Changeset 2079


Ignore:
Timestamp:
30/01/07 17:40:54 (13 years ago)
Author:
pjkersha
Message:

python/www/html/attAuthority.wsdl,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py,
python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.p
y,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:
Make separate schema for the two services - urn:ndg:security:attAuthority and
urn:ndg:security:sessionMgr otherwise getAttCert and getAttCertResponse declarations
get mixed up between the two in the ZSI code.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
replace get_element_* and set_element_* with attributes references instead e.g.
request.get_element_username() -> request.Username

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • rename encrypt and decrypt static UserSession? methods encodeSessionMgrURI and

decodeSessionMgrURI respectively. The encryption key is now optional and isn't applied
if omitted. This means that Session Manager URI in the cookie can be base 64 encoded only
and not encrypted.

  • getAttCert - simplified use of keywords in input and call to CredWallet?.getAttCert
  • fixes to redirectAttCertReq for correct SessionMgrClient? call - needs test

python/ndg.security.common/ndg/security/common/CredWallet.py:

  • fix AttAuthorityClient? import
  • remove clnt* properties - use proxy settings instead for signing requests to AA
  • fixes to getAttCert and getAttCert calls
Location:
TI12-security/trunk/python
Files:
14 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py

    r2051 r2079  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf322c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf422c> 
    3232    def getAttCert(self, userCert,userAttCert): 
    3333 
     
    4444        return attCert 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf354c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf454c> 
    4747    def getHostInfo(self): 
    4848 
     
    5959        return hostname,aaURI,loginURI 
    6060 
    61     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf3e6c> 
     61    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf4e6c> 
    6262    def getTrustedHostInfo(self, role): 
    6363 
     
    7373        return trustedHosts 
    7474 
    75     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf3fec> 
     75    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf4fec> 
    7676    def getX509Cert(self): 
    7777 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py

    r2051 r2079  
    1212############################## 
    1313# targetNamespace 
    14 # urn:ndg:security 
     14# urn:ndg:security:attAuthority 
    1515############################## 
    1616 
    1717class ns0: 
    18     targetNamespace = "urn:ndg:security" 
     18    targetNamespace = "urn:ndg:security:attAuthority" 
    1919 
    2020    class HostInfo_Def(ZSI.TCcompound.ComplexType, TypeDefinition): 
    21         schema = "urn:ndg:security" 
     21        schema = "urn:ndg:security:attAuthority" 
    2222        type = (schema, "HostInfo") 
    2323        def __init__(self, pname, ofwhat=(), attributes=None, extend=False, restrict=False, **kw): 
     
    4343    class getAttCert_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    4444        literal = "getAttCert" 
    45         schema = "urn:ndg:security" 
     45        schema = "urn:ndg:security:attAuthority" 
    4646        def __init__(self, **kw): 
    4747            ns = ns0.getAttCert_Dec.schema 
    4848            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userAttCert", aname="_userAttCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    49             kw["pname"] = ("urn:ndg:security","getAttCert") 
     49            kw["pname"] = ("urn:ndg:security:attAuthority","getAttCert") 
    5050            kw["aname"] = "_getAttCert" 
    5151            self.attribute_typecode_dict = {} 
     
    6464    class getAttCertResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    6565        literal = "getAttCertResponse" 
    66         schema = "urn:ndg:security" 
     66        schema = "urn:ndg:security:attAuthority" 
    6767        def __init__(self, **kw): 
    6868            ns = ns0.getAttCertResponse_Dec.schema 
    6969            TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    70             kw["pname"] = ("urn:ndg:security","getAttCertResponse") 
     70            kw["pname"] = ("urn:ndg:security:attAuthority","getAttCertResponse") 
    7171            kw["aname"] = "_getAttCertResponse" 
    7272            self.attribute_typecode_dict = {} 
     
    8484    class getHostInfo_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    8585        literal = "getHostInfo" 
    86         schema = "urn:ndg:security" 
     86        schema = "urn:ndg:security:attAuthority" 
    8787        def __init__(self, **kw): 
    8888            ns = ns0.getHostInfo_Dec.schema 
    8989            TClist = [] 
    90             kw["pname"] = ("urn:ndg:security","getHostInfo") 
     90            kw["pname"] = ("urn:ndg:security:attAuthority","getHostInfo") 
    9191            kw["aname"] = "_getHostInfo" 
    9292            self.attribute_typecode_dict = {} 
     
    103103    class getHostInfoResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    104104        literal = "getHostInfoResponse" 
    105         schema = "urn:ndg:security" 
     105        schema = "urn:ndg:security:attAuthority" 
    106106        def __init__(self, **kw): 
    107107            ns = ns0.getHostInfoResponse_Dec.schema 
    108108            TClist = [ZSI.TC.String(pname="hostname", aname="_hostname", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="aaURI", aname="_aaURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="loginURI", aname="_loginURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    109             kw["pname"] = ("urn:ndg:security","getHostInfoResponse") 
     109            kw["pname"] = ("urn:ndg:security:attAuthority","getHostInfoResponse") 
    110110            kw["aname"] = "_getHostInfoResponse" 
    111111            self.attribute_typecode_dict = {} 
     
    125125    class getTrustedHostInfo_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    126126        literal = "getTrustedHostInfo" 
    127         schema = "urn:ndg:security" 
     127        schema = "urn:ndg:security:attAuthority" 
    128128        def __init__(self, **kw): 
    129129            ns = ns0.getTrustedHostInfo_Dec.schema 
    130130            TClist = [ZSI.TC.String(pname="role", aname="_role", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    131             kw["pname"] = ("urn:ndg:security","getTrustedHostInfo") 
     131            kw["pname"] = ("urn:ndg:security:attAuthority","getTrustedHostInfo") 
    132132            kw["aname"] = "_getTrustedHostInfo" 
    133133            self.attribute_typecode_dict = {} 
     
