Changeset 2085


Ignore:
Timestamp:
31/01/07 16:28:53 (12 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

python/www/html/attAuthority.wsdl,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py:
Include request denied message in getAttCertResponse.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
fix to AttAuthorityAccessDenied? doc message.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
Exlpicitly convert AttCert? in response to string type.

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • make explicit imports from ndg.security.common.CredWallet?
  • make X509CertParse import
  • updated exception handling for getAttCert call to CredWallet?.

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:
Remove statusCode from getAttCertResponse - not needed.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:
minor updates to getAttCert tests.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
fix to test1Store settings

python/ndg.security.test/ndg/security/test/MyProxy/Makefile:
makefile copies proxy obtained from MyProxy? ready for use in AttAuthority? client tests.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • add AttributeRequestDenied? import from SessionMgr?.
  • fix test4CookieDisconnect signing PKI settings
  • revised output tuple for getAttCert calls.
  • Added test6aCookieGetAttCertRefused to demonstrate attribute request denied exception
  • test3ProxyCertConnect signature verification failing at server!

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
added more getAttCert test params.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:

python/ndg.security.common/ndg/security/common/wsSecurity.py:
comment out all print statements - only 'print decryptedData' affected in decrypt method
of EncryptionHandler?. This is not in use.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • Added AttributeRequestDenied? exception for handling getAttCert calls.
  • msg now included in output tuple for getAttCert call.

python/ndg.security.common/ndg/security/common/AttCert.py:
Override XMLSecDoc parent class toString and str calls so that output is returned even
if the signature DOM object has not been initialised.

python/ndg.security.common/ndg/security/common/CredWallet.py:

Location:
TI12-security/trunk/python
Files:
1 added
21 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py

    r2079 r2085  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf422c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf458c> 
    3232    def getAttCert(self, userCert,userAttCert): 
    3333 
     
    4242        response = self.binding.Receive(getAttCertOutputMsg.typecode) 
    4343        attCert = response._attCert 
    44         return attCert 
     44        msg = response._msg 
     45        return attCert,msg 
    4546 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf454c> 
     47    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf48ac> 
    4748    def getHostInfo(self): 
    4849 
     
    5960        return hostname,aaURI,loginURI 
    6061 
    61     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf4e6c> 
     62    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0022c> 
    6263    def getTrustedHostInfo(self, role): 
    6364 
     
    7374        return trustedHosts 
    7475 
    75     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf4fec> 
     76    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d003ac> 
    7677    def getX509Cert(self): 
    7778 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py

    r2079 r2085  
    6767        def __init__(self, **kw): 
    6868            ns = ns0.getAttCertResponse_Dec.schema 
    69             TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
     69            TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="msg", aname="_msg", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    7070            kw["pname"] = ("urn:ndg:security:attAuthority","getAttCertResponse") 
    7171            kw["aname"] = "_getAttCertResponse" 
     
    7878                    # pyclass 
    7979                    self._attCert = None 
     80                    self._msg = None 
    8081                    return 
    8182            Holder.__name__ = "getAttCertResponse_Holder" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2079 r2085  
    3636    """Exception handling for AttributeAuthorityClient class""" 
    3737 
     38#_____________________________________________________________________________ 
     39class AttributeRequestDenied(Exception): 
     40    """Raise when a getAttCert call to the AA is denied""" 
     41 
    3842 
    3943#_____________________________________________________________________________ 
     
    290294        necessary if the user is registered at the target Attribute Authority. 
    291295         
    292         @rtype AttCert 
    293         @return attribute certificate for user""" 
     296        @rtype ndg.security.common.AttCert.AttCert 
     297        @return attribute certificate for user.  iIf access is refused,  
     298        AttributeRequestDenied is raised""" 
    294299 
    295300        # Ensure cert is serialized before passing over web service interface 
     
