source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 1789

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@1789
Revision 1789, 4.2 KB checked in by pjkersha, 13 years ago (diff)

server/SessionMgr/server-config.tac: Read in actual test certificate for getX509Cert stub.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9P J Kershaw 23/11/06
10
11Copyright (C) 2006 CCLRC & NERC
12
13This software may be distributed under the terms of the Q Public License,
14version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28# Use for stub testing only
29from ndg.security.common.SessionCookie import SessionCookie
30from datetime import datetime, timedelta
31
32# Temporary - for testing
33
34# Use to verify signatures from client - in practice would be different to
35# certFilePath
36clntCertFilePath = '../../../../../Tests/webSphereTestcert.pem'
37
38# Private key used to sign messages and also used for SSL connection
39priKeyFilePath = '../../../../../Tests/webSphereTestkey.pem'
40priKeyPwd = '../../../../../Tests/tmp'
41
42# Cert file path used for SSL connection
43certFilePath = '../../../../../Tests/webSphereTestcert.pem'
44
45
46WSSecurityHandler.signatureHandler = SignatureHandler(\
47                                                            certFilePath=clntCertFilePath,
48                                                            priKeyFilePath=priKeyFilePath,
49                                                            priKeyPwd=priKeyPwd)
50
51# Test stub data for connect and reqAuthorisation calls
52proxyCert = open('../../../../../Tests/x509up_u500').read().strip()
53attCert = open('../../../../../Tests/ac-Rz_Qnn.xml').read().strip()
54
55
56class SessionMgrServiceSub(SessionMgrService, WSResource):
57
58    # Add WS-Security handlers
59    factory = WSSecurityHandlerChainFactory
60       
61    def __init__(self):
62        WSResource.__init__(self)
63         
64        # Initialize Session Manager class - encapsulates inner workings
65        # including session management and proxy delegation
66        self.__sm = SessionMgr()
67       
68    def soap_addUser(self, ps, **kw):
69        #import pdb;pdb.set_trace()
70        request, response = SessionMgrService.soap_addUser(self, ps)
71        return request, response
72
73    def soap_connect(self, ps, **kw):
74        #import pdb;pdb.set_trace()
75        request, response = SessionMgrService.soap_connect(self, ps)
76
77        if request.get_element_getCookie():
78            dtExpiry = datetime.utcnow() + timedelta(seconds=60*60)
79            cookie = SessionCookie(ndgID1='9'*64, 
80                                   ndgID2='0'*64,
81                                   dtExpiry=dtExpiry)
82            response.set_element_cookie(cookie)
83        else: 
84            response.set_element_proxyCert(proxyCert)
85                         
86        return request, response
87
88    def soap_disconnect(self, ps, **kw):
89        #import pdb;pdb.set_trace()
90        request, response = SessionMgrService.soap_disconnect(self, ps)
91        return request, response
92
93    def soap_reqAuthorisation(self, ps, **kw):
94        #import pdb;pdb.set_trace()
95        request, response = SessionMgrService.soap_reqAuthorisation(self, ps)
96        response.set_element_attCert(attCert)
97        response.set_element_statusCode('AcessGranted')
98        return request, response
99
100    def soap_getX509Cert(self, ps, **kw):
101        #import pdb;pdb.set_trace()
102        request, response = SessionMgrService.soap_getX509Cert(self, ps)
103        response.set_element_x509Cert(open(certFilePath).read().strip())
104        return request, response
105
106# Use default https port
107portNum = 5700
108hostname = socket.gethostname()
109
110root = Resource()
111root.putChild('SessionManager', SessionMgrServiceSub())
112siteFactory = Site(root)
113application = service.Application("ndgSecurityContainer")
114
115# Try SSL
116from twisted.internet import ssl
117
118# Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
119ctxFactory = ssl.DefaultOpenSSLContextFactory(priKeyFilePath, certFilePath)
120port = internet.SSLServer(portNum, siteFactory, ctxFactory)
121
122# Non-SSL
123#port = internet.TCPServer(portNum, siteFactory)#, interface=hostname)
124port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.