source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py @ 4584

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py@4584
Revision 4584, 5.4 KB checked in by pjkersha, 12 years ago (diff)

Started integration work for common WSGI/SOAP client based interfaces (ndg.security.server.wsgi.utils.sessionmanagerclient and ndg.security.server.wsgi.utils.attributeauthorityclient) with Pylons Single Sign On package (ndg.security.server.sso)

Line 
1"""NDG Security - client interface classes to Session Manager
2
3Make requests for authentication and authorisation
4
5NERC Data Grid Project
6
7This software may be distributed under the terms of the Q Public License,
8version 1.0 or later.
9"""
10__author__ = "P J Kershaw"
11__date__ = "27/11/08"
12__copyright__ = "(C) 2008 STFC & NERC"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = "$Id$"
15import logging
16log = logging.getLogger(__name__)
17
18from ndg.security.common.attributeauthority import AttributeAuthorityClient
19
20class WSGIAttributeAuthorityClient(object):
21    """Client interface to Attribute Authority for WSGI based applications
22   
23    This class wraps the SOAP based web service client and alternate direct
24    access to a Attribute Authority instance in the same code stack available
25    via an environ keyword
26    """
27   
28    environKey = "ndg.security.server.wsgi.attributeAuthorityFilter"
29           
30    _refInEnviron=lambda self: self._environKey in self._environ
31   
32    # Define as property for convenient call syntax
33    refInEnviron = property(fget=_refInEnviron,
34                            doc="return True if a Attribute Authority "
35                                "instance is available in WSGI environ")
36   
37    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa
38    ref = property(fget=_getRef, doc="Attribute Authority local instance")
39
40   
41    def __init__(self, environKey=None, environ={}, **soapClientKw):
42
43        log.debug("WSGIAttributeAuthorityClient.__init__ ...")
44       
45        self._environKey=environKey or WSGIAttributeAuthorityClient.environKey
46       
47        # Standard WSGI environment dict
48        self._environ = environ
49       
50        if 'uri' in soapClientKw:
51            self._soapClient = AttributeAuthorityClient(**soapClientKw)
52        else:
53            self._soapClient = None
54             
55    def _setEnviron(self, environ):
56        if not isinstance(environ, dict):
57            raise TypeError("Expecting dict type for 'environ' property")
58        self._environ = environ
59       
60    def _getEnviron(self, environ):
61        return self._environ
62   
63    environ = property(fget=_getEnviron, 
64                       fset=_setEnviron, 
65                       doc="WSGI environ dictionary")
66           
67    def getHostInfo(self):
68        """Return details about the Attribute Authority host: its ID,
69        the user login URI and AA URI address. 
70       
71        @rtype: dict
72        @return: dictionary of host information derived from the map
73        configuration held by the AA"""
74       
75        if self.refInEnviron:
76            # Connect to local instance
77            return self.ref.hostInfo
78        else:
79            # Make connection to remote service
80            return self._soapClient.getHostInfo()
81       
82       
83    def getTrustedHostInfo(self, **kw):
84        """Get list of trusted hosts for an Attribute Authority
85       
86        @type **kw: dict
87        @param **kw: getTrustedHostInfo keywords applicable to
88        ndg.security.server.attributeauthority.AttributeAuthority.getTrustedHostInfo and
89        ndg.security.common.attributeauthority.AttributeAuthorityClient.getTrustedHostInfo
90        the SOAP client
91               
92        @rtype: dict
93        @return: dictionary of host information indexed by hostname derived
94        from the map configuration"""
95       
96        if self.refInEnviron:
97            # Connect to local instance
98            return self.ref.getTrustedHostInfo(**kw)
99        else:
100            # Make connection to remote service
101            return self._soapClient.getTrustedHostHostInfo(**kw)
102
103
104    def getAllHostsInfo(self):
105        """Get list of all hosts for an Attribute Authority i.e. itself and
106        all the hosts it trusts
107       
108        @rtype: dict
109        @return: dictionary of host information indexed by hostname derived
110        from the map configuration"""
111       
112        if self.refInEnviron:
113            # Connect to local instance - combine this host's info with info
114            # from other trusted hosts
115            allHostsInfo = self.ref.hostInfo
116            allHostsInfo.update(self.ref.getAllHostsInfo())
117            return allHostsInfo
118        else:
119            # Make connection to remote service
120            return self._soapClient.getAllHostsInfo()
121
122
123    def getAttCert(self, **kw):
124        """Request attribute certificate from NDG Attribute Authority
125       
126        @type **kw: dict
127        @param **kw: getTrustedHostInfo keywords applicable to
128        ndg.security.server.attributeauthority.AttributeAuthority.getAttCert and
129        ndg.security.common.attributeauthority.AttributeAuthorityClient.getAttCert
130        the SOAP client
131               
132        @rtype ndg.security.common.AttCert.AttCert
133        @return attribute certificate for user.  If access is refused,
134        AttributeRequestDenied or AttributeAuthorityAccessDenied are raised
135        depending on whether the call is to a local instance or a remote
136        service"""
137       
138        if self.refInEnviron:
139            # Connect to local instance
140            if 'userX509Cert' in kw:
141                kw['holderX509Cert'] = kw.pop('userX509Cert')
142
143            return self.ref.getAttCert(**kw)
144        else:
145            # Make connection to remote service
146            if 'holderX509Cert' in kw:
147                kw['userX509Cert'] = kw.pop('holderX509Cert')
148               
149            return self._soapClient.getAttCert(**kw)
Note: See TracBrowser for help on using the repository browser.