    298303             
    299304        try:  
    300             resp = self.__srv.getAttCert(userCert, userAttCert)   
    301             attCert = AttCertParse(resp) 
     305            sAttCert, msg = self.__srv.getAttCert(userCert, userAttCert)   
    302306             
    303307        except Exception, e: 
    304308            raise AttAuthorityClientError, \ 
    305309                                "Requesting attribute certificate: " + str(e) 
    306              
    307         return attCert 
     310 
     311        if sAttCert: 
     312            return AttCertParse(sAttCert) 
     313        else: 
     314            raise AttributeRequestDenied, msg 
    308315 
    309316                                     
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttCert.py

    r2044 r2085  
    138138        """Override default behaviour to return internal dictionary content""" 
    139139        return str(self.__dat) 
     140 
     141 
     142    #_________________________________________________________________________     
     143    def __str__(self): 
     144        """Override XMLSec.XMLSecDoc equivalent""" 
     145        return self.toString() 
     146     
     147     
     148    #_________________________________________________________________________ 
     149    def toString(self, **kw): 
     150        """Return certificate file content as a string 
     151         
     152        @param **kw: keywords to XMLSec.XMLSecDoc.toString() 
     153        @rtype string 
     154        @return content of document""" 
     155 
     156        # If doc hasn't been parsed by parent (ie. not signed) return elements 
     157        # set so far using createXML method 
     158        return super(AttCert, self).toString(**kw) or self.createXML() 
    140159 
    141160                 
     
    633652        if not self.isValidProvenance(): 
    634653            raise AttCertError, "Provenance must be set to \"" + \ 
    635                                "\" or \"".join(AttCert.__validProvenanceSettings) + "\"" 
     654                   "\" or \"".join(AttCert.__validProvenanceSettings) + "\"" 
    636655 
    637656         
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r2080 r2085  
    2929    # AttAuthority client package resides with CredWallet module in  
    3030    # ndg.security.common 
    31     from AttAuthority import AttAuthorityClient, AttAuthorityClientError 
     31    from AttAuthority import AttAuthorityClient, AttAuthorityClientError, \ 
     32        AttributeRequestDenied 
    3233    aaImportError = False 
    3334     
     
    3940try: 
    4041    from ndg.security.server.AttAuthority import AttAuthority, \ 
    41         AttAuthorityError 
     42        AttAuthorityError, AttAuthorityAccessDenied 
    4243    aaImportError = False 
    4344except: 
     
    6465 
    6566#_____________________________________________________________________________ 
    66 class CredWalletAuthorisationDenied(Exception):     
     67class CredWalletAttributeRequestDenied(Exception):     
    6768    """Handling exception where CredWallet is denied authorisation by an 
    6869    Attribute Authority.""" 
     
    8586        details of Attribute Authority URI and roles for trusted hosts""" 
    8687 
    87         super(CredWalletAuthorisationDenied, self).__init__(msg) 
    8888        self.__msg = msg 
    8989        self.__trustedHostInfo = trustedHostInfo 
     
    623623             
    624624        if self.__aaClnt is not None: 
    625             try:                           
     625            try: 
    626626                attCert = self.__aaClnt.getAttCert(self.__userCert.toString(),  
    627627                                                   userAttCert=extAttCert)                 
     628            except AttributeRequestDenied, e: 
     629                raise CredWalletAttributeRequestDenied, str(e) 
     630             
    628631            except Exception, e: 
    629                 raise CredWalletAuthorisationDenied, str(e) 
    630              
     632                raise CredWalletError, \ 
     633                        "Attribute Certificate request denied: %s" % str(e) 
     634                             
    631635        elif aaPropFilePath is not None: 
    632636 
     
    636640            if not isinstance(aaPropFilePath, basestring): 
    637641                raise CredWalletError, "Attribute Authority Configuration " +\ 
    638                                       "file path must be a valid string" 
     642                                       "file path must be a valid string" 
    639643 
    640644            try: 
     
    645649                 
    646650            except AttAuthorityAccessDenied, e: 
    647                 raise CredWalletAuthorisationDenied, \ 
    648                                                 "Authorisation denied: %s" % e             
     651                raise CredWalletAttributeRequestDenied, \ 
     652                                "Attribute Certificate request denied: %s" % e             
    649653            except Exception, e: 
    650654                raise CredWalletError,"Requesting attribute certificate: %s"%e 
     
