source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/ca/server-config.tac @ 2153

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/ca/server-config.tac@2153
Revision 2153, 3.7 KB checked in by pjkersha, 14 years ago (diff)

Fixes to CA pass-phrase setting.

Line 
1#!/usr/bin/env python
2"""NDG Security Session Manager .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import sys
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from CertificateAuthority_services_server import CertificateAuthorityService
24from ndg.security.server.ca import SimpleCA, SimpleCAPassPhraseError
25from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \
26        WSSecurityHandler, SignatureHandler
27
28
29class CertificateAuthorityServiceSub(CertificateAuthorityService, WSResource):
30
31    # Add WS-Security handlers
32    factory = WSSecurityHandlerChainFactory
33       
34    def __init__(self):
35        WSResource.__init__(self)
36         
37        # Initialize SimpleCA class
38        self.ca = SimpleCA()
39       
40       
41        # Check for CA pass-phrase input
42        try:
43                self.ca.chkCAPassphrase()
44        except SimpleCAPassPhraseError:
45                import getpass
46
47                nTries = 0
48                while nTries < 10:
49                    try:
50                        self.ca.caPassphrase = \
51                            getpass.getpass(prompt="CA Pass-phrase: ")
52                        break
53                   
54                    except KeyboardInterrupt:
55                        sys.exit(1)
56                       
57                    except SimpleCAPassPhraseError:
58                        nTries += 1
59                        if nTries >= 10:
60                            print >>sys.stderr, \
61                                "Invalid Pass-phrase - exiting after 10 attempts"
62                            sys.exit(1)
63                        else:
64                            print >>sys.stderr, "Invalid pass-phrase"
65
66       
67    def soap_issueCert(self, ps, **kw):
68        import pdb;pdb.set_trace()
69        request,response = CertificateAuthorityService.soap_issueCert(self,ps)
70       
71        response.X509Cert = self.ca.sign(certReq=request.X509CertReq)[0]
72        return request, response
73
74    def soap_revokeCert(self, ps, **kw):
75        #import pdb;pdb.set_trace()
76        request,response=CertificateAuthorityService.soap_revokeCert(self,ps)
77
78        self.ca.revokeCert(cert=request.Cert)
79                         
80        return request, response
81
82    def soap_getCRL(self, ps, **kw):
83        #import pdb;pdb.set_trace()
84        request, response = CertificateAuthorityService.soap_getCRL(self, ps)
85       
86        response.Crl = self.ca.genCRL()
87        return request, response
88
89
90# Create Service
91srv = CertificateAuthorityServiceSub()
92
93# Initialise WS-Security signature handler passing Certificate Authority
94# public and private keys
95WSSecurityHandler.signatureHandler = SignatureHandler(\
96                                                        verifyingCertFilePath=srv.ca.get('clntCertFile'),
97                            signingCertFilePath=srv.ca['certFile'],
98                            signingPriKeyFilePath=srv.ca['keyFile'],
99                            signingPriKeyPwd=srv.ca['keyPwd'])
100
101# Add Service to Session Manager branch
102root = Resource()
103root.putChild('CertificateAuthority', srv)
104siteFactory = Site(root)
105
106if srv.ca['useSSL']:
107        # Use SSL connection
108        from twisted.internet import ssl
109       
110        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
111        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.ca['sslKeyFile'], 
112                                                                                                  srv.ca['sslCertFile'])
113        port = internet.SSLServer(srv.ca['portNum'], siteFactory, ctxFactory)
114else:   
115        # Non-SSL
116        port = internet.TCPServer(srv.ca['portNum'], siteFactory)
117
118application = service.Application("CertificateAuthorityContainer")
119port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.