source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py @ 2437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py@2437
Revision 2437, 13.0 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • soap_disconnect: added call to SessionMgr?.disconnect, added logic for retrieving ID from cert.

used with WS-Security signature.

  • add code to check for useSignatureHandler config param. If this flag is set, get user ID from

cert in WS-Security header

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
ndg.security.server/ndg/security/server/SessionMgr/init.py: added "useSignatureHandler" parameter
to properties file elements.

www/html/sessionMgr.wsdl,
ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py: removed userCert
argument. - This is not needed as cert chain can be passed in by setting #X509PKIPathv1 for
BinarySecurityToken?.

ndg.security.client/ndg/security/client/ndgSessionClient.py: started on updates from alpha version -
--req-autho flag is now --req-attr

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg: added more tests for signature
verification tests.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: removed userCert arg from
disconnect call. It's passed in the signature in the WS-Security header.

ndg.security.common/ndg/security/common/XMLSec.py: fixed bug in applyEnvelopedSignature - removed
incorrect strip call from digest calc:

calcSignedInfoDigestValue = sha(signedInfoC14n).digest()#.strip()


ndg.security.common/ndg/security/common/SessionMgr/init.py: Session Manager client code -
remove refs to "userCert" for disconnect and connect calls. It's passed in the WS-Security header
instead.

ndg.security.common/ndg/security/common/wsSecurity.py: comment - query whitespace strip in
extraction of calculated signature value from message "b64EncSignatureValue".

