source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py @ 4256

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py@4256
Revision 4256, 6.8 KB checked in by pjkersha, 12 years ago (diff)

Separate package for ZSI bindings to Session Manager WSGI

Line 
1"""ZSI Server side SOAP Binding for Attribute Authority Web Service
2
3NERC Data Grid Project"""
4__author__ = "P J Kershaw"
5__date__ = "11/06/08"
6__copyright__ = "(C) 2008 STFC & NERC"
7__license__ = \
8"""This software may be distributed under the terms of the Q Public
9License, version 1.0 or later."""
10__contact__ = "P.J.Kershaw@rl.ac.uk"
11__revision__ = '$Id$'
12import os, sys
13import base64
14import logging
15log = logging.getLogger(__name__)
16
17
18from ndg.security.server.zsi.attributeauthority.SessionMgr_services_server \
19    import SessionMgrService as _SessionMgrService
20
21from ndg.security.server.SessionMgr import SessionMgr, \
22    SessionMgrAccessDenied
23   
24from ndg.security.common.wssecurity.dom import SignatureHandler
25from ndg.security.common.X509 import X509Cert, X509CertRead
26
27
28class SessionManagerWS(_SessionMgrService):
29    '''Session Manager ZSI SOAP Service Binding class'''
30   
31    def __init__(self, **kw):
32       
33        # Stop in debugger at beginning of SOAP stub if environment variable
34        # is set
35        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
36        if self.__debug:
37            import pdb
38            pdb.set_trace()
39         
40        # Initialise Attribute Authority class - property file will be
41        # picked up from default location under $NDG_DIR directory
42        self.sm = SessionMgr(**kw)
43
44
45    def soap_connect(self, ps, **kw):
46        '''Connect to Session Manager and create a user session
47       
48        @type ps: ZSI ParsedSoap
49        @param ps: client SOAP message
50        @rtype: tuple
51        @return: request and response objects'''
52
53        if self.__debug:
54            import pdb
55            pdb.set_trace()
56           
57        response = _SessionMgrService.soap_connect(self, ps)
58       
59        result = self.sm.connect(username=request.Username,
60                                 passphrase=request.Passphrase,
61                                 createServerSess=request.CreateServerSess)
62                   
63        response.UserCert, response.UserPriKey, response.issuingCert, \
64            response.SessID = result
65                 
66        return response
67
68
69    def soap_disconnect(self, ps, **kw):
70        '''Disconnect and remove user's session
71       
72        @type ps: ZSI ParsedSoap
73        @param ps: client SOAP message
74        @rtype: tuple
75        @return: request and response objects'''
76        if self.__debug:
77            import pdb
78            pdb.set_trace()
79                       
80        response = _SessionMgrService.soap_disconnect(self, ps)
81       
82        # Derive designated user ID differently according to whether
83        # a session ID was passed and the message was signed
84        sessID = request.SessID or None
85           
86        # Derive designated holder cert differently according to whether
87        # a signed message is expected from the client - NB, this is dependent
88        # on whether a reference to the signature filter was set in the
89        # environment
90        signatureFilter = \
91            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
92        if signatureFilter is not None:
93            # Get certificate corresponding to private key that signed the
94            # message - i.e. the user's proxy
95            userCert = signatureFilter.signatureHandler.verifyingCert
96        else:
97            # No signature from client - they must instead provide the
98            # designated holder cert via the UserCert input
99            userCert = request.UserCert
100        self.sm.deleteUserSession(sessID=sessID, userCert=userCert)
101        return response
102
103
104    def soap_getSessionStatus(self, ps, **kw):
105        '''Check for existence of a session with given session ID or user
106        Distinguished Name
107       
108        @type ps: ZSI ParsedSoap
109        @param ps: client SOAP message
110        @rtype: tuple
111        @return: request and response objects'''
112
113        if self.__debug:
114            import pdb
115            pdb.set_trace()
116           
117        response = _SessionMgrService.soap_getSessionStatus(self, ps)
118       
119        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN,
120                                                     sessID=request.SessID)
121                 
122        return response
123
124
125    def soap_getAttCert(self, ps, **kw):
126        '''Get Attribute Certificate from a given Attribute Authority
127        and cache it in user's Credential Wallet
128       
129        @type ps: ZSI ParsedSoap
130        @param ps: client SOAP message
131        @rtype: tuple
132        @return: request and response objects'''
133        if self.__debug:
134            import pdb
135            pdb.set_trace()
136           
137        response = _SessionMgrService.soap_getAttCert(self, ps)
138
139        # Derive designated holder cert differently according to whether
140        # a signed message is expected from the client - NB, this is dependent
141        # on whether a reference to the signature filter was set in the
142        # environment
143        signatureFilter = \
144            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
145        if signatureFilter is not None:
146            # Get certificate corresponding to private key that signed the
147            # message - i.e. the user's proxy
148            userCert = signatureFilter.signatureHandler.verifyingCert
149        else:
150            # No signature from client - they must instead provide the
151            # designated holder cert via the UserCert input
152            userCert = request.UserCert
153
154       
155        # Cert used in signature is prefered over userCert input element -
156        # userCert may have been omitted.
157        result = self.sm.getAttCert(\
158                            userCert=userCert or request.UserCert,
159                            sessID=request.SessID,
160                            aaURI=request.AttAuthorityURI,
161                            reqRole=request.ReqRole,
162                            mapFromTrustedHosts=request.MapFromTrustedHosts,
163                            rtnExtAttCertList=request.RtnExtAttCertList,
164                            extAttCertList=request.ExtAttCert,
165                            extTrustedHostList=request.ExtTrustedHost)
166
167
168        if result[0]:
169            response.AttCert = result[0].toString() 
170           
171        response.Msg, response.ExtAttCertOut = result[1:]
172       
173        return response
174
175
176    def soap_getX509Cert(self, ps, **kw):
177        '''Return Session Manager's X.509 certificate
178       
179        @type ps: ZSI ParsedSoap
180        @param ps: client SOAP message
181        @rtype: tuple
182        @return: request and response objects'''       
183        if self.__debug:
184            import pdb
185            pdb.set_trace()
186           
187        response = _SessionMgrService.soap_getX509Cert(self, ps)
188
189        x509Cert = X509CertRead(srv.sm['signingCertFilePath'])
190        response.X509Cert = base64.encodestring(x509Cert.asDER())
191        return response
Note: See TracBrowser for help on using the repository browser.