    739743                   attCertRefreshElapse=None): 
    740744         
    741         """For a given role, get authorisation from an Attribute Authority 
    742         using a user's proxy certificate.  If this fails try to make a mapped 
    743         Attribute Certificate by using a certificate from another host which 
    744         has a trust relationship to the Attribute Authority in question. 
     745        """For a given role, get an Attribute Certificate from an Attribute  
     746        Authority using a user's proxy certificate.  If this fails try to make 
     747        a mapped Attribute Certificate by using a certificate from another  
     748        host which has a trust relationship to the Attribute Authority in  
     749        question. 
    745750 
    746751        getAttCert([reqRole=r, ][aaPropFilePath=f|aaURI=u,] 
     
    773778        machine, specify the local Attribute Authority configuration file. 
    774779                                 
    775         @type mapFromTrustedHosts: bool        
     780        @type mapFromTrustedHosts: bool / None      
    776781        @keyword mapFromTrustedHosts: if request fails via the user's proxy 
    777782        ID, then it is possible to get a mapped certificate by using  
     
    783788        available for mapping and then choose which one or ones to use for 
    784789        mapping by re-calling getAttCert with extAttCertList set to these  
    785         certificates 
    786  
    787         The list is returned via CredWalletAuthorisationDenied exception 
     790        certificates. 
     791         
     792        Defaults to None in which case self.__mapFromTrustedHosts is not  
     793        altered 
     794 
     795        The list is returned via CredWalletAttributeRequestDenied exception 
    788796        If no value is set, the default value held in  
    789797        self.__mapFromTrustedHosts is used 
    790798 
    791         @type rtnExtAttCertList: bool 
     799        @type rtnExtAttCertList: bool / None 
    792800        @keyword rtnExtAttCertList: If authorisation fails, make a list of  
    793801        candidate certificates from other Attribute Authorities which the user 
     
    800808        is used. 
    801809                                 
    802         The list is returned via a CredWalletAuthorisationDenied exception  
     810        The list is returned via a CredWalletAttributeRequestDenied exception  
    803811        object. 
    804812                                 
     
    807815        from other Attribute Authorities.  These can be used to get a mapped  
    808816        certificate if access fails based on the user's proxy certificate 
    809          credentials.  They are tried out in turn until access is granted so  
    810          the order of the list decides the order in which they will be tried 
     817        credentials.  They are tried out in turn until access is granted so  
     818        the order of the list decides the order in which they will be tried 
    811819 
    812820        @type extTrustedHostList: 
    813821        @keyword extTrustedHostList: same as extAttCertList keyword, but  
    814         instead providing Attribute Certificates, give a list of Attribute  
     822        instead of providing Attribute Certificates, give a list of Attribute  
    815823        Authority hosts.  These will be matched up to Attribute Certificates  
    816824        held in the wallet.  Matching certificates will then be used to try to 
     
    818826         
    819827        @type refreshAttCert: bool 
    820         @keyword refreshAttCert: if set to True, the authorisation request  
     828        @keyword refreshAttCert: if set to True, the attribute request  
    821829        will go ahead even if the wallet already contains an Attribute  
    822830        Certificate from the target Attribute Authority.  The existing AC in  
     
    920928                # Authority if an error exists 
    921929                try: 
    922                     errMsg += ": %s" % authorisationDenied 
     930                    errMsg += ": %s" % attributeRequestDenied 
    923931                except NameError: 
    924932                    pass 
    925933 
    926                 raise CredWalletAuthorisationDenied, errMsg 
     934                raise CredWalletAttributeRequestDenied, errMsg 
    927935                                                     
    928936                 
     
    933941                return attCert 
    934942             
    935             except CredWalletAuthorisationDenied, authorisationDenied: 
     943            except CredWalletAttributeRequestDenied, attributeRequestDenied: 
    936944 
    937945                # If a required role was set then it's possible to go 
     
    942950                # P J Kershaw 29/03/06 
    943951#                if not reqRole: 
    944 #                    raise CredWalletAuthorisationDenied(\ 
     952#                    raise CredWalletAttributeRequestDenied(\ 
    945953#                        "No user role was input in order to map to " + \ 
    946954#                        "a role in a trusted host") 
     
