source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/ca.tac @ 2866

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/ca.tac@2866
Revision 2866, 3.8 KB checked in by pjkersha, 12 years ago (diff)

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
moved to ndg.security.server/ndg/security/server/conf/attAuthority.tac to
simplifier config for deployment.

ndg.security.server/ndg/security/server/ca/server-config.tac: likewise moved
to ndg.security.server/ndg/security/server/conf/ca.tac

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac: moved
to ndg.security.server/ndg/security/server/conf/sessionMgr.tac

ndg.security.server/ndg/security/server/SessionMgr/init.py: fix to error
message for SessionMgr?.connect2UserSession.

ndg.security.test/ndg/security/test/AttAuthority/siteAServer.sh,
ndg.security.test/ndg/security/test/AttAuthority/siteBServer.sh,
ndg.security.test/ndg/security/test/SessionMgr/server.sh: AA unit test
script to start service - simplified for new location of .tac file in conf/

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg: fix
to test6cGetAttCertWithExtAttCertListUsingSessID - save AC from
test6GetAttCertUsingSessID test and use here.

Line 
1#!/usr/bin/env python
2"""NDG Security Certificate Authority .tac file
3
4This file enables the Session Manager web service to be
5called under the Twisted framework
6
7NERC Data Grid Project
8
9@author P J Kershaw 23/11/06
10
11@copyright (C) 2007 CCLRC & NERC
12
13@license This software may be distributed under the terms of the Q Public
14License, version 1.0 or later.
15"""
16import sys
17
18from ZSI.twisted.WSresource import WSResource
19from twisted.application import service, internet
20from twisted.web.server import Site
21from twisted.web.resource import Resource
22
23from ndg.security.server.ca.CertificateAuthority_services_server import \
24        CertificateAuthorityService
25from ndg.security.server.ca import SimpleCA, SimpleCAPassPhraseError
26from ndg.security.common.wsSecurity import SignatureHandler
27from ndg.security.server.twisted import WSSecurityHandlerChainFactory, \
28        WSSecurityHandler
29
30
31class CertificateAuthorityServiceSub(CertificateAuthorityService, WSResource):
32
33    # Add WS-Security handlers
34    factory = WSSecurityHandlerChainFactory
35       
36    def __init__(self):
37        WSResource.__init__(self)
38         
39        # Initialize SimpleCA class
40        self.ca = SimpleCA()
41       
42       
43        # Check for CA pass-phrase input
44        try:
45                self.ca.chkCAPassphrase()
46        except SimpleCAPassPhraseError:
47                import getpass
48
49                nTries = 0
50                while nTries < 10:
51                    try:
52                        self.ca.caPassphrase = \
53                            getpass.getpass(prompt="CA Pass-phrase: ")
54                        break
55                   
56                    except KeyboardInterrupt:
57                        sys.exit(1)
58                       
59                    except SimpleCAPassPhraseError:
60                        nTries += 1
61                        if nTries >= 10:
62                            print >>sys.stderr, \
63                                "Invalid Pass-phrase - exiting after 10 attempts"
64                            sys.exit(1)
65                        else:
66                            print >>sys.stderr, "Invalid pass-phrase"
67
68       
69    def soap_issueCert(self, ps, **kw):
70        import pdb;pdb.set_trace()
71        request,response = CertificateAuthorityService.soap_issueCert(self,ps)
72       
73        response.X509Cert = self.ca.sign(certReq=request.X509CertReq)[0]
74        return request, response
75
76    def soap_revokeCert(self, ps, **kw):
77        #import pdb;pdb.set_trace()
78        request,response=CertificateAuthorityService.soap_revokeCert(self,ps)
79
80        self.ca.revokeCert(cert=request.Cert)
81                         
82        return request, response
83
84    def soap_getCRL(self, ps, **kw):
85        #import pdb;pdb.set_trace()
86        request, response = CertificateAuthorityService.soap_getCRL(self, ps)
87       
88        response.Crl = self.ca.genCRL()
89        return request, response
90
91
92# Create Service
93srv = CertificateAuthorityServiceSub()
94
95# Initialise WS-Security signature handler passing Certificate Authority
96# public and private keys
97WSSecurityHandler.signatureHandler = SignatureHandler(\
98                                                        verifyingCertFilePath=srv.ca.get('clntCertFile'),
99                            signingCertFilePath=srv.ca['certFile'],
100                            signingPriKeyFilePath=srv.ca['keyFile'],
101                            signingPriKeyPwd=srv.ca['keyPwd'])
102
103# Add Service to Session Manager branch
104root = Resource()
105root.putChild('CertificateAuthority', srv)
106siteFactory = Site(root)
107
108if srv.ca['useSSL']:
109        # Use SSL connection
110        from twisted.internet import ssl
111       
112        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL
113        ctxFactory = ssl.DefaultOpenSSLContextFactory(srv.ca['sslKeyFile'], 
114                                                                                                  srv.ca['sslCertFile'])
115        port = internet.SSLServer(srv.ca['portNum'], siteFactory, ctxFactory)
116else:   
117        # Non-SSL
118        port = internet.TCPServer(srv.ca['portNum'], siteFactory)
119
120application = service.Application("CertificateAuthorityContainer")
121port.setServiceParent(application)
Note: See TracBrowser for help on using the repository browser.