    145145    class getTrustedHostInfoResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    146146        literal = "getTrustedHostInfoResponse" 
    147         schema = "urn:ndg:security" 
     147        schema = "urn:ndg:security:attAuthority" 
    148148        def __init__(self, **kw): 
    149149            ns = ns0.getTrustedHostInfoResponse_Dec.schema 
    150             TClist = [GTD("urn:ndg:security","HostInfo",lazy=False)(pname="trustedHosts", aname="_trustedHosts", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    151             kw["pname"] = ("urn:ndg:security","getTrustedHostInfoResponse") 
     150            TClist = [GTD("urn:ndg:security:attAuthority","HostInfo",lazy=False)(pname="trustedHosts", aname="_trustedHosts", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     151            kw["pname"] = ("urn:ndg:security:attAuthority","getTrustedHostInfoResponse") 
    152152            kw["aname"] = "_getTrustedHostInfoResponse" 
    153153            self.attribute_typecode_dict = {} 
     
    165165    class getX509Cert_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    166166        literal = "getX509Cert" 
    167         schema = "urn:ndg:security" 
     167        schema = "urn:ndg:security:attAuthority" 
    168168        def __init__(self, **kw): 
    169169            ns = ns0.getX509Cert_Dec.schema 
    170170            TClist = [] 
    171             kw["pname"] = ("urn:ndg:security","getX509Cert") 
     171            kw["pname"] = ("urn:ndg:security:attAuthority","getX509Cert") 
    172172            kw["aname"] = "_getX509Cert" 
    173173            self.attribute_typecode_dict = {} 
     
    184184    class getX509CertResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    185185        literal = "getX509CertResponse" 
    186         schema = "urn:ndg:security" 
     186        schema = "urn:ndg:security:attAuthority" 
    187187        def __init__(self, **kw): 
    188188            ns = ns0.getX509CertResponse_Dec.schema 
    189189            TClist = [ZSI.TC.String(pname="x509Cert", aname="_x509Cert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    190             kw["pname"] = ("urn:ndg:security","getX509CertResponse") 
     190            kw["pname"] = ("urn:ndg:security:attAuthority","getX509CertResponse") 
    191191            kw["aname"] = "_getX509CertResponse" 
    192192            self.attribute_typecode_dict = {} 
     
    202202            self.pyclass = Holder 
    203203 
    204 # end class ns0 (tns: urn:ndg:security) 
     204# end class ns0 (tns: urn:ndg:security:attAuthority) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2076 r2079  
    297297            userAttCert = str(userAttCert) 
    298298             
    299         try:    
    300             attCert = AttCertParse(self.__srv.getAttCert(userCert,  
    301                                                          userAttCert)) 
     299        try:  
     300            resp = self.__srv.getAttCert(userCert, userAttCert)   
     301            attCert = AttCertParse(resp) 
     302             
    302303        except Exception, e: 
    303304            raise AttAuthorityClientError, \ 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r2076 r2079  
    2727aaImportError = True 
    2828try: 
    29     from AttAuthority import AttAuthorityClient, AttAuthorityClientError 
     29    from ndg.security.common.AttAuthority import AttAuthorityClient, \ 
     30        AttAuthorityClientError 
    3031    aaImportError = False 
    3132     
     
    4445if aaImportError: 
    4546    raise ImportError, \ 
    46         "Either AttAuthority or AttAuthority client modules must be " + \ 
     47        "Either AttAuthority or AttAuthorityClient classes must be " + \ 
    4748        "present to allow interoperation with Attribute Authorities" 
    4849 
     
    7172        mapped certificate 
    7273         
    73         msg:                error message 
    74         extAttCertList:     list of candidate Attribute Certificates that 
    75                             could be used to try to get a mapped certificate 
    76                             from the target Attribute Authority 
    77         trustedHostInfo:    dictionary indexed by host name giving details 
    78                             of WSDL URI and roles for trusted hosts""" 
    79  
     74        @type msg: string 
     75        @keyword msg: error message 
     76         
     77        @type extAttCertList: list 
     78        @keyword extAttCertList: list of candidate Attribute Certificates that 
     79        could be used to try to get a mapped certificate from the target  
     80        Attribute Authority 
     81         
     82        @type trustedHostInfo: dict  
     83        @keyword trustedHostInfo: dictionary indexed by host name giving  
     84        details of Attribute Authority URI and roles for trusted hosts""" 
     85 
     86        super(CredWalletAuthorisationDenied, self).__init__(msg) 
    8087        self.__msg = msg 
    8188        self.__trustedHostInfo = trustedHostInfo 
     
    157164                 userCert, 
    158165                 caCertFilePath=None, 
    159                  clntCertFilePath=None, 
    160                  clntPriKeyFilePath=None, 
    161                  clntPriKeyPwd=None, 
    162166                 credRepos=None, 
    163167                 mapFromTrustedHosts=False, 
     
    180184        validation of signed Attribute Certificates.  If not set here, it must 
    181185        be input in call to getAttCert. 
    182          
    183         clntCertFilePath:     Public key certificate for this client.  
    184                                 Setting this enables return message from AA  
    185                                 WSDL to be encrypted by the AA. 
    186         clntPriKeyFilePath:     Client's Private key used to decrypt response 
    187                                 from AA. 
    188         clntPriKeyPwd:          Password protecting the client private key. 
    189          
     186                 
    190187        @type credRepos: instance of CredRepos derived class 
    191188        @keyword credRepos: Credential Repository instance.  If not set,  
     
    219216         
    220217        self.__setCAcertFilePath(caCertFilePath) 
    221         self.__setClntCertFilePath(clntCertFilePath) 
    222         self.__setClntPriKeyFilePath(clntPriKeyFilePath) 
    223         self.__setClntPriKeyPwd(clntPriKeyPwd) 
    224218                 
    225219        self.__credRepos = credRepos or NullCredRepos() 
     
    396390        if not isinstance(caCertFilePath, basestring) and \ 
    397391           caCertFilePath is not None: 
    398             raise CredWalletError(\ 
    399                 "Input CA Certificate file path is not a valid string") 
     392            raise CredWalletError, \ 
     393                        "Input CA Certificate file path is not a valid string" 
    400394                 
    401395        self.__caCertFilePath = caCertFilePath 
     
