Changeset 1711


Ignore:
Timestamp:
17/11/06 11:17:03 (13 years ago)
Author:
pjkersha
Message:

SessionMgr_services_server.py: moved to SessionMgr? server package.
ndg.security.server/ndg/security/init.py: doesn't need to be a namespace
package
ndg.security.common/ndg/security/common/AttAuthorityClient.py: separated
AttAuthorityClient?* classes from SecurityClient? to the common package as
the CredWallet? needs it. CredWallet? is itself in common because it's used
by the SessionMgr? in the server package and must also be available in the
client package in case client app writers don't want to use the SessionMgr?
to keep wallet info.
ndg.security.common/ndg/security/common/CredWallet.py: modified import test -
now checks for availability of new AttAuthorityClient? module in common
package.
setup.py, setup.cfg: these are needed for making the egg that installs the
whole of the security system, server, client and common.

Location:
TI12-security/trunk/python
Files:
1 added
3 edited
2 copied
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.client/ndg/security/client/SecurityClient.py

    r1638 r1711  
    11#!/usr/bin/env python 
    2  
    3 """NDG Security client - client interface classes to Session Manager and  
    4 Attribute Authority Web Services.   
     2"""NDG Security client - client interface classes to Session Manager  
    53 
    64Make requests for authentication and authorisation 
     