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1##################################################
2# SessionMgr_services_server.py
3#      Generated by ZSI.generate.wsdl2dispatch.DelAuthServiceModuleWriter
4#
5##################################################
6
7from ndg.security.common.SessionMgr.SessionMgr_services import *
8from ZSI.ServiceContainer import ServiceSOAPBinding
9
10class SessionMgrService(ServiceSOAPBinding):
11    soapAction = {}
12    root = {}
13    _wsdl = """<?xml version=\"1.0\" ?>
14<wsdl:definitions name=\"SessionMgr\" targetNamespace=\"urn:ndg:security:sessionMgr\" xmlns=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:http=\"http://schemas.xmlsoap.org/wsdl/http/\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"urn:ndg:security:sessionMgr\" xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">
15
16  <wsdl:types>
17    <xsd:schema targetNamespace=\"urn:ndg:security:sessionMgr\">
18      <xsd:element name=\"addUser\">
19        <xsd:complexType>
20          <xsd:sequence>
21            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"username\" type=\"xsd:string\"/>
22            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"passphrase\" type=\"xsd:string\"/>
23          </xsd:sequence>
24        </xsd:complexType>
25      </xsd:element>
26     
27      <xsd:element name=\"addUserResponse\">
28        <xsd:complexType/>
29      </xsd:element>
30
31      <xsd:element name=\"connect\">
32        <xsd:complexType>
33          <xsd:sequence>
34            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"username\" type=\"xsd:string\"/>
35            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"passphrase\" type=\"xsd:string\"/>
36                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"createServerSess\" type=\"xsd:boolean\"/>
37                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"getCookie\" type=\"xsd:boolean\"/>
38          </xsd:sequence>
39        </xsd:complexType>
40      </xsd:element>
41     
42      <xsd:element name=\"connectResponse\">
43        <xsd:complexType>
44                  <xsd:sequence>
45                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyCert\" type=\"xsd:string\"/>
46                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyPriKey\" type=\"xsd:string\"/>
47                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userCert\" type=\"xsd:string\"/>
48                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"cookie\" type=\"xsd:string\"/>
49                  </xsd:sequence>
50                </xsd:complexType>
51      </xsd:element>
52
53      <xsd:element name=\"disconnect\">
54        <xsd:complexType>
55                  <xsd:sequence>
56                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
57                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"encrSessionMgrURI\" type=\"xsd:string\"/>
58                  </xsd:sequence>
59                </xsd:complexType>
60      </xsd:element>
61
62      <xsd:element name=\"disconnectResponse\">
63        <xsd:complexType/>
64      </xsd:element>
65           
66      <xsd:element name=\"getAttCert\">
67        <xsd:complexType>
68                  <xsd:sequence>
69                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/>
70                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
71                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"encrSessionMgrURI\" type=\"xsd:string\"/>
72                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"attAuthorityURI\" type=\"xsd:string\"/>
73                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attAuthorityCert\" type=\"xsd:string\"/>
74                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"reqRole\" type=\"xsd:string\"/>
75                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"mapFromTrustedHosts\" type=\"xsd:boolean\"/>
76                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"rtnExtAttCertList\" type=\"xsd:boolean\"/>
77                        <xsd:element maxOccurs=\"unbounded\" minOccurs=\"0\" name=\"extAttCert\" type=\"xsd:string\"/>
78                        <xsd:element maxOccurs=\"unbounded\" minOccurs=\"0\" name=\"extTrustedHost\" type=\"xsd:string\"/>
79                  </xsd:sequence>
80                </xsd:complexType>
81      </xsd:element>
82     
83      <xsd:element name=\"getAttCertResponse\">
84        <xsd:complexType>
85              <xsd:sequence>
86                <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attCert\" type=\"xsd:string\"/>
87                <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"msg\" type=\"xsd:string\"/>
88                        <xsd:element maxOccurs=\"unbounded\" minOccurs=\"0\" name=\"extAttCertOut\" type=\"xsd:string\"/>
