source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py @ 4384

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py@4384
Revision 4384, 6.7 KB checked in by pjkersha, 12 years ago (diff)

SessionMgr? -> SessionManager?

Line 
1"""ZSI Server side SOAP Binding for Session Manager Web Service
2
3NERC Data Grid Project"""
4__author__ = "P J Kershaw"
5__date__ = "01/10/08"
6__copyright__ = "(C) 2008 STFC & NERC"
7__license__ = \
8"""This software may be distributed under the terms of the Q Public
9License, version 1.0 or later."""
10__contact__ = "P.J.Kershaw@rl.ac.uk"
11__revision__ = '$Id$'
12import os, sys
13import base64
14import logging
15log = logging.getLogger(__name__)
16
17
18from ndg.security.server.zsi.sessionmanager.SessionMgr_services_server \
19    import SessionMgrService as _SessionMgrService
20
21from ndg.security.server.sessionmanager import SessionManager
22   
23from ndg.security.common.wssecurity.dom import SignatureHandler
24from ndg.security.common.X509 import X509Cert, X509CertRead
25
26
27class SessionManagerWS(_SessionMgrService):
28    '''Session Manager ZSI SOAP Service Binding class'''
29   
30    def __init__(self, **kw):
31       
32        # Stop in debugger at beginning of SOAP stub if environment variable
33        # is set
34        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
35        if self.__debug:
36            import pdb
37            pdb.set_trace()
38         
39        # Initialise Attribute Authority class - property file will be
40        # picked up from default location under $NDG_DIR directory
41        self.sm = SessionManager(**kw)
42
43
44    def soap_connect(self, ps, **kw):
45        '''Connect to Session Manager and create a user session
46       
47        @type ps: ZSI ParsedSoap
48        @param ps: client SOAP message
49        @rtype: tuple
50        @return: request and response objects'''
51
52        if self.__debug:
53            import pdb
54            pdb.set_trace()
55           
56        response = _SessionMgrService.soap_connect(self, ps)
57       
58        result = self.sm.connect(username=request.Username,
59                                 passphrase=request.Passphrase,
60                                 createServerSess=request.CreateServerSess)
61                   
62        response.UserCert, response.UserPriKey, response.issuingCert, \
63            response.SessID = result
64                 
65        return response
66
67
68    def soap_disconnect(self, ps, **kw):
69        '''Disconnect and remove user's session
70       
71        @type ps: ZSI ParsedSoap
72        @param ps: client SOAP message
73        @rtype: tuple
74        @return: request and response objects'''
75        if self.__debug:
76            import pdb
77            pdb.set_trace()
78                       
79        response = _SessionMgrService.soap_disconnect(self, ps)
80       
81        # Derive designated user ID differently according to whether
82        # a session ID was passed and the message was signed
83        sessID = request.SessID or None
84           
85        # Derive designated holder cert differently according to whether
86        # a signed message is expected from the client - NB, this is dependent
87        # on whether a reference to the signature filter was set in the
88        # environment
89        signatureFilter = \
90            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
91        if signatureFilter is not None:
92            # Get certificate corresponding to private key that signed the
93            # message - i.e. the user's proxy
94            userCert = signatureFilter.signatureHandler.verifyingCert
95        else:
96            # No signature from client - they must instead provide the
97            # designated holder cert via the UserCert input
98            userCert = request.UserCert
99        self.sm.deleteUserSession(sessID=sessID, userCert=userCert)
100        return response
101
102
103    def soap_getSessionStatus(self, ps, **kw):
104        '''Check for existence of a session with given session ID or user
105        Distinguished Name
106       
107        @type ps: ZSI ParsedSoap
108        @param ps: client SOAP message
109        @rtype: tuple
110        @return: request and response objects'''
111
112        if self.__debug:
113            import pdb
114            pdb.set_trace()
115           
116        response = _SessionMgrService.soap_getSessionStatus(self, ps)
117       
118        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN,
119                                                    sessID=request.SessID)
120                 
121        return response
122
123
124    def soap_getAttCert(self, ps, **kw):
125        '''Get Attribute Certificate from a given Attribute Authority
126        and cache it in user's Credential Wallet
127       
128        @type ps: ZSI ParsedSoap
129        @param ps: client SOAP message
130        @rtype: tuple
131        @return: request and response objects'''
132        if self.__debug:
133            import pdb
134            pdb.set_trace()
135           
136        response = _SessionMgrService.soap_getAttCert(self, ps)
137
138        # Derive designated holder cert differently according to whether
139        # a signed message is expected from the client - NB, this is dependent
140        # on whether a reference to the signature filter was set in the
141        # environment
142        signatureFilter = \
143            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
144        if signatureFilter is not None:
145            # Get certificate corresponding to private key that signed the
146            # message - i.e. the user's proxy
147            userCert = signatureFilter.signatureHandler.verifyingCert
148        else:
149            # No signature from client - they must instead provide the
150            # designated holder cert via the UserCert input
151            userCert = request.UserCert
152
153       
154        # Cert used in signature is prefered over userCert input element -
155        # userCert may have been omitted.
156        result = self.sm.getAttCert(
157                            userCert=userCert or request.UserCert,
158                            sessID=request.SessID,
159                            aaURI=request.AttAuthorityURI,
160                            reqRole=request.ReqRole,
161                            mapFromTrustedHosts=request.MapFromTrustedHosts,
162                            rtnExtAttCertList=request.RtnExtAttCertList,
163                            extAttCertList=request.ExtAttCert,
164                            extTrustedHostList=request.ExtTrustedHost)
165
166        if result[0]:
167            response.AttCert = result[0].toString() 
168           
169        response.Msg, response.ExtAttCertOut = result[1:]
170       
171        return response
172
173
174    def soap_getX509Cert(self, ps, **kw):
175        '''Return Session Manager's X.509 certificate
176       
177        @type ps: ZSI ParsedSoap
178        @param ps: client SOAP message
179        @rtype: tuple
180        @return: request and response objects'''       
181        if self.__debug:
182            import pdb
183            pdb.set_trace()
184           
185        response = _SessionMgrService.soap_getX509Cert(self, ps)
186
187        x509Cert = X509CertRead(srv.sm['signingCertFilePath'])
188        response.X509Cert = base64.encodestring(x509Cert.asDER())
189        return response
Note: See TracBrowser for help on using the repository browser.