Changeset 1711
- Timestamp:
- 17/11/06 11:17:03 (14 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 1 added
- 3 edited
- 2 copied
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.client/ndg/security/client/SecurityClient.py
r1638 r1711 1 1 #!/usr/bin/env python 2 3 """NDG Security client - client interface classes to Session Manager and 4 Attribute Authority Web Services. 2 """NDG Security client - client interface classes to Session Manager 5 3 6 4 Make requests for authentication and authorisation … … 464 462 except Exception, e: 465 463 raise SessionClientError, "Error retrieving public key: " + str(e) 466 467 468 469 470 #_____________________________________________________________________________471 class AttAuthorityClientError(Exception):472 """Exception handling for SessionClient class"""473 def __init__(self, msg):474 self.__msg = msg475 476 def __str__(self):477 return self.__msg478 479 480 #_____________________________________________________________________________481 class AttAuthorityClient(object):482 483 #_________________________________________________________________________484 def __init__(self,485 aaWSDL=None,486 aaPubKeyFilePath=None,487 clntPubKeyFilePath=None,488 clntPriKeyFilePath=None,489 traceFile=None):490 """491 aaWSDL: WSDL URI for Attribute Authority WS. Setting492 it will set the Service Proxy493 aaPubKeyFilePath:494 Public key of Attribute Authority used to495 encrypt the outgoing message if required -496 set as a path on the local file system or as497 a URI498 clntPubKeyFilePath: Public key of client. This is passed to the499 Attribute Authority so that it can encrypt500 responses. WARNING: if not set, responses501 are returned as clear text502 clntPriKeyFilePath: Private key of client. If clntPubKeyFilePath503 is set, the private key is needed to decrypt504 the response from the Attribute Authority505 traceFile: set to file object such as sys.stderr to506 give extra WS debug information"""507 508 self.__aaSrv = None509 self.__aaWSDL = None510 self.__aaPubKeyFilePath = None511 self.__aaPubKeyFilePath = None512 self.__clntPubKeyFilePath = None513 self.__clntPubKey = None514 self.__clntPriKeyFilePath = None515 516 self.__aaPubKeyTempFile = None517 518 519 if aaWSDL:520 self.__setAAwsdl(aaWSDL)521 522 if aaPubKeyFilePath:523 self.__setAApubKeyFilePath(aaPubKeyFilePath)524 525 if clntPriKeyFilePath:526 self.__setClntPriKeyFilePath(clntPriKeyFilePath)527 528 if clntPubKeyFilePath:529 if clntPriKeyFilePath is None:530 raise AttAuthorityClientError, \531 "A Client private key file is required as well a " + \532 "public key"533 534 self.__setClntPubKeyFilePath(clntPubKeyFilePath)535 536 537 self.__traceFile = traceFile538 539 540 # Instantiate Attribute Authority WS proxy541 if self.__aaWSDL:542 self.serviceProxy()543 544 545 #_________________________________________________________________________546 def __setAAwsdl(self, aaWSDL):547 548 if not isinstance(aaWSDL, basestring):549 raise AttAuthorityClientError, \550 "Attribute Authority WSDL URI must be a valid string"551 552 self.__aaWSDL = aaWSDL553 554 aaWSDL = property(fset=__setAAwsdl,doc="Set Attribute Authority WSDL URI")555 556 557 #_________________________________________________________________________558 def __setAApubKeyFilePath(self, aaPubKeyFilePath):559 560 if not isinstance(aaPubKeyFilePath, basestring):561 raise AttAuthorityClientError, \562 "Attribute Authority public key URI must be a valid string"563 564 self.__aaPubKeyFilePath = aaPubKeyFilePath565 566 aaPubKeyFilePath = property(fset=__setAApubKeyFilePath,567 doc="Set Attribute Authority public key URI")568 569 570 #_________________________________________________________________________571 def __setClntPubKeyFilePath(self, clntPubKeyFilePath):572 573 if not isinstance(clntPubKeyFilePath, basestring):574 raise AttAuthorityClientError(\575 "Client public key file path must be a valid string")576 577 self.