source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py @ 4129

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py@4129
Revision 4129, 2.5 KB checked in by cbyrom, 11 years ago (diff)

General refactoring and updating of code, including:

Removal of refC14nKw and singnedInfoC14nKw keywords in wsssecurity session manager config
(the refC14nInclNS and signedInfoC14nInclNS keywords are sufficient);
Creation of new DOM signature handler class, dom.py, based on the wsSecurity
class;
Abstraction of common code between dom.py and etree.py into new parent
class, BaseSignatureHandler?.py.
Fixing and extending use of properties in the SignatureHandler? code.
Fixing a few bugs with the original SignatureHandler? code.
Updating of test cases to new code/code structure.

Line 
1"""WSGI Middleware for WS-Security
2
3Currently implements Digital Signature handling based around ZSI
4
5NERC Data Grid Project"""
6__author__ = "P J Kershaw"
7__date__ = "11/06/08"
8__copyright__ = "(C) 2008 STFC & NERC"
9__license__ = \
10"""This software may be distributed under the terms of the Q Public
11License, version 1.0 or later."""
12__contact__ = "P.J.Kershaw@rl.ac.uk"
13__revision__ = '$Id$'
14
15import logging
16log = logging.getLogger(__name__)
17
18from ZSI.parse import ParsedSoap
19
20from ZSI.writer import SoapWriter
21from ndg.security.common.wssecurity.dom import SignatureHandler
22
23class SignatureMiddleware(object):
24    '''Apply WS-Security digital signature to SOAP message'''
25   
26    def __init__(self, app, app_conf):
27        self.app = app
28        self.signatureHandler = SignatureHandler(
29                                        cfg=app_conf.get('wsseCfgFilePath'))
30   
31    def __call__(self, environ, start_response):
32       
33        log.debug('Signing outbound message ...')
34        app = self.app(environ, start_response)
35
36        if 'ZSI.writer.SoapWriter' not in environ:
37            raise KeyError("Expecting 'ZSI.writer.SoapWriter' key in environ")
38       
39        sw = environ['ZSI.writer.SoapWriter']
40        self.signatureHandler.sign(sw)
41        soapOut = str(sw)
42       
43        return [soapOut]
44   
45
46class SignatureVerificationMiddleware(object):
47    '''Verify WS-Security digital signature in SOAP message'''
48   
49    def __init__(self, app, app_conf):
50        log.debug("SignatureVerificationMiddleware.__init__ ...")
51        self.app = app
52        self.signatureHandler = SignatureHandler(
53                                        cfg=app_conf.get('wsseCfgFilePath'))
54   
55    def __call__(self, environ, start_response):
56       
57        if 'SOAP_ACTION' not in environ:
58            log.debug("Non-SOAP request: Skipping signature verification")
59            return self.app(environ, start_response)
60
61        log.debug("Verifying inbound message signature...")
62       
63        # TODO: allow for chunked data
64        soapIn = environ['wsgi.input'].read(environ['CONTENT_LENGTH'])
65       
66        ps = ParsedSoap(soapIn)
67        self.signatureHandler.verify(ps)
68       
69        # Pass on in environment as an efficiency measure for any following
70        # SOAP Middleware
71        environ['ZSI.parse.ParsedSoap'] = ps
72        return self.app(environ, start_response)
73
74
75def makeSignatureVerificationFilter(app, global_conf):
76    return SignatureVerificationMiddleware(app, global_conf) 
77
78def makeSignatureFilter(app, global_conf):
79    return SignatureMiddleware(app, global_conf)
Note: See TracBrowser for help on using the repository browser.