source: TI12-security/trunk/python/ndgSessionClient.py @ 667

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndgSessionClient.py@667
Revision 667, 9.1 KB checked in by pjkersha, 15 years ago (diff)

security.py: updates for authorise to allow mapping + updated fonts for display.

ndgSessionClient.py: command line script to enable all SessionClient? functionality to
be called from the command line by passing various flags.

SessionMgrServer?.py: get rid of CVS ID macro

Session.py: updates to error messages.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""NDG Session client script - makes requests for authentication and
4authorisation
5
6NERC Data Grid Project
7
8P J Kershaw 08/03/06
9
10Copyright (C) 2006 CCLRC & NERC
11
12This software may be distributed under the terms of the Q Public License,
13version 1.0 or later.
14"""
15# Command line processing
16import sys
17import os
18import getopt
19import re
20
21from NDG.SessionClient import *
22
23
24#_____________________________________________________________________________
25def usage(fp=sys.stdout):
26    """Describes how to call session client from the command line"""
27    progName = os.path.basename(sys.argv[0])
28   
29    fp.write(\
30        "usage: %s [--add-user|--connect|--req-autho][<args...>]%s" % \
31        (progName, os.linesep))
32       
33    fp.write("""   
34-h | --help
35    print usage summary
36
37Web-service calls:
38   
39-n | --add-user
40    add a new user:
41       
42    %s --add-user -u <username> -p <pass-phrase> -s <Session Manager WSDL URI>
43
44-c | --connect
45    login in to a Session Manager
46   
47    %s --connect -u <username> -p <pass-phrase> -s <Session Manager WSDL URI>
48   
49-r | --req-autho
50    Get a Session Manager to request authorisation from an Attribute
51    Authority on behalf of a user:
52   
53    %s --req-autho -i <User's Session ID>  -s <Session Manager WSDL URI>
54    -a <Attribute Authority WSDL URI>
55 
56Generic options:
57   
58-s <Session Manager WSDL URI> |
59 --session-mgr-wsdl-uri=<Session Manager WSDL URI>
60    Address of Session Manager to connect to.
61     
62-d  | --soap-debug
63    Print SOAP message output.
64
65Options specific to --connect and --add-user:
66   
67-u <username> | --username=<username>
68    username for --connect call
69
70-p <pass-phrase>| --pass-phrase=<pass-phrase>
71    user's pass-phrase for --connect call.  If this flag is omitted,
72    pass-phrase is taken from tty.
73
74Options specific to --req-autho:
75   
76-i <session ID> | --sessionID=<Session ID>
77    Session ID for --req-autho call.  Session ID is obtained from the cookie
78    returned from previous call to "%s --connect ..."
79   
80-e <encrypted Session Manager WSDL URI> |
81 --encr-sess-mgr-wsdl-uri <encrypted Session Manager WSDL URI>
82    Encrypted address of Session Manager where user session is held.  This is
83    obtained from the cookie returned from call to "%s --connect ..."
84   
85-a <Attribute Authority WSDL URI> |
86 --att-authority-wsdl-uri=<Attribute Authority WSDL URI>
87    The address of the Attribute Authority from which to request an
88    Attribute Certificate.
89
90-m | --map-from-trusted-hosts
91    Set to allow the Session Manager to automatically use Attribute
92    Certificates from the user's wallet or if no suitable ones are found,
93    to contact other trusted hosts in order to get Attribute Certificates
94    for mapping.
95   
96-q <role name> | --req-role=<role name>
97    Give a hint to the authorisation request as to what role is needed in
98    order to get a mapped Attribute Certificate back from the Attribute
99    Authority.
100   
101-l | --rtn-ext-att-cert-list
102    Determines behaviour for where authorisation is denied by an Attribute
103    Authority.   If set, a list of candidate Attribute Certificates from
104    trusted import hosts will be returned.  Any one of these could be
105    re-input in a subsequent with the --ext-att-cert-list-file option in order to
106    get a mapped Attribute Certificate
107   
108-f <file path> | --ext-att-cert-list-file=<file path>
109    file of concatenated Attribute Certificates.  These are certificates
110    from other import hosts trusted by the Attribute Authority.  The Session
111    Manager tries each in turn until the Attribute Authority accepts one
112    and uses it to create and return a mapped Attribute Certificate.
113   
114-t | --ext-trusted-host-file=<comma separated variable file>
115    For use with --req-autho flag.  Pass a file containing a list of hosts
116    trusted by the Attribute Authority.  The Session Manager will contact
117    these hosts in turn until it can get an Attribute Certificate to pass
118    to the Attribute Authority to get a mapped Attribute Certificate in
119    return.
120""" % (progName, progName, progName, progName, progName))
121
122
123#_____________________________________________________________________________
124if __name__ == '__main__':
125
126    try:
127        optLongNames = [ "help",
128                         "add-user", 
129                         "connect",
130                         "req-autho",
131                         "session-mgr-wsdl-uri=", 
132                         "att-authority-wsdl-uri=",
