Changeset 1711

Timestamp:

17/11/06 11:17:03 (13 years ago)

Author:

pjkersha

Message:

SessionMgr_services_server.py: moved to SessionMgr? server package.
ndg.security.server/ndg/security/init.py: doesn't need to be a namespace
package
ndg.security.common/ndg/security/common/AttAuthorityClient.py: separated
AttAuthorityClient?* classes from SecurityClient? to the common package as
the CredWallet? needs it. CredWallet? is itself in common because it's used
by the SessionMgr? in the server package and must also be available in the
client package in case client app writers don't want to use the SessionMgr?
to keep wallet info.
ndg.security.common/ndg/security/common/CredWallet.py: modified import test -
now checks for availability of new AttAuthorityClient? module in common
package.
setup.py, setup.cfg: these are needed for making the egg that installs the
whole of the security system, server, client and common.

Location:

TI12-security/trunk/python

Files:

• ndg.security.client/ndg/security/client/SecurityClient.py (modified) (2 diffs)
• ndg.security.common/ndg/security/common/AttAuthorityClient.py (added)
• ndg.security.common/ndg/security/common/CredWallet.py (modified) (3 diffs)
• ndg.security.server/ndg/security/__init__.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py (moved) (moved from TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionMgr_services_server.py)
• setup.cfg (copied) (copied from TI12-security/trunk/python/ndg.security.common/setup.cfg)
• setup.py (copied) (copied from TI12-security/trunk/python/ndg.security.common/setup.py)

TI12-security/trunk/python/ndg.security.client/ndg/security/client/SecurityClient.py

@@ -1 +1 @@
 #!/usr/bin/env python
-
-"""NDG Security client - client interface classes to Session Manager and 
-Attribute Authority Web Services.  
+"""NDG Security client - client interface classes to Session Manager 
 