    949957                    # Creating a mapped certificate is not allowed - raise 
    950958                    # authorisation denied exception saved from earlier 
    951                     raise authorisationDenied 
     959                    raise attributeRequestDenied 
    952960 
    953961 
     
    968976 
    969977                if not trustedHostInfo: 
    970                     raise CredWalletAuthorisationDenied, \ 
     978                    raise CredWalletAttributeRequestDenied, \ 
    971979                        "Attribute Authority has no trusted hosts with " + \ 
    972980                        "which to make a mapping" 
     
    10191027                     
    10201028                if not extAttCertList:                         
    1021                     raise CredWalletAuthorisationDenied, \ 
     1029                    raise CredWalletAttributeRequestDenied, \ 
    10221030                        "No certificates are available with which to " + \ 
    10231031                        "make a mapping to the Attribute Authority" 
     
    10331041                          "trusted hosts" 
    10341042                           
    1035                     raise CredWalletAuthorisationDenied(msg=msg, 
     1043                    raise CredWalletAttributeRequestDenied(msg=msg, 
    10361044                                            extAttCertList=extAttCertList, 
    10371045                                            trustedHostInfo=trustedHostInfo) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py

    r2079 r2085  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff52c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d012cc> 
    3232    def addUser(self, username,passphrase): 
    3333 
     
    4343        return  
    4444 
    45     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cff82c> 
     45    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d015cc> 
    4646    def connect(self, username,passphrase,createServerSess,getCookie): 
    4747 
     
    6363        return proxyCert,proxyPriKey,userCert,cookie 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0758c> 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d092ec> 
    6666    def disconnect(self, userCert,sessID,encrSessionMgrURI): 
    6767 
     
    7878        return  
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0772c> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0948c> 
    8181    def getAttCert(self, userCert,sessID,encrSessionMgrURI,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8282 
     
    9999        response = self.binding.Receive(getAttCertOutputMsg.typecode) 
    100100        attCert = response._attCert 
    101         statusCode = response._statusCode 
    102101        msg = response._msg 
    103102        extAttCert = response._extAttCert 
    104         return attCert,statusCode,msg,extAttCert 
     103        return attCert,msg,extAttCert 
    105104 
    106     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d078ac> 
     105    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6d0960c> 
    107106    def getX509Cert(self): 
    108107 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py

    r2079 r2085  
    179179        def __init__(self, **kw): 
    180180            ns = ns0.getAttCertResponse_Dec.schema 
    181             TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="statusCode", aname="_statusCode", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="msg", aname="_msg", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     181            TClist = [ZSI.TC.String(pname="attCert", aname="_attCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="msg", aname="_msg", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    182182            kw["pname"] = ("urn:ndg:security:sessionMgr","getAttCertResponse") 
    183183            kw["aname"] = "_getAttCertResponse" 
     
    190190                    # pyclass 
    191191                    self._attCert = None 
    192                     self._statusCode = None 
    193192                    self._msg = None 
    194193                    self._extAttCert = [] 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r2076 r2085  
    3333class SessionMgrClientError(Exception): 
    3434    """Exception handling for SessionMgrClient class""" 
     35 
     36#_____________________________________________________________________________ 
     37class AttributeRequestDenied(Exception): 
     38    """Raise when a getAttCert call to the Attribute Authority is denied""" 
    3539 
    3640#_____________________________________________________________________________        
     
    302306        user's credential wallet held by the session manager. 
    303307         
    304         reqAuthorisation([sessCookie=s]|[sessID=i, encrSessionMgrURI=e]| 
    305                          [proxyCert=p][key=arg, ...]) 
     308        getAttCert([sessCookie=s]|[sessID=i, encrSessionMgrURI=e]| 
     309                   [proxyCert=p][key=arg, ...]) 
     310                    
    306311        proxyCert:             proxy certificate - use as ID instead of  
    307312                               a cookie in the case of a command line client. 
     
