source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py @ 4891

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py@4891
Revision 4891, 6.0 KB checked in by pjkersha, 12 years ago (diff)
  • fix typos in SSO service wayf templates
  • fix bug WSGI Client classes
Line 
1"""NDG Security - client interface classes to Session Manager
2
3Make requests for authentication and authorisation
4
5NERC Data Grid Project
6
7"""
8__author__ = "P J Kershaw"
9__date__ = "27/11/08"
10__copyright__ = "(C) 2009 Science and Technology Facilities Council"
11__contact__ = "Philip.Kershaw@stfc.ac.uk"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__revision__ = "$Id$"
14import logging
15log = logging.getLogger(__name__)
16
17from ndg.security.server.wsgi.utils.clientbase import WSGIClientBase
18from ndg.security.common.attributeauthority import AttributeAuthorityClient
19
20class WSGIAttributeAuthorityClientError(Exception):
21    """Base class for WSGIAttributeAuthorityClient exceptions"""
22   
23class WSGIAttributeAuthorityClientConfigError(
24                                        WSGIAttributeAuthorityClientError):
25    """Configuration error"""
26   
27class WSGIAttributeAuthorityClient(WSGIClientBase):
28    """Client interface to Attribute Authority for WSGI based applications
29   
30    This class wraps the SOAP based web service client and alternate direct
31    access to a Attribute Authority instance in the same code stack available
32    via an environ keyword
33    """
34   
35    environKey = "ndg.security.server.wsgi.attributeAuthorityFilter"
36           
37    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa
38    ref = property(fget=_getRef, doc="Attribute Authority local instance")
39
40    def __init__(self, environKey=None, environ={}, **clientKw):
41
42        log.debug("WSGIAttributeAuthorityClient.__init__ ...")
43       
44        self._environKey=environKey or WSGIAttributeAuthorityClient.environKey
45       
46        # Standard WSGI environment dict
47        self._environ = environ
48       
49        if clientKw.get('uri'):
50            self._client = AttributeAuthorityClient(**clientKw)
51        else:
52            self._client = None
53           
54    def getHostInfo(self):
55        """Return details about the Attribute Authority host: its ID,
56        the user login URI and AA URI address. 
57       
58        @rtype: dict
59        @return: dictionary of host information derived from the map
60        configuration held by the AA"""
61       
62        if self.refInEnviron:
63            # Connect to local instance
64            return self.ref.hostInfo
65       
66        elif self._client is None:           
67            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
68                        "local Attribute Authority is set and no SOAP client "
69                        "to a remote service has been initialised")
70        else:           
71            # Make connection to remote service
72            return self._client.getHostInfo()
73       
74       
75    def getTrustedHostInfo(self, **kw):
76        """Get list of trusted hosts for an Attribute Authority
77       
78        @type **kw: dict
79        @param **kw: getTrustedHostInfo keywords applicable to
80        ndg.security.server.attributeauthority.AttributeAuthority.getTrustedHostInfo and
81        ndg.security.common.attributeauthority.AttributeAuthorityClient.getTrustedHostInfo
82        the SOAP client
83               
84        @rtype: dict
85        @return: dictionary of host information indexed by hostname derived
86        from the map configuration"""
87       
88        if self.refInEnviron:
89            # Connect to local instance
90            return self.ref.getTrustedHostInfo(**kw)
91        elif self._client is None:           
92            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
93                        "local Attribute Authority is set and no SOAP client "
94                        "to a remote service has been initialised")
95        else:
96            # Make connection to remote service
97            return self._client.getTrustedHostHostInfo(**kw)
98
99
100    def getAllHostsInfo(self):
101        """Get list of all hosts for an Attribute Authority i.e. itself and
102        all the hosts it trusts
103       
104        @rtype: dict
105        @return: dictionary of host information indexed by hostname derived
106        from the map configuration"""
107       
108        if self.refInEnviron:
109            # Connect to local instance - combine this host's info with info
110            # from other trusted hosts
111            allHostsInfo = self.ref.hostInfo
112            allHostsInfo.update(self.ref.getTrustedHostInfo())
113            return allHostsInfo
114        elif self._client is None:           
115            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
116                        "local Attribute Authority is set and no SOAP client "
117                        "to a remote service has been initialised")
118        else:
119            # Make connection to remote service
120            return self._client.getAllHostsInfo()
121
122
123    def getAttCert(self, **kw):
124        """Request attribute certificate from NDG Attribute Authority
125       
126        @type **kw: dict
127        @param **kw: getTrustedHostInfo keywords applicable to
128        ndg.security.server.attributeauthority.AttributeAuthority.getAttCert and
129        ndg.security.common.attributeauthority.AttributeAuthorityClient.getAttCert
130        the SOAP client
131               
132        @rtype ndg.security.common.AttCert.AttCert
133        @return attribute certificate for user.  If access is refused,
134        AttributeRequestDenied or AttributeAuthorityAccessDenied are raised
135        depending on whether the call is to a local instance or a remote
136        service"""
137       
138        if self.refInEnviron:
139            # Connect to local instance
140            if 'userX509Cert' in kw:
141                kw['holderX509Cert'] = kw.pop('userX509Cert')
142
143            return self.ref.getAttCert(**kw)
144        elif self._client is None:           
145            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
146                        "local Attribute Authority is set and no SOAP client "
147                        "to a remote service has been initialised")
148        else:
149            # Make connection to remote service
150            if 'holderX509Cert' in kw:
151                kw['userX509Cert'] = kw.pop('holderX509Cert')
152               
153            return self._client.getAttCert(**kw)
Note: See TracBrowser for help on using the repository browser.