__clntPubKeyFilePath = clntPubKeyFilePath578 try:579 self.__clntPubKey = open(self.__clntPubKeyFilePath).read()580 581 except IOError, (errNo, errMsg):582 raise AttAuthorityClientError(\583 "Reading certificate file \"%s\": %s" % \584 (self.__clntPubKeyFilePath, errMsg))585 586 except Exception, e:587 raise AttAuthorityClientError, \588 "Reading certificate file \"%s\": %s" % \589 (self.__clntPubKeyFilePath, str(e))590 591 clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath,592 doc="File path for client public key")593 594 595 #_________________________________________________________________________596 def __setClntPriKeyFilePath(self, clntPriKeyFilePath):597 598 if not isinstance(clntPriKeyFilePath, basestring):599 raise AttAuthorityClientError(\600 "Client public key file path must be a valid string")601 602 self.__clntPriKeyFilePath = clntPriKeyFilePath603 604 clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath,605 doc="File path for client private key")606 607 608 #_________________________________________________________________________609 def __getAttAuthorityPubKey(self):610 """Retrieve the public key from the URI"""611 612 # Don't proceed unless URI was set - user may have set public key via613 # aaPubKeyFilePath instead614 if self.__aaPubKeyFilePath is not None:615 return616 617 try:618 self.__aaPubKeyTempFile = tempfile.NamedTemporaryFile()619 620 pubKey = self.getPubKey()621 open(self.__aaPubKeyTempFile.name, "w").write(pubKey)622 623 self.__aaPubKeyFilePath = self.__aaPubKeyTempFile.name624 625 except IOError, (errNo, errMsg):626 raise AttAuthorityClientError, \627 "Writing public key to temp \"%s\": %s" % \628 (self.__aaPubKeyTempFile.name, errMsg)629 except Exception, e:630 raise AttAuthorityClientError, "Retrieving Attribute Authority "+\631 "public key: %s" % str(e)632 633 634 #_________________________________________________________________________635 def serviceProxy(self, aaWSDL=None):636 """Set the WS proxy for the Attribute Authority"""637 if aaWSDL:638 self.__setAAwsdl(aaWSDL)639 640 try:641 self.__aaSrv = ServiceProxy(self.__aaWSDL,642 use_wsdl=True,643 tracefile=self.__traceFile)644 except HTTPResponse, e:645 raise AttAuthorityClientError, \646 "Error initialising WSDL Service Proxy for \"%s\": %s %s" % \647 (self.__aaWSDL, e.status, e.reason)648 649 except Exception, e:650 raise AttAuthorityClientError, \651 "Initialising WSDL Service Proxy for \"%s\": %s" % \652 (self.__aaWSDL, str(e))653 654 655 #_________________________________________________________________________656 def getHostInfo(self, clntPriKeyPwd=None):657 """Get host information for the data provider which the658 Attribute Authority represents659 660 """661 662 # If Public key was not set, retrieve from server663 self.__getAttAuthorityPubKey()664 665 try:666 hostInfoReq = aaIO.HostInfoReq(encrCert=self.__clntPubKey,667 encrPubKeyFilePath=self.__aaPubKeyFilePath)668 669 # Pass encrypted request670 resp = self.__aaSrv.getHostInfo(hostInfoReq=hostInfoReq())671 672 hostInfoResp = aaIO.HostInfoResp(\673 xmlTxt=resp['hostInfoResp'],674 encrPriKeyFilePath=self.__clntPriKeyFilePath,675 encrPriKeyPwd=clntPriKeyPwd)676 except Exception, e:677 raise AttAuthorityClientError, "Error: " + str(e)678 679 464 680 if 'errMsg' in hostInfoResp and hostInfoResp['errMsg']:681 raise AttAuthorityClientError, hostInfoResp['errMsg']682 683 return hostInfoResp['thisHost']684 685 686 #_________________________________________________________________________687 def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):688 """Get list of trusted hosts for an Attribute Authority689 690 """691 692 # If Public key was not set, retrieve from server693 self.