    356361        # Make request 
    357362        try: 
    358             result = self.__srv.getAttCert(proxyCert, 
    359                                            sessID,  
    360                                            encrSessionMgrURI, 
    361                                            attAuthorityURI, 
    362                                            attAuthorityCert, 
    363                                            reqRole, 
    364                                            mapFromTrustedHosts, 
    365                                            rtnExtAttCertList, 
    366                                            extAttCertList, 
    367                                            extTrustedHostList) 
    368             return result 
    369              
     363            attCert, msg, extAttCertList = self.__srv.getAttCert(proxyCert, 
     364                                                       sessID,  
     365                                                       encrSessionMgrURI, 
     366                                                       attAuthorityURI, 
     367                                                       attAuthorityCert, 
     368                                                       reqRole, 
     369                                                       mapFromTrustedHosts, 
     370                                                       rtnExtAttCertList, 
     371                                                       extAttCertList, 
     372                                                       extTrustedHostList) 
    370373        except Exception, e: 
    371374            raise SessionMgrClientError, \ 
    372375                                "Attribute Certificate request: " + str(e) 
    373  
     376        if not attCert: 
     377            raise AttributeRequestDenied, msg 
     378         
     379        return attCert, extAttCertList 
     380     
    374381                                     
    375382    #_________________________________________________________________________ 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py

    r2079 r2085  
    10461046            # previously encrypted 
    10471047            parsedSOAP.body_root = parsedSOAP.body.childNodes[0] 
    1048             print decryptedData 
     1048            #print decryptedData 
    10491049            #import pdb;pdb.set_trace() 
    10501050 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py

    r2079 r2085  
    3838        <xsd:complexType> 
    3939          <xsd:sequence> 
    40             <xsd:element name=\"attCert\" type=\"xsd:string\"/> 
     40            <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attCert\" type=\"xsd:string\"/> 
     41                <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"msg\" type=\"xsd:string\"/> 
    4142          </xsd:sequence> 
    4243        </xsd:complexType> 
     
    219220        # If we have an implementation object, copy the result  
    220221        if hasattr(self,'impl'): 
    221             result._attCert = parameters 
     222            # Should have a tuple of 2 args 
     223            result._attCert = parameters[0] 
     224            result._msg = parameters[1] 
    222225        return self.request, result 
    223226 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

    r2072 r2085  
    4242    """NDG Attribute Authority - access denied exception. 
    4343 
    44     Raise from authorise method where no roles are available for the user 
     44    Raise from getAttCert method where no roles are available for the user 
    4545    but that the request is otherwise valid.  In all other error cases raise 
    4646    AttAuthorityError"""    
    47  
    4847 
    4948class AttAuthorityNoTrustedHosts(AttAuthorityError): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac

    r2072 r2085  
    2323from AttAuthority_services_server import AttAuthorityService 
    2424 
    25 from ndg.security.server.AttAuthority import AttAuthority 
     25from ndg.security.server.AttAuthority import AttAuthority, \ 
     26        AttAuthorityAccessDenied 
     27         
    2628from ndg.security.common.wsSecurity import WSSecurityHandlerChainFactory, \ 
    2729        WSSecurityHandler, SignatureHandler 
     
    4244        self.aa = AttAuthority() 
    4345 
     46 
    4447    def soap_getAttCert(self, ps, **kw): 
    4548        request, response = AttAuthorityService.soap_getAttCert(self, ps) 
     
    4851        # message - i.e. the user's proxy 
    4952        proxyCert = WSSecurityHandler.signatureHandler.verifyingCert 
    50                  
    51         attCert = self.aa.getAttCert(proxyCert=proxyCert, 
    52                                                   userAttCert=request.get_element_userAttCert()) 
    53         response.set_element_attCert(attCert) 
     53         
     54        try:     
     55                attCert = self.aa.getAttCert(proxyCert=proxyCert, 
     56                                                                         userAttCert=request.UserAttCert)                                                           
     57                response.AttCert = attCert.toString() 
     58                 
     59        except AttAuthorityAccessDenied, e: 
     60                        response.Msg = str(e) 
     61                         
    5462        return request, response 
     63 
    5564 
    5665    def soap_getHostInfo(self, ps, **kw): 
    5766        request, response = AttAuthorityService.soap_getHostInfo(self, ps) 
    5867         
    59         hostname = aaSrv.aa.hostInfo.keys()[0] 
    60         response.set_element_hostname(hostname) 
    61         response.set_element_loginURI(aaSrv.aa.hostInfo[hostname]['loginURI']) 
    62         response.set_element_aaURI(aaSrv.aa.hostInfo[hostname]['aaURI']) 
     68        response.Hostname = aaSrv.aa.hostInfo.keys()[0] 
     69        response.LoginURI = aaSrv.aa.hostInfo[response.Hostname]['loginURI'] 
     70        response.AaURI = aaSrv.aa.hostInfo[response.Hostname]['aaURI'] 
    6371 
    6472        return request, response 
     73 
    6574 
    6675    def soap_getTrustedHostInfo(self, ps, **kw): 
     
