source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac @ 2136

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac@2136
Revision 2136, 4.2 KB checked in by pjkersha, 12 years ago (diff)

python/ndg.security.server/setup.py:

  • comment out Twisted from install - won't do egg install
  • updated long description

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • added verifyingCertFilePath keyword to SignatureHandler? initialisation
  • added SSL capability

python/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
added element names for reading SSL settings from properties file.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
added verifyingCertFilePath keyword to SignatureHandler? initialisation

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
python/ndg.security.server/ndg/security/server/SessionMgr/init.py:
added clntCertFile properties file element name for setting certificate for
verifying incoming SOAP messages.

python/ndg.security.server/ndg/security/server/SessionMgr/Makefile:
corrected typo.

python/ndg.security.server/ndg/security/server/MyProxy.py:
Put OpenSSLConfig and OpenSSLConfigError classes into their own package
'openssl' so that they can also be used by the Certificate Authority client.

python/www/html/certificateAuthority.wsdl,
python/ndg.security.server/ndg/security/server/ca/CertificateAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services.py: updated operations to issueCert, revokeCert and getCRL.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: changed address of service to connect to.

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
alternative username connection settings

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
fixed typos in error message and comments.

ython/ndg.security.common/ndg/security/common/XMLSec.py: changed call to
getAttributeNodeNS to getAttributeNode for retrieving reference element URI
attribute.

python/ndg.security.common/ndg/security/common/ca/init.py: code for
Certificate Authority client

python/ndg.security.common/ndg/security/common/wsSecurity.py:

  • tidied up imports
  • added properties for setting keywords to reference and SignedInfo? C14N
  • changed sign method so that it is truely configurable allow use of inclusive or exclusive C14N based on the keywords set for reference and SignedInfo? C14N calls.
  • swapped calls to getAttributeNodeNS with getAttributeNode where appropriate.

java/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/AttAuthority/build/classes/META-INF/ibm-webservicesclient-bnd.xmi:
updated to that request generator correctly places X.509 cert in
BinarySecurityToken? element.

java/DEWS/AttAuthority/appClientModule/Main.java,
java/DEWS/AttAuthority/appClientjava/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmiModule/Main.java:
include calls to getX509Cert and getAttCert methods.

java/DEWS/SessionMgr/build/classes/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/SessionMgr/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi:
updates for testing Session MAnager client

java/DEWS/SessionMgr/appClientModule/Main.java: switched username setting.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Attribute Authority web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 17/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from AttAuthority_services_server import AttAuthorityService
24
25from ndg.security.server.AttAuthority import AttAuthority, \
26        AttAuthorityAccessDenied
27       
28from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
29        WSSecurityHandler, SignatureHandler
30
31from ndg.security.common.X509 import X509Cert, X509CertRead
32
33
34class AttAuthorityServiceSub(AttAuthorityService, WSResource):
35
36    # Add WS-Security handlers
37    factory = WSSecurityHandlerChainFactory
38
39    def __init__(self):
40        WSResource.__init__(self)
41         
42        # Initialize Attribute Authority class - property file will be
43        # picked up from default location under $NDG_DIR directory
44        self.aa = AttAuthority()
45
46
47    def soap_getAttCert(self, ps, **kw):
48        request, response = AttAuthorityService.soap_getAttCert(self, ps)
49       
50        # Get certificate corresponding to private key that signed the
51        # message - i.e. the user's proxy
52        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
53       
54        try:   
55                attCert = self.aa.getAttCert(proxyCert=proxyCert,
56                                                                         userAttCert=request.UserAttCert)                                                         
57                response.AttCert = attCert.toString()
58               
59        except AttAuthorityAccessDenied, e:
60                        response.Msg = str(e)
61                       
62        return request, response
63
64
65    def soap_getHostInfo(self, ps, **kw):
66        request, response = AttAuthorityService.soap_getHostInfo(self, ps)
67       
68        response.Hostname = srv.aa.hostInfo.keys()[0]
69        response.LoginURI = srv.aa.hostInfo[response.Hostname]['loginURI']
70        response.AaURI = srv.aa.hostInfo[response.Hostname]['aaURI']
71
72        return request, response
73
74
75    def soap_getTrustedHostInfo(self, ps, **kw):
76        request, response = \
77                                        AttAuthorityService.soap_getTrustedHostInfo(self, ps)
78       
79        trustedHostInfo = srv.aa.getTrustedHostInfo(role=request.Role)
80
81                # Convert ready for serialization
82        trustedHosts = []
83        for hostname, hostInfo in trustedHostInfo.items():
84                        trustedHost = response.new_trustedHosts()
85                       
86                        trustedHost.Hostname = hostname
87                        trustedHost.AaURI = hostInfo['aaURI']
88                        trustedHost.LoginURI = hostInfo['loginURI']
89                        trustedHost.RoleList = hostInfo['role']
90                       
91                        trustedHosts.append(trustedHost)
92                       
93        response.TrustedHosts = trustedHosts
94               
95        return request, response
96
97
98    def soap_getX509Cert(self, ps, **kw):
99        request, response = AttAuthorityService.soap_getX509Cert(self, ps)
100       
101        x509Cert = X509CertRead(srv.aa['certFile'])
102        response.X509Cert = x509Cert.toString()
103        return request, response
104
105
106root = Resource()
107
108# Create Service
109srv = AttAuthorityServiceSub()
110
111
112# Initialise WS-Security signature handler passing Attribute Authority
113# public and private keys
114WSSecurityHandler.signatureHandler = SignatureHandler(\
115                                                                verifyingCertFilePath=srv.aa['clntCertFile'],
116                                signingCertFilePath=srv.aa['certFile'],
117                                signingPriKeyFilePath=srv.aa['keyFile'],
118                                signingPriKeyPwd=srv.aa['keyPwd'])
119
120# Add Service to Attribute Authority branch
121root.putChild('AttributeAuthority', srv)
122siteFactory = Site(root)
123
124if srv.aa['useSSL']:
125        # Use SSL connection
126        from twisted.internet import ssl
127       
128        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
129        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.aa['sslKeyFile'], 
130                                                                                                  srv.aa['sslCertFile'])
131        port = internet.SSLServer(srv.aa['portNum'], siteFactory, ctxFactory)
132else:   
133        # Non-SSL
134        port = internet.TCPServer(srv.aa['portNum'], siteFactory)
135
136application = service.Application("AttributeAuthorityContainer")
137port.setServiceParent(application)
138       
Note: See TracBrowser for help on using the repository browser.