source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac @ 2085

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac@2085
Revision 2085, 3.8 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

python/www/html/attAuthority.wsdl,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py:
Include request denied message in getAttCertResponse.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
fix to AttAuthorityAccessDenied? doc message.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
Exlpicitly convert AttCert? in response to string type.

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • make explicit imports from ndg.security.common.CredWallet?
  • make X509CertParse import
  • updated exception handling for getAttCert call to CredWallet?.

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:
Remove statusCode from getAttCertResponse - not needed.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:
minor updates to getAttCert tests.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
fix to test1Store settings

python/ndg.security.test/ndg/security/test/MyProxy/Makefile:
makefile copies proxy obtained from MyProxy? ready for use in AttAuthority? client tests.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • add AttributeRequestDenied? import from SessionMgr?.
  • fix test4CookieDisconnect signing PKI settings
  • revised output tuple for getAttCert calls.
  • Added test6aCookieGetAttCertRefused to demonstrate attribute request denied exception
  • test3ProxyCertConnect signature verification failing at server!

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
added more getAttCert test params.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:

python/ndg.security.common/ndg/security/common/wsSecurity.py:
comment out all print statements - only 'print decryptedData' affected in decrypt method
of EncryptionHandler?. This is not in use.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • Added AttributeRequestDenied? exception for handling getAttCert calls.
  • msg now included in output tuple for getAttCert call.

python/ndg.security.common/ndg/security/common/AttCert.py:
Override XMLSecDoc parent class toString and str calls so that output is returned even
if the signature DOM object has not been initialised.

python/ndg.security.common/ndg/security/common/CredWallet.py:

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Attribute Authority web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 17/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from AttAuthority_services_server import AttAuthorityService
24
25from ndg.security.server.AttAuthority import AttAuthority, \
26        AttAuthorityAccessDenied
27       
28from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
29        WSSecurityHandler, SignatureHandler
30
31from ndg.security.common.X509 import X509Cert, X509CertRead
32
33
34class AttAuthorityServiceSub(AttAuthorityService, WSResource):
35
36    # Add WS-Security handlers
37    factory = WSSecurityHandlerChainFactory
38
39    def __init__(self):
40        WSResource.__init__(self)
41         
42        # Initialize Attribute Authority class - property file will be
43        # picked up from default location under $NDG_DIR directory
44        self.aa = AttAuthority()
45
46
47    def soap_getAttCert(self, ps, **kw):
48        request, response = AttAuthorityService.soap_getAttCert(self, ps)
49       
50        # Get certificate corresponding to private key that signed the
51        # message - i.e. the user's proxy
52        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
53       
54        try:   
55                attCert = self.aa.getAttCert(proxyCert=proxyCert,
56                                                                         userAttCert=request.UserAttCert)                                                         
57                response.AttCert = attCert.toString()
58               
59        except AttAuthorityAccessDenied, e:
60                        response.Msg = str(e)
61                       
62        return request, response
63
64
65    def soap_getHostInfo(self, ps, **kw):
66        request, response = AttAuthorityService.soap_getHostInfo(self, ps)
67       
68        response.Hostname = aaSrv.aa.hostInfo.keys()[0]
69        response.LoginURI = aaSrv.aa.hostInfo[response.Hostname]['loginURI']
70        response.AaURI = aaSrv.aa.hostInfo[response.Hostname]['aaURI']
71
72        return request, response
73
74
75    def soap_getTrustedHostInfo(self, ps, **kw):
76        request, response = \
77                                        AttAuthorityService.soap_getTrustedHostInfo(self, ps)
78       
79        trustedHostInfo = aaSrv.aa.getTrustedHostInfo(role=request.Role)
80
81                # Convert ready for serialization
82        trustedHosts = []
83        for hostname, hostInfo in trustedHostInfo.items():
84                        trustedHost = response.new_trustedHosts()
85                       
86                        trustedHost.Hostname = hostname
87                        trustedHost.AaURI = hostInfo['aaURI']
88                        trustedHost.LoginURI = hostInfo['loginURI']
89                        trustedHost.RoleList = hostInfo['role']
90                       
91                        trustedHosts.append(trustedHost)
92                       
93        response.TrustedHosts = trustedHosts
94               
95        return request, response
96
97
98    def soap_getX509Cert(self, ps, **kw):
99        request, response = AttAuthorityService.soap_getX509Cert(self, ps)
100       
101        x509Cert = X509CertRead(aaSrv.aa['certFile'])
102        response.X509Cert = x509Cert.toString()
103        return request, response
104
105
106root = Resource()
107
108# Create Service
109aaSrv = AttAuthorityServiceSub()
110
111
112# Initialise WS-Security signature handler passing Attribute Authority
113# public and private keys
114WSSecurityHandler.signatureHandler = SignatureHandler(\
115                                    signingCertFilePath=aaSrv.aa['certFile'],
116                                    signingPriKeyFilePath=aaSrv.aa['keyFile'],
117                                    signingPriKeyPwd=aaSrv.aa['keyPwd'])
118
119# Add Service to Attribute Authority branch
120root.putChild('AttributeAuthority', aaSrv)
121siteFactory = Site(root)
122application = service.Application("AttributeAuthorityContainer")
123port = internet.TCPServer(aaSrv.aa['portNum'], siteFactory)
124port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.