    404398    caCertFilePath = property(fset=__setCAcertFilePath, 
    405399                              doc="CA Certificate  - use to check AC XML Sig") 
    406  
    407  
    408     #_________________________________________________________________________ 
    409     def __setClntCertFilePath(self, clntCertFilePath): 
    410          
    411         if not isinstance(clntCertFilePath, basestring) and \ 
    412            clntCertFilePath is not None: 
    413             raise CredWalletError(\ 
    414                 "Input Client Certificate file path is not a valid string") 
    415                  
    416         self.__clntCertFilePath = clntCertFilePath 
    417          
    418         # Read the file into string ready to be passed over WS interface as 
    419         # required 
    420         if self.__clntCertFilePath: 
    421             try: 
    422                 self.__clntCert = open(self.__clntCertFilePath).read() 
    423                  
    424             except IOError, (errNo, errMsg): 
    425                 raise CredWalletError(\ 
    426                             "Reading client public key file \"%s\": %s" %\ 
    427                             (self.__clntCertFilePath, errMsg)) 
    428                                     
    429             except Exception, e: 
    430                 raise CredWalletError(\ 
    431                             "Reading client public key file \"%s\": %s" %\ 
    432                             (self.__clntCertFilePath, str(e)))                 
    433         
    434          
    435     clntCertFilePath = property(fset=__setClntCertFilePath, 
    436                         doc="Client Public Key - use to encrypt resp from AA") 
    437  
    438  
    439     #_________________________________________________________________________ 
    440     def __setClntPriKeyFilePath(self, clntPriKeyFilePath): 
    441          
    442         if not isinstance(clntPriKeyFilePath, basestring) and \ 
    443            clntPriKeyFilePath is not None: 
    444             raise CredWalletError(\ 
    445                 "Input Client Private Key file path is not a valid string") 
    446                  
    447         self.__clntPriKeyFilePath = clntPriKeyFilePath 
    448         
    449          
    450     clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath, 
    451                     doc="Client Private Key - use to decrypt resp from AA") 
    452  
    453  
    454     #_________________________________________________________________________ 
    455     def __setClntPriKeyPwd(self, clntPriKeyPwd): 
    456          
    457         if not isinstance(clntPriKeyPwd, basestring) and \ 
    458            clntPriKeyPwd is not None: 
    459             raise CredWalletError(\ 
    460                 "Input Client Private Key password is not a valid string") 
    461                  
    462         self.__clntPriKeyPwd = clntPriKeyPwd 
    463         
    464          
    465     clntPriKeyPwd = property(fset=__setClntPriKeyPwd, 
    466                              doc="Password for Client Private Key") 
    467400 
    468401 
     
    612545        if aaURI is not None: 
    613546            try: 
    614                 aaClnt = AttAuthorityClient(aaURI=aaURI, 
    615                                             clntCert=self.__proxyCert, 
    616                                             clntPriKey=self.__proxyPriKey) 
    617                                      
    618                 authzResp = aaClnt.getAttCert(self.__userCert.toString(),  
     547                aaClnt = AttAuthorityClient(uri=aaURI, 
     548                                            signingCert=self.__proxyCert, 
     549                                            signingPriKey=self.__proxyPriKey) 
     550            except Exception, e: 
     551                raise CredWalletError, "Attribute certificate request: %s" % e 
     552               
     553            try:                           
     554                attCert = aaClnt.getAttCert(self.__userCert.toString(),  
    619555                                              userAttCert=extAttCert)                 
    620556            except Exception, e: 
    621                 raise CredWalletError, "Requesting attribute certificate: %s"\ 
    622                                        % str(e) 
    623  
    624  
    625             if authzResp['statCode'] == authzResp.accessDenied: 
    626                 raise CredWalletAuthorisationDenied, \ 
    627                             "Authorisation denied: %s" % authzResp['errMsg'] 
    628  
    629             elif authzResp['statCode'] == authzResp.accessGranted: 
    630                 # TODO: Temporary fudge - convert output into string and then  
    631                 # re-convert into AttCert type to try to avoid strange error  
    632                 # XML sig check 
    633                 # 
    634                 # P J Kershaw 24/07/06 
    635                 attCert = AttCertParse(str(authzResp['credential'])) 
    636                  
    637             else: 
    638                 raise CredWalletError, "Attribute Authority authorisation " +\ 
    639                                        "status code not recognised" 
     557                raise CredWalletAuthorisationDenied, str(e) 
    640558             
    641559        elif aaPropFilePath is not None: 
     
    651569                # Make a new attribute authority instance  
    652570                aa = AttAuthority(propFilePath=aaPropFilePath) 
    653  
     571                 
     572            except Exception, e: 
     573                raise CredWalletError, "Attribute certificate request: %s" % e 
     574 
     575            try: 
    654576                # Request a new attribute certificate from the Attribute 
    655577                # Authority 
     
    659581            except AttAuthorityAccessDenied, e: 
    660582                raise CredWalletAuthorisationDenied, \ 
    661                                                 "Authorisation denied: %s" % e 
    662              
     583                                                "Authorisation denied: %s" % e             
    663584            except Exception, e: 
    664                 raise CredWalletError, "Requesting authorisation: %s" % e 
     585                raise CredWalletError,"Requesting attribute certificate: %s"%e 
    665586 
    666587        else: 
     
    902823                              if hostName in self.__credentials] 
    903824 
    904  
     825        # Set an empty list to trigger an AttributeError by initialising it to 
     826        # None 
     827        if extAttCertList == []: 
     828            extAttCertList = None 
     829             
    905830        # Repeat authorisation attempts until succeed or means are exhausted 
    906831        while True: 
     
