source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority.py @ 4233

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority.py@4233
Revision 4233, 7.2 KB checked in by pjkersha, 12 years ago (diff)

More work on WSGI version of Attribute Authority unit tests. TODO: complete code to enable WS-Security config to be picked up from within the Paste ini file.

Line 
1"""ZSI Server side SOAP Binding for Attribute Authority Web Service
2
3NERC Data Grid Project"""
4__author__ = "P J Kershaw"
5__date__ = "11/06/08"
6__copyright__ = "(C) 2008 STFC & NERC"
7__license__ = \
8"""This software may be distributed under the terms of the Q Public
9License, version 1.0 or later."""
10__contact__ = "P.J.Kershaw@rl.ac.uk"
11__revision__ = '$Id$'
12import os, sys
13import base64
14import logging
15log = logging.getLogger(__name__)
16
17
18from ndg.security.server.AttAuthority.AttAuthority_services_server import \
19        AttAuthorityService as _AttAuthorityService
20
21from ndg.security.server.AttAuthority import AttAuthority, \
22        AttAuthorityAccessDenied
23       
24from ndg.security.common.wssecurity.dom import SignatureHandler
25from ndg.security.common.X509 import X509Cert, X509CertRead
26
27
28class AttributeAuthorityWS(_AttAuthorityService):
29
30    def __init__(self):
31       
32        # Stop in debugger at beginning of SOAP stub if environment variable
33        # is set
34        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
35        if self.__debug:
36                import pdb
37                pdb.set_trace()
38         
39        # Initialize Attribute Authority class - property file will be
40        # picked up from default location under $NDG_DIR directory
41        self.aa = AttAuthority()
42
43
44    def soap_getAttCert(self, ps, **kw):
45        '''Retrieve an Attribute Certificate
46       
47        @type ps: ZSI ParsedSoap
48        @param ps: client SOAP message
49        @rtype: tuple
50        @return: request and response objects'''
51        if self.__debug:
52                import pdb
53                pdb.set_trace()
54               
55        request, response = _AttAuthorityService.soap_getAttCert(self, ps)
56
57        # Derive designated holder cert differently according to whether
58        # a signed message is expected from the client - NB, this is dependent
59        # on WS-Security properties having been set
60        if self.aa.has_key('WS-Security'):
61            # Get certificate corresponding to private key that signed the
62            # message - i.e. the user's proxy
63            signatureFilter = \
64                self.referencedWSGIFilters['wsseSignatureVerificationFilter01']
65            holderCert = signatureFilter.signatureHandler.verifyingCert
66        else:
67            # No signature from client - they must instead provide the
68            # designated holder cert via the UserCert input
69            holderCert = request.UserCert
70
71        try:   
72                attCert = self.aa.getAttCert(userId=request.UserId,
73                                         holderCert=holderCert,
74                                         userAttCert=request.UserAttCert) 
75                response.AttCert = attCert.toString()
76               
77        except AttAuthorityAccessDenied, e:
78            response.Msg = str(e)
79                       
80        return request, response
81       
82
83    def soap_getHostInfo(self, ps, **kw):
84        '''Get information about this host
85               
86        @type ps: ZSI ParsedSoap
87        @param ps: client SOAP message
88        @rtype: tuple
89        @return: request and response objects'''
90        if self.__debug:
91                import pdb
92                pdb.set_trace()
93               
94        request, response = _AttAuthorityService.soap_getHostInfo(self, ps)
95       
96        response.Hostname = self.aa.hostInfo.keys()[0]
97        response.AaURI = self.aa.hostInfo[response.Hostname]['aaURI']
98        response.AaDN = self.aa.hostInfo[response.Hostname]['aaDN']
99        response.LoginURI = self.aa.hostInfo[response.Hostname]['loginURI']
100        response.LoginServerDN = \
101                self.aa.hostInfo[response.Hostname]['loginServerDN']
102        response.LoginRequestServerDN = \
103                self.aa.hostInfo[response.Hostname]['loginRequestServerDN']