89              </xsd:sequence>
90            </xsd:complexType>
91      </xsd:element>
92
93      <xsd:element name=\"getX509Cert\">
94        <xsd:complexType/>
95      </xsd:element>
96     
97      <xsd:element name=\"getX509CertResponse\">
98        <xsd:complexType>
99                  <xsd:sequence>
100                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"x509Cert\" type=\"xsd:string\"/>
101                  </xsd:sequence>
102                </xsd:complexType>
103      </xsd:element>
104
105    </xsd:schema>
106  </wsdl:types>
107 
108  <wsdl:message name=\"addUserInputMsg\">
109    <wsdl:part element=\"tns:addUser\" name=\"parameters\"/>
110  </wsdl:message>
111
112  <wsdl:message name=\"addUserOutputMsg\">
113    <wsdl:part element=\"tns:addUserResponse\" name=\"parameters\"/>
114  </wsdl:message>
115 
116  <wsdl:message name=\"connectInputMsg\">
117    <wsdl:part element=\"tns:connect\" name=\"parameters\"/>
118  </wsdl:message>
119
120  <wsdl:message name=\"connectOutputMsg\">
121    <wsdl:part element=\"tns:connectResponse\" name=\"parameters\"/>
122  </wsdl:message>
123 
124  <wsdl:message name=\"disconnectInputMsg\">
125    <wsdl:part element=\"tns:disconnect\" name=\"parameters\"/>
126  </wsdl:message>
127
128  <wsdl:message name=\"disconnectOutputMsg\">
129    <wsdl:part element=\"tns:disconnectResponse\" name=\"parameters\"/>
130  </wsdl:message>
131
132  <wsdl:message name=\"getAttCertInputMsg\">
133    <wsdl:part element=\"tns:getAttCert\" name=\"parameters\"/>
134  </wsdl:message>
135
136  <wsdl:message name=\"getAttCertOutputMsg\">
137    <wsdl:part element=\"tns:getAttCertResponse\" name=\"parameters\"/>
138  </wsdl:message>
139
140  <wsdl:message name=\"getX509CertInputMsg\">
141    <wsdl:part element=\"tns:getX509Cert\" name=\"parameters\"/>
142  </wsdl:message>
143
144  <wsdl:message name=\"getX509CertOutputMsg\">
145    <wsdl:part element=\"tns:getX509CertResponse\" name=\"parameters\"/>
146  </wsdl:message>
147
148  <wsdl:portType name=\"SessionMgr\">
149    <wsdl:operation name=\"addUser\">
150      <wsdl:input message=\"tns:addUserInputMsg\"/>
151      <wsdl:output message=\"tns:addUserOutputMsg\"/>
152    </wsdl:operation>
153
154    <wsdl:operation name=\"connect\">
155      <wsdl:input message=\"tns:connectInputMsg\"/>
156      <wsdl:output message=\"tns:connectOutputMsg\"/>
157    </wsdl:operation>
158
159    <wsdl:operation name=\"disconnect\">
160      <wsdl:input message=\"tns:disconnectInputMsg\"/>
161      <wsdl:output message=\"tns:disconnectOutputMsg\"/>
162    </wsdl:operation>
163
164    <wsdl:operation name=\"getAttCert\">
165      <wsdl:input message=\"tns:getAttCertInputMsg\"/>
166      <wsdl:output message=\"tns:getAttCertOutputMsg\"/>
167    </wsdl:operation>
168
169    <wsdl:operation name=\"getX509Cert\">
170      <wsdl:input message=\"tns:getX509CertInputMsg\"/>
171      <wsdl:output message=\"tns:getX509CertOutputMsg\"/>
172    </wsdl:operation>
173  </wsdl:portType> 
174 
175  <wsdl:binding name=\"SessionMgrBinding\" type=\"tns:SessionMgr\">
176    <soap:binding style=\"document\" transport=\"http://schemas.xmlsoap.org/soap/http\"/>
177
178    <wsdl:operation name=\"addUser\">
179      <soap:operation soapAction=\"addUser\"/>
180      <wsdl:input>
181        <soap:body use=\"literal\"/>
182      </wsdl:input>
183      <wsdl:output>
184        <soap:body use=\"literal\"/>
185      </wsdl:output>
186    </wsdl:operation>
187   
188    <wsdl:operation name=\"connect\">
189      <soap:operation soapAction=\"connect\"/>
190      <wsdl:input>
191        <soap:body use=\"literal\"/>
192      </wsdl:input>
193      <wsdl:output>
194        <soap:body use=\"literal\"/>
195      </wsdl:output>
196    </wsdl:operation>
197   
198    <wsdl:operation name=\"disconnect\">
199      <soap:operation soapAction=\"disconnect\"/>
200      <wsdl:input>
201        <soap:body use=\"literal\"/>
202      </wsdl:input>
203      <wsdl:output>
204        <soap:body use=\"literal\"/>
205      </wsdl:output>
206    </wsdl:operation>
207   
208    <wsdl:operation name=\"getAttCert\">
209      <soap:operation soapAction=\"getAttCert\"/>
210      <wsdl:input>
211        <soap:body use=\"literal\"/>
212      </wsdl:input>
213      <wsdl:output>
214        <soap:body use=\"literal\"/>
215      </wsdl:output>
216    </wsdl:operation>
217
218    <wsdl:operation name=\"getX509Cert\">
219      <soap:operation soapAction=\"getX509Cert\"/>
220      <wsdl:input>
221        <soap:body use=\"literal\"/>
222      </wsdl:input>
223      <wsdl:output>
224        <soap:body use=\"literal\"/>
225      </wsdl:output>
226    </wsdl:operation>   
227 
228  </wsdl:binding>
229
230  <wsdl:service name=\"SessionMgrService\">