    919844            except IndexError: 
    920845                 
    921                 # List has been emptied without authorisation succeeding - 
     846                # List has been emptied without attribute request succeeding - 
    922847                # give up 
    923848                errMsg = "Attempting to obtained a mapped certificate: " + \ 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py

    r2076 r2079  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff5ac> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff52c> 
    3232    def addUser(self, username,passphrase): 
    3333 
     
    4343        return  
    4444 
    45     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff8cc> 
     45    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff82c> 
    4646    def connect(self, username,passphrase,createServerSess,getCookie): 
    4747 
     
    6363        return proxyCert,proxyPriKey,userCert,cookie 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0760c> 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0758c> 
    6666    def disconnect(self, userCert,sessID,encrSessionMgrURI): 
    6767 
     
    7878        return  
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d077ac> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0772c> 
    8181    def getAttCert(self, userCert,sessID,encrSessionMgrURI,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8282 
     
    104104        return attCert,statusCode,msg,extAttCert 
    105105 
    106     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0792c> 
     106    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d078ac> 
    107107    def getX509Cert(self): 
    108108 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py

    r2076 r2079  
    1212############################## 
    1313# targetNamespace 
    14 # urn:ndg:security 
     14# urn:ndg:security:sessionMgr 
    1515############################## 
    1616 
    1717class ns0: 
    18     targetNamespace = "urn:ndg:security" 
     18    targetNamespace = "urn:ndg:security:sessionMgr" 
    1919 
    2020    class addUser_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    2121        literal = "addUser" 
    22         schema = "urn:ndg:security" 
     22        schema = "urn:ndg:security:sessionMgr" 
    2323        def __init__(self, **kw): 
    2424            ns = ns0.addUser_Dec.schema 
    2525            TClist = [ZSI.TC.String(pname="username", aname="_username", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="passphrase", aname="_passphrase", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    26             kw["pname"] = ("urn:ndg:security","addUser") 
     26            kw["pname"] = ("urn:ndg:security:sessionMgr","addUser") 
    2727            kw["aname"] = "_addUser" 
    2828            self.attribute_typecode_dict = {} 
     
    4141    class addUserResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    4242        literal = "addUserResponse" 
    43         schema = "urn:ndg:security" 
     43        schema = "urn:ndg:security:sessionMgr" 
    4444        def __init__(self, **kw): 
    4545            ns = ns0.addUserResponse_Dec.schema 
    4646            TClist = [] 
    47             kw["pname"] = ("urn:ndg:security","addUserResponse") 
     47            kw["pname"] = ("urn:ndg:security:sessionMgr","addUserResponse") 
    4848            kw["aname"] = "_addUserResponse" 
    4949            self.attribute_typecode_dict = {} 
     
    6060    class connect_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    6161        literal = "connect" 
    62         schema = "urn:ndg:security" 
     62        schema = "urn:ndg:security:sessionMgr" 
    6363        def __init__(self, **kw): 
    6464            ns = ns0.connect_Dec.schema 
    6565            TClist = [ZSI.TC.String(pname="username", aname="_username", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="passphrase", aname="_passphrase", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="createServerSess", aname="_createServerSess", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="getCookie", aname="_getCookie", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    66             kw["pname"] = ("urn:ndg:security","connect") 
     66            kw["pname"] = ("urn:ndg:security:sessionMgr","connect") 
    6767            kw["aname"] = "_connect" 
    6868            self.attribute_typecode_dict = {} 
     
    8383    class connectResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    8484        literal = "connectResponse" 
    85         schema = "urn:ndg:security" 
     85        schema = "urn:ndg:security:sessionMgr" 
    8686        def __init__(self, **kw): 
    8787            ns = ns0.connectResponse_Dec.schema 
    8888            TClist = [ZSI.TC.String(pname="proxyCert", aname="_proxyCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="proxyPriKey", aname="_proxyPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="cookie", aname="_cookie", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    89             kw["pname"] = ("urn:ndg:security","connectResponse") 
     89            kw["pname"] = ("urn:ndg:security:sessionMgr","connectResponse") 
    9090            kw["aname"] = "_connectResponse" 
    9191            self.attribute_typecode_dict = {} 
     
    106106    class disconnect_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    107107        literal = "disconnect" 
    108         schema = "urn:ndg:security" 
     108        schema = "urn:ndg:security:sessionMgr" 
    109109        def __init__(self, **kw): 
    110110            ns = ns0.disconnect_Dec.schema 
    111111            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="encrSessionMgrURI", aname="_encrSessionMgrURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    112             kw["pname"] = ("urn:ndg:security","disconnect") 
     112            kw["pname"] = ("urn:ndg:security:sessionMgr","disconnect") 
    113113            kw["aname"] = "_disconnect" 
    114114            self.attribute_typecode_dict = {} 
     
    128128    class disconnectResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    129129        literal = "disconnectResponse" 
    130         schema = "urn:ndg:security" 
     130        schema = "urn:ndg:security:sessionMgr" 
    131131        def __init__(self, **kw): 
    132132            ns = ns0.disconnectResponse_Dec.schema 
    133133            TClist = [] 
    134             kw["pname"] = ("urn:ndg:security","disconnectResponse") 
     134            kw["pname"] = ("urn:ndg:security:sessionMgr","disconnectResponse") 
    135135            kw["aname"] = "_disconnectResponse" 
    136136            self.attribute_typecode_dict = {} 
     
    147147    class getAttCert_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    148148        literal = "getAttCert" 
    149         schema = "urn:ndg:security" 
     149        schema = "urn:ndg:security:sessionMgr" 
    150150        def __init__(self, **kw): 
    151151            ns = ns0.getAttCert_Dec.schema 
    152152            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="encrSessionMgrURI", aname="_encrSessionMgrURI", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    153             kw["pname"] = ("urn:ndg:security","getAttCert") 
     153            kw["pname"] = ("urn:ndg:security:sessionMgr","getAttCert") 
    154154            kw["aname"] = "_getAttCert" 
    155155            self.attribute_typecode_dict = {} 
     
