1 | #!/usr/bin/env python |
---|
2 | """NDG Security Attribute Authority .tac file |
---|
3 | |
---|
4 | This file enables the Session Manager web service to be |
---|
5 | called under the Twisted framework |
---|
6 | |
---|
7 | NERC Data Grid Project |
---|
8 | |
---|
9 | @author P J Kershaw 23/11/06 |
---|
10 | |
---|
11 | @copyright (C) 2007 CCLRC & NERC |
---|
12 | |
---|
13 | @license This software may be distributed under the terms of the Q Public |
---|
14 | License, version 1.0 or later. |
---|
15 | """ |
---|
16 | import socket |
---|
17 | |
---|
18 | from ZSI.twisted.WSresource import WSResource |
---|
19 | from twisted.application import service, internet |
---|
20 | from twisted.web.server import Site |
---|
21 | from twisted.web.resource import Resource |
---|
22 | |
---|
23 | from SessionMgr_services_server import SessionMgrService |
---|
24 | from ndg.security.server.SessionMgr import SessionMgr |
---|
25 | from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \ |
---|
26 | WSSecurityHandler, SignatureHandler |
---|
27 | |
---|
28 | |
---|
29 | class SessionMgrServiceSub(SessionMgrService, WSResource): |
---|
30 | |
---|
31 | # Add WS-Security handlers |
---|
32 | factory = WSSecurityHandlerChainFactory |
---|
33 | |
---|
34 | def __init__(self): |
---|
35 | WSResource.__init__(self) |
---|
36 | |
---|
37 | # Initialize Session Manager class - encapsulates inner workings |
---|
38 | # including session management and proxy delegation |
---|
39 | self.sm = SessionMgr() |
---|
40 | |
---|
41 | def soap_addUser(self, ps, **kw): |
---|
42 | #import pdb;pdb.set_trace() |
---|
43 | request, response = SessionMgrService.soap_addUser(self, ps) |
---|
44 | return request, response |
---|
45 | |
---|
46 | def soap_connect(self, ps, **kw): |
---|
47 | #import pdb;pdb.set_trace() |
---|
48 | request, response = SessionMgrService.soap_connect(self, ps) |
---|
49 | |
---|
50 | result = self.sm.connect(username=request.Username, |
---|
51 | passphrase=request.Passphrase, |
---|
52 | createServerSess=request.CreateServerSess, |
---|
53 | getCookie=request.GetCookie) |
---|
54 | |
---|
55 | response.ProxyCert, response.ProxyPriKey, response.UserCert, \ |
---|
56 | response.Cookie = result |
---|
57 | |
---|
58 | return request, response |
---|
59 | |
---|
60 | def soap_disconnect(self, ps, **kw): |
---|
61 | import pdb;pdb.set_trace() |
---|
62 | request, response = SessionMgrService.soap_disconnect(self, ps) |
---|
63 | return request, response |
---|
64 | |
---|
65 | def soap_getAttCert(self, ps, **kw): |
---|
66 | #import pdb;pdb.set_trace() |
---|
67 | request, response = SessionMgrService.soap_getAttCert(self, ps) |
---|
68 | |
---|
69 | # Get certificate corresponding to private key that signed the |
---|
70 | # message - i.e. the user's proxy |
---|
71 | proxyCert = WSSecurityHandler.signatureHandler.verifyingCert |
---|
72 | |
---|
73 | # Proxy cert is prefered over userCert - userCert may have been |
---|
74 | # omitted. |
---|
75 | result = self.sm.getAttCert(\ |
---|
76 | userCert=proxyCert or request.UserCert, |
---|
77 | sessID=request.SessID, |
---|
78 | encrSessMgrURI=request.EncrSessionMgrURI, |
---|
79 | aaURI=request.AttAuthorityURI, |
---|
80 | reqRole=request.ReqRole, |
---|
81 | mapFromTrustedHosts=request.MapFromTrustedHosts, |
---|
82 | rtnExtAttCertList=request.RtnExtAttCertList, |
---|
83 | extAttCertList=request.ExtAttCert, |
---|
84 | extTrustedHostList=request.ExtTrustedHost) |
---|
85 | |
---|
86 | |
---|
87 | if result[0]: |
---|
88 | response.AttCert = result[0].toString() |
---|
89 | |
---|
90 | response.Msg, response.ExtAttCert = result[1:] |
---|
91 | |
---|
92 | return request, response |
---|
93 | |
---|
94 | def soap_getX509Cert(self, ps, **kw): |
---|
95 | #import pdb;pdb.set_trace() |
---|
96 | request, response = SessionMgrService.soap_getX509Cert(self, ps) |
---|
97 | response.set_element_x509Cert(open(self.sm['certFile']).read().strip()) |
---|
98 | return request, response |
---|
99 | |
---|
100 | |
---|
101 | # Create Service |
---|
102 | smSrv = SessionMgrServiceSub() |
---|
103 | |
---|
104 | # Initialise WS-Security signature handler passing Attribute Authority |
---|
105 | # public and private keys |
---|
106 | WSSecurityHandler.signatureHandler = SignatureHandler(\ |
---|
107 | signingCertFilePath=smSrv.sm['certFile'], |
---|
108 | signingPriKeyFilePath=smSrv.sm['keyFile'], |
---|
109 | signingPriKeyPwd=smSrv.sm['keyPwd']) |
---|
110 | |
---|
111 | # Add Service to Session Manager branch |
---|
112 | root = Resource() |
---|
113 | root.putChild('SessionManager', smSrv) |
---|
114 | siteFactory = Site(root) |
---|
115 | application = service.Application("SessionManagerContainer") |
---|
116 | |
---|
117 | if smSrv.sm['useSSL']: |
---|
118 | # Use SSL connection |
---|
119 | from twisted.internet import ssl |
---|
120 | |
---|
121 | # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL |
---|
122 | ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'], |
---|
123 | smSrv.sm['sslCertFile']) |
---|
124 | port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory) |
---|
125 | else: |
---|
126 | # Non-SSL |
---|
127 | port = internet.TCPServer(smSrv.sm['portNum'], siteFactory) |
---|
128 | |
---|
129 | port.setServiceParent(application) |
---|