Changeset 1018 for TI12-security

Timestamp:

25/05/06 16:14:18 (14 years ago)

Author:

pjkersha

Message:

Tests/SecurityClientTest?.py: mods to run on gabriel.

Tests/security.py: added functionality to get trusted host info.

dist/NDG-Security-0.66.tar.gz: new distro for testing on gabriel.

conf/mapConfig.xml: added loginURI tag for each trusted host - indicate URI for user login useful for forwarding of
login page from remote site.

NDG/AttAuthorityIO.py: include loginURI tag in trusted host info response message.

NDG/SecurityCGI.py: include functionality to get trusted host info from an AttAuthority?

NDG/AttAuthority.py: added loginURI tag for getTrustedHostInfo call.

Location:

TI12-security/trunk/python

Files:

• NDG/AttAuthority.py (modified) (6 diffs)
• NDG/AttAuthorityIO.py (modified) (4 diffs)
• NDG/SecurityCGI.py (modified) (8 diffs)
• Tests/SecurityClientTest.py (modified) (5 diffs)
• Tests/security.py (modified) (4 diffs)
• conf/mapConfig.xml (modified) (1 diff)
• dist/NDG-Security-0.66.tar.gz (modified) (previous)

TI12-security/trunk/python/NDG/AttAuthority.py

@@ -607 +607 @@
             
             # Add signatureFile and list of roles
+            #
+            # (Currently Optional) additional tag allows query of the URI
+            # where a user would normally login at the trusted host.  Added
+            # this feature to allow users to be forwarded to their home site
+            # if they are accessing a secure resource and are not 
+            # authenticated
+            #
+            # P J Kershaw 25/05/06
             self.__mapConfig[trustedHost] = \
             {
-                'wsdl': elem.findtext('wsdl'),
-                'role': [dict(i.items()) for i in roleElem]
+                'loginURI':     elem.findtext('loginURI'),
+                'wsdl':         elem.findtext('wsdl'),
+                'role':         [dict(i.items()) for i in roleElem]
             }
 
@@ -636 +645 @@
                 # map look-ups
                 try:
-                    self.__remoteRole2LocalRole[trustedHost][remoteRole].append(\
-                                                                localRole)                  
+                    self.__remoteRole2LocalRole[trustedHost][remoteRole].\
+                                                            append(localRole)                  
                 except KeyError:
                     self.__remoteRole2LocalRole[trustedHost][remoteRole] = \
@@ -685 +694 @@
         their possible roles
 
-        Returns None if role isn't recognised"""
+        Returns emoty dictionary if role isn't recognised"""
                                          
         if not self.__localRole2RemoteRole:
@@ -704 +713 @@
                     k, \
                     {
-                        'wsdl': v['wsdl'], \
-                        'role': \
-                        {}.fromkeys(\
+                        'wsdl':        v['wsdl'], \
+                        'loginURI':    v['loginURI'], \
+                        'role':        {}.fromkeys(\
                             [\
                                 role['remote'] for role in v['role']
@@ -720 +729 @@
                 trustedHosts = self.__localRole2TrustedHost[role]
             except:
-                return None
+                return {}
     
     
@@ -730 +739 @@
                     host, \
                     {
-                        'wsdl': self.__mapConfig[host]['wsdl'],
-                        'role': self.__localRole2RemoteRole[host][role]
+                        'wsdl':     self.__mapConfig[host]['wsdl'],
+                        'loginURI': self.__mapConfig[host]['loginURI'],
+                        'role':     self.__localRole2RemoteRole[host][role]
                     }\
                  ) for host in trustedHosts

TI12-security/trunk/python/NDG/AttAuthorityIO.py

@@ -299 +299 @@
         # Allow user credentials to be access like dictionary keys
         super(self.__class__, self).__init__(**xmlMsgKeys)
+        
+        
     #_________________________________________________________________________
     def updateXML(self, **xmlTags):
@@ -320 +322 @@
                     xmlTxt += os.linesep
                     xmlTxt += "            <wsdl>%s</wsdl>" % hostInfo['wsdl']
+                    xmlTxt += "            <loginURI>%s</loginURI>" % \
+                                                        hostInfo['loginURI']
                     xmlTxt += os.linesep
                     xmlTxt += "            <roleSet>" + os.linesep
@@ -352 +356 @@
         trustedHostsElem = rootElem.find('trustedHosts')
         if not trustedHostsElem:
-            raise TrustedHostInfoRespError(\
-            "\"trustedHosts\" tag not found in trusted host info response")
+            # No trusted hosts were found
+            return
          
         for trusted in trustedHostsElem:
@@ -362 +366 @@
                 self['trustedHosts'][host] = {}
                 
