source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/ca/server-config.tac @ 2145

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/ca/server-config.tac@2145
Revision 2145, 2.9 KB checked in by pjkersha, 14 years ago (diff)

python/ndg.security.server/ndg/security/server/ca/server-config.tac: added file copied
from Session Manager equivalent

python/ndg.security.server/ndg/security/server/ca/SimpleCA.py:

  • added ability to generate a certificate request using M2Crypto
  • added properties for running web service over SSL + PKI settings
  • properties file path can be set vai the NDGSEC_CA_PROPFILEPATH environment variable

python/ndg.security.server/ndg/security/server/ca/start-container.sh: script to run
service with twistd.

python/ndg.security.server/ndg/security/server/ca/Makefile: calls to wsdl2dispatch to
generate server side stubs.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac: fixed typo

  • ref to Attribute Authority instead of Session Manager.

python/ndg.security.server/ndg/security/server/MyProxy.py: simplified use of OpenSSLConfig
class.

python/conf/sessionMgrProperties.xml: removed duplicate lines.

python/conf/simpleCAProperties.xml: re-added - for some reason not previously stored in
repository.

python/ndg.security.test/ndg/security/test/ca/server.sh: adapted from Session Manager
version.

python/ndg.security.test/ndg/security/test/ca/caClientTest.cfg: added settings for
issueCert unit test to configure certificate request.

python/ndg.security.test/ndg/security/test/ca/caClientTest.py: setting up
test1IssueCert unit test.

python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml: added settings for
SSL and PKI.

python/ndgSetup.sh: set up GRID_SECURITY_DIR environment variable

python/ndg.security.common/ndg/security/common/ca/init.py: Certificate Authority
web service client - updated settings for OpenSSLConfig object and issueCert method.

python/ndg.security.common/ndg/security/common/ca/CertReq.py: old code from alpha version
of NDG-Security.

python/ndg.security.common/ndg/security/common/ca/Makefile: generates client and server
side stubs for Certificate Authority web service.

python/ndg.security.common/ndg/security/common/wsSecurity.py: updated header

python/ndg.security.common/ndg/security/common/openssl.py:

  • fixed regular expression for 'req_distinguished_name' pattern match
  • parameters are parsed in call to read() rather than in getReqDN method.
  • reqDN is now a property.
Line 
1#!/usr/bin/env python
2"""NDG Security Session Manager .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import socket
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from CertificateAuthority_services_server import CertificateAuthorityService
24from ndg.security.server.CertificateAuthority import CertificateAuthority
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class CertificateAuthorityServiceSub(CertificateAuthorityService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize SimpleCA class
38        self.ca = CertificateAuthority()
39       
40    def soap_issueCert(self, ps, **kw):
41        import pdb;pdb.set_trace()
42        request,response = CertificateAuthorityService.soap_issueCert(self,ps)
43       
44        response.cert = self.ca.sign(certReq=request.CertReq)[0]
45        return request, response
46
47    def soap_revokeCert(self, ps, **kw):
48        #import pdb;pdb.set_trace()
49        request,response=CertificateAuthorityService.soap_revokeCert(self,ps)
50
51        self.ca.revokeCert(cert=request.Cert)
52                         
53        return request, response
54
55    def soap_getCRL(self, ps, **kw):
56        #import pdb;pdb.set_trace()
57        request, response = CertificateAuthorityService.soap_getCRL(self, ps)
58       
59        response.Crl = self.ca.genCRL()
60        return request, response
61
62
63# Create Service
64srv = CertificateAuthorityServiceSub()
65
66# Initialise WS-Security signature handler passing Certificate Authority
67# public and private keys
68WSSecurityHandler.signatureHandler = SignatureHandler(\
69                                                                verifyingCertFilePath=srv.ca['clntCertFile'],
70                                    signingCertFilePath=srv.ca['certFile'],
71                                    signingPriKeyFilePath=srv.ca['keyFile'],
72                                    signingPriKeyPwd=srv.ca['keyPwd'])
73
74# Add Service to Session Manager branch
75root = Resource()
76root.putChild('CertificateAuthority', srv)
77siteFactory = Site(root)
78
79if srv.ca['useSSL']:
80        # Use SSL connection
81        from twisted.internet import ssl
82       
83        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
84        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.ca['sslKeyFile'], 
85                                                                                                  srv.ca['sslCertFile'])
86        port = internet.SSLServer(srv.ca['portNum'], siteFactory, ctxFactory)
87else:   
88        # Non-SSL
89        port = internet.TCPServer(srv.ca['portNum'], siteFactory)
90
91application = service.Application("CertificateAuthorityContainer")
92port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.