    6877                                        AttAuthorityService.soap_getTrustedHostInfo(self, ps) 
    6978         
    70         trustedHostInfo = aaSrv.aa.getTrustedHostInfo(\ 
    71                                                                                 role=request.get_element_role()) 
     79        trustedHostInfo = aaSrv.aa.getTrustedHostInfo(role=request.Role) 
    7280 
    7381                # Convert ready for serialization 
     
    7684                        trustedHost = response.new_trustedHosts() 
    7785                         
    78                         trustedHost.set_element_hostname(hostname) 
    79                         trustedHost.set_element_aaURI(hostInfo['aaURI']) 
    80                         trustedHost.set_element_loginURI(hostInfo['loginURI']) 
    81                         trustedHost.set_element_roleList(hostInfo['role']) 
     86                        trustedHost.Hostname = hostname 
     87                        trustedHost.AaURI = hostInfo['aaURI'] 
     88                        trustedHost.LoginURI = hostInfo['loginURI'] 
     89                        trustedHost.RoleList = hostInfo['role'] 
    8290                         
    8391                        trustedHosts.append(trustedHost) 
    8492                         
    85         response.set_element_trustedHosts(trustedHosts) 
     93        response.TrustedHosts = trustedHosts 
    8694                 
    8795        return request, response 
     96 
    8897 
    8998    def soap_getX509Cert(self, ps, **kw): 
     
    91100         
    92101        x509Cert = X509CertRead(aaSrv.aa['certFile']) 
    93         response.set_element_x509Cert(x509Cert.toString()) 
     102        response.X509Cert = x509Cert.toString() 
    94103        return request, response 
    95104 
    96 hostname = socket.gethostname() 
    97105 
    98106root = Resource() 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py

    r2079 r2085  
    8686              <xsd:sequence> 
    8787                <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attCert\" type=\"xsd:string\"/> 
    88                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"statusCode\" type=\"xsd:string\"/> 
    8988                <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"msg\" type=\"xsd:string\"/> 
    9089                        <xsd:element maxOccurs=\"unbounded\" minOccurs=\"0\" name=\"extAttCert\" type=\"xsd:string\"/> 
     
    311310        # If we have an implementation object, copy the result  
    312311        if hasattr(self,'impl'): 
    313             # Should have a tuple of 4 args 
     312            # Should have a tuple of 3 args 
    314313            result._attCert = parameters[0] 
    315             result._statusCode = parameters[1] 
    316             result._msg = parameters[2] 
    317             result._extAttCert = parameters[3] 
     314            result._msg = parameters[1] 
     315            result._extAttCert = parameters[2] 
    318316        return self.request, result 
    319317 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

    r2079 r2085  
    3535 
    3636# Credential Wallet 
    37 from ndg.security.common.CredWallet import * 
     37from ndg.security.common.CredWallet import CredWallet, CredRepos, \ 
     38    CredWalletError, CredWalletAttributeRequestDenied 
     39 
     40from ndg.security.common.X509 import X509CertParse 
    3841 
    3942# MyProxy server interface 
     
