source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac @ 2145

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac@2145
Revision 2145, 4.3 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/ca/server-config.tac: added file copied
from Session Manager equivalent

python/ndg.security.server/ndg/security/server/ca/SimpleCA.py:

  • added ability to generate a certificate request using M2Crypto
  • added properties for running web service over SSL + PKI settings
  • properties file path can be set vai the NDGSEC_CA_PROPFILEPATH environment variable

python/ndg.security.server/ndg/security/server/ca/start-container.sh: script to run
service with twistd.

python/ndg.security.server/ndg/security/server/ca/Makefile: calls to wsdl2dispatch to
generate server side stubs.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac: fixed typo

  • ref to Attribute Authority instead of Session Manager.

python/ndg.security.server/ndg/security/server/MyProxy.py: simplified use of OpenSSLConfig
class.

python/conf/sessionMgrProperties.xml: removed duplicate lines.

python/conf/simpleCAProperties.xml: re-added - for some reason not previously stored in
repository.

python/ndg.security.test/ndg/security/test/ca/server.sh: adapted from Session Manager
version.

python/ndg.security.test/ndg/security/test/ca/caClientTest.cfg: added settings for
issueCert unit test to configure certificate request.

python/ndg.security.test/ndg/security/test/ca/caClientTest.py: setting up
test1IssueCert unit test.

python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml: added settings for
SSL and PKI.

python/ndgSetup.sh: set up GRID_SECURITY_DIR environment variable

python/ndg.security.common/ndg/security/common/ca/init.py: Certificate Authority
web service client - updated settings for OpenSSLConfig object and issueCert method.

python/ndg.security.common/ndg/security/common/ca/CertReq.py: old code from alpha version
of NDG-Security.

python/ndg.security.common/ndg/security/common/ca/Makefile: generates client and server
side stubs for Certificate Authority web service.

python/ndg.security.common/ndg/security/common/wsSecurity.py: updated header

python/ndg.security.common/ndg/security/common/openssl.py:

  • fixed regular expression for 'req_distinguished_name' pattern match
  • parameters are parsed in call to read() rather than in getReqDN method.
  • reqDN is now a property.
Line 
1#!/usr/bin/env python
2"""NDG Security Session Manager .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from SessionMgr_services_server import SessionMgrService
24from ndg.security.server.SessionMgr import SessionMgr
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class SessionMgrServiceSub(SessionMgrService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize Session Manager class - encapsulates inner workings
38        # including session management and proxy delegation
39        self.sm = SessionMgr()
40       
41    def soap_addUser(self, ps, **kw):
42        #import pdb;pdb.set_trace()
43        request, response = SessionMgrService.soap_addUser(self, ps)
44        return request, response
45
46    def soap_connect(self, ps, **kw):
47        #import pdb;pdb.set_trace()
48        request, response = SessionMgrService.soap_connect(self, ps)
49
50        result = self.sm.connect(username=request.Username,
51                                                                 passphrase=request.Passphrase,
52                                                                 createServerSess=request.CreateServerSess,
53                                                                 getCookie=request.GetCookie)
54                                       
55        response.ProxyCert, response.ProxyPriKey, response.UserCert, \
56                response.Cookie = result
57                         
58        return request, response
59
60    def soap_disconnect(self, ps, **kw):
61        import pdb;pdb.set_trace()
62        request, response = SessionMgrService.soap_disconnect(self, ps)
63        return request, response
64
65    def soap_getAttCert(self, ps, **kw):
66        #import pdb;pdb.set_trace()
67        request, response = SessionMgrService.soap_getAttCert(self, ps)
68       
69        # Get certificate corresponding to private key that signed the
70        # message - i.e. the user's proxy
71        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert
72       
73                # Proxy cert is prefered over userCert - userCert may have been
74                # omitted.
75        result = self.sm.getAttCert(\
76                                            userCert=proxyCert or request.UserCert,
77                                                sessID=request.SessID,
78                                                encrSessMgrURI=request.EncrSessionMgrURI,
79                                                aaURI=request.AttAuthorityURI,
80                                                reqRole=request.ReqRole,
81                                                mapFromTrustedHosts=request.MapFromTrustedHosts,
82                                                rtnExtAttCertList=request.RtnExtAttCertList,
83                                                extAttCertList=request.ExtAttCert,
84                                                extTrustedHostList=request.ExtTrustedHost)
85
86
87        if result[0]:
88                response.AttCert = result[0].toString() 
89               
90        response.Msg, response.ExtAttCertOut = result[1:]
91       
92        return request, response
93
94    def soap_getX509Cert(self, ps, **kw):
95        #import pdb;pdb.set_trace()
96        request, response = SessionMgrService.soap_getX509Cert(self, ps)
97        response.set_element_x509Cert(open(self.sm['certFile']).read().strip())
98        return request, response
99
100
101# Create Service
102srv = SessionMgrServiceSub()
103
104# Initialise WS-Security signature handler passing Session Manager
105# public and private keys
106WSSecurityHandler.signatureHandler = SignatureHandler(\
107                                                                verifyingCertFilePath=srv.sm['clntCertFile'],
108                                    signingCertFilePath=srv.sm['certFile'],
109                                    signingPriKeyFilePath=srv.sm['keyFile'],
110                                    signingPriKeyPwd=srv.sm['keyPwd'])
111
112# Add Service to Session Manager branch
113root = Resource()
114root.putChild('SessionManager', srv)
115siteFactory = Site(root)
116
117if srv.sm['useSSL']:
118        # Use SSL connection
119        from twisted.internet import ssl
120       
121        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
122        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.sm['sslKeyFile'], 
123                                                                                                  srv.sm['sslCertFile'])
124        port = internet.SSLServer(srv.sm['portNum'], siteFactory, ctxFactory)
125else:   
126        # Non-SSL
127        port = internet.TCPServer(srv.sm['portNum'], siteFactory)
128
129application = service.Application("SessionManagerContainer")
130port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.