source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2086

#!/usr/bin/env python
"""NDG Security Attribute Authority .tac file 

This file enables the Session Manager web service to be 
called under the Twisted framework

NERC Data Grid Project

@author P J Kershaw 23/11/06

@copyright (C) 2007 CCLRC & NERC

@license This software may be distributed under the terms of the Q Public 
License, version 1.0 or later.
"""
import socket

from ZSI.twisted.WSresource import WSResource
from twisted.application import service, internet
from twisted.web.server import Site
from twisted.web.resource import Resource

from SessionMgr_services_server import SessionMgrService
from ndg.security.server.SessionMgr import SessionMgr
from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
        WSSecurityHandler, SignatureHandler


class SessionMgrServiceSub(SessionMgrService, WSResource):

    # Add WS-Security handlers
    factory = WSSecurityHandlerChainFactory
        
    def __init__(self):
        WSResource.__init__(self)
         
        # Initialize Session Manager class - encapsulates inner workings 
        # including session management and proxy delegation
        self.sm = SessionMgr()
        
    def soap_addUser(self, ps, **kw):
        #import pdb;pdb.set_trace()
        request, response = SessionMgrService.soap_addUser(self, ps)
        return request, response

    def soap_connect(self, ps, **kw):
        #import pdb;pdb.set_trace()
        request, response = SessionMgrService.soap_connect(self, ps)

        result = self.sm.connect(username=request.Username,
                                                                 passphrase=request.Passphrase,
                                                                 createServerSess=request.CreateServerSess,
                                                                 getCookie=request.GetCookie)
                                        
        response.ProxyCert, response.ProxyPriKey, response.UserCert, \
                response.Cookie = result
                         
        return request, response

    def soap_disconnect(self, ps, **kw):
        import pdb;pdb.set_trace()
        request, response = SessionMgrService.soap_disconnect(self, ps)
        return request, response

    def soap_getAttCert(self, ps, **kw):
        #import pdb;pdb.set_trace()
        request, response = SessionMgrService.soap_getAttCert(self, ps)
        
        # Get certificate corresponding to private key that signed the
        # message - i.e. the user's proxy
        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
        
                # Proxy cert is prefered over userCert - userCert may have been 
                # omitted.
        result = self.sm.getAttCert(\
                                            userCert=proxyCert or request.UserCert,
                                                sessID=request.SessID,
                                                encrSessMgrURI=request.EncrSessionMgrURI,
                                                aaURI=request.AttAuthorityURI,
                                                reqRole=request.ReqRole,
                                                mapFromTrustedHosts=request.MapFromTrustedHosts,
                                                rtnExtAttCertList=request.RtnExtAttCertList,
                                                extAttCertList=request.ExtAttCert,
                                                extTrustedHostList=request.ExtTrustedHost)


        if result[0]:
                response.AttCert = result[0].toString() 
                
        response.Msg, response.ExtAttCert = result[1:]
        
        return request, response

    def soap_getX509Cert(self, ps, **kw):
        #import pdb;pdb.set_trace()
        request, response = SessionMgrService.soap_getX509Cert(self, ps)
        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
        return request, response


# Create Service
smSrv = SessionMgrServiceSub()

# Initialise WS-Security signature handler passing Attribute Authority
# public and private keys
WSSecurityHandler.signatureHandler = SignatureHandler(\
                                    signingCertFilePath=smSrv.sm['certFile'],
                                    signingPriKeyFilePath=smSrv.sm['keyFile'],
                                    signingPriKeyPwd=smSrv.sm['keyPwd'])

# Add Service to Session Manager branch
root = Resource()
root.putChild('SessionManager', smSrv)
siteFactory = Site(root)
application = service.Application("SessionManagerContainer")

if smSrv.sm['useSSL']:
        # Use SSL connection
        from twisted.internet import ssl
        
        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
        ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'], 
                                                                                                  smSrv.sm['sslCertFile'])
        port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory)
else:   
        # Non-SSL
        port = internet.TCPServer(smSrv.sm['portNum'], siteFactory)

port.setServiceParent(application)