231    <wsdl:documentation>NERC Data Grid Session Manager web service</wsdl:documentation>
232    <wsdl:port binding=\"tns:SessionMgrBinding\" name=\"SessionMgr\">
233      <soap:address location=\"http://localhost:5000\"/>
234    </wsdl:port>
235  </wsdl:service>
236</wsdl:definitions>"""
237
238    def __init__(self, post='', **kw):
239        ServiceSOAPBinding.__init__(self, post)
240        if kw.has_key('impl'):
241            self.impl = kw['impl']
242        self.auth_method_name = None
243        if kw.has_key('auth_method_name'):
244            self.auth_method_name = kw['auth_method_name']
245    def authorize(self, auth_info, post, action):
246        if self.auth_method_name and hasattr(self.impl, self.auth_method_name):
247            return getattr(self.impl, self.auth_method_name)(auth_info, post, action)
248        else:
249            return 1
250
251    def soap_addUser(self, ps):
252        self.request = ps.Parse(addUserInputMsg.typecode)
253        parameters = (self.request._username, self.request._passphrase)
254
255        # If we have an implementation object use it
256        if hasattr(self,'impl'):
257            parameters = self.impl.addUser(parameters[0],parameters[1])
258
259        result = addUserOutputMsg()
260        return self.request, result
261
262    soapAction['addUser'] = 'soap_addUser'
263    root[(addUserInputMsg.typecode.nspname,addUserInputMsg.typecode.pname)] = 'soap_addUser'
264
265    def soap_connect(self, ps):
266        self.request = ps.Parse(connectInputMsg.typecode)
267        parameters = (self.request._username, self.request._passphrase, self.request._createServerSess, self.request._getCookie)
268
269        # If we have an implementation object use it
270        if hasattr(self,'impl'):
271            parameters = self.impl.connect(parameters[0],parameters[1],parameters[2],parameters[3])
272
273        result = connectOutputMsg()
274        # If we have an implementation object, copy the result
275        if hasattr(self,'impl'):
276            # Should have a tuple of 4 args
277            result._proxyCert = parameters[0]
278            result._proxyPriKey = parameters[1]
279            result._userCert = parameters[2]
280            result._cookie = parameters[3]
281        return self.request, result
282
283    soapAction['connect'] = 'soap_connect'
284    root[(connectInputMsg.typecode.nspname,connectInputMsg.typecode.pname)] = 'soap_connect'
285
286    def soap_disconnect(self, ps):
287        self.request = ps.Parse(disconnectInputMsg.typecode)
288        parameters = (self.request._sessID, self.request._encrSessionMgrURI)
289
290        # If we have an implementation object use it
291        if hasattr(self,'impl'):
292            parameters = self.impl.disconnect(parameters[0],parameters[1])
293
294        result = disconnectOutputMsg()
295        return self.request, result
296
297    soapAction['disconnect'] = 'soap_disconnect'
298    root[(disconnectInputMsg.typecode.nspname,disconnectInputMsg.typecode.pname)] = 'soap_disconnect'
299
300    def soap_getAttCert(self, ps):
301        self.request = ps.Parse(getAttCertInputMsg.typecode)
302        parameters = (self.request._userCert, self.request._sessID, self.request._encrSessionMgrURI, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)
303
304        # If we have an implementation object use it
305        if hasattr(self,'impl'):
306            parameters = self.impl.getAttCert(parameters[0],parameters[1],parameters[2],parameters[3],parameters[4],parameters[5],parameters[6],parameters[7],parameters[8],parameters[9])
307
308        result = getAttCertOutputMsg()
309        # If we have an implementation object, copy the result
310        if hasattr(self,'impl'):
311            # Should have a tuple of 3 args
312            result._attCert = parameters[0]
313            result._msg = parameters[1]
314            result._extAttCertOut = parameters[2]
315        return self.request, result
316
317    soapAction['getAttCert'] = 'soap_getAttCert'
318    root[(getAttCertInputMsg.typecode.nspname,getAttCertInputMsg.typecode.pname)] = 'soap_getAttCert'
319
320    def soap_getX509Cert(self, ps):
321        self.request = ps.Parse(getX509CertInputMsg.typecode)
322
323        # If we have an implementation object use it
324        if hasattr(self,'impl'):
325            parameters = self.impl.getX509Cert()
326
327        result = getX509CertOutputMsg()
328        # If we have an implementation object, copy the result
329        if hasattr(self,'impl'):
330            result._x509Cert = parameters
331        return self.request, result
332
333    soapAction['getX509Cert'] = 'soap_getX509Cert'
334    root[(getX509CertInputMsg.typecode.nspname,getX509CertInputMsg.typecode.pname)] = 'soap_getX509Cert'
335
Note: See TracBrowser for help on using the repository browser.