    990993        try: 
    991994            attCert = userSess.credWallet.getAttCert(**credWalletKw) 
    992             return attCert, CredWallet.accessGranted, None, [] 
    993              
    994         except CredWalletAuthorisationDenied, e: 
     995            return attCert, None, [] 
     996             
     997        except CredWalletAttributeRequestDenied, e: 
    995998            # Exception object containa a list of attribute certificates 
    996999            # which could be used to re-try to get authorisation via a mapped 
    9971000            # certificate 
    998             return None, CredWallet.accessDenied, str(e), e.extAttCertList 
     1001            return None, str(e), e.extAttCertList 
    9991002 
    10001003 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac

    r2080 r2085  
    8585 
    8686 
    87         response.AttCert = result[0].toString()  
    88         response.StatusCode, response.Msg, response.ExtAttCert = result[1:] 
     87        if result[0]: 
     88                response.AttCert = result[0].toString()  
     89                 
     90        response.Msg, response.ExtAttCert = result[1:] 
    8991         
    9092        return request, response 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2072 r2085  
    9090        # Make attribute certificate request 
    9191        attCert = self.clnt.getAttCert(userCert=userCertTxt) 
     92         
    9293        print "Attribute Certificate: \n\n:" + str(attCert) 
     94         
    9395        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath'] 
    9496        attCert.write() 
     
    117119        try: 
    118120            userAttCert = AttCertRead(\ 
    119                       self.cfg['test6GetMappedAttCert']['userattcertfilepath']) 
     121                self.cfg['test6GetMappedAttCert']['userattcertfilepath']) 
    120122             
    121123        except IOError, ioErr: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r2072 r2085  
    1111 
    1212[test1Store] 
    13 username: sstljakTestUser 
     13#username: sstljakTestUser 
    1414username: gabriel 
    1515passphrase: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2079 r2085  
    1919License, version 1.0 or later. 
    2020""" 
     21reposID = "$Id:$" 
     22 
    2123import unittest 
    2224import os, sys, getpass 
    2325from ConfigParser import SafeConfigParser 
    2426 
    25 from ndg.security.common.SessionMgr import SessionMgrClient 
     27from ndg.security.common.SessionMgr import SessionMgrClient, \ 
     28    AttributeRequestDenied 
     29     
    2630from ndg.security.common.SessionCookie import SessionCookie 
    2731 
     
    104108            self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'],  
    105109                              passphrase=passphrase, 
    106                               createServerSess=True, 
    107110                              getCookie=False) 
    108111        print "User '%s' connected to Session Manager:\n%s" % \ 
     
    139142         
    140143        # Use proxy to sign outbound SOAP message 
    141         self.clnt.clntCert = self.proxyCert 
    142         self.clnt.clntKey = self.proxyPriKey 
    143         self.clnt.clntPriKeyPwd = None 
     144        self.clnt.signingCert = self.proxyCert 
     145        self.clnt.signingKey = self.proxyPriKey 
     146        self.clnt.signingPriKeyPwd = None 
    144147         
    145148        self.clnt.disconnect(proxyCert=self.proxyCert) 
     
    148151 
    149152    def test6CookieGetAttCert(self): 
    150         """test6CookieGetAttCert: make an authorisation request using 
     153        """test6CookieGetAttCert: make an attribute request using 
    151154        a cookie as authentication credential""" 
    152155 
    153156        print "\n\t" + self.test6CookieGetAttCert.__doc__         
     157        self.test2CookieConnect() 
     158         
     159        attCert, extAttCertList = self.clnt.getAttCert(\ 
     160            sessID=self.sessCookie.sessionID,  
     161            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
     162            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri']) 
     163         
     164        print "Attribute Certificate:\n%s" % attCert   
     165        print "External Attribute Certificate List:\n%s" % extAttCertList 
     166 
     167 
     168    def test6aCookieGetAttCertRefused(self): 
     169        """test6aCookieGetAttCertRefused: make an attribute request using 
     170        a cookie as authentication credential requesting an AC from an 
     171        Attribute Authority where the user is NOT registered""" 
     172 
     173        print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__         
     174        self.test2CookieConnect() 
     175         
     176        aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri'] 
     177         
     178        try: 
     179            attCert, extAttCertList = self.clnt.getAttCert(\ 
     180                        sessID=self.sessCookie.sessionID,  
     181                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
     182                        attAuthorityURI=aaURI, 
     183                        mapFromTrustedHosts=False) 
     184        except AttributeRequestDenied, e: 
     185            print "SUCCESS - obtained expected result: %s" % e 
     186            return 
     187         
     188        self.fail("Request allowed from AA where user is NOT registered!") 
     189 
     190 
     191    def test6bCookieGetMappedAttCert(self): 
     192        """test6bCookieGetMappedAttCert: make an attribute request using 
     193        a cookie as authentication credential""" 
     194 
     195        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__         
     196        self.test2CookieConnect() 
     197         
     198        attCert, extAttCertList = self.clnt.getAttCert(\ 
     199            sessID=self.sessCookie.sessionID,  
     200            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
     201            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri']) 
     202         
     203        print "Attribute Certificate:\n%s" % attCert   
     204        print "External Attribute Certificate List:\n%s" % extAttCertList 
     205 
     206 
     207    def test6bCookieGetMappedAttCert(self): 
     208        """test6CookieGetAttCert: make an attribute request using 
     209        a cookie as authentication credential""" 
     210 
     211        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__         
    154212        self.test2CookieConnect() 
    155213         
     
