source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py @ 3754

'''
Security middleware - set-up configuration items

P J Kershaw 18/03/08
'''

class ndg:
    '''Class structure to define a namespace for SSO Service config attached
    Pylons global variable 'g'
    '''
    class security:
        class server:
            class ssoservice:
                cfg = None

class SSOMiddleware:
    
    def __init__(self, app, cfgFilePath, appGlobals):
        self.app = app
        ndg.security.server.ssoservice.cfg = SecurityConfig(cfgFilePath)
        ndg.security.server.ssoservice.cfg.read()
        appGlobals.ndg = ndg
          
    def __call__(self, environ, start_response):
        
#        environ['securityConfig'] = self.config
        return self.app(environ, start_response)


import sys
from ConfigParser import SafeConfigParser as ConfigParser
from ndg.security.common.wssecurity import WSSecurityConfig

class SecurityConfigError(Exception):
    """Handle errors from parsing security config items"""
       
class SecurityConfig(object):
    """Get Security related parameters from the Pylons NDG config file"""

    def __init__(self, cfgFilePath=None):
        '''Get PKI settings for Attribute Authority and Session Manager from
        the configuration file
        
        @type cfgFilePath: pylons config file object
        @param cfgFilePath: reference to NDG configuration file.  If omitted 
        defaults to request.environ['ndgConfig']'''
        
        self.cfgFilePath = cfgFilePath
        self.gk = None
        self.wss = {}
        
    def read(self):
        '''Read content of config file into object'''
        cfg = ConfigParser()
        cfg.read(self.cfgFilePath)
       
        tracefileExpr = cfg.get('NDG_SECURITY', 'tracefile')
        if tracefileExpr:
            self.tracefile = eval(tracefileExpr)

        self.smURI = cfg.get('NDG_SECURITY', 'sessionMgrURI')        
        self.aaURI = cfg.get('NDG_SECURITY', 'attAuthorityURI')
        
        # ... for SSL connections to security web services
        try:
            self.sslCACertFilePathList = \
            cfg.get('NDG_SECURITY', 'sslCACertFilePathList').split()
                
        except AttributeError:
            raise SecurityConfigError, \
                        'No "sslCACertFilePathList" security setting'

        self.sslPeerCertCN = cfg.get('NDG_SECURITY', 'sslPeerCertCN', None)

        wssCfgFilePath = cfg.get('NDG_SECURITY', 'wssCfgFilePath', None)
        wss = WSSecurityConfig()
        wss.read(wssCfgFilePath)
        
        # Cast to standard dict because WSSecurityConfig object can't be
        # passed via **kw and dict(wss) doesn't work 
        # TODO: check for cleaner solution - dict(wss)
        self.wss = dict(wss.items())
        
#        # ...and for WS-Security digital signature
#        self.wssCertFilePath = cfg.get('NDG_SECURITY', 'wssCertFilePath')
#        self.wssPriKeyFilePath = cfg.get('NDG_SECURITY', 'wssKeyFilePath')
#        self.wssPriKeyPwd = cfg.get('NDG_SECURITY', 'wssKeyPwd')
#
#        try:
#            self.wssCACertFilePathList = \
#                cfg.get('NDG_SECURITY', 'wssCACertFilePathList').split()
#                
#        except AttributeError:
#            raise SecurityConfigError, \
#                                'No "wssCACertFilePathList" security setting'
#
#        # Inclusive namespace prefixes for Exclusive C14N
#        try:
#            self.wssRefInclNS = cfg.get('NDG_SECURITY', 'wssRefInclNS').split()
#                
#        except AttributeError:
#            raise SecurityConfigError, 'No "wssRefInclNS" security setting'
#
#        try:
#            self.wssSignedInfoInclNS = cfg.get('NDG_SECURITY', 
#                                               'wssSignedInfoInclNS').split()           
#        except AttributeError:
#            raise SecurityConfigError, \
#                                    'No "wssSignedInfoInclNS" security setting'

        
        # Gatekeeper params
        
        # Attribute Certificate Issuer
        self.acIssuer = cfg.get('NDG_SECURITY', 'acIssuer')
        
        # verification of X.509 cert back to CA
        try:
            self.acCACertFilePathList = cfg.get('NDG_SECURITY', 
                                            'acCACertFilePathList').split()          
        except AttributeError:
            raise SecurityConfigError, \
                                'No "acCACertFilePathList" security setting'

        # Hostname
        self.server=cfg.get('NDG_SECURITY', 'server', '')

        # For secure connections
        self.sslServer = cfg.get('NDG_SECURITY', 'sslServer', '')
        
        # These URLs are referred from template files
        self.getCredentials = '%s/getCredentials' % self.sslServer       
        self.logout = '%s/logout' % self.server
                      
        # Where Are You From URI          
        self.wayfuri='%s/wayf' % self.server

        self.localLink=cfg.get('layout', 'localLink', None)
        self.localImage=cfg.get('layout', 'localImage', None)
        self.localAlt=cfg.get('layout', 'localAlt', 'Visit Local Site')
        self.ndgLink=cfg.get('layout', 'ndgLink', 'http://ndg.nerc.ac.uk')
        self.ndgImage=cfg.get('layout', 'ndgImage', None)
        self.ndgAlt=cfg.get('layout', 'ndgAlt','Visit NDG')
        self.stfcLink=cfg.get('layout', 'stfcLink')
        self.stfcImage=cfg.get('layout', 'stfcImage')
        self.helpIcon=cfg.get('layout', 'helpIcon')
        self.LeftAlt=cfg.get('layout', 'HdrLeftAlt')
        self.LeftLogo=cfg.get('layout', 'HdrLeftLogo')
        self.pageLogo="bodcHdr"
        self.icons_xml=cfg.get('layout','Xicon')
        self.icons_plot=cfg.get('layout','plot')
        self.icons_prn=cfg.get('layout', 'printer')
        
        self.disclaimer = cfg.get('DEFAULT', 'disclaimer')
            
            
    def __repr__(self):
        return '\n'.join(["%s=%s" % (k,v) for k,v in self.__dict__.items() \
                if k[:2] != "__"])