 Make requests for authentication and authorisation
@@ -464 +462 @@
         except Exception, e:
             raise SessionClientError, "Error retrieving public key: " + str(e)
-
-
-
-
-#_____________________________________________________________________________
-class AttAuthorityClientError(Exception):
-    """Exception handling for SessionClient class"""
-    def __init__(self, msg):
-        self.__msg = msg
-         
-    def __str__(self):
-        return self.__msg
-
-
-#_____________________________________________________________________________
-class AttAuthorityClient(object):
-    
-    #_________________________________________________________________________
-    def __init__(self, 
-                 aaWSDL=None, 
-                 aaPubKeyFilePath=None,
-                 clntPubKeyFilePath=None,
-                 clntPriKeyFilePath=None,
-                 traceFile=None):
-        """
-        aaWSDL:                  WSDL URI for Attribute Authority WS.  Setting 
-                                 it will set the Service Proxy
-        aaPubKeyFilePath:    
-                                 Public key of Attribute Authority used to 
-                                 encrypt the outgoing message if required - 
-                                 set as a path on the local file system or as 
-                                 a URI
-        clntPubKeyFilePath:      Public key of client.  This is passed to the
-                                 Attribute Authority so that it can encrypt
-                                 responses.  WARNING: if not set, responses
-                                 are returned as clear text
-        clntPriKeyFilePath:      Private key of client.  If clntPubKeyFilePath
-                                 is set, the private key is needed to decrypt 
-                                 the response from the Attribute Authority
-        traceFile:               set to file object such as sys.stderr to 
-                                 give extra WS debug information"""
-
-        self.__aaSrv = None
-        self.__aaWSDL = None
-        self.__aaPubKeyFilePath = None
-        self.__aaPubKeyFilePath = None
-        self.__clntPubKeyFilePath = None
-        self.__clntPubKey = None
-        self.__clntPriKeyFilePath = None
-        
-        self.__aaPubKeyTempFile = None
-        
-        
-        if aaWSDL:
-            self.__setAAwsdl(aaWSDL)
-            
-        if aaPubKeyFilePath:
-            self.__setAApubKeyFilePath(aaPubKeyFilePath)
-            
-        if clntPriKeyFilePath:
-            self.__setClntPriKeyFilePath(clntPriKeyFilePath)
-            
-        if clntPubKeyFilePath:
-            if clntPriKeyFilePath is None:
-                raise AttAuthorityClientError, \
-                    "A Client private key file is required as well a " + \
-                    "public key"
-                    
-            self.__setClntPubKeyFilePath(clntPubKeyFilePath)
-
-           
-        self.__traceFile = traceFile
-
-         
-        # Instantiate Attribute Authority WS proxy
-        if self.__aaWSDL:
-            self.serviceProxy()
-        
-
-    #_________________________________________________________________________
-    def __setAAwsdl(self, aaWSDL):
-        
-        if not isinstance(aaWSDL, basestring):
-            raise AttAuthorityClientError, \
-                        "Attribute Authority WSDL URI must be a valid string"
-        
-        self.__aaWSDL = aaWSDL
-        
-    aaWSDL = property(fset=__setAAwsdl,doc="Set Attribute Authority WSDL URI")
-
-
-    #_________________________________________________________________________
-    def __setAApubKeyFilePath(self, aaPubKeyFilePath):
-        
-        if not isinstance(aaPubKeyFilePath, basestring):
-            raise AttAuthorityClientError, \
-                "Attribute Authority public key URI must be a valid string"
-        
-        self.__aaPubKeyFilePath = aaPubKeyFilePath
-        
-    aaPubKeyFilePath = property(fset=__setAApubKeyFilePath,
-                                doc="Set Attribute Authority public key URI")
-
- 
-    #_________________________________________________________________________
-    def __setClntPubKeyFilePath(self, clntPubKeyFilePath):
-        
-        if not isinstance(clntPubKeyFilePath, basestring):
-            raise AttAuthorityClientError(\
-                "Client public key file path must be a valid string")
-        
-        self.__clntPubKeyFilePath = clntPubKeyFilePath
-        try:
-            self.__clntPubKey = open(self.__clntPubKeyFilePath).read()
-            
-        except IOError, (errNo, errMsg):
-            raise AttAuthorityClientError(\
-                    "Reading certificate file \"%s\": %s" % \
-                    (self.__clntPubKeyFilePath, errMsg))
-                               
-        except Exception, e:
-            raise AttAuthorityClientError, \
-                                    "Reading certificate file \"%s\": %s" % \
-                                    (self.__clntPubKeyFilePath, str(e))
-        
-    clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath,
-                                  doc="File path for client public key")
-
- 
-    #_________________________________________________________________________
-    def __setClntPriKeyFilePath(self, clntPriKeyFilePath):
-        
-        if not isinstance(clntPriKeyFilePath, basestring):
-            raise AttAuthorityClientError(\
-                "Client public key file path must be a valid string")
-        
-        self.__clntPriKeyFilePath = clntPriKeyFilePath
-        
-    clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,
-                                  doc="File path for client private key")
-
-
-    #_________________________________________________________________________
-    def __getAttAuthorityPubKey(self):
-        """Retrieve the public key from the URI"""
-        
-        # Don't proceed unless URI was set - user may have set public key via
-        # aaPubKeyFilePath instead
-        if self.__aaPubKeyFilePath is not None:
-            return
-                
-        try:
-            self.__aaPubKeyTempFile = tempfile.NamedTemporaryFile()
-            
-            pubKey = self.getPubKey()
-            open(self.__aaPubKeyTempFile.name, "w").write(pubKey)
-            
-            self.__aaPubKeyFilePath = self.__aaPubKeyTempFile.name
-            
-        except IOError, (errNo, errMsg):
-            raise AttAuthorityClientError, \
-                                "Writing public key to temp \"%s\": %s" % \
-                                (self.__aaPubKeyTempFile.name, errMsg)                                                                      
-        except Exception, e:
-            raise AttAuthorityClientError, "Retrieving Attribute Authority "+\
-                                          "public key: %s" % str(e)
-    
-        
-    #_________________________________________________________________________
-    def serviceProxy(self, aaWSDL=None):
-        """Set the WS proxy for the Attribute Authority"""
-        if aaWSDL:
-            self.__setAAwsdl(aaWSDL)
-
-        try:
-            self.__aaSrv = ServiceProxy(self.__aaWSDL, 
-                                        use_wsdl=True, 
-                                        tracefile=self.__traceFile)
-        except HTTPResponse, e:
-            raise AttAuthorityClientError, \
-                "Error initialising WSDL Service Proxy for \"%s\": %s %s" % \
-                (self.__aaWSDL, e.status, e.reason)
-            
-        except Exception, e:
-            raise AttAuthorityClientError, \
-                "Initialising WSDL Service Proxy for \"%s\": %s" % \
-                 (self.__aaWSDL, str(e))
-
-                                    
-    #_________________________________________________________________________
-    def getHostInfo(self, clntPriKeyPwd=None):
-        """Get host information for the data provider which the 
-        Attribute Authority represents
-        
-        """
-
-        # If Public key was not set, retrieve from server
-        self.__getAttAuthorityPubKey()
-            
-        try:   
-            hostInfoReq = aaIO.HostInfoReq(encrCert=self.__clntPubKey,
-                                encrPubKeyFilePath=self.__aaPubKeyFilePath) 
-
-            # Pass encrypted request
-            resp = self.__aaSrv.getHostInfo(hostInfoReq=hostInfoReq())
-                        
-            hostInfoResp = aaIO.HostInfoResp(\
-                                xmlTxt=resp['hostInfoResp'],
-                                encrPriKeyFilePath=self.__clntPriKeyFilePath,
-                                encrPriKeyPwd=clntPriKeyPwd)            
-        except Exception, e:
-            raise AttAuthorityClientError, "Error: " + str(e)
-  
                             