    176176    class getAttCertResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    177177        literal = "getAttCertResponse" 
    178         schema = "urn:ndg:security" 
     178        schema = "urn:ndg:security:sessionMgr" 
    179179        def __init__(self, **kw): 
    180180            ns = ns0.getAttCertResponse_Dec.schema 
    181181            TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="statusCode", aname="_statusCode", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="msg", aname="_msg", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    182             kw["pname"] = ("urn:ndg:security","getAttCertResponse") 
     182            kw["pname"] = ("urn:ndg:security:sessionMgr","getAttCertResponse") 
    183183            kw["aname"] = "_getAttCertResponse" 
    184184            self.attribute_typecode_dict = {} 
     
    199199    class getX509Cert_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    200200        literal = "getX509Cert" 
    201         schema = "urn:ndg:security" 
     201        schema = "urn:ndg:security:sessionMgr" 
    202202        def __init__(self, **kw): 
    203203            ns = ns0.getX509Cert_Dec.schema 
    204204            TClist = [] 
    205             kw["pname"] = ("urn:ndg:security","getX509Cert") 
     205            kw["pname"] = ("urn:ndg:security:sessionMgr","getX509Cert") 
    206206            kw["aname"] = "_getX509Cert" 
    207207            self.attribute_typecode_dict = {} 
     
    218218    class getX509CertResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    219219        literal = "getX509CertResponse" 
    220         schema = "urn:ndg:security" 
     220        schema = "urn:ndg:security:sessionMgr" 
    221221        def __init__(self, **kw): 
    222222            ns = ns0.getX509CertResponse_Dec.schema 
    223223            TClist = [ZSI.TC.String(pname="x509Cert", aname="_x509Cert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    224             kw["pname"] = ("urn:ndg:security","getX509CertResponse") 
     224            kw["pname"] = ("urn:ndg:security:sessionMgr","getX509CertResponse") 
    225225            kw["aname"] = "_getX509CertResponse" 
    226226            self.attribute_typecode_dict = {} 
     
    236236            self.pyclass = Holder 
    237237 
    238 # end class ns0 (tns: urn:ndg:security) 
     238# end class ns0 (tns: urn:ndg:security:sessionMgr) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py

    r2076 r2079  
    283283         
    284284        signingPriKeyPwd MUST be set prior to a call to this method""" 
    285         if not isinstance(signingPriKeyFilePath, basestring): 
     285        if isinstance(signingPriKeyFilePath, basestring):                            
     286            try: 
     287                # Read Private key to sign with     
     288                priKeyFile = BIO.File(open(signingPriKeyFilePath))  
     289                pwdCallback = lambda *ar, **kw: self.__signingPriKeyPwd                                            
     290                self.__signingPriKey = RSA.load_key_bio(priKeyFile,  
     291                                                        callback=pwdCallback)            
     292            except Exception, e: 
     293                raise AttributeError, \ 
     294                                "Setting private key for signature: %s" % e 
     295         
     296        elif signingPriKeyFilePath is not None: 
    286297            raise AttributeError, \ 
    287                             "Private key file path must be a valid string" 
    288                              
    289         try: 
    290             # Read Private key to sign with     
    291             priKeyFile = BIO.File(open(signingPriKeyFilePath))  
    292             pwdCallback = lambda *ar, **kw: self.__signingPriKeyPwd                                            
    293             self.__signingPriKey = RSA.load_key_bio(priKeyFile,  
    294                                                     callback=pwdCallback)            
    295         except Exception, e: 
    296             raise AttributeError, "Setting private key for signature: %s" % e 
     298                        "Private key file path must be a valid string or None" 
    297299         
    298300        self.__signingPriKeyFilePath = signingPriKeyFilePath 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py

    r2051 r2079  
    1212    root = {} 
    1313    _wsdl = """<?xml version=\"1.0\" ?> 
    14 <wsdl:definitions name=\"AttAuthority\" targetNamespace=\"urn:ndg:security\" xmlns=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:http=\"http://schemas.xmlsoap.org/wsdl/http/\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"urn:ndg:security\" xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"> 
     14<wsdl:definitions name=\"AttAuthority\" targetNamespace=\"urn:ndg:security:attAuthority\" xmlns=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:http=\"http://schemas.xmlsoap.org/wsdl/http/\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"urn:ndg:security:attAuthority\" xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"> 
    1515 
    1616  <wsdl:types> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py

    r2076 r2079  
    1212    root = {} 
    1313    _wsdl = """<?xml version=\"1.0\" ?> 
    14 <wsdl:definitions name=\"SessionMgr\" targetNamespace=\"urn:ndg:security\" xmlns=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:http=\"http://schemas.xmlsoap.org/wsdl/http/\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"urn:ndg:security\" xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:wsu=\"http://schemas.xmlsoap.org/ws/2002/07/utility\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"> 
     14<wsdl:definitions name=\"SessionMgr\" targetNamespace=\"urn:ndg:security:sessionMgr\" xmlns=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:http=\"http://schemas.xmlsoap.org/wsdl/http/\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:tns=\"urn:ndg:security:sessionMgr\" xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"> 
    1515 
    1616  <wsdl:types> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