    464462        except Exception, e: 
    465463            raise SessionClientError, "Error retrieving public key: " + str(e) 
    466  
    467  
    468  
    469  
    470 #_____________________________________________________________________________ 
    471 class AttAuthorityClientError(Exception): 
    472     """Exception handling for SessionClient class""" 
    473     def __init__(self, msg): 
    474         self.__msg = msg 
    475           
    476     def __str__(self): 
    477         return self.__msg 
    478  
    479  
    480 #_____________________________________________________________________________ 
    481 class AttAuthorityClient(object): 
    482      
    483     #_________________________________________________________________________ 
    484     def __init__(self,  
    485                  aaWSDL=None,  
    486                  aaPubKeyFilePath=None, 
    487                  clntPubKeyFilePath=None, 
    488                  clntPriKeyFilePath=None, 
    489                  traceFile=None): 
    490         """ 
    491         aaWSDL:                  WSDL URI for Attribute Authority WS.  Setting  
    492                                  it will set the Service Proxy 
    493         aaPubKeyFilePath:     
    494                                  Public key of Attribute Authority used to  
    495                                  encrypt the outgoing message if required -  
    496                                  set as a path on the local file system or as  
    497                                  a URI 
    498         clntPubKeyFilePath:      Public key of client.  This is passed to the 
    499                                  Attribute Authority so that it can encrypt 
    500                                  responses.  WARNING: if not set, responses 
    501                                  are returned as clear text 
    502         clntPriKeyFilePath:      Private key of client.  If clntPubKeyFilePath 
    503                                  is set, the private key is needed to decrypt  
    504                                  the response from the Attribute Authority 
    505         traceFile:               set to file object such as sys.stderr to  
    506                                  give extra WS debug information""" 
    507  
    508         self.__aaSrv = None 
    509         self.__aaWSDL = None 
    510         self.__aaPubKeyFilePath = None 
    511         self.__aaPubKeyFilePath = None 
    512         self.__clntPubKeyFilePath = None 
    513         self.__clntPubKey = None 
    514         self.__clntPriKeyFilePath = None 
    515          
    516         self.__aaPubKeyTempFile = None 
    517          
    518          
    519         if aaWSDL: 
    520             self.__setAAwsdl(aaWSDL) 
    521              
    522         if aaPubKeyFilePath: 
    523             self.__setAApubKeyFilePath(aaPubKeyFilePath) 
    524              
    525         if clntPriKeyFilePath: 
    526             self.__setClntPriKeyFilePath(clntPriKeyFilePath) 
    527              
    528         if clntPubKeyFilePath: 
    529             if clntPriKeyFilePath is None: 
    530                 raise AttAuthorityClientError, \ 
    531                     "A Client private key file is required as well a " + \ 
    532                     "public key" 
    533                      
    534             self.__setClntPubKeyFilePath(clntPubKeyFilePath) 
    535  
    536             
    537         self.__traceFile = traceFile 
    538  
    539           
    540         # Instantiate Attribute Authority WS proxy 
    541         if self.__aaWSDL: 
    542             self.serviceProxy() 
    543          
    544  
    545     #_________________________________________________________________________ 
    546     def __setAAwsdl(self, aaWSDL): 
    547          
    548         if not isinstance(aaWSDL, basestring): 
    549             raise AttAuthorityClientError, \ 
    550                         "Attribute Authority WSDL URI must be a valid string" 
    551          
    552         self.__aaWSDL = aaWSDL 
    553          
    554     aaWSDL = property(fset=__setAAwsdl,doc="Set Attribute Authority WSDL URI") 
    555  
    556  
    557     #_________________________________________________________________________ 
    558     def __setAApubKeyFilePath(self, aaPubKeyFilePath): 
    559          
    560         if not isinstance(aaPubKeyFilePath, basestring): 
    561             raise AttAuthorityClientError, \ 
    562                 "Attribute Authority public key URI must be a valid string" 
    563          
    564         self.__aaPubKeyFilePath = aaPubKeyFilePath 
    565          
    566     aaPubKeyFilePath = property(fset=__setAApubKeyFilePath, 
    567                                 doc="Set Attribute Authority public key URI") 
    568  
    569   
    570     #_________________________________________________________________________ 
    571     def __setClntPubKeyFilePath(self, clntPubKeyFilePath): 
    572          
    573         if not isinstance(clntPubKeyFilePath, basestring): 
    574             raise AttAuthorityClientError(\ 
    575                 "Client public key file path must be a valid string") 
    576          
    577         self.__clntPubKeyFilePath = clntPubKeyFilePath 
    578         try: 
    579             self.__clntPubKey = open(self.__clntPubKeyFilePath).read() 
    580              
    581         except IOError, (errNo, errMsg): 
    582             raise AttAuthorityClientError(\ 