-                # Add WSDL URI and role set for that host
+                # Add WSDL URI, loginURI and role set for that host
                 self['trustedHosts'][host]['wsdl'] = \
                                             trusted.find('wsdl').text.strip()
+                                            
+                self['trustedHosts'][host]['loginURI'] = \
+                                        trusted.find('loginURI').text.strip()
                                             
                 self['trustedHosts'][host]['role'] = \

TI12-security/trunk/python/NDG/SecurityCGI.py

@@ -43 +43 @@
     def __init__(self,
                  smWSDL,
-                 userName=None,
-                 passPhrase=None,
+                 aaWSDL,
                  smPubKeyFilePath=None,
+                 aaPubKeyFilePath=None,
                  clntPubKeyFilePath=None,
                  clntPriKeyFilePath=None,
                  clntPriKeyPwd=None,
-                 aaPubKey=None,
+                 userName=None,
+                 passPhrase=None,
                  scriptName=None,
                  returnURI=None, 
-                 trustedHosts=None,
+                 trustedHostInfo=None,
                  wsDebug=False,
                  **cgiFieldStorageKwArgs):
@@ -64 +65 @@
                               to the user's home site to obtain their 
                               credentials
-        trustedHosts:         dictionary of URIs for trusted hosts indexed by
+        trustedHostInfo:     dictionary of URIs for trusted hosts indexed by
                               hostname
         wsDebug:              print output from WS transactions to stderr"""
         
         self.smWSDL = smWSDL
+        self.aaWSDL = aaWSDL
+        
         self.userName = userName
         self.passPhrase = passPhrase
+        
         self.smPubKeyFilePath = smPubKeyFilePath
+        self.aaPubKeyFilePath = aaPubKeyFilePath
+        
         self.clntPubKeyFilePath = clntPubKeyFilePath
         self.clntPriKeyFilePath = clntPriKeyFilePath
         self.clntPriKeyPwd = clntPriKeyPwd
-        self.__aaPubKey = aaPubKey
         
         if scriptName:
@@ -83 +88 @@
             
         self.returnURI = returnURI
-        self.trustedHosts = trustedHosts
+        self.trustedHostInfo = trustedHostInfo
         self.__wsDebug = False
         self.__authorisationMethod = None
@@ -320 +325 @@
         # Instantiate WS proxy and request connection
         try:
-            smClient = SessionClient(
-                                smWSDL=self.smWSDL,
-                                smPubKeyFilePath=self.smPubKeyFilePath,
-                                clntPubKeyFilePath=self.clntPubKeyFilePath,
-                                clntPriKeyFilePath=self.clntPriKeyFilePath,
-                                traceFile=traceFile)
-
-            return smClient.connect(userName=self.userName,
-                                    pPhrase=self.passPhrase,
-                                    clntPriKeyPwd=self.clntPriKeyPwd)
+            smClnt = SessionClient(smWSDL=self.smWSDL,
+                                   smPubKeyFilePath=self.smPubKeyFilePath,
+                                   clntPubKeyFilePath=self.clntPubKeyFilePath,
+                                   clntPriKeyFilePath=self.clntPriKeyFilePath,
+                                   traceFile=traceFile)
+
+            return smClnt.connect(userName=self.userName,
+                                  pPhrase=self.passPhrase,
+                                  clntPriKeyPwd=self.clntPriKeyPwd)
         except Exception, e:
             raise SecurityCGIError("Session client: " + str(e))
@@ -492 +496 @@
     
     
+    #_________________________________________________________________________
     def showHomeSiteSelect(self,
-                           trustedHosts=None,
+                           trustedHostInfo=None,
                            scriptName=None,
                            contentTypeHdr=False,
@@ -502 +507 @@
                            pageTitle=""):
 
-        if trustedHosts:
-            self.trustedHosts = trustedHosts
-        
+        if trustedHostInfo:
+            self.trustedHostInfo = trustedHostInfo
+
+        if not self.trustedHostInfo:
+            self.getTrustedHostInfo()
+            
         if scriptName:
             self.scriptName = scriptName
@@ -552 +560 @@
           <option value="">Select your home site...""" % self.scriptName
           
-            for hostname, uri in trustedHosts.items():
-                print "<option value=\"%s\">%s" % (uri, hostname)
+            for hostname, info in self.trustedHostInfo.items():
+                print "<option value=\"%s\">%s" % (info['loginURI'], hostname)
                 
