source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2136

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@2136
Revision 2136, 4.3 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/setup.py:

  • comment out Twisted from install - won't do egg install
  • updated long description

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • added verifyingCertFilePath keyword to SignatureHandler? initialisation
  • added SSL capability

python/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
added element names for reading SSL settings from properties file.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
added verifyingCertFilePath keyword to SignatureHandler? initialisation

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
python/ndg.security.server/ndg/security/server/SessionMgr/init.py:
added clntCertFile properties file element name for setting certificate for
verifying incoming SOAP messages.

python/ndg.security.server/ndg/security/server/SessionMgr/Makefile:
corrected typo.

python/ndg.security.server/ndg/security/server/MyProxy.py:
Put OpenSSLConfig and OpenSSLConfigError classes into their own package
'openssl' so that they can also be used by the Certificate Authority client.

python/www/html/certificateAuthority.wsdl,
python/ndg.security.server/ndg/security/server/ca/CertificateAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services.py: updated operations to issueCert, revokeCert and getCRL.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: changed address of service to connect to.

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
alternative username connection settings

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
fixed typos in error message and comments.

ython/ndg.security.common/ndg/security/common/XMLSec.py: changed call to
getAttributeNodeNS to getAttributeNode for retrieving reference element URI
attribute.

python/ndg.security.common/ndg/security/common/ca/init.py: code for
Certificate Authority client

python/ndg.security.common/ndg/security/common/wsSecurity.py:

  • tidied up imports
  • added properties for setting keywords to reference and SignedInfo? C14N
  • changed sign method so that it is truely configurable allow use of inclusive or exclusive C14N based on the keywords set for reference and SignedInfo? C14N calls.
  • swapped calls to getAttributeNodeNS with getAttributeNode where appropriate.

java/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/AttAuthority/build/classes/META-INF/ibm-webservicesclient-bnd.xmi:
updated to that request generator correctly places X.509 cert in
BinarySecurityToken? element.

java/DEWS/AttAuthority/appClientModule/Main.java,
java/DEWS/AttAuthority/appClientjava/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmiModule/Main.java:
include calls to getX509Cert and getAttCert methods.

java/DEWS/SessionMgr/build/classes/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/SessionMgr/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi:
updates for testing Session MAnager client

java/DEWS/SessionMgr/appClientModule/Main.java: switched username setting.

Line 
1#!/usr/bin/env python
2"""NDG Security Session Manager .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class SessionMgrServiceSub(SessionMgrService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize Session Manager class - encapsulates inner workings
38        # including session management and proxy delegation
39        self.sm = SessionMgr()
40       
41    def soap_addUser(self, ps, **kw):
42        #import pdb;pdb.set_trace()
43        request, response = SessionMgrService.soap_addUser(self, ps)
44        return request, response
45
46    def soap_connect(self, ps, **kw):
47        #import pdb;pdb.set_trace()
48        request, response = SessionMgrService.soap_connect(self, ps)
49
50        result = self.sm.connect(username=request.Username,
51                                                                 passphrase=request.Passphrase,
52                                                                 createServerSess=request.CreateServerSess,
53                                                                 getCookie=request.GetCookie)
54                                       
55        response.ProxyCert, response.ProxyPriKey, response.UserCert, \
56                response.Cookie = result
57                         
58        return request, response
59
60    def soap_disconnect(self, ps, **kw):
61        import pdb;pdb.set_trace()
62        request, response = SessionMgrService.soap_disconnect(self, ps)
63        return request, response
64
65    def soap_getAttCert(self, ps, **kw):
66        #import pdb;pdb.set_trace()
67        request, response = SessionMgrService.soap_getAttCert(self, ps)
68       
69        # Get certificate corresponding to private key that signed the
70        # message - i.e. the user's proxy
71        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
72       
73                # Proxy cert is prefered over userCert - userCert may have been
74                # omitted.
75        result = self.sm.getAttCert(\
76                                            userCert=proxyCert or request.UserCert,
77                                                sessID=request.SessID,
78                                                encrSessMgrURI=request.EncrSessionMgrURI,
79                                                aaURI=request.AttAuthorityURI,
80                                                reqRole=request.ReqRole,
81                                                mapFromTrustedHosts=request.MapFromTrustedHosts,
82                                                rtnExtAttCertList=request.RtnExtAttCertList,
83                                                extAttCertList=request.ExtAttCert,
84                                                extTrustedHostList=request.ExtTrustedHost)
85
86
87        if result[0]:
88                response.AttCert = result[0].toString() 
89               
90        response.Msg, response.ExtAttCertOut = result[1:]
91       
92        return request, response
93
94    def soap_getX509Cert(self, ps, **kw):
95        #import pdb;pdb.set_trace()
96        request, response = SessionMgrService.soap_getX509Cert(self, ps)
97        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
98        return request, response
99
100
101# Create Service
102srv = SessionMgrServiceSub()
103
104# Initialise WS-Security signature handler passing Attribute Authority
105# public and private keys
106WSSecurityHandler.signatureHandler = SignatureHandler(\
107                                                                verifyingCertFilePath=srv.sm['clntCertFile'],
108                                    signingCertFilePath=srv.sm['certFile'],
109                                    signingPriKeyFilePath=srv.sm['keyFile'],
110                                    signingPriKeyPwd=srv.sm['keyPwd'])
111
112# Add Service to Session Manager branch
113root = Resource()
114root.putChild('SessionManager', srv)
115siteFactory = Site(root)
116
117if srv.sm['useSSL']:
118        # Use SSL connection
119        from twisted.internet import ssl
120       
121        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
122        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.sm['sslKeyFile'], 
123                                                                                                  srv.sm['sslCertFile'])
124        port = internet.SSLServer(srv.sm['portNum'], siteFactory, ctxFactory)
125else:   
126        # Non-SSL
127        port = internet.TCPServer(srv.sm['portNum'], siteFactory)
128
129application = service.Application("SessionManagerContainer")
130port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.