    r2076 r2079  
    135135    #_________________________________________________________________________ 
    136136    @staticmethod 
    137     def encrypt(txt, encrKey): 
    138         """Encrypt the test of this Session Manager's WS URI / URI for its 
    139         public key to allow inclusion in a web browser session cookie 
    140          
    141         The address is encrypted and then base 64 encoded""" 
    142          
    143         # Text length must be a multiple of 16 for AES encryption 
    144         try: 
    145             mod = len(txt) % 16 
    146             nPad = mod and 16 - mod or 0 
    147                  
    148             # Add padding 
    149             paddedURI = txt + ''.join(' '*nPad) 
     137    def encodeSessionMgrURI(txt, encrKey=None): 
     138        """Encode Session Manager URI to allow inclusion in a web browser  
     139        session cookie 
     140         
     141        The address is optionally encrypted and then base 64 encoded use a  
     142        URL safe encoding 
     143         
     144        @type encrKey: string 
     145        @keyword encrKey: 16 char encryption key used to encrypt the URI.  If 
     146        omitted or set None, the URI is not encrypted but merely base 64 
     147        encoded""" 
     148         
     149        if encrKey is not None: 
     150            # Text length must be a multiple of 16 for AES encryption 
     151            try: 
     152                mod = len(txt) % 16 
     153                nPad = mod and 16 - mod or 0 
     154                     
     155                # Add padding 
     156                paddedURI = txt + ''.join(' '*nPad) 
     157            except Exception, e: 
     158                raise UserSessionError, "Padding text for encryption: %s" % e 
     159         
     160            # Encrypt 
     161            try: 
     162                txt = AES.new(encrKey, AES.MODE_ECB).encrypt(paddedURI) 
     163             
     164            except Exception, e: 
     165                raise UserSessionError, "Encrypting Session Manager URI: %s"%e 
     166 
     167        try: 
     168            return base64.urlsafe_b64encode(txt) 
     169         
    150170        except Exception, e: 
    151             raise UserSessionError, "Error padding text for encryption: " + \ 
    152                                     str(e) 
    153          
    154         # encrypt 
    155         try: 
    156             aes = AES.new(encrKey, AES.MODE_ECB) 
    157             return base64.urlsafe_b64encode(aes.encrypt(paddedURI)) 
    158          
    159         except Exception, e: 
    160             raise UserSessionError, "Error encrypting text: %s" % str(e) 
    161                                         
     171            raise UserSessionError, "Encoding Session Manager URI: %s"%e 
     172         
    162173     
    163174    #_________________________________________________________________________ 
    164175    @staticmethod                                    
    165     def decrypt(encrTxt, encrKey): 
    166         """Decrypt text from cookie set by another Session Manager.  This 
     176    def decodeSessionMgrURI(txt, encrKey=None): 
     177        """Decode the URI from cookie set by another Session Manager.  This 
    167178        is required when reading a session cookie to find out which  
    168179        Session Manager holds the client's session 
    169180         
    170         encrTxt:    base 64 encoded encrypted text""" 
    171  
    172         try: 
    173             aes = AES.new(encrKey, AES.MODE_ECB) 
    174              
     181        @type txt: string 
     182        @param txt: base 64 encoded encrypted text 
     183         
     184        @type encrKey: string 
     185        @keyword encrKey: 16 char encryption key used to encrypt the URI.  If 
     186        omitted or set None, the URI is assumed to be unencrypted""" 
     187 
     188        try: 
     189            # Convert if unicode type - unicode causes TypeError with 
     190            # base64.urlsafe_b64decode 
     191            if isinstance(txt, unicode): 
     192                txt = str(txt) 
     193                 
    175194            # Decode from base 64 
    176             b64DecodedEncrTxt = base64.urlsafe_b64decode(encrTxt) 
    177              
    178             # Decrypt and strip trailing spaces 
    179             return aes.decrypt(b64DecodedEncrTxt).strip() 
    180          
     195            b64DecodedEncrTxt = base64.urlsafe_b64decode(txt) 
     196             
    181197        except Exception, e: 
    182             raise SessionMgrError, "Decrypting: %s" % str(e)             
    183  
     198            raise SessionMgrError, "Decoding Session Manager URI: %s" % e            
     199 
     200 
     201        if encrKey is not None: 
     202            try: 
     203                aes = AES.new(encrKey, AES.MODE_ECB) 
     204                 
     205                # Decrypt and strip trailing spaces 
     206                return aes.decrypt(b64DecodedEncrTxt).strip() 
     207             
     208            except Exception, e: 
     209                raise SessionMgrError, "Decrypting Session Manager URI: %s"%e            
     210        else: 
     211            return b64DecodedEncrTxt 
     212         
    184213 
    185214    #_________________________________________________________________________ 
     
    225254  
    226255  
    227         encrSessMgrURI = self.encrypt(sessMgrURI, encrKey) 
     256        encrSessMgrURI = self.encodeSessionMgrURI(sessMgrURI, encrKey) 
    228257        dtExpiry = self.credWallet.proxyCert.notAfter 
    229258         
     
    766795            # encryption for responses from Attribute Authority WS 
    767796            try:    
    768                 userSess = UserSession(\ 
    769                                    caCertFilePath=self.__prop['caCertFile'], 
    770                                    clntCertFilePath=self.__prop['certFile'], 
    771                                    clntPriKeyFilePath=self.__prop['keyFile'], 
    772                                    clntPriKeyPwd=self.__prop['keyPwd'], 
    773                                    credRepos=self.__credRepos,  
    774                                    *proxy)       
     797                userSess=UserSession(caCertFilePath=self.__prop['caCertFile'], 
     798                                     credRepos=self.__credRepos,  
     799                                     *proxy)       
    775800            except Exception, e: 
    776                 raise SessionMgrError, "Creating User Session: %s" % str(e) 
     801                raise SessionMgrError, "Creating User Session: %s" % e 
    777802 
    778803            # Also allow access by user DN 
     
    915940 
    916941    #_________________________________________________________________________ 
    917     def getAttCert(self, **kw): 
     942    def getAttCert(self, 
     943                   userCert=None, 
     944                   sessID=None, 
     945                   encrSessMgrURI=None, 
     946                   **credWalletKw): 
    918947        """For a given user, request Attribute Certificate from an Attribute  
    919948        Authority given by service URI.  If sucessful, an attribute  
     
    921950        returned from this method 
    922951 
    923         @param **kw: 
     952        @param **kw: keyword to CredWallet.getAttCert 
    924953        """ 
    925954         
    926955        # Web browser client input will include the encrypted address of the 
    927956        # Session Manager where the user's session is held. 
    928         if 'encrSessMgrURI' in kw: 
     957        if encrSessMgrURI: 
    929958             
    930959            # Decrypt the URI for where the user's session resides 
    931             userSessMgrURI = UserSession.decrypt(kw['encrSessMgrURI'], 
    932                                                 self.__prop['sessMgrEncrKey']) 
     960            userSessMgrURI = UserSession.decodeSessionMgrURI(encrSessMgrURI, 
     961                                               self.__prop['sessMgrEncrKey']) 
    933962                                                
    934963            # Check the address against the address of THIS Session Manager   
     