    157215            sessID=self.sessCookie.sessionID,  
    158216            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    159             attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri']) 
     217            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri']) 
    160218         
    161219        print "Attribute Certificate:\n%s" % attCert   
     
    165223 
    166224 
    167     def test6aCookieGetAttCertWithExtAttCertList(self): 
    168         """test6CookieGetAttCert: make an authorisation request using 
    169         a cookie as authentication credential""" 
    170          
    171         print "\n\t" + self.test6aCookieGetAttCertWithExtAttCertList.__doc__         
     225    def test6cCookieGetAttCertWithExtAttCertList(self): 
     226        """test6CookieGetAttCert: make an attribute request using 
     227        a cookie as authentication credential""" 
     228         
     229        print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__         
    172230        self.test2CookieConnect() 
    173231         
    174232        aaURI = \ 
    175             self.cfg['test6aCookieGetAttCertWithExtAttCertList']['aauri'] 
     233            self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri'] 
    176234             
    177235        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\ 
     
    188246 
    189247    def test7ProxyCertGetAttCert(self): 
    190         """test7ProxyCertGetAttCert: make an authorisation request using 
     248        """test7ProxyCertGetAttCert: make an attribute request using 
    191249        a proxy cert as authentication credential""" 
    192250        print "\n\t" + self.test7ProxyCertGetAttCert.__doc__ 
     
    226284                    "test5ProxyCertDisconnect", 
    227285                    "test6CookieGetAttCert", 
    228                     "test6aCookieGetAttCertWithExtAttCertList", 
     286                    "test6bCookieGetMappedAttCert", 
     287                    "test6cCookieGetAttCertWithExtAttCertList", 
    229288                    "test7ProxyCertGetAttCert", 
    230289                    "test8GetX509Cert", 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

    r2076 r2085  
    4646aaURI = http://localhost:5000/AttributeAuthority 
    4747 
    48 [test6aCookieGetAttCertWithExtAttCertList] 
    49 aaURI = http://localhost:5000/AttributeAuthority 
     48[test6aCookieGetAttCertRefused] 
     49aaURI = http://localhost:5100/AttributeAuthority 
     50 
     51[test6bCookieGetMappedAttCert] 
     52aaURI = http://localhost:5100/AttributeAuthority 
     53 
     54[test6cCookieGetAttCertWithExtAttCertList] 
     55aaURI = http://localhost:5100/AttributeAuthority 
    5056 
    5157[test7ProxyCertGetAttCert] 
  • TI12-security/trunk/python/www/html/attAuthority.wsdl

    r2079 r2085  
    3434        <xsd:complexType> 
    3535          <xsd:sequence> 
    36             <xsd:element name="attCert" type="xsd:string"/> 
     36            <xsd:element name="attCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     37                <xsd:element name="msg" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    3738          </xsd:sequence> 
    3839        </xsd:complexType> 
  • TI12-security/trunk/python/www/html/sessionMgr.wsdl

    r2079 r2085  
    8282              <xsd:sequence> 
    8383                <xsd:element name="attCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    84                 <xsd:element name="statusCode" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
    8584                <xsd:element name="msg" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    8685                        <xsd:element name="extAttCert" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> 
Note: See TracChangeset for help on using the changeset viewer.