source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2108

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@2108
Revision 2108, 4.4 KB checked in by pjkersha, 12 years ago (diff)

Renamed output extAttCert -> extAttCertOut for getAttCertResponse for Session Manager
WSDL. Previously, there were input and output vars called extAttCert. This causes
problems for Java generated stubs.

Line 
1#!/usr/bin/env python
2"""NDG Security Attribute Authority .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class SessionMgrServiceSub(SessionMgrService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize Session Manager class - encapsulates inner workings
38        # including session management and proxy delegation
39        self.sm = SessionMgr()
40       
41    def soap_addUser(self, ps, **kw):
42        #import pdb;pdb.set_trace()
43        request, response = SessionMgrService.soap_addUser(self, ps)
44        return request, response
45
46    def soap_connect(self, ps, **kw):
47        #import pdb;pdb.set_trace()
48        request, response = SessionMgrService.soap_connect(self, ps)
49
50        result = self.sm.connect(username=request.Username,
51                                                                 passphrase=request.Passphrase,
52                                                                 createServerSess=request.CreateServerSess,
53                                                                 getCookie=request.GetCookie)
54                                       
55        response.ProxyCert, response.ProxyPriKey, response.UserCert, \
56                response.Cookie = result
57                         
58        return request, response
59
60    def soap_disconnect(self, ps, **kw):
61        import pdb;pdb.set_trace()
62        request, response = SessionMgrService.soap_disconnect(self, ps)
63        return request, response
64
65    def soap_getAttCert(self, ps, **kw):
66        #import pdb;pdb.set_trace()
67        request, response = SessionMgrService.soap_getAttCert(self, ps)
68       
69        # Get certificate corresponding to private key that signed the
70        # message - i.e. the user's proxy
71        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
72       
73                # Proxy cert is prefered over userCert - userCert may have been
74                # omitted.
75        result = self.sm.getAttCert(\
76                                            userCert=proxyCert or request.UserCert,
77                                                sessID=request.SessID,
78                                                encrSessMgrURI=request.EncrSessionMgrURI,
79                                                aaURI=request.AttAuthorityURI,
80                                                reqRole=request.ReqRole,
81                                                mapFromTrustedHosts=request.MapFromTrustedHosts,
82                                                rtnExtAttCertList=request.RtnExtAttCertList,
83                                                extAttCertList=request.ExtAttCert,
84                                                extTrustedHostList=request.ExtTrustedHost)
85
86
87        if result[0]:
88                response.AttCert = result[0].toString() 
89               
90        response.Msg, response.ExtAttCertOut = result[1:]
91       
92        return request, response
93
94    def soap_getX509Cert(self, ps, **kw):
95        #import pdb;pdb.set_trace()
96        request, response = SessionMgrService.soap_getX509Cert(self, ps)
97        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
98        return request, response
99
100
101# Create Service
102smSrv = SessionMgrServiceSub()
103
104# Initialise WS-Security signature handler passing Attribute Authority
105# public and private keys
106WSSecurityHandler.signatureHandler = SignatureHandler(\
107                                                                        verifyingCertFilePath='/home/pjkersha/Development/security/python/Tests/webSphereTestcert.pem',
108                                    signingCertFilePath=smSrv.sm['certFile'],
109                                    signingPriKeyFilePath=smSrv.sm['keyFile'],
110                                    signingPriKeyPwd=smSrv.sm['keyPwd'])
111
112# Add Service to Session Manager branch
113root = Resource()
114root.putChild('SessionManager', smSrv)
115siteFactory = Site(root)
116application = service.Application("SessionManagerContainer")
117
118if smSrv.sm['useSSL']:
119        # Use SSL connection
120        from twisted.internet import ssl
121       
122        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
123        ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'], 
124                                                                                                  smSrv.sm['sslCertFile'])
125        port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory)
126else:   
127        # Non-SSL
128        port = internet.TCPServer(smSrv.sm['portNum'], siteFactory)
129
130port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.