source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority.py @ 4138

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority.py@4138
Revision 4138, 6.8 KB checked in by cbyrom, 12 years ago (diff)

Implement consistent use of keywords throughout the codebase - using
the wssecurity class as the guide - effectively changing the xml
property file key names to match those of the ini files. Also remove
useSignatureHandler keyword and replace with a check for the WS-Security
property + add better checking of properties in the tac and py files
+ add new config files and remove some unnecessary ones.

Line 
1import os, sys
2import base64
3import logging
4log = logging.getLogger(__name__)
5
6
7from ndg.security.server.AttAuthority.AttAuthority_services_server import \
8        AttAuthorityService as _AttAuthorityService
9
10from ndg.security.server.AttAuthority import AttAuthority, \
11        AttAuthorityAccessDenied
12       
13from ndg.security.common.wssecurity.dom import SignatureHandler
14from ndg.security.common.X509 import X509Cert, X509CertRead
15
16from ndgsecurity.config.soap import SOAPMiddleware
17
18
19class AttributeAuthorityWS(_AttAuthorityService):
20
21    def __init__(self):
22       
23        # Stop in debugger at beginning of SOAP stub if environment variable
24        # is set
25        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
26        if self.__debug:
27                import pdb
28                pdb.set_trace()
29         
30        # Initialize Attribute Authority class - property file will be
31        # picked up from default location under $NDG_DIR directory
32        self.aa = AttAuthority()
33
34
35    def soap_getAttCert(self, ps, **kw):
36        '''Retrieve an Attribute Certificate
37       
38        @type ps: ZSI ParsedSoap
39        @param ps: client SOAP message
40        @rtype: tuple
41        @return: request and response objects'''
42        if self.__debug:
43                import pdb
44                pdb.set_trace()
45               
46        request, response = _AttAuthorityService.soap_getAttCert(self, ps)
47
48        # Derive designated holder cert differently according to whether
49        # a signed message is expected from the client - NB, this is dependent
50        # on WS-Security properties having been set
51        if self.aa.has_key('WS-Security'):
52            # Get certificate corresponding to private key that signed the
53            # message - i.e. the user's proxy
54            holderCert = WSSecurityHandler.signatureHandler.verifyingCert
55        else:
56            # No signature from client - they must instead provide the
57            # designated holder cert via the UserCert input
58            holderCert = request.UserCert
59
60        try:   
61                attCert = self.aa.getAttCert(userId=request.UserId,
62                                         holderCert=holderCert,
63                                         userAttCert=request.UserAttCert) 
64                response.AttCert = attCert.toString()
65               
66        except AttAuthorityAccessDenied, e:
67            response.Msg = str(e)
68                       
69        return request, response
70       
71
72    def soap_getHostInfo(self, ps, **kw):
73        '''Get information about this host
74               
75        @type ps: ZSI ParsedSoap
76        @param ps: client SOAP message
77        @rtype: tuple
78        @return: request and response objects'''
79        if self.__debug:
80                import pdb
81                pdb.set_trace()
82               
83        request, response = _AttAuthorityService.soap_getHostInfo(self, ps)
84       
85        response.Hostname = self.aa.hostInfo.keys()[0]
86        response.AaURI = self.aa.hostInfo[response.Hostname]['aaURI']
87        response.AaDN = self.aa.hostInfo[response.Hostname]['aaDN']
88        response.LoginURI = self.aa.hostInfo[response.Hostname]['loginURI']
89        response.LoginServerDN = \
90                self.aa.hostInfo[response.Hostname]['loginServerDN']
91        response.LoginRequestServerDN = \
92                self.aa.hostInfo[response.Hostname]['loginRequestServerDN']
93
94        return request, response
95       
96
97    def soap_getAllHostsInfo(self, ps, **kw):
98        '''Get information about all hosts
99               
100        @type ps: ZSI ParsedSoap
101        @param ps: client SOAP message
102        @rtype: tuple
103        @return: request and response objects'''
104        if self.__debug:
105                import pdb
106                pdb.set_trace()
107               
108        request, response = _AttAuthorityService.soap_getAllHostsInfo(self, ps)
109       
110
111        trustedHostInfo = self.aa.getTrustedHostInfo()
112
113                # Convert ready for serialization
114               
115                # First get info for THIS Attribute Authority ...
116                # Nb. No role lsit applies here
117        hosts = [response.new_hosts()]
118       
119        hosts[0].Hostname = self.aa.hostInfo.keys()[0]
120       
121        hosts[0].AaURI = \
122                self.aa.hostInfo[hosts[0].Hostname]['aaURI']
123        hosts[0].AaDN = \
124                self.aa.hostInfo[hosts[0].Hostname]['aaDN']
125
126        hosts[0].LoginURI = self.aa.hostInfo[hosts[0].Hostname]['loginURI']
127        hosts[0].LoginServerDN = \
128                self.aa.hostInfo[hosts[0].Hostname]['loginServerDN']
129        hosts[0].LoginRequestServerDN = \
130                self.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN']
131       
132                # ... then append info for other trusted attribute authorities...
133        for hostname, hostInfo in trustedHostInfo.items():
134            host = response.new_hosts()
135                       
136            host.Hostname = hostname
137            host.AaURI = hostInfo['aaURI']
138            host.AaDN = hostInfo['aaDN']
139            host.LoginURI = hostInfo['loginURI']
140            host.LoginServerDN = hostInfo['loginServerDN']
141            host.LoginRequestServerDN=hostInfo['loginRequestServerDN']
142            host.RoleList = hostInfo['role']
143                       
144            hosts.append(host)
145                       
146        response.Hosts = hosts
147
148        return request, response
149
150
151    def soap_getTrustedHostInfo(self, ps, **kw):
152        '''Get information about other trusted hosts
153               
154        @type ps: ZSI ParsedSoap
155        @param ps: client SOAP message
156        @rtype: tuple
157        @return: request and response objects'''
158        if self.__debug:
159                import pdb
160                pdb.set_trace()
161               
162        request, response = \
163                        _AttAuthorityService.soap_getTrustedHostInfo(self, ps)
164       
165        trustedHostInfo = self.aa.getTrustedHostInfo(role=request.Role)
166
167                # Convert ready for serialization
168        trustedHosts = []
169        for hostname, hostInfo in trustedHostInfo.items():
170            trustedHost = response.new_trustedHosts()
171                       
172            trustedHost.Hostname = hostname
173            trustedHost.AaURI = hostInfo['aaURI']
174            trustedHost.AaDN = hostInfo['aaDN']
175            trustedHost.LoginURI = hostInfo['loginURI']
176            trustedHost.LoginServerDN = hostInfo['loginServerDN']
177            trustedHost.LoginRequestServerDN=hostInfo['loginRequestServerDN']
178            trustedHost.RoleList = hostInfo['role']
179                       
180            trustedHosts.append(trustedHost)
181                       
182        response.TrustedHosts = trustedHosts
183               
184        return request, response
185
186
187    def soap_getX509Cert(self, ps, **kw):
188        '''Retrieve Attribute Authority's X.509 certificate
189       
190        @type ps: ZSI ParsedSoap
191        @param ps: client SOAP message
192        @rtype: tuple
193        @return: request and response objects'''
194        if self.__debug:
195                import pdb
196                pdb.set_trace()
197               
198        request, response = _AttAuthorityService.soap_getX509Cert(self, ps)
199       
200        x509Cert = X509CertRead(self.aa['signingCertFilePath'])
201        response.X509Cert = base64.encodestring(x509Cert.asDER())
202        return request, response
Note: See TracBrowser for help on using the repository browser.