source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2063

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@2063
Revision 2063, 3.7 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Include additional checks for loadCredUserRolesInterface.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • updated soap_connect to wire up to SessionMgr?.connect
  • use of SSL is configurable from useSSL properties file element
  • likewise pick up port number from properties file

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • move lambda functions outside SessionMgr? class - easier to reference.
  • added extra elements to properties file - port num, use SSL flag, SSL cert/private key settings. Simple CA client settings
  • Include additional checks for loadCredReposInterface.
  • update connect method to return proxy cert, proxy private key, user cert and cookie as separate tuple elements.

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:

  • connect response has separate elements for proxy cert, proxy private key and user cert.
  • disconnect proxyCert -> userCert. proxy is set in signature in SOAP header.

python/ndg.security.server/ndg/security/server/MyProxy.py: fixes to readProperties method.

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:
added additional elements for SSL connection.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:
updates to connect method.

python/ndg.security.test/ndg/security/test/SessionMgr/server.sh: update to header

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
modified PKI config settings.

python/ndg.security.common/ndg/security/common/wsSecurity.py: catch exceptions explicitly
for cert and private key file reading errors.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py: SM client ...

  • 'smCertFilePath' refs changed to 'srvCertFilePath'
  • fixes to connect method
  • renamed 'reqAuthorisation' -> 'getAttCert'

python/ndg.security.common/ndg/security/common/CredWallet.py: added NullCredRepos? class.
Its allows for the case where a deployment doesn't require a Credential Repository. It
implements a class with empty stubs.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class SessionMgrServiceSub(SessionMgrService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize Session Manager class - encapsulates inner workings
38        # including session management and proxy delegation
39        self.sm = SessionMgr()
40       
41    def soap_addUser(self, ps, **kw):
42        #import pdb;pdb.set_trace()
43        request, response = SessionMgrService.soap_addUser(self, ps)
44        return request, response
45
46    def soap_connect(self, ps, **kw):
47        #import pdb;pdb.set_trace()
48        request, response = SessionMgrService.soap_connect(self, ps)
49
50        proxyCert, proxyPriKey, userCert, sessCookie = self.sm.connect(\
51                                        username=request.get_element_username(),
52                                        passphrase=request.get_element_passphrase(),
53                                        createServerSess=request.get_element_createServerSess(),
54                                        getCookie=request.get_element_getCookie())
55                                       
56        response.set_element_proxyCert(proxyCert)
57        response.set_element_proxyPriKey(proxyPriKey)
58        response.set_element_userCert(userCert)
59        response.set_element_cookie(sessCookie)
60                         
61        return request, response
62
63    def soap_disconnect(self, ps, **kw):
64        #import pdb;pdb.set_trace()
65        request, response = SessionMgrService.soap_disconnect(self, ps)
66        return request, response
67
68    def soap_getAttCert(self, ps, **kw):
69        #import pdb;pdb.set_trace()
70        request, response = SessionMgrService.soap_getAttCert(self, ps)
71        response.set_element_attCert(attCert)
72        response.set_element_statusCode('AcessGranted')
73        return request, response
74
75    def soap_getX509Cert(self, ps, **kw):
76        #import pdb;pdb.set_trace()
77        request, response = SessionMgrService.soap_getX509Cert(self, ps)
78        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
79        return request, response
80
81
82# Create Service
83smSrv = SessionMgrServiceSub()
84
85# Initialise WS-Security signature handler passing Attribute Authority
86# public and private keys
87WSSecurityHandler.signatureHandler = SignatureHandler(\
88                                            certFilePath=smSrv.sm['certFile'],
89                                            priKeyFilePath=smSrv.sm['keyFile'],
90                                            priKeyPwd=smSrv.sm['keyPwd'])
91
92# Add Service to Session Manager branch
93root = Resource()
94root.putChild('SessionManager', smSrv)
95siteFactory = Site(root)
96application = service.Application("SessionManagerContainer")
97
98if smSrv.sm['useSSL']:
99        # Use SSL connection
100        from twisted.internet import ssl
101       
102        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
103        ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'], 
104                                                                                                  smSrv.sm['sslCertFile'])
105        port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory)
106else:   
107        # Non-SSL
108        port = internet.TCPServer(smSrv.sm['portNum'], siteFactory)
109
110port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.