__getAttAuthorityPubKey()694 695 try:696 trustedHostInfoReq = aaIO.TrustedHostInfoReq(role=role,697 encrCert=self.__clntPubKey,698 encrPubKeyFilePath=self.__aaPubKeyFilePath)699 700 # Pass encrypted request701 resp = self.__aaSrv.getTrustedHostInfo(\702 trustedHostInfoReq=trustedHostInfoReq())703 704 trustedHostInfoResp = aaIO.TrustedHostInfoResp(\705 xmlTxt=resp['trustedHostInfoResp'],706 encrPriKeyFilePath=self.__clntPriKeyFilePath,707 encrPriKeyPwd=clntPriKeyPwd)708 except Exception, e:709 raise AttAuthorityClientError, "Error: " + str(e)710 711 712 if 'errMsg' in trustedHostInfoResp and trustedHostInfoResp['errMsg']:713 raise AttAuthorityClientError, trustedHostInfoResp['errMsg']714 715 return trustedHostInfoResp['trustedHosts']716 717 718 #_________________________________________________________________________719 def reqAuthorisation(self,720 proxyCert,721 userAttCert=None,722 clntPriKeyPwd=None):723 """Request authorisation from NDG Attribute Authority Web Service."""724 725 726 # If Public key was not set, retrieve from server727 self.__getAttAuthorityPubKey()728 729 730 try:731 authzReq = aaIO.AuthorisationReq(proxyCert=proxyCert,732 userAttCert=userAttCert,733 encrCert=self.__clntPubKey,734 encrPubKeyFilePath=self.__aaPubKeyFilePath)735 736 resp = self.__aaSrv.reqAuthorisation(authorisationReq=authzReq())737 738 authzResp=aaIO.AuthorisationResp(xmlTxt=resp['authorisationResp'],739 encrPriKeyFilePath=self.__clntPriKeyFilePath,740 encrPriKeyPwd=clntPriKeyPwd)741 except Exception, e:742 raise AttAuthorityClientError, "Error: " + str(e)743 744 if authzResp['statCode'] == authzResp.accessError:745 raise AttAuthorityClientError, authzResp['errMsg']746 747 return authzResp748 749 750 #_________________________________________________________________________751 def getPubKey(self):752 """Retrieve the public key of the Session Manager"""753 754 try:755 pubKeyReq = aaIO.PubKeyReq()756 757 # Pass request758 resp = self.__aaSrv.getPubKey(pubKeyReq=pubKeyReq())759 760 pubKeyResp = aaIO.PubKeyResp(xmlTxt=resp['pubKeyResp'])761 762 if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']:763 raise AttAuthorityClientError(pubKeyResp['errMsg'])764 765 return pubKeyResp['pubKey']766 767 except Exception, e:768 raise AttAuthorityClientError, \769 "Error retrieving public key: " + str(e) -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py
r1642 r1711 27 27 aaImportError = True 28 28 try: 29 from SecurityClient import AttAuthorityClient, AttAuthorityClientError29 from AttAuthorityClient import AttAuthorityClient, AttAuthorityClientError 30 30 aaImportError = False 31 31 … … 36 36 # no need to import it 37 37 try: 38 from AttAuthority import * 38 from ndg.security.server.AttAuthority import AttAuthority, \ 39 AttAuthorityError 39 40 aaImportError = False 40 41 except: … … 42 43 43 44 if aaImportError: 44 raise ImportError ("Either AttAuthority or ZSI modules must be " +\45 "present to allow interoperation with Attribute " +\46 "Authorities")45 raise ImportError, \ 46 "Either AttAuthority or AttAuthority client modules must be " + \ 47 "present to allow interoperation with Attribute Authorities" 47 48 48 49 # Authentication X.509 Certificate -
TI12-security/trunk/python/ndg.security.server/ndg/security/__init__.py
r1701 r1711 7 7 This software may be distributed under the terms of the Q Public License, 8 8 version 1.0 or later. 9 10 This is a setuptools namespace_package. DO NOT place any other11 code in this file! There is no guarantee that it will be installed12 with easy_install. See:13 14 http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages15 16 ... for details.17 9 """ 18 __import__('pkg_resources').declare_namespace(__name__)
Note: See TracChangeset
for help on using the changeset viewer.