1 | #!/usr/bin/env python |
---|
2 | """NDG Security Attribute Authority .tac file |
---|
3 | |
---|
4 | This file enables the Session Manager web service to be |
---|
5 | called under the Twisted framework |
---|
6 | |
---|
7 | NERC Data Grid Project |
---|
8 | |
---|
9 | P J Kershaw 23/11/06 |
---|
10 | |
---|
11 | Copyright (C) 2006 CCLRC & NERC |
---|
12 | |
---|
13 | This software may be distributed under the terms of the Q Public License, |
---|
14 | version 1.0 or later. |
---|
15 | """ |
---|
16 | import socket |
---|
17 | |
---|
18 | from ZSI.twisted.WSresource import WSResource |
---|
19 | from twisted.application import service, internet |
---|
20 | from twisted.web.server import Site |
---|
21 | from twisted.web.resource import Resource |
---|
22 | |
---|
23 | from SessionMgr_services_server import SessionMgrService |
---|
24 | from ndg.security.server.SessionMgr import SessionMgr |
---|
25 | from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \ |
---|
26 | WSSecurityHandler, SignatureHandler |
---|
27 | |
---|
28 | # Use for stub testing only |
---|
29 | from ndg.security.common.SessionCookie import SessionCookie |
---|
30 | from datetime import datetime, timedelta |
---|
31 | |
---|
32 | # Temporary - for testing |
---|
33 | |
---|
34 | # Use to verify signatures from client - in practice would be different to |
---|
35 | # certFilePath |
---|
36 | clntCertFilePath = '../../../../../Tests/webSphereTestcert.pem' |
---|
37 | |
---|
38 | # Private key used to sign messages and also used for SSL connection |
---|
39 | priKeyFilePath = '../../../../../Tests/webSphereTestkey.pem' |
---|
40 | priKeyPwd = '../../../../../Tests/tmp' |
---|
41 | |
---|
42 | # Cert file path used for SSL connection |
---|
43 | certFilePath = '../../../../../Tests/webSphereTestcert.pem' |
---|
44 | |
---|
45 | |
---|
46 | WSSecurityHandler.signatureHandler = SignatureHandler(\ |
---|
47 | certFilePath=clntCertFilePath, |
---|
48 | priKeyFilePath=priKeyFilePath, |
---|
49 | priKeyPwd=priKeyPwd) |
---|
50 | |
---|
51 | # Test stub data for connect and reqAuthorisation calls |
---|
52 | proxyCert = open('../../../../../Tests/x509up_u500').read().strip() |
---|
53 | attCert = open('../../../../../Tests/ac-Rz_Qnn.xml').read().strip() |
---|
54 | |
---|
55 | |
---|
56 | class SessionMgrServiceSub(SessionMgrService, WSResource): |
---|
57 | |
---|
58 | # Add WS-Security handlers |
---|
59 | factory = WSSecurityHandlerChainFactory |
---|
60 | |
---|
61 | def __init__(self): |
---|
62 | WSResource.__init__(self) |
---|
63 | |
---|
64 | # Initialize Session Manager class - encapsulates inner workings |
---|
65 | # including session management and proxy delegation |
---|
66 | self.__sm = SessionMgr() |
---|
67 | |
---|
68 | def soap_addUser(self, ps, **kw): |
---|
69 | #import pdb;pdb.set_trace() |
---|
70 | request, response = SessionMgrService.soap_addUser(self, ps) |
---|
71 | return request, response |
---|
72 | |
---|
73 | def soap_connect(self, ps, **kw): |
---|
74 | #import pdb;pdb.set_trace() |
---|
75 | request, response = SessionMgrService.soap_connect(self, ps) |
---|
76 | |
---|
77 | if request.get_element_getCookie(): |
---|
78 | dtExpiry = datetime.utcnow() + timedelta(seconds=60*60) |
---|
79 | cookie = SessionCookie(ndgID1='9'*64, |
---|
80 | ndgID2='0'*64, |
---|
81 | dtExpiry=dtExpiry) |
---|
82 | response.set_element_cookie(cookie) |
---|
83 | else: |
---|
84 | response.set_element_proxyCert(proxyCert) |
---|
85 | |
---|
86 | return request, response |
---|
87 | |
---|
88 | def soap_disconnect(self, ps, **kw): |
---|
89 | #import pdb;pdb.set_trace() |
---|
90 | request, response = SessionMgrService.soap_disconnect(self, ps) |
---|
91 | return request, response |
---|
92 | |
---|
93 | def soap_reqAuthorisation(self, ps, **kw): |
---|
94 | #import pdb;pdb.set_trace() |
---|
95 | request, response = SessionMgrService.soap_reqAuthorisation(self, ps) |
---|
96 | response.set_element_attCert(attCert) |
---|
97 | response.set_element_statusCode('AcessGranted') |
---|
98 | return request, response |
---|
99 | |
---|
100 | def soap_getX509Cert(self, ps, **kw): |
---|
101 | #import pdb;pdb.set_trace() |
---|
102 | request, response = SessionMgrService.soap_getX509Cert(self, ps) |
---|
103 | response.set_element_x509Cert(open(certFilePath).read().strip()) |
---|
104 | return request, response |
---|
105 | |
---|
106 | # Use default https port |
---|
107 | portNum = 5700 |
---|
108 | hostname = socket.gethostname() |
---|
109 | |
---|
110 | root = Resource() |
---|
111 | root.putChild('SessionManager', SessionMgrServiceSub()) |
---|
112 | siteFactory = Site(root) |
---|
113 | application = service.Application("ndgSecurityContainer") |
---|
114 | |
---|
115 | # Try SSL |
---|
116 | from twisted.internet import ssl |
---|
117 | |
---|
118 | # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL |
---|
119 | ctxFactory = ssl.DefaultOpenSSLContextFactory(priKeyFilePath, certFilePath) |
---|
120 | port = internet.SSLServer(portNum, siteFactory, ctxFactory) |
---|
121 | |
---|
122 | # Non-SSL |
---|
123 | #port = internet.TCPServer(portNum, siteFactory)#, interface=hostname) |
---|
124 | port.setServiceParent(application) |
---|