source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2079

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@2079
Revision 2079, 4.3 KB checked in by pjkersha, 13 years ago (diff)

python/www/html/attAuthority.wsdl,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py,
python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.p
y,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:
Make separate schema for the two services - urn:ndg:security:attAuthority and
urn:ndg:security:sessionMgr otherwise getAttCert and getAttCertResponse declarations
get mixed up between the two in the ZSI code.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
replace get_element_* and set_element_* with attributes references instead e.g.
request.get_element_username() -> request.Username

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • rename encrypt and decrypt static UserSession? methods encodeSessionMgrURI and

decodeSessionMgrURI respectively. The encryption key is now optional and isn't applied
if omitted. This means that Session Manager URI in the cookie can be base 64 encoded only
and not encrypted.

  • getAttCert - simplified use of keywords in input and call to CredWallet?.getAttCert
  • fixes to redirectAttCertReq for correct SessionMgrClient? call - needs test

python/ndg.security.common/ndg/security/common/CredWallet.py:

  • fix AttAuthorityClient? import
  • remove clnt* properties - use proxy settings instead for signing requests to AA
  • fixes to getAttCert and getAttCert calls
Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class SessionMgrServiceSub(SessionMgrService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize Session Manager class - encapsulates inner workings
38        # including session management and proxy delegation
39        self.sm = SessionMgr()
40       
41    def soap_addUser(self, ps, **kw):
42        #import pdb;pdb.set_trace()
43        request, response = SessionMgrService.soap_addUser(self, ps)
44        return request, response
45
46    def soap_connect(self, ps, **kw):
47        import pdb;pdb.set_trace()
48        request, response = SessionMgrService.soap_connect(self, ps)
49
50        result = self.sm.connect(username=request.Username,
51                                                                 passphrase=request.Passphrase,
52                                                                 createServerSess=request.CreateServerSess,
53                                                                 getCookie=request.GetCookie)
54                                       
55        response.ProxyCert, response.ProxyPriKey, response.UserCert, \
56                response.Cookie = result
57                         
58        return request, response
59
60    def soap_disconnect(self, ps, **kw):
61        import pdb;pdb.set_trace()
62        request, response = SessionMgrService.soap_disconnect(self, ps)
63        return request, response
64
65    def soap_getAttCert(self, ps, **kw):
66        import pdb;pdb.set_trace()
67        request, response = SessionMgrService.soap_getAttCert(self, ps)
68       
69        # Get certificate corresponding to private key that signed the
70        # message - i.e. the user's proxy
71        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
72       
73                # Proxy cert is prefered over userCert - userCert may have been
74                # omitted.
75        result = self.sm.getAttCert(\
76                                            userCert=proxyCert or request.UserCert,
77                                                sessID=request.SessID,
78                                                encrSessMgrURI=request.EncrSessionMgrURI,
79                                                aaURI=request.AttAuthorityURI,
80                                                reqRole=request.ReqRole,
81                                                mapFromTrustedHosts=request.MapFromTrustedHosts,
82                                                rtnExtAttCertList=request.RtnExtAttCertList,
83                                                extAttCertList=request.ExtAttCert,
84                                                extTrustedHostList=request.ExtTrustedHost)
85
86
87        response.AttCert, response.StatusCode, response.Msg, \
88                response.ExtAttCert = result
89       
90        return request, response
91
92    def soap_getX509Cert(self, ps, **kw):
93        #import pdb;pdb.set_trace()
94        request, response = SessionMgrService.soap_getX509Cert(self, ps)
95        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
96        return request, response
97
98
99# Create Service
100smSrv = SessionMgrServiceSub()
101
102# Initialise WS-Security signature handler passing Attribute Authority
103# public and private keys
104WSSecurityHandler.signatureHandler = SignatureHandler(\
105                                    signingCertFilePath=smSrv.sm['certFile'],
106                                    signingPriKeyFilePath=smSrv.sm['keyFile'],
107                                    signingPriKeyPwd=smSrv.sm['keyPwd'])
108
109# Add Service to Session Manager branch
110root = Resource()
111root.putChild('SessionManager', smSrv)
112siteFactory = Site(root)
113application = service.Application("SessionManagerContainer")
114
115if smSrv.sm['useSSL']:
116        # Use SSL connection
117        from twisted.internet import ssl
118       
119        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
120        ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'], 
121                                                                                                  smSrv.sm['sslCertFile'])
122        port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory)
123else:   
124        # Non-SSL
125        port = internet.TCPServer(smSrv.sm['portNum'], siteFactory)
126
127port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.