    583                     "Reading certificate file \"%s\": %s" % \ 
    584                     (self.__clntPubKeyFilePath, errMsg)) 
    585                                 
    586         except Exception, e: 
    587             raise AttAuthorityClientError, \ 
    588                                     "Reading certificate file \"%s\": %s" % \ 
    589                                     (self.__clntPubKeyFilePath, str(e)) 
    590          
    591     clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath, 
    592                                   doc="File path for client public key") 
    593  
    594   
    595     #_________________________________________________________________________ 
    596     def __setClntPriKeyFilePath(self, clntPriKeyFilePath): 
    597          
    598         if not isinstance(clntPriKeyFilePath, basestring): 
    599             raise AttAuthorityClientError(\ 
    600                 "Client public key file path must be a valid string") 
    601          
    602         self.__clntPriKeyFilePath = clntPriKeyFilePath 
    603          
    604     clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath, 
    605                                   doc="File path for client private key") 
    606  
    607  
    608     #_________________________________________________________________________ 
    609     def __getAttAuthorityPubKey(self): 
    610         """Retrieve the public key from the URI""" 
    611          
    612         # Don't proceed unless URI was set - user may have set public key via 
    613         # aaPubKeyFilePath instead 
    614         if self.__aaPubKeyFilePath is not None: 
    615             return 
    616                  
    617         try: 
    618             self.__aaPubKeyTempFile = tempfile.NamedTemporaryFile() 
    619              
    620             pubKey = self.getPubKey() 
    621             open(self.__aaPubKeyTempFile.name, "w").write(pubKey) 
    622              
    623             self.__aaPubKeyFilePath = self.__aaPubKeyTempFile.name 
    624              
    625         except IOError, (errNo, errMsg): 
    626             raise AttAuthorityClientError, \ 
    627                                 "Writing public key to temp \"%s\": %s" % \ 
    628                                 (self.__aaPubKeyTempFile.name, errMsg)                                                                       
    629         except Exception, e: 
    630             raise AttAuthorityClientError, "Retrieving Attribute Authority "+\ 
    631                                           "public key: %s" % str(e) 
    632      
    633          
    634     #_________________________________________________________________________ 
    635     def serviceProxy(self, aaWSDL=None): 
    636         """Set the WS proxy for the Attribute Authority""" 
    637         if aaWSDL: 
    638             self.__setAAwsdl(aaWSDL) 
    639  
    640         try: 
    641             self.__aaSrv = ServiceProxy(self.__aaWSDL,  
    642                                         use_wsdl=True,  
    643                                         tracefile=self.__traceFile) 
    644         except HTTPResponse, e: 
    645             raise AttAuthorityClientError, \ 
    646                 "Error initialising WSDL Service Proxy for \"%s\": %s %s" % \ 
    647                 (self.__aaWSDL, e.status, e.reason) 
    648              
    649         except Exception, e: 
    650             raise AttAuthorityClientError, \ 
    651                 "Initialising WSDL Service Proxy for \"%s\": %s" % \ 
    652                  (self.__aaWSDL, str(e)) 
    653  
    654                                      
    655     #_________________________________________________________________________ 
    656     def getHostInfo(self, clntPriKeyPwd=None): 
    657         """Get host information for the data provider which the  
    658         Attribute Authority represents 
    659          
    660         """ 
    661  
    662         # If Public key was not set, retrieve from server 
    663         self.__getAttAuthorityPubKey() 
    664              
    665         try:    
    666             hostInfoReq = aaIO.HostInfoReq(encrCert=self.__clntPubKey, 
    667                                 encrPubKeyFilePath=self.__aaPubKeyFilePath)  
    668  
    669             # Pass encrypted request 
    670             resp = self.__aaSrv.getHostInfo(hostInfoReq=hostInfoReq()) 
    671                          
    672             hostInfoResp = aaIO.HostInfoResp(\ 
    673                                 xmlTxt=resp['hostInfoResp'], 
    674                                 encrPriKeyFilePath=self.__clntPriKeyFilePath, 
    675                                 encrPriKeyPwd=clntPriKeyPwd)             
    676         except Exception, e: 
    677             raise AttAuthorityClientError, "Error: " + str(e) 
    678    
    679464                             
    680         if 'errMsg' in hostInfoResp and hostInfoResp['errMsg']: 
    681             raise AttAuthorityClientError, hostInfoResp['errMsg'] 
    682  
    683         return hostInfoResp['thisHost'] 
    684  
    685                                      
    686     #_________________________________________________________________________ 
    687     def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None): 
    688         """Get list of trusted hosts for an Attribute Authority 
    689          
    690         """ 
    691  
    692         # If Public key was not set, retrieve from server 
    693         self.__getAttAuthorityPubKey() 
