo(self, clntPriKeyPwd=None):
207        """Get host information for the data provider which the
208        Attribute Authority represents
209       
210        """
211
212        # If Public key was not set, retrieve from server
213        self.__getAttAuthorityPubKey()
214           
215        try:   
216            resp = self.__srv.getHostInfo()
217
218        except Exception, e:
219            raise AttAuthorityClientError, "Error: " + str(e)
220
221        return resp
222
223                                   
224    #_________________________________________________________________________
225    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
226        """Get list of trusted hosts for an Attribute Authority
227       
228        """
229
230        # If Public key was not set, retrieve from server
231        self.__getAttAuthorityPubKey()
232           
233        try:   
234            # Pass encrypted request
235            resp = self.__srv.getTrustedHostInfo(role)
236
237        except Exception, e:
238            raise AttAuthorityClientError, "Error: " + str(e)
239
240        return resp
241   
242
243    #_________________________________________________________________________
244    def getAttCert(self, 
245                   proxyCert, 
246                   userAttCert=None, 
247                   clntPriKeyPwd=None):
248        """Request attribute certificate from NDG Attribute Authority Web
249        Service."""
250
251
252        # If Public key was not set, retrieve from server
253        self.__getAttAuthorityPubKey()
254
255
256        try:   
257            resp = self.__srv.getAttCert(proxyCert)
258                                     
259        except Exception, e:
260            raise AttAuthorityClientError, "Error: " + str(e)
261           
262        if resp['statCode'] == resp.accessError:
263            raise AttAuthorityClientError, resp['errMsg']
264       
265        return resp
266
267                                   
268    #_________________________________________________________________________
269    def getPubKey(self):
270        """Retrieve the public key of the Attribute Authority"""
271       
272        try:   
273            pubKey = self.__srv.getPubKey()               
274            return pubKey
275       
276        except Exception, e:
277            raise AttAuthorityClientError, \
278                                    "Error retrieving public key: " + str(e) 
Note: See TracBrowser for help on using the repository browser.