             print \
@@ -573 +581 @@
     
         # end of showHomeSiteSelect()
-        
-        
-if __name__ == "__main__":
-    clntPubKeyFilePath = "../certs/GabrielCGI-cert.pem"
-    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
-
-    securityCGI = SecurityCGI("http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl",
-                 smPubKeyFilePath="/usr/local/NDG/conf/certs/gabriel-sm-cert.pem,
-                 clntPubKeyFilePath=clntPubKeyFilePath,
-                 clntPriKeyFilePath=clntPriKeyFilePath,
-                 returnURI="https://gabriel.bnsc.rl.ac.uk/cgi-bin/security.py", 
-                 trustedHosts=None)
-    securityCGI()
+
+
+    #_________________________________________________________________________
+    def getTrustedHostInfo(self):
+        """Call Attribute Authority to find out trusted hosts.  These can be
+        use to populate list for use to select home site for login"""
+        
+        if self.__wsDebug:
+            traceFile = sys.stderr
+        else:
+            traceFile = None
+
+        try:
+            aaClnt = AttAuthorityClient(aaWSDL=self.aaWSDL,
+                                aaPubKeyFilePath=self.aaPubKeyFilePath,
+                                clntPubKeyFilePath=self.clntPubKeyFilePath,
+                                clntPriKeyFilePath=self.clntPriKeyFilePath,
+                                traceFile=traceFile) 
+            
+            self.trustedHostInfo = aaClnt.getTrustedHostInfo(
+                                           clntPriKeyPwd=self.clntPriKeyPwd)
+        except Exception, e:
+            raise SecurityCGIError("Attribute Authority client: " + str(e))

TI12-security/trunk/python/Tests/SecurityClientTest.py

@@ -28 +28 @@
         try:
             # Session Manager WSDL
-            smWSDL = 'http://glue.badc.rl.ac.uk/sessionMgr.wsdl'
+            smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl'
     
             # Public key of session manager used to encrypt requests
@@ -50 +50 @@
 
             # Attribute Authority client tests
-            aaWSDL = 'http://glue.badc.rl.ac.uk/attAuthority.wsdl'
+            aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
             aaPubKeyFilePath = None
             
@@ -68 +68 @@
     def testAddUser(self):
         
-        userName = 'pjkersha'
+        userName = 'gabriel'
         
         try:
@@ -101 +101 @@
     def proxyCertConnectTest(self):
         
-        userName = 'lawrence'
+        userName = 'gabriel'
         
         try:
@@ -179 +179 @@
         """Call Attribute Authority GetTrustedHostInfo"""
         
-        role = 'rapid'
+        import pdb
+        pdb.set_trace()
+        role = 'staff'
         try:
             trustedHosts = self.aaClnt.getTrustedHostInfo(

TI12-security/trunk/python/Tests/security.py

@@ -17 +17 @@
 class TestSecurityCGI(SecurityCGI):
     """CGI interface test class for NDG Security"""
+    
     #_________________________________________________________________________
-    def showLogin(self,
-                  returnURI=None,
-                  **junk):
+    def showLogin(self, returnURI=None, **kwargs):
         """Display initial NDG login form"""
     
@@ -159 +158 @@
     
     
-    def showHomeSiteSelect(self, trustedHosts=None):
-
-        if trustedHosts:
-            self.trustedHosts = trustedHosts            
+    def showHomeSiteSelect(self, **kwargs):
+
+        if not self.trustedHostInfo:
+            self.getTrustedHostInfo()   
                 
         print """Content-type: text/html
@@ -194 +193 @@
           <option value="">Select your home site...""" % self.scriptName
           
-        for hostname, uri in trustedHosts.items():
+        for hostname, uri in self.trustedHostInfo.items():
             print "<option value=\"%s\">%s" % (uri, hostname)
                 
@@ -211 +210 @@
         # end of showHomeSiteSelect()
 
+        
+        
 if __name__ == "__main__":
-    securityCGI = TestSecurityCGI()
+    
+    smWSDL = "http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl"
+    aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
+    
+    smPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-sm-cert.pem"
+    aaPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-aa-cert.pem"
+    
+    clntPubKeyFilePath = "../certs/GabrielCGI-cert.pem"
+    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
+    
+    returnURI = "https://gabriel.bnsc.rl.ac.uk/cgi-bin/security.py"
+    
+    securityCGI = SecurityCGI(smWSDL,
+                              aaWSDL,
+                              smPubKeyFilePath=smPubKeyFilePath,
+                              aaPubKeyFilePath=aaPubKeyFilePath,
+                              clntPubKeyFilePath=clntPubKeyFilePath,
+                              clntPriKeyFilePath=clntPriKeyFilePath,
+                              returnURI=returnURI)
     securityCGI()

TI12-security/trunk/python/conf/mapConfig.xml

@@ -2 +2 @@
 <AAmap>
     <trusted name="BODC">
-        <wsdl>bodcAttAuthorityURI</wsdl>
-        <role remote="aBODCrole" local="aLocalRole"/>
+            <wsdl>bodcAttAuthorityURI</wsdl>
+            <loginURI>bodcLoginPageURI</loginURI>
+                <role remote="aBODCrole" local="aLocalRole"/>
     </trusted>
     <trusted name="escience">
-        <wsdl>eScienceAttAuthorityURI</wsdl>
-        <role remote="anEScienceRole" local="anotherLocalRole"/>
+            <wsdl>eScienceAttAuthorityURI</wsdl>
+                <role remote="anEScienceRole" local="anotherLocalRole"/>
     </trusted>
 </AAmap>