source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py @ 4262

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py@4262
Revision 4262, 6.8 KB checked in by pjkersha, 13 years ago (diff)

change references ndg.security.common.zsi_utils -> " " ".zsi

Line 
1"""ZSI Server side SOAP Binding for Session Manager Web Service
2
3NERC Data Grid Project"""
4__author__ = "P J Kershaw"
5__date__ = "01/10/08"
6__copyright__ = "(C) 2008 STFC & NERC"
7__license__ = \
8"""This software may be distributed under the terms of the Q Public
9License, version 1.0 or later."""
10__contact__ = "P.J.Kershaw@rl.ac.uk"
11__revision__ = '$Id$'
12import os, sys
13import base64
14import logging
15log = logging.getLogger(__name__)
16
17
18from ndg.security.server.zsi.sessionmanager.SessionMgr_services_server \
19    import SessionMgrService as _SessionMgrService
20
21from ndg.security.server.SessionMgr import SessionMgr, \
22    SessionMgrAccessDenied
23   
24from ndg.security.common.wssecurity.dom import SignatureHandler
25from ndg.security.common.X509 import X509Cert, X509CertRead
26
27
28class SessionManagerWS(_SessionMgrService):
29    '''Session Manager ZSI SOAP Service Binding class'''
30   
31    def __init__(self, **kw):
32       
33        # Stop in debugger at beginning of SOAP stub if environment variable
34        # is set
35        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
36        if self.__debug:
37            import pdb
38            pdb.set_trace()
39         
40        # Initialise Attribute Authority class - property file will be
41        # picked up from default location under $NDG_DIR directory
42        self.sm = SessionMgr(**kw)
43
44
45    def soap_connect(self, ps, **kw):
46        '''Connect to Session Manager and create a user session
47       
48        @type ps: ZSI ParsedSoap
49        @param ps: client SOAP message
50        @rtype: tuple
51        @return: request and response objects'''
52
53        if self.__debug:
54            import pdb
55            pdb.set_trace()
56           
57        response = _SessionMgrService.soap_connect(self, ps)
58       
59        result = self.sm.connect(username=request.Username,
60                                 passphrase=request.Passphrase,
61                                 createServerSess=request.CreateServerSess)
62                   
63        response.UserCert, response.UserPriKey, response.issuingCert, \
64            response.SessID = result
65                 
66        return response
67
68
69    def soap_disconnect(self, ps, **kw):
70        '''Disconnect and remove user's session
71       
72        @type ps: ZSI ParsedSoap
73        @param ps: client SOAP message
74        @rtype: tuple
75        @return: request and response objects'''
76        if self.__debug:
77            import pdb
78            pdb.set_trace()
79                       
80        response = _SessionMgrService.soap_disconnect(self, ps)
81       
82        # Derive designated user ID differently according to whether
83        # a session ID was passed and the message was signed
84        sessID = request.SessID or None
85           
86        # Derive designated holder cert differently according to whether
87        # a signed message is expected from the client - NB, this is dependent
88        # on whether a reference to the signature filter was set in the
89        # environment
90        signatureFilter = \
91            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
92        if signatureFilter is not None:
93            # Get certificate corresponding to private key that signed the
94            # message - i.e. the user's proxy
95            userCert = signatureFilter.signatureHandler.verifyingCert
96        else:
97            # No signature from client - they must instead provide the
98            # designated holder cert via the UserCert input
99            userCert = request.UserCert
100        self.sm.deleteUserSession(sessID=sessID, userCert=userCert)
101        return response
102
103
104    def soap_getSessionStatus(self, ps, **kw):
105        '''Check for existence of a session with given session ID or user
106        Distinguished Name
107       
108        @type ps: ZSI ParsedSoap
109        @param ps: client SOAP message
110        @rtype: tuple
111        @return: request and response objects'''
112
113        if self.__debug:
114            import pdb
115            pdb.set_trace()
116           
117        response = _SessionMgrService.soap_getSessionStatus(self, ps)
118       
119        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN,
120                                                    sessID=request.SessID)
121                 
122        return response
123
124
125    def soap_getAttCert(self, ps, **kw):
126        '''Get Attribute Certificate from a given Attribute Authority
127        and cache it in user's Credential Wallet
128       
129        @type ps: ZSI ParsedSoap
130        @param ps: client SOAP message
131        @rtype: tuple
132        @return: request and response objects'''
133        if self.__debug:
134            import pdb
135            pdb.set_trace()
136           
137        response = _SessionMgrService.soap_getAttCert(self, ps)
138
139        # Derive designated holder cert differently according to whether
140        # a signed message is expected from the client - NB, this is dependent
141        # on whether a reference to the signature filter was set in the
142        # environment
143        signatureFilter = \
144            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
145        if signatureFilter is not None:
146            # Get certificate corresponding to private key that signed the
147            # message - i.e. the user's proxy
148            userCert = signatureFilter.signatureHandler.verifyingCert
149        else:
150            # No signature from client - they must instead provide the
151            # designated holder cert via the UserCert input
152            userCert = request.UserCert
153
154       
155        # Cert used in signature is prefered over userCert input element -
156        # userCert may have been omitted.
157        result = self.sm.getAttCert(
158                            userCert=userCert or request.UserCert,
159                            sessID=request.SessID,
160                            aaURI=request.AttAuthorityURI,
161                            reqRole=request.ReqRole,
162                            mapFromTrustedHosts=request.MapFromTrustedHosts,
163                            rtnExtAttCertList=request.RtnExtAttCertList,
164                            extAttCertList=request.ExtAttCert,
165                            extTrustedHostList=request.ExtTrustedHost)
166
167        if result[0]:
168            response.AttCert = result[0].toString() 
169           
170        response.Msg, response.ExtAttCertOut = result[1:]
171       
172        return response
173
174
175    def soap_getX509Cert(self, ps, **kw):
176        '''Return Session Manager's X.509 certificate
177       
178        @type ps: ZSI ParsedSoap
179        @param ps: client SOAP message
180        @rtype: tuple
181        @return: request and response objects'''       
182        if self.__debug:
183            import pdb
184            pdb.set_trace()
185           
186        response = _SessionMgrService.soap_getX509Cert(self, ps)
187
188        x509Cert = X509CertRead(srv.sm['signingCertFilePath'])
189        response.X509Cert = base64.encodestring(x509Cert.asDER())
190        return response
Note: See TracBrowser for help on using the repository browser.