source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac @ 2072

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac@2072
Revision 2072, 3.9 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • soap_getAttCert - no need to convert X509 cert object verifyingCert from

WSSecurityHandler.signatureHandler, it now X509Cert type.

  • instantiation of WSSecurityHandler.signatureHandler - updated cert and private key

file path keyword names.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Fixed bug in AttAuthority?.init - readProperties doesn't take filePath keyword.

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • added epydoc keywords to header

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:
updated keywords for call to AttAuthorityClient?.init to use new
WSSecurityHandler.signatureHandler ones.

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg and
python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg: modified
settings.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
AttAuthorityClient? -

  • get rid of PKI keyword settings and set using

WSSecurityHandler.signatureHandler ones directly instead.

  • added signatureHandler property and associated getSignatureHandler method.

python/ndg.security.common/ndg/security/common/XMLSec.py: remove old commented out code
that used dom element getAttributeNodeNS method.

python/ndg.security.common/ndg/security/common/wsSecurity.py: modified SignatureHandler?
so that X.509 cert and private key settings are properties. X.509 certs are handled as
ndg.security.common.X509.X509Cert types.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:

WSSecurityHandler.signatureHandler ones.

  • disconnect input proxyCert renamed userCert. proxyCert will be included in WSSE

header. userCert is the user certificate corresponding to the issuer of the proxy.

python/ndg.security.common/ndg/security/common/X509.py:

  • fixed bug in init so that self.filePath is not part of if filePath indent.
  • added getM2CryptoX509 access method for getM2CryptoX509 property.
  • X509Cert.init call in X509CertRead changed to include filePath keyword explicitly.
Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Attribute Authority web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 17/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from AttAuthority_services_server import AttAuthorityService
24
25from ndg.security.server.AttAuthority import AttAuthority
26from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
27        WSSecurityHandler, SignatureHandler
28
29from ndg.security.common.X509 import X509Cert, X509CertRead
30
31
32class AttAuthorityServiceSub(AttAuthorityService, WSResource):
33
34    # Add WS-Security handlers
35    factory = WSSecurityHandlerChainFactory
36
37    def __init__(self):
38        WSResource.__init__(self)
39         
40        # Initialize Attribute Authority class - property file will be
41        # picked up from default location under $NDG_DIR directory
42        self.aa = AttAuthority()
43
44    def soap_getAttCert(self, ps, **kw):
45        request, response = AttAuthorityService.soap_getAttCert(self, ps)
46       
47        # Get certificate corresponding to private key that signed the
48        # message - i.e. the user's proxy
49        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
50               
51        attCert = self.aa.getAttCert(proxyCert=proxyCert,
52                                                  userAttCert=request.get_element_userAttCert())
53        response.set_element_attCert(attCert)
54        return request, response
55
56    def soap_getHostInfo(self, ps, **kw):
57        request, response = AttAuthorityService.soap_getHostInfo(self, ps)
58       
59        hostname = aaSrv.aa.hostInfo.keys()[0]
60        response.set_element_hostname(hostname)
61        response.set_element_loginURI(aaSrv.aa.hostInfo[hostname]['loginURI'])
62        response.set_element_aaURI(aaSrv.aa.hostInfo[hostname]['aaURI'])
63
64        return request, response
65
66    def soap_getTrustedHostInfo(self, ps, **kw):
67        request, response = \
68                                        AttAuthorityService.soap_getTrustedHostInfo(self, ps)
69       
70        trustedHostInfo = aaSrv.aa.getTrustedHostInfo(\
71                                                                                role=request.get_element_role())
72
73                # Convert ready for serialization
74        trustedHosts = []
75        for hostname, hostInfo in trustedHostInfo.items():
76                        trustedHost = response.new_trustedHosts()
77                       
78                        trustedHost.set_element_hostname(hostname)
79                        trustedHost.set_element_aaURI(hostInfo['aaURI'])
80                        trustedHost.set_element_loginURI(hostInfo['loginURI'])
81                        trustedHost.set_element_roleList(hostInfo['role'])
82                       
83                        trustedHosts.append(trustedHost)
84                       
85        response.set_element_trustedHosts(trustedHosts)
86               
87        return request, response
88
89    def soap_getX509Cert(self, ps, **kw):
90        request, response = AttAuthorityService.soap_getX509Cert(self, ps)
91       
92        x509Cert = X509CertRead(aaSrv.aa['certFile'])
93        response.set_element_x509Cert(x509Cert.toString())
94        return request, response
95
96hostname = socket.gethostname()
97
98root = Resource()
99
100# Create Service
101aaSrv = AttAuthorityServiceSub()
102
103
104# Initialise WS-Security signature handler passing Attribute Authority
105# public and private keys
106WSSecurityHandler.signatureHandler = SignatureHandler(\
107                                    signingCertFilePath=aaSrv.aa['certFile'],
108                                    signingPriKeyFilePath=aaSrv.aa['keyFile'],
109                                    signingPriKeyPwd=aaSrv.aa['keyPwd'])
110
111# Add Service to Attribute Authority branch
112root.putChild('AttributeAuthority', aaSrv)
113siteFactory = Site(root)
114application = service.Application("AttributeAuthorityContainer")
115port = internet.TCPServer(aaSrv.aa['portNum'], siteFactory)
116port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.