    936965                 
    937966                # Session is held on a remote Session  Manager 
    938                 userSessMgrResp = self.__redirectAttCertReq(\ 
    939                                                         userSessMgrURI, 
    940                                                         **kw) 
     967                userSessMgrResp = self.__redirectAttCertReq(userSessMgrURI, 
     968                                                            sessID=sessID, 
     969                                                            userCert=userCert, 
     970                                                            **credWalletKw) 
    941971 
    942972                # Reset response by making a new AuthorisationResp object 
     
    948978             
    949979        # User's session resides with THIS Session Manager / no encrypted 
    950         # WSDL address passed in (as in command line context for security) ... 
     980        # URI address passed in (as in command line use case for security) ... 
    951981 
    952982            
    953983        # Retrieve session corresponding to user's session ID using relevant 
    954984        # input credential 
    955         idKw = {} 
    956         if 'sessID' in kw: 
    957             idKw['sessID'] = kw['sessID'] 
    958              
    959         elif 'userCert' in kw: 
    960             idKw['userCert'] = kw['userCert']            
    961         else: 
    962             raise SessionMgrError,'Expecting "sessID" or "userCert" keywords' 
    963                                  
    964         userSess = self.__connect2UserSession(**idKw) 
    965  
    966  
    967         # Copy keywords to be passed onto the request to the attribute  
    968         # authority 
    969         # 
    970         # Nb. the following keys aren't required 
    971         delKeys = ('userCert', 
    972                    'sessID', 
    973                    'encrSessMgrURI',  
    974                    'aaCert') 
    975                     
    976         aaKeys = dict([i for i in kw.items() if i[0] not in delKeys]) 
    977  
    978  
    979         if 'aaCert' not in kw: 
    980             # Get public key using WS 
    981             try: 
    982                 aaClnt = AttAuthorityClient(uri=kw['aaURI'])                 
    983                 kw['aaCert'] = aaClnt.getCert() 
    984  
    985             except Exception, e: 
    986                 raise SessionMgrError, \ 
    987                     "Retrieving Attribute Authority public key: "+ str(e) 
    988                                  
    989                                                          
    990         # Make a temporary file to hold Attribute Authority Public Key.   
    991         # The Credential Wallet needs this to encrypt requests to the  
     985        userSess = self.__connect2UserSession(sessID=sessID,userCert=userCert) 
     986 
     987 
     988        # User's Credential Wallet carries out attribute request to the 
    992989        # Attribute Authority 
    993990        try: 
    994             aaCertTmpFile = tempfile.NamedTemporaryFile() 
    995             open(aaCertTmpFile.name, "w").write(kw['aaCert']) 
    996             aaKeys['aaCertFilePath'] = aaCertTmpFile.name 
    997              
    998         except IOError, (errNo, errMsg): 
    999             raise SessionMgrError, "Making temporary file for Attribute " + \ 
    1000                                   "Authority public key: %s" % errMsg 
    1001                  
    1002         except Exception, e: 
    1003             raise SessionMgrError, "Making temporary file for Attribute " + \ 
    1004                                   "Authority public key: %s" % str(e) 
    1005  
    1006         # Initialise return args 
    1007         attCert, statCode, msg, extAttCertList = None, \ 
    1008                                             CredWallet.accessDenied, None, [] 
    1009                                             
    1010         # User's Credential Wallet carries out authorisation request to the 
    1011         # Attribute Authority 
    1012         try: 
    1013             attCert = userSess.credWallet.getAttCert(**aaKeys) 
    1014              
    1015             # AuthorisationResp class formats a response message in XML and 
    1016             # allow dictionary-like access to XML tags 
    1017             statCode = CredWallet.accessGranted 
     991            attCert = userSess.credWallet.getAttCert(**credWalletKw) 
     992            return attCert, CredWallet.accessGranted, None, [] 
    1018993             
    1019994        except CredWalletAuthorisationDenied, e: 
     
    1021996            # which could be used to re-try to get authorisation via a mapped 
    1022997            # certificate 
    1023             msg = str(e) 
    1024      
    1025         return attCert, statCode, msg, extAttCertList 
     998            return None, CredWallet.accessDenied, str(e), e.extAttCertList 
    1026999 
    10271000 
     
    10401013        # Instantiate WS proxy for remote session manager 
    10411014        try: 
    1042             sessClnt = SessionClient(smWSDL=userSessMgrURI, 
    1043                                  clntCertFilePath=self.__prop['certFile'], 
    1044                                  clntPriKeyFilePath=self.__prop['keyFile'])            
     1015            sessMgrClnt = SessionMgrClient(uri=userSessMgrURI, 
     1016                                 signingCertFilePath=self.__prop['certFile'], 
     1017                                 signingPriKeyFilePath=self.__prop['keyFile'], 
     1018                                 signingPriKeyPwd=self.__prop['keyPwd'])            
    10451019        except Exception, e: 
    10461020            raise SessionMgrError, \ 
    1047                         "Re-directing authorisation request to \"%s\": %s" % \ 
    1048                         (userSessMgrURI, str(e)) 
     1021                "Re-directing attribute certificate request to \"%s\": %s" % \ 
     1022                (userSessMgrURI, str(e)) 
    10491023 
    10501024             
     
