source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py @ 5181

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py@5181
Revision 5181, 7.3 KB checked in by pjkersha, 11 years ago (diff)

Added a Policy Information Point to encapsulate subject attribute retrieval.

Line 
1"""NDG Security - client interface classes to Session Manager
2
3Make requests for authentication and authorisation
4
5NERC Data Grid Project
6
7"""
8__author__ = "P J Kershaw"
9__date__ = "27/11/08"
10__copyright__ = "(C) 2009 Science and Technology Facilities Council"
11__contact__ = "Philip.Kershaw@stfc.ac.uk"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__revision__ = "$Id$"
14import logging
15log = logging.getLogger(__name__)
16
17from ndg.security.server.wsgi.utils.clientbase import WSGIClientBase
18from ndg.security.common.attributeauthority import AttributeAuthorityClient
19
20class WSGIAttributeAuthorityClientError(Exception):
21    """Base class for WSGIAttributeAuthorityClient exceptions"""
22   
23class WSGIAttributeAuthorityClientConfigError(
24                                        WSGIAttributeAuthorityClientError):
25    """Configuration error"""
26   
27class WSGIAttributeAuthorityClient(WSGIClientBase):
28    """Client interface to Attribute Authority for WSGI based applications
29   
30    This class wraps the SOAP based web service client and alternate direct
31    access to a Attribute Authority instance in the same code stack available
32    via an environ keyword
33    """
34   
35    defaultEnvironKeyName = "ndg.security.server.wsgi.attributeAuthorityFilter"
36           
37    _getLocalClient = lambda self:self._environ[
38                                    self.environKeyName].serviceSOAPBinding.aa
39    localClient = property(fget=_getLocalClient, 
40                           doc="Attribute Authority local instance")
41
42    def __init__(self, environKeyName=None, environ={}, **clientKw):
43        """Initialise an interface to an Attribute Authority accessible either
44        via a keyword to a WSGI environ dictionary or via a web service call
45       
46        @type environKeyName: basestring or None
47        @param environKeyName: dict key reference to service object to be
48        invoked.  This may be set later using the environKeyName property
49        or may be omitted altogether if the service is to be invoked via a
50        web service call
51        @type environ: dict
52        @param environ: WSGI environment dictionary containing a reference to
53        the service object.  This may not be known at instantiation of this
54        class.  environ is not required if the service is to be invoked over
55        a web service interface
56        @type clientKw: dict
57        @param clientKw: custom keywords to instantiate a web service client
58        interface.  Derived classes are responsible for instantiating this
59        from an extended version of this __init__ method.
60        """
61
62        log.debug("WSGIAttributeAuthorityClient.__init__ ...")
63       
64        self.environKeyName = environKeyName or \
65                            WSGIAttributeAuthorityClient.defaultEnvironKeyName
66       
67        # Standard WSGI environment dict
68        self._environ = environ
69       
70        if clientKw.get('uri'):
71            self.wsClient = AttributeAuthorityClient(**clientKw)
72        else:
73            self.wsClient = None
74           
75    def getHostInfo(self):
76        """Return details about the Attribute Authority host: its ID,
77        the user login URI and AA URI address. 
78       
79        @rtype: dict
80        @return: dictionary of host information derived from the map
81        configuration held by the AA"""
82       
83        if self.localClientInEnviron:
84            # Connect to local instance
85            return self.localClient.hostInfo
86       
87        elif self.wsClient is None:           
88            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
89                        "local Attribute Authority is set and no SOAP client "
90                        "to a remote service has been initialised")
91        else:           
92            # Make connection to remote service
93            return self.wsClient.getHostInfo()
94       
95       
96    def getTrustedHostInfo(self, **kw):
97        """Get list of trusted hosts for an Attribute Authority
98       
99        @type **kw: dict
100        @param **kw: getTrustedHostInfo keywords applicable to
101        ndg.security.server.attributeauthority.AttributeAuthority.getTrustedHostInfo and
102        ndg.security.common.attributeauthority.AttributeAuthorityClient.getTrustedHostInfo
103        the SOAP client
104               
105        @rtype: dict
106        @return: dictionary of host information indexed by hostname derived
107        from the map configuration"""
108       
109        if self.localClientInEnviron:
110            # Connect to local instance
111            return self.localClient.getTrustedHostInfo(**kw)
112       
113        elif self.wsClient is None:           
114            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
115                        "local Attribute Authority is set and no SOAP client "
116                        "to a remote service has been initialised")
117        else:
118            # Make connection to remote service
119            return self.wsClient.getTrustedHostHostInfo(**kw)
120
121
122    def getAllHostsInfo(self):
123        """Get list of all hosts for an Attribute Authority i.e. itself and
124        all the hosts it trusts
125       
126        @rtype: dict
127        @return: dictionary of host information indexed by hostname derived
128        from the map configuration"""
129       
130        if self.localClientInEnviron:
131            # Connect to local instance - combine this host's info with info
132            # from other trusted hosts
133            allHostsInfo = self.localClient.hostInfo
134            allHostsInfo.update(self.localClient.getTrustedHostInfo())
135            return allHostsInfo
136        elif self.wsClient is None:           
137            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
138                        "local Attribute Authority is set and no SOAP client "
139                        "to a remote service has been initialised")
140        else:
141            # Make connection to remote service
142            return self.wsClient.getAllHostsInfo()
143
144
145    def getAttCert(self, **kw):
146        """Request attribute certificate from NDG Attribute Authority
147       
148        @type **kw: dict
149        @param **kw: getTrustedHostInfo keywords applicable to
150        ndg.security.server.attributeauthority.AttributeAuthority.getAttCert and
151        ndg.security.common.attributeauthority.AttributeAuthorityClient.getAttCert
152        the SOAP client
153               
154        @rtype ndg.security.common.AttCert.AttCert
155        @return attribute certificate for user.  If access is refused,
156        AttributeRequestDenied or AttributeAuthorityAccessDenied are raised
157        depending on whether the call is to a local instance or a remote
158        service"""
159       
160        if self.localClientInEnviron:
161            # Connect to local instance
162            if 'userX509Cert' in kw:
163                kw['holderX509Cert'] = kw.pop('userX509Cert')
164
165            return self.localClient.getAttCert(**kw)
166        elif self.wsClient is None:           
167            raise WSGIAttributeAuthorityClientConfigError("No reference to a "
168                        "local Attribute Authority is set and no SOAP client "
169                        "to a remote service has been initialised")
170        else:
171            # Make connection to remote service
172            if 'holderX509Cert' in kw:
173                kw['userX509Cert'] = kw.pop('holderX509Cert')
174               
175            return self.wsClient.getAttCert(**kw)
Note: See TracBrowser for help on using the repository browser.