source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py @ 4437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py@4437
Revision 4437, 6.7 KB checked in by pjkersha, 12 years ago (diff)

Working Session Manager client unit tests for WSGI based Session Manager

  • removed getX509Cert operation from WSDL - no longer needed
  • fix to prefix keyword for ConfigFileParsers? ini file parsing.
Line 
1"""ZSI Server side SOAP Binding for Session Manager Web Service
2
3NERC Data Grid Project"""
4__author__ = "P J Kershaw"
5__date__ = "01/10/08"
6__copyright__ = "(C) 2008 STFC & NERC"
7__license__ = \
8"""This software may be distributed under the terms of the Q Public
9License, version 1.0 or later."""
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = '$Id$'
12import os, sys
13import base64
14import logging
15log = logging.getLogger(__name__)
16
17
18from ndg.security.server.zsi.sessionmanager.SessionManager_services_server \
19    import SessionManagerService as _SessionManagerService
20from ndg.security.common.zsi.sessionmanager.SessionManager_services import \
21    connectInputMsg, disconnectInputMsg, getSessionStatusInputMsg, \
22    getAttCertInputMsg
23   
24   
25from ndg.security.server.sessionmanager import SessionManager
26   
27from ndg.security.common.wssecurity.dom import SignatureHandler
28from ndg.security.common.X509 import X509Cert, X509CertRead
29
30
31class SessionManagerWS(_SessionManagerService):
32    '''Session Manager ZSI SOAP Service Binding class'''
33   
34    def __init__(self, **kw):
35       
36        # Stop in debugger at beginning of SOAP stub if environment variable
37        # is set
38        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG'))
39        if self.__debug:
40            import pdb
41            pdb.set_trace()
42         
43        # Initialise Attribute Authority class - property file will be
44        # picked up from default location under $NDG_DIR directory
45        self.sm = SessionManager(**kw)
46
47
48    def soap_connect(self, ps, **kw):
49        '''Connect to Session Manager and create a user session
50       
51        @type ps: ZSI ParsedSoap
52        @param ps: client SOAP message
53        @rtype: tuple
54        @return: request and response objects'''
55
56        if self.__debug:
57            import pdb
58            pdb.set_trace()
59           
60        request = ps.Parse(connectInputMsg.typecode)   
61        response = _SessionManagerService.soap_connect(self, ps)
62       
63        result = self.sm.connect(username=request.Username,
64                                 passphrase=request.Passphrase,
65                                 createServerSess=request.CreateServerSess)
66                   
67        response.UserX509Cert, response.UserPriKey, response.issuingCert, \
68            response.SessID = result
69                 
70        return response
71
72
73    def soap_disconnect(self, ps, **kw):
74        '''Disconnect and remove user's session
75       
76        @type ps: ZSI ParsedSoap
77        @param ps: client SOAP message
78        @rtype: tuple
79        @return: request and response objects'''
80        if self.__debug:
81            import pdb
82            pdb.set_trace()
83           
84        request = ps.Parse(disconnectInputMsg.typecode)             
85        response = _SessionManagerService.soap_disconnect(self, ps)
86       
87        # Derive designated user ID differently according to whether
88        # a session ID was passed and the message was signed
89        sessID = request.SessID or None
90           
91        # Derive designated holder cert differently according to whether
92        # a signed message is expected from the client - NB, this is dependent
93        # on whether a reference to the signature filter was set in the
94        # environment
95        signatureFilter = \
96            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
97        if signatureFilter is not None:
98            # Get certificate corresponding to private key that signed the
99            # message - i.e. the user's proxy
100            userX509Cert = signatureFilter.signatureHandler.verifyingCert
101        else:
102            # No signature from client - they must instead provide the
103            # designated holder cert via the UserX509Cert input
104            userX509Cert = request.UserX509Cert
105        self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert)
106        return response
107
108
109    def soap_getSessionStatus(self, ps, **kw):
110        '''Check for existence of a session with given session ID or user
111        Distinguished Name
112       
113        @type ps: ZSI ParsedSoap
114        @param ps: client SOAP message
115        @rtype: tuple
116        @return: request and response objects'''
117
118        if self.__debug:
119            import pdb
120            pdb.set_trace()
121           
122        request = ps.Parse(getSessionStatusInputMsg.typecode)             
123        response = _SessionManagerService.soap_getSessionStatus(self, ps)
124       
125        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN,
126                                                    sessID=request.SessID)
127                 
128        return response
129
130
131    def soap_getAttCert(self, ps, **kw):
132        '''Get Attribute Certificate from a given Attribute Authority
133        and cache it in user's Credential Wallet
134       
135        @type ps: ZSI ParsedSoap
136        @param ps: client SOAP message
137        @rtype: tuple
138        @return: request and response objects'''
139        if self.__debug:
140            import pdb
141            pdb.set_trace()
142           
143        request = ps.Parse(getAttCertInputMsg.typecode)             
144        response = _SessionManagerService.soap_getAttCert(self, ps)
145
146        # Derive designated holder cert differently according to whether
147        # a signed message is expected from the client - NB, this is dependent
148        # on whether a reference to the signature filter was set in the
149        # environment
150        signatureFilter = \
151            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01')
152        if signatureFilter is not None:
153            # Get certificate corresponding to private key that signed the
154            # message - i.e. the user's proxy
155            userX509Cert = signatureFilter.signatureHandler.verifyingCert
156        else:
157            # No signature from client - they must instead provide the
158            # designated holder cert via the UserX509Cert input
159            userX509Cert = request.UserX509Cert
160
161       
162        # Cert used in signature is prefered over userX509Cert input element -
163        # userX509Cert may have been omitted.
164        result = self.sm.getAttCert(
165                            userX509Cert=userX509Cert or request.UserX509Cert,
166                            sessID=request.SessID,
167                            attributeAuthorityURI=request.AttAuthorityURI,
168                            reqRole=request.ReqRole,
169                            mapFromTrustedHosts=request.MapFromTrustedHosts,
170                            rtnExtAttCertList=request.RtnExtAttCertList,
171                            extAttCertList=request.ExtAttCert,
172                            extTrustedHostList=request.ExtTrustedHost)
173
174        if result[0]:
175            response.AttCert = result[0].toString() 
176           
177        response.Msg, response.ExtAttCertOut = result[1:]
178       
179        return response
Note: See TracBrowser for help on using the repository browser.