    694              
    695         try:    
    696             trustedHostInfoReq = aaIO.TrustedHostInfoReq(role=role,  
    697                                 encrCert=self.__clntPubKey, 
    698                                 encrPubKeyFilePath=self.__aaPubKeyFilePath)  
    699  
    700             # Pass encrypted request 
    701             resp = self.__aaSrv.getTrustedHostInfo(\ 
    702                                     trustedHostInfoReq=trustedHostInfoReq()) 
    703                          
    704             trustedHostInfoResp = aaIO.TrustedHostInfoResp(\ 
    705                                 xmlTxt=resp['trustedHostInfoResp'], 
    706                                 encrPriKeyFilePath=self.__clntPriKeyFilePath, 
    707                                 encrPriKeyPwd=clntPriKeyPwd)             
    708         except Exception, e: 
    709             raise AttAuthorityClientError, "Error: " + str(e) 
    710    
    711                              
    712         if 'errMsg' in trustedHostInfoResp and trustedHostInfoResp['errMsg']: 
    713             raise AttAuthorityClientError, trustedHostInfoResp['errMsg'] 
    714  
    715         return trustedHostInfoResp['trustedHosts'] 
    716      
    717  
    718     #_________________________________________________________________________ 
    719     def reqAuthorisation(self,  
    720                          proxyCert,  
    721                          userAttCert=None,  
    722                          clntPriKeyPwd=None): 
    723         """Request authorisation from NDG Attribute Authority Web Service.""" 
    724  
    725  
    726         # If Public key was not set, retrieve from server 
    727         self.__getAttAuthorityPubKey() 
    728  
    729  
    730         try:    
    731             authzReq = aaIO.AuthorisationReq(proxyCert=proxyCert, 
    732                                  userAttCert=userAttCert, 
    733                                  encrCert=self.__clntPubKey, 
    734                                  encrPubKeyFilePath=self.__aaPubKeyFilePath)  
    735  
    736             resp = self.__aaSrv.reqAuthorisation(authorisationReq=authzReq()) 
    737                                        
    738             authzResp=aaIO.AuthorisationResp(xmlTxt=resp['authorisationResp'], 
    739                                 encrPriKeyFilePath=self.__clntPriKeyFilePath, 
    740                                 encrPriKeyPwd=clntPriKeyPwd)            
    741         except Exception, e: 
    742             raise AttAuthorityClientError, "Error: " + str(e) 
    743              
    744         if authzResp['statCode'] == authzResp.accessError: 
    745             raise AttAuthorityClientError, authzResp['errMsg'] 
    746          
    747         return authzResp 
    748  
    749                                      
    750     #_________________________________________________________________________ 
    751     def getPubKey(self): 
    752         """Retrieve the public key of the Session Manager""" 
    753          
    754         try:    
    755             pubKeyReq = aaIO.PubKeyReq()  
    756  
    757             # Pass request 
    758             resp = self.__aaSrv.getPubKey(pubKeyReq=pubKeyReq()) 
    759                          
    760             pubKeyResp = aaIO.PubKeyResp(xmlTxt=resp['pubKeyResp']) 
    761                              
    762             if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']: 
    763                 raise AttAuthorityClientError(pubKeyResp['errMsg']) 
    764              
    765             return pubKeyResp['pubKey'] 
    766          
    767         except Exception, e: 
    768             raise AttAuthorityClientError, \ 
    769                                     "Error retrieving public key: " + str(e)                               
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r1642 r1711  
    2727aaImportError = True 
    2828try: 
    29     from SecurityClient import AttAuthorityClient, AttAuthorityClientError 
     29    from AttAuthorityClient import AttAuthorityClient, AttAuthorityClientError 
    3030    aaImportError = False 
    3131     
     
    3636# no need to import it 
    3737try: 
    38     from AttAuthority import * 
     38    from ndg.security.server.AttAuthority import AttAuthority, \ 
     39        AttAuthorityError 
    3940    aaImportError = False 
    4041except: 
     
    4243 
    4344if aaImportError: 
    44     raise ImportError("Either AttAuthority or ZSI modules must be " + \ 
    45                       "present to allow interoperation with Attribute " +\ 
    46                       "Authorities") 
     45    raise ImportError, \ 
     46        "Either AttAuthority or AttAuthority client modules must be " + \ 
     47        "present to allow interoperation with Attribute Authorities" 
    4748 
    4849# Authentication X.509 Certificate 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/__init__.py

    r1701 r1711  
    77This software may be distributed under the terms of the Q Public License, 
    88version 1.0 or later. 
    9  
    10 This is a setuptools namespace_package.  DO NOT place any other 
    11 code in this file!  There is no guarantee that it will be installed 
    12 with easy_install.  See: 
    13  
    14 http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages 
    15  
    16 ... for details. 
    179""" 
    18 __import__('pkg_resources').declare_namespace(__name__) 
Note: See TracChangeset for help on using the changeset viewer.