Ignore:
Timestamp:
30/01/07 08:57:43 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • Added code to soap_getAttCert stub
  • updated WSSecurityHandler.signatureHandler initialisation with new keywords.

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • renamed redirectAuthorisationReq -> redirectAttCertReq
  • createUserSession now takes proxy cert, private key and user cert as inputs

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py and
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:
Modified getAttCert and disconnect operations.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • updated call to SessionMgrClient? to use new SignatureHandler? keywords.
  • experimenting with disconnect calls - signature doesn't verify correctly at server side.
  • updated call to getAttcert in test6CookieGetAttCert

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg: updated
AA URIs.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
added getSignatureHandler property access method.

python/ndg.security.common/ndg/security/common/XMLSec.py: include more info about error
for when RSA pub key verify fails.

python/ndg.security.common/ndg/security/common/wsSecurity.py:

  • added InvalidSignature? type exception
  • include more info about error for when RSA pub key verify fails.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • added getSignatureHandler property access method.
  • fix to disconnect keywords input check

python/ndg.security.common/ndg/security/common/CredWallet.py: major refactoring for
prospective beta release of NDG security -

  • attCertRefreshElapse - new attribute used by getAttCert to determine whether to replace

an existing AC in the cache with a fresh one. If the existing one has less than
attCertRefreshElapse time in seconds left before expiry then replace it

  • added epydoc formatting
  • explicit proxy cert, private key and user cert inputs to init. These are also

declared as properties with access methods.

  • proxy cert / private key used in SOAP message signatures.
  • use NullCredRepos? class as default Credential Repository
  • refactoring of WS calls to AA in line with new AttAuthorityClient? interface.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac

    r2070 r2076  
    6262 
    6363    def soap_disconnect(self, ps, **kw): 
    64         #import pdb;pdb.set_trace() 
     64        import pdb;pdb.set_trace() 
    6565        request, response = SessionMgrService.soap_disconnect(self, ps) 
    6666        return request, response 
    6767 
    6868    def soap_getAttCert(self, ps, **kw): 
    69         #import pdb;pdb.set_trace() 
     69        import pdb;pdb.set_trace() 
    7070        request, response = SessionMgrService.soap_getAttCert(self, ps) 
     71         
     72        # Get certificate corresponding to private key that signed the 
     73        # message - i.e. the user's proxy 
     74        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert 
     75        userCert = request.get_element_userCert() 
     76         
     77                # Proxy cert is prefered over userCert - userCert may have been  
     78                # omitted. 
     79        attCert, statCode, msg, extAttCertList = self.sm.getAttCert(\ 
     80                    userCert=proxyCert or userCert, 
     81                        sessID=request.get_element_sessID(), 
     82                        encrSessMgrURI=request.get_element_encrSessionMgrURI(), 
     83                        aaURI=request.get_element_attAuthorityURI(), 
     84                        reqRole=request.get_element_reqRole(), 
     85                        mapFromTrustedHosts=request.get_element_mapFromTrustedHosts(), 
     86                        rtnExtAttCertList=request.get_element_rtnExtAttCertList(), 
     87                        extAttCertList=request.get_element_extAttCert(), 
     88                        extTrustedHostList=request.get_element_extTrustedHost()) 
     89 
     90 
    7191        response.set_element_attCert(attCert) 
    72         response.set_element_statusCode('AcessGranted') 
     92        response.set_element_statusCode(statCode) 
     93        response.set_element_statusCode(msg) 
     94        response.set_element_extAttCert(extAttCertList) 
     95         
    7396        return request, response 
    7497 
     
    86109# public and private keys 
    87110WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    88                                             certFilePath=smSrv.sm['certFile'], 
    89                                             priKeyFilePath=smSrv.sm['keyFile'], 
    90                                             priKeyPwd=smSrv.sm['keyPwd']) 
     111                                    signingCertFilePath=smSrv.sm['certFile'], 
     112                                    signingPriKeyFilePath=smSrv.sm['keyFile'], 
     113                                    signingPriKeyPwd=smSrv.sm['keyPwd']) 
    91114 
    92115# Add Service to Session Manager branch 
Note: See TracChangeset for help on using the changeset viewer.