133                         "username=",
134                         "pass-phrase=",
135                         "session-id=",
136                         "encr-sess-mgr-wsdl-uri",
137                         "soap-debug",
138                         "map-from-trusted-hosts",
139                         "req-role=",
140                         "rtn-ext-att-cert-list",
141                         "ext-att-cert-list-file=",
142                         "ext-trusted-host-file="]
143        optShortNames = "hncrs:a:u:p:i:e:dmq:l:f:t:"
144        opts, args = getopt.getopt(sys.argv[1:], optShortNames, optLongNames)
145
146    except getopt.GetoptError, e:
147        sys.stderr.write("Error: %s\n\n" % e)
148        usage(fp=sys.stderr)
149        sys.exit(1)
150
151    # Use long options to make a disctionary
152    args = {}.fromkeys([opt.split('=')[0] for opt in optLongNames])
153   
154    extTrustedHostList = None
155    extAttCertList = None
156   
157    for opt, arg in opts:
158        if opt in ("-h", "--help"):
159            usage()
160            sys.exit(0)
161
162        elif opt in ("-n", "--add-user"):
163            args['add-user'] = True
164
165        elif opt in ("-c", "--connect"):
166            args['connect'] = True
167
168        elif opt in ("-r", "--req-autho"):
169            args['req-autho'] = True
170
171        elif opt in ("-s", "--session-mgr-wsdl-uri"):
172            args['session-mgr-wsdl-uri'] = arg
173
174        elif opt in ("-a", "--att-authority-wsdl-uri"):
175            args['att-authority-wsdl-uri'] = arg
176
177        elif opt in ("-u", "--username"):
178            args['username'] = arg
179
180        elif opt in ("-p", "--pass-phrase"):
181            args['pass-phrase'] = arg
182
183        elif opt in ("-i", "--session-id"):
184            args['session-id'] = arg
185
186        elif opt in ("-e", "--encr-sess-mgr-wsdl-uri"):
187            args['encr-sess-mgr-wsdl-uri'] = arg
188
189        elif opt in ("-d", "--soap-debug"):
190            args['soap-debug'] = sys.stderr
191
192        elif opt in ("-m", "--map-from-trusted-hosts"):
193            args['map-from-trusted-hosts'] = True
194               
195        elif opt in ("-q", "--req-role"):
196            args['req-role'] = arg
197       
198        elif opt in ("-l", "--rtn-ext-att-cert-list"):
199            args['rtn-ext-att-cert-list'] = arg
200           
201        elif opt in ("-f", "--ext-att-cert-list-file"):
202            args['ext-att-cert-list-file'] = arg
203           
204            sAttCertList = \
205            re.sub("\s*<\?xml.*\?>\s*", "", open("attCertList.xml").read())
206           
207            extAttCertList = ['<attributeCertificate>' + ac for ac in \
208                           sAttCertList.split('<attributeCertificate>')[1:]
209           
210        elif opt in ("-t", "ext-trusted-host-file"):
211            try:
212                extTrustedHostList = \
213                re.split("\s*,\s*",open(args['ext-trusted-host-file']).read())
214               
215            except Exception, e:
216                sys.stderr.write(\
217                    "Error parsing file \%s\" for option \"%s\": %s" % \
218                    (arg, opt, str(e)))
219                   
220        else:
221            sys.stderr.write("Option not recognised: %s\n\n" % opt)
222            usage(fp=sys.stderr)
223            sys.exit(1)
224
225
226    # For connect/addUser if pass-phrase wasn't set prompt for it
227    if not args['pass-phrase'] and args['add-user'] or args['connect']:
228        import getpass
229        try:
230            args['pass-phrase'] = getpass.getpass(\
231                                prompt="pass-phrase: ")
232        except KeyboardInterrupt:
233            sys.exit(1)
234
235
236    # Initialise session client
237    try:
238        sessClnt = SessionClient(smWSDL=args['session-mgr-wsdl-uri'],
239                                 traceFile=args['soap-debug'])
240    except Exception, e:
241        sys.stderr.write("Initialising client: %s\n" % str(e))
242        sys.exit(1)
243       
244    try:
245        if args['add-user']:
246            sessClnt.addUser(userName=args['username'], 
247                             pPhrase=args['pass-phrase'])
248                           
249        elif args['connect']:
250            sSessCookie = sessClnt.connect(userName=args['username'], 
251                                           pPhrase=args['pass-phrase'])           
252            print sSessCookie                                       
253   
254        elif args['req-autho']:
255            authResp = sessClnt.reqAuthorisation(
256                            sessID=args['session-id'], 
257                            encrSessMgrWSDLuri=args['encr-sess-mgr-wsdl-uri'],
258                            aaWSDL=args['att-authority-wsdl-uri'])
259            print authResp
260        else:   
261            sys.stderr.write(\
262            "Set a flag to specify the web-service call e.g. --connect\n\n")
263            usage(fp=sys.stderr)
264            sys.exit(1)
265    except Exception, e:
266        sys.stderr.write(str(e) + os.linesep)
267     
268    sys.exit(0)
Note: See TracBrowser for help on using the repository browser.