104
105        return request, response
106       
107
108    def soap_getAllHostsInfo(self, ps, **kw):
109        '''Get information about all hosts
110               
111        @type ps: ZSI ParsedSoap
112        @param ps: client SOAP message
113        @rtype: tuple
114        @return: request and response objects'''
115        if self.__debug:
116                import pdb
117                pdb.set_trace()
118               
119        request, response = _AttAuthorityService.soap_getAllHostsInfo(self, ps)
120       
121
122        trustedHostInfo = self.aa.getTrustedHostInfo()
123
124                # Convert ready for serialization
125               
126                # First get info for THIS Attribute Authority ...
127                # Nb. No role lsit applies here
128        hosts = [response.new_hosts()]
129       
130        hosts[0].Hostname = self.aa.hostInfo.keys()[0]
131       
132        hosts[0].AaURI = \
133                self.aa.hostInfo[hosts[0].Hostname]['aaURI']
134        hosts[0].AaDN = \
135                self.aa.hostInfo[hosts[0].Hostname]['aaDN']
136
137        hosts[0].LoginURI = self.aa.hostInfo[hosts[0].Hostname]['loginURI']
138        hosts[0].LoginServerDN = \
139                self.aa.hostInfo[hosts[0].Hostname]['loginServerDN']
140        hosts[0].LoginRequestServerDN = \
141                self.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN']
142       
143                # ... then append info for other trusted attribute authorities...
144        for hostname, hostInfo in trustedHostInfo.items():
145            host = response.new_hosts()
146                       
147            host.Hostname = hostname
148            host.AaURI = hostInfo['aaURI']
149            host.AaDN = hostInfo['aaDN']
150            host.LoginURI = hostInfo['loginURI']
151            host.LoginServerDN = hostInfo['loginServerDN']
152            host.LoginRequestServerDN=hostInfo['loginRequestServerDN']
153            host.RoleList = hostInfo['role']
154                       
155            hosts.append(host)
156                       
157        response.Hosts = hosts
158
159        return request, response
160
161
162    def soap_getTrustedHostInfo(self, ps, **kw):
163        '''Get information about other trusted hosts
164               
165        @type ps: ZSI ParsedSoap
166        @param ps: client SOAP message
167        @rtype: tuple
168        @return: request and response objects'''
169        if self.__debug:
170                import pdb
171                pdb.set_trace()
172               
173        request, response = \
174                        _AttAuthorityService.soap_getTrustedHostInfo(self, ps)
175       
176        trustedHostInfo = self.aa.getTrustedHostInfo(role=request.Role)
177
178                # Convert ready for serialization
179        trustedHosts = []
180        for hostname, hostInfo in trustedHostInfo.items():
181            trustedHost = response.new_trustedHosts()
182                       
183            trustedHost.Hostname = hostname
184            trustedHost.AaURI = hostInfo['aaURI']
185            trustedHost.AaDN = hostInfo['aaDN']
186            trustedHost.LoginURI = hostInfo['loginURI']
187            trustedHost.LoginServerDN = hostInfo['loginServerDN']
188            trustedHost.LoginRequestServerDN=hostInfo['loginRequestServerDN']
189            trustedHost.RoleList = hostInfo['role']
190                       
191            trustedHosts.append(trustedHost)
192                       
193        response.TrustedHosts = trustedHosts
194               
195        return request, response
196
197
198    def soap_getX509Cert(self, ps, **kw):
199        '''Retrieve Attribute Authority's X.509 certificate
200       
201        @type ps: ZSI ParsedSoap
202        @param ps: client SOAP message
203        @rtype: tuple
204        @return: request and response objects'''
205        if self.__debug:
206                import pdb
207                pdb.set_trace()
208               
209        request, response = _AttAuthorityService.soap_getX509Cert(self, ps)
210       
211        x509Cert = X509CertRead(self.aa['signingCertFilePath'])
212        response.X509Cert = base64.encodestring(x509Cert.asDER())
213        return request, response
Note: See TracBrowser for help on using the repository browser.