    10531027        try: 
    10541028            # Call remote SessionMgr where users session lies 
    1055             redirectAuthResp = sessClnt.getAttCert(\ 
    1056                                     clntPriKeyPwd=self.__prop['keyPwd'], 
    1057                                     **kw) 
    1058            
    1059             return redirectAuthResp 
     1029            resp = sessMgrClnt.getAttCert(**kw)         
     1030            return resp 
    10601031         
    10611032        except Exception, e: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac

    r2076 r2079  
    4848        request, response = SessionMgrService.soap_connect(self, ps) 
    4949 
    50         proxyCert, proxyPriKey, userCert, sessCookie = self.sm.connect(\ 
    51                                         username=request.get_element_username(), 
    52                                         passphrase=request.get_element_passphrase(), 
    53                                         createServerSess=request.get_element_createServerSess(), 
    54                                         getCookie=request.get_element_getCookie()) 
     50        result = self.sm.connect(username=request.Username, 
     51                                                                 passphrase=request.Passphrase, 
     52                                                                 createServerSess=request.CreateServerSess, 
     53                                                                 getCookie=request.GetCookie) 
    5554                                         
    56         response.set_element_proxyCert(proxyCert) 
    57         response.set_element_proxyPriKey(proxyPriKey) 
    58         response.set_element_userCert(userCert) 
    59         response.set_element_cookie(sessCookie) 
     55        response.ProxyCert, response.ProxyPriKey, response.UserCert, \ 
     56                response.Cookie = result 
    6057                          
    6158        return request, response 
     
    7370        # message - i.e. the user's proxy 
    7471        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert 
    75         userCert = request.get_element_userCert() 
    7672         
    7773                # Proxy cert is prefered over userCert - userCert may have been  
    7874                # omitted. 
    79         attCert, statCode, msg, extAttCertList = self.sm.getAttCert(\ 
    80                     userCert=proxyCert or userCert, 
    81                         sessID=request.get_element_sessID(), 
    82                         encrSessMgrURI=request.get_element_encrSessionMgrURI(), 
    83                         aaURI=request.get_element_attAuthorityURI(), 
    84                         reqRole=request.get_element_reqRole(), 
    85                         mapFromTrustedHosts=request.get_element_mapFromTrustedHosts(), 
    86                         rtnExtAttCertList=request.get_element_rtnExtAttCertList(), 
    87                         extAttCertList=request.get_element_extAttCert(), 
    88                         extTrustedHostList=request.get_element_extTrustedHost()) 
     75        result = self.sm.getAttCert(\ 
     76                                            userCert=proxyCert or request.UserCert, 
     77                                                sessID=request.SessID, 
     78                                                encrSessMgrURI=request.EncrSessionMgrURI, 
     79                                                aaURI=request.AttAuthorityURI, 
     80                                                reqRole=request.ReqRole, 
     81                                                mapFromTrustedHosts=request.MapFromTrustedHosts, 
     82                                                rtnExtAttCertList=request.RtnExtAttCertList, 
     83                                                extAttCertList=request.ExtAttCert, 
     84                                                extTrustedHostList=request.ExtTrustedHost) 
    8985 
    9086 
    91         response.set_element_attCert(attCert) 
    92         response.set_element_statusCode(statCode) 
    93         response.set_element_statusCode(msg) 
    94         response.set_element_extAttCert(extAttCertList) 
     87        response.AttCert, response.StatusCode, response.Msg, \ 
     88                response.ExtAttCert = result 
    9589         
    9690        return request, response 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2076 r2079  
    153153        print "\n\t" + self.test6CookieGetAttCert.__doc__         
    154154        self.test2CookieConnect() 
    155         attCert, statusCode, extAttCertList = self.clnt.getAttCert(\ 
     155         
     156        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\ 
    156157            sessID=self.sessCookie.sessionID,  
    157             attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri'], 
    158             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI) 
     158            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
     159            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri']) 
    159160         
    160161        print "Attribute Certificate:\n%s" % attCert   
    161         print "User access: %s" % statusCode 
     162        print "Status: %s" % statusCode 
     163        print "Message: %s" % msg 
    162164        print "External Attribute Certificate List:\n%s" % extAttCertList 
    163165 
     
    173175            self.cfg['test6aCookieGetAttCertWithExtAttCertList']['aauri'] 
    174176             
    175         attCert, statusCode, extAttCertList = self.clnt.reqAuthorisation(\ 
     177        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\ 
    176178                        sessID=self.sessCookie.sessionID,  
     179                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    177180                        attAuthorityURI=aaURI, 
    178                         encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    179181                        extAttCertList=['AC1', 'AC2', 'AC3']) 
    180182           
    181183        print "Attribute Certificate:\n%s" % attCert   
    182         print "User authorisation: %s" % statusCode 
     184        print "Status: %s" % statusCode 
     185        print "Message: %s" % msg 
    183186        print "External Attribute Certificate List:\n%s" % extAttCertList 
    184187 
     
    194197         
    195198        aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri'] 
    196         attCert, statusCode, extAttCertList = self.clnt.reqAuthorisation(\ 
     199        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\ 
    197200                                                 proxyCert=self.proxyCert, 
    198201                                                 attAuthorityURI=aaURI) 
    199202           
    200203        print "Attribute Certificate:\n%s" % attCert   
    201         print "User authorisation: %s" % statusCode 
     204        print "Status: %s" % statusCode 
     205        print "Message: %s" % msg 
    202206        print "External Attribute Certificate List:\n%s" % extAttCertList 
    203207 
  • TI12-security/trunk/python/www/html/attAuthority.wsdl

    r2051 r2079  
    77 xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" 
    88 xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
    9  xmlns:tns="urn:ndg:security" 
    10  targetNamespace="urn:ndg:security"> 
     9 xmlns:tns="urn:ndg:security:attAuthority" 
     10 targetNamespace="urn:ndg:security:attAuthority"> 
    1111 
    1212  <wsdl:types> 
  • TI12-security/trunk/python/www/html/sessionMgr.wsdl

    r2076 r2079  
    77 xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" 
    88 xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
    9  xmlns:tns="urn:ndg:security" 
    10  xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" 
    11  targetNamespace="urn:ndg:security"> 
     9 xmlns:tns="urn:ndg:security:sessionMgr" 
     10 targetNamespace="urn:ndg:security:sessionMgr"> 
    1211 
    1312  <wsdl:types> 
Note: See TracChangeset for help on using the changeset viewer.