Ignore:
Timestamp:
26/01/07 16:45:46 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Include additional checks for loadCredUserRolesInterface.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • updated soap_connect to wire up to SessionMgr?.connect
  • use of SSL is configurable from useSSL properties file element
  • likewise pick up port number from properties file

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • move lambda functions outside SessionMgr? class - easier to reference.
  • added extra elements to properties file - port num, use SSL flag, SSL cert/private key settings. Simple CA client settings
  • Include additional checks for loadCredReposInterface.
  • update connect method to return proxy cert, proxy private key, user cert and cookie as separate tuple elements.

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:

  • connect response has separate elements for proxy cert, proxy private key and user cert.
  • disconnect proxyCert -> userCert. proxy is set in signature in SOAP header.

python/ndg.security.server/ndg/security/server/MyProxy.py: fixes to readProperties method.

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:
added additional elements for SSL connection.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:
updates to connect method.

python/ndg.security.test/ndg/security/test/SessionMgr/server.sh: update to header

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
modified PKI config settings.

python/ndg.security.common/ndg/security/common/wsSecurity.py: catch exceptions explicitly
for cert and private key file reading errors.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py: SM client ...

  • 'smCertFilePath' refs changed to 'srvCertFilePath'
  • fixes to connect method
  • renamed 'reqAuthorisation' -> 'getAttCert'

python/ndg.security.common/ndg/security/common/CredWallet.py: added NullCredRepos? class.
Its allows for the case where a deployment doesn't require a Credential Repository. It
implements a class with empty stubs.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac

    r2058 r2063  
    2626        WSSecurityHandler, SignatureHandler 
    2727 
    28 # Use for stub testing only 
    29 from ndg.security.common.SessionCookie import SessionCookie 
    30 from datetime import datetime, timedelta 
    3128 
    3229class SessionMgrServiceSub(SessionMgrService, WSResource): 
     
    5148        request, response = SessionMgrService.soap_connect(self, ps) 
    5249 
    53         if request.get_element_getCookie(): 
    54             dtExpiry = datetime.utcnow() + timedelta(seconds=60*60) 
    55             cookie = SessionCookie(ndgID1='9'*64,  
    56                                    ndgID2='0'*64, 
    57                                    dtExpiry=dtExpiry) 
    58             response.set_element_cookie(cookie) 
    59         else:  
    60             response.set_element_proxyCert(proxyCert) 
     50        proxyCert, proxyPriKey, userCert, sessCookie = self.sm.connect(\ 
     51                                        username=request.get_element_username(), 
     52                                        passphrase=request.get_element_passphrase(), 
     53                                        createServerSess=request.get_element_createServerSess(), 
     54                                        getCookie=request.get_element_getCookie()) 
     55                                         
     56        response.set_element_proxyCert(proxyCert) 
     57        response.set_element_proxyPriKey(proxyPriKey) 
     58        response.set_element_userCert(userCert) 
     59        response.set_element_cookie(sessCookie) 
    6160                          
    6261        return request, response 
     
    7776        #import pdb;pdb.set_trace() 
    7877        request, response = SessionMgrService.soap_getX509Cert(self, ps) 
    79         response.set_element_x509Cert(open(certFilePath).read().strip()) 
     78        response.set_element_x509Cert(open(self.sm['certFile']).read().strip()) 
    8079        return request, response 
    8180 
     
    9796application = service.Application("SessionManagerContainer") 
    9897 
    99 # Use SSL connection 
    100 from twisted.internet import ssl 
    101  
    102 # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL 
    103 ctxFactory = ssl.DefaultOpenSSLContextFactory(priKeyFilePath, certFilePath) 
    104 port = internet.SSLServer(portNum, siteFactory, ctxFactory) 
    105  
    106 # Non-SSL 
    107 #hostname = socket.gethostname() 
    108 #port = internet.TCPServer(portNum, siteFactory)#, interface=hostname) 
     98if smSrv.sm['useSSL']: 
     99        # Use SSL connection 
     100        from twisted.internet import ssl 
     101         
     102        # Nb. ssl.DefaultOpenSSLContextFactory requires pyOpenSSL 
     103        ctxFactory = ssl.DefaultOpenSSLContextFactory(smSrv.sm['sslKeyFile'],  
     104                                                                                                  smSrv.sm['sslCertFile']) 
     105        port = internet.SSLServer(smSrv.sm['portNum'], siteFactory, ctxFactory) 
     106else:    
     107        # Non-SSL 
     108        port = internet.TCPServer(smSrv.sm['portNum'], siteFactory) 
    109109 
    110110port.setServiceParent(application) 
Note: See TracChangeset for help on using the changeset viewer.