source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac @ 2181

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac@2181
Revision 2181, 4.3 KB checked in by pjkersha, 13 years ago (diff)

Updates to SysV init scripts for use with Twisted

python/ndgSetup.sh:

  • Removed NDG_*_PROT_NUM environment variables - port number is now set in the respective

properties files for the services.

  • Added NDGSEC_*_PROPFILEPATH environment variables used to override default

$NDG_DIR/conf location for properties files.

python/share/ndg-aa, python/share/ndg-sm, python/share/ndg-ca, python/share/ndg-log and
python/share/ndg-gk:
SysV init scripts for the respective security services. At this stage, only ndg-aa, the
Attribute Authority script has been tested. The others merely contain a copy of ndg-aa
with the relevant variable settings altered in each case.

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
Include full path for import of AttAuthorityService?.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Correction to readProperties missingKeys actually refers to invalidKeys.

python/ndg.security.server/ndg/security/server/AttAuthority/start-container.sh:
Altered so that it tries to pick up the installed path under site-packages/ for the
tac file server-config.tac.

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
cosmetic correction to indent.

python/bin/AttAuthorityServer.py, python/bin/LogServer.py, python/bin/SessionMgrServer.py,
python/bin/GatekeeperServer.py and python/bin/SimpleCAServer.py:
NDG Alpha and post-Alpha scripts to start security web services. These are based on use
of python's native HTTP server code and so are redundant for the new Twisted based code.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Attribute Authority web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 17/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from ndg.security.server.AttAuthority.AttAuthority_services_server import \
24        AttAuthorityService
25
26from ndg.security.server.AttAuthority import AttAuthority, \
27        AttAuthorityAccessDenied
28       
29from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
30        WSSecurityHandler, SignatureHandler
31
32from ndg.security.common.X509 import X509Cert, X509CertRead
33
34
35class AttAuthorityServiceSub(AttAuthorityService, WSResource):
36
37    # Add WS-Security handlers
38    factory = WSSecurityHandlerChainFactory
39
40    def __init__(self):
41        WSResource.__init__(self)
42         
43        # Initialize Attribute Authority class - property file will be
44        # picked up from default location under $NDG_DIR directory
45        self.aa = AttAuthority()
46
47
48    def soap_getAttCert(self, ps, **kw):
49        request, response = AttAuthorityService.soap_getAttCert(self, ps)
50       
51        # Get certificate corresponding to private key that signed the
52        # message - i.e. the user's proxy
53        holderCert = WSSecurityHandler.signatureHandler.verifyingCert
54       
55        try:   
56                attCert = self.aa.getAttCert(userId=request.UserId,
57                                                                         holderCert=holderCert,
58                                                                         userAttCert=request.UserAttCert)                                                         
59                response.AttCert = attCert.toString()
60               
61        except AttAuthorityAccessDenied, e:
62                        response.Msg = str(e)
63                       
64        return request, response
65
66
67    def soap_getHostInfo(self, ps, **kw):
68        request, response = AttAuthorityService.soap_getHostInfo(self, ps)
69       
70        response.Hostname = srv.aa.hostInfo.keys()[0]
71        response.LoginURI = srv.aa.hostInfo[response.Hostname]['loginURI']
72        response.AaURI = srv.aa.hostInfo[response.Hostname]['aaURI']
73
74        return request, response
75
76
77    def soap_getTrustedHostInfo(self, ps, **kw):
78        request, response = \
79                                        AttAuthorityService.soap_getTrustedHostInfo(self, ps)
80       
81        trustedHostInfo = srv.aa.getTrustedHostInfo(role=request.Role)
82
83                # Convert ready for serialization
84        trustedHosts = []
85        for hostname, hostInfo in trustedHostInfo.items():
86                        trustedHost = response.new_trustedHosts()
87                       
88                        trustedHost.Hostname = hostname
89                        trustedHost.AaURI = hostInfo['aaURI']
90                        trustedHost.LoginURI = hostInfo['loginURI']
91                        trustedHost.RoleList = hostInfo['role']
92                       
93                        trustedHosts.append(trustedHost)
94                       
95        response.TrustedHosts = trustedHosts
96               
97        return request, response
98
99
100    def soap_getX509Cert(self, ps, **kw):
101        request, response = AttAuthorityService.soap_getX509Cert(self, ps)
102       
103        x509Cert = X509CertRead(srv.aa['certFile'])
104        response.X509Cert = x509Cert.toString()
105        return request, response
106
107
108root = Resource()
109
110# Create Service
111srv = AttAuthorityServiceSub()
112
113
114# Initialise WS-Security signature handler passing Attribute Authority
115# public and private keys
116WSSecurityHandler.signatureHandler = SignatureHandler(\
117                                                                verifyingCertFilePath=srv.aa['clntCertFile'],
118                                signingCertFilePath=srv.aa['certFile'],
119                                signingPriKeyFilePath=srv.aa['keyFile'],
120                                signingPriKeyPwd=srv.aa['keyPwd'])
121
122# Add Service to Attribute Authority branch
123root.putChild('AttributeAuthority', srv)
124siteFactory = Site(root)
125
126if srv.aa['useSSL']:
127        # Use SSL connection
128        from twisted.internet import ssl
129       
130        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
131        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.aa['sslKeyFile'], 
132                                                                                                  srv.aa['sslCertFile'])
133        port = internet.SSLServer(srv.aa['portNum'], siteFactory, ctxFactory)
134else:   
135        # Non-SSL
136        port = internet.TCPServer(srv.aa['portNum'], siteFactory)
137
138application = service.Application("AttributeAuthorityContainer")
139port.setServiceParent(application)
140       
Note: See TracBrowser for help on using the repository browser.