-        if 'errMsg' in hostInfoResp and hostInfoResp['errMsg']:
-            raise AttAuthorityClientError, hostInfoResp['errMsg']
-
-        return hostInfoResp['thisHost']
-
-                                    
-    #_________________________________________________________________________
-    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
-        """Get list of trusted hosts for an Attribute Authority
-        
-        """
-
-        # If Public key was not set, retrieve from server
-        self.__getAttAuthorityPubKey()
-            
-        try:   
-            trustedHostInfoReq = aaIO.TrustedHostInfoReq(role=role, 
-                                encrCert=self.__clntPubKey,
-                                encrPubKeyFilePath=self.__aaPubKeyFilePath) 
-
-            # Pass encrypted request
-            resp = self.__aaSrv.getTrustedHostInfo(\
-                                    trustedHostInfoReq=trustedHostInfoReq())
-                        
-            trustedHostInfoResp = aaIO.TrustedHostInfoResp(\
-                                xmlTxt=resp['trustedHostInfoResp'],
-                                encrPriKeyFilePath=self.__clntPriKeyFilePath,
-                                encrPriKeyPwd=clntPriKeyPwd)            
-        except Exception, e:
-            raise AttAuthorityClientError, "Error: " + str(e)
-  
-                            
-        if 'errMsg' in trustedHostInfoResp and trustedHostInfoResp['errMsg']:
-            raise AttAuthorityClientError, trustedHostInfoResp['errMsg']
-
-        return trustedHostInfoResp['trustedHosts']
-    
-
-    #_________________________________________________________________________
-    def reqAuthorisation(self, 
-                         proxyCert, 
-                         userAttCert=None, 
-                         clntPriKeyPwd=None):
-        """Request authorisation from NDG Attribute Authority Web Service."""
-
-
-        # If Public key was not set, retrieve from server
-        self.__getAttAuthorityPubKey()
-
-
-        try:   
-            authzReq = aaIO.AuthorisationReq(proxyCert=proxyCert,
-                                 userAttCert=userAttCert,
-                                 encrCert=self.__clntPubKey,
-                                 encrPubKeyFilePath=self.__aaPubKeyFilePath) 
-
-            resp = self.__aaSrv.reqAuthorisation(authorisationReq=authzReq())
-                                      
-            authzResp=aaIO.AuthorisationResp(xmlTxt=resp['authorisationResp'],
-                                encrPriKeyFilePath=self.__clntPriKeyFilePath,
-                                encrPriKeyPwd=clntPriKeyPwd)           
-        except Exception, e:
-            raise AttAuthorityClientError, "Error: " + str(e)
-            
-        if authzResp['statCode'] == authzResp.accessError:
-            raise AttAuthorityClientError, authzResp['errMsg']
-        
-        return authzResp
-
-                                    
-    #_________________________________________________________________________
-    def getPubKey(self):
-        """Retrieve the public key of the Session Manager"""
-        
-        try:   
-            pubKeyReq = aaIO.PubKeyReq() 
-
-            # Pass request
-            resp = self.__aaSrv.getPubKey(pubKeyReq=pubKeyReq())
-                        
-            pubKeyResp = aaIO.PubKeyResp(xmlTxt=resp['pubKeyResp'])
-                            
-            if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']:
-                raise AttAuthorityClientError(pubKeyResp['errMsg'])
-            
-            return pubKeyResp['pubKey']
-        
-        except Exception, e:
-            raise AttAuthorityClientError, \
-                                    "Error retrieving public key: " + str(e)                              

TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

@@ -27 +27 @@
 aaImportError = True
 try:
-    from SecurityClient import AttAuthorityClient, AttAuthorityClientError
+    from AttAuthorityClient import AttAuthorityClient, AttAuthorityClientError
     aaImportError = False
     
@@ -36 +36 @@
 # no need to import it
 try:
-    from AttAuthority import *
+    from ndg.security.server.AttAuthority import AttAuthority, \
+        AttAuthorityError
     aaImportError = False
 except:
@@ -42 +43 @@
 
 if aaImportError:
-    raise ImportError("Either AttAuthority or ZSI modules must be " + \
-                      "present to allow interoperation with Attribute " +\
-                      "Authorities")
+    raise ImportError, \
+        "Either AttAuthority or AttAuthority client modules must be " + \
+        "present to allow interoperation with Attribute Authorities"
 
 # Authentication X.509 Certificate

TI12-security/trunk/python/ndg.security.server/ndg/security/__init__.py

@@ -7 +7 @@
 This software may be distributed under the terms of the Q Public License,
 version 1.0 or later.
-
-This is a setuptools namespace_package.  DO NOT place any other
-code in this file!  There is no guarantee that it will be installed
-with easy_install.  See:
-
-http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages
-
-... for details.
 """
-__import__('pkg_resources').declare_namespace(__name__)