- Timestamp:
- 09/02/07 14:55:08 (14 years ago)
- Location:
- TI12-security/trunk/python/ndg.security.common/ndg/security/common/ca
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services.py
r2131 r2136 1 1 ################################################## 2 # simpleCA_services.py 3 # generated by ZSI.wsdl2python 4 # 5 # 2 # CertificateAuthority_services.py 3 # generated by ZSI.generate.wsdl2python 6 4 ################################################## 7 5 8 6 7 from CertificateAuthority_services_types import * 9 8 import urlparse, types 10 from ZSI.TCcompound import Struct9 from ZSI.TCcompound import ComplexType, Struct 11 10 from ZSI import client 12 11 import ZSI 12 from ZSI.generate.pyclass import pyclass_type 13 13 14 class simpleCAServiceInterface: 15 def getsimpleCA(self, portAddress=None, **kw): 16 raise NonImplementationError, "method not implemented" 14 # Locator 15 class CertificateAuthorityServiceLocator: 16 CertificateAuthority_address = "http://localhost:5001" 17 def getCertificateAuthorityAddress(self): 18 return CertificateAuthorityServiceLocator.CertificateAuthority_address 19 def getCertificateAuthority(self, url=None, **kw): 20 return CertificateAuthorityBindingSOAP(url or CertificateAuthorityServiceLocator.CertificateAuthority_address, **kw) 17 21 22 # Methods 23 class CertificateAuthorityBindingSOAP: 24 def __init__(self, url, **kw): 25 kw.setdefault("readerclass", None) 26 kw.setdefault("writerclass", None) 27 # no resource properties 28 self.binding = client.Binding(url=url, **kw) 29 # no ws-addressing 18 30 19 class simpleCAServiceLocator(simpleCAServiceInterface): 20 simpleCA_address = "http://127.0.0.1:5000/simpleCA.wsdl" 21 def getsimpleCAAddress(self): 22 return simpleCAServiceLocator.simpleCA_address 31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x406a3f8c> 32 def issueCert(self, x509CertReq): 23 33 24 def getsimpleCA(self, portAddress=None, **kw):25 re turn simpleCABindingSOAP(portAddress or simpleCAServiceLocator.simpleCA_address, **kw)34 request = issueCertInputMsg() 35 request._x509CertReq = x509CertReq 26 36 37 kw = {} 38 # no input wsaction 39 self.binding.Send(None, None, request, soapaction="issueCert", **kw) 40 # no output wsaction 41 response = self.binding.Receive(issueCertOutputMsg.typecode) 42 x509Cert = response._x509Cert 43 return x509Cert 27 44 28 class simpleCABindingSOAP: 45 # op: <ZSI.wstools.WSDLTools.Message instance at 0x406ab2cc> 46 def revokeCert(self, x509Cert): 29 47 30 def __init__(self, addr, **kw): 31 netloc = (urlparse.urlparse(addr)[1]).split(":") + [80,] 32 if not kw.has_key("host"): 33 kw["host"] = netloc[0] 34 if not kw.has_key("port"): 35 kw["port"] = int(netloc[1]) 36 if not kw.has_key("url"): 37 kw["url"] = urlparse.urlparse(addr)[2] 38 self.binding = client.Binding(**kw) 48 request = revokeCertInputMsg() 49 request._x509Cert = x509Cert 39 50 51 kw = {} 52 # no input wsaction 53 self.binding.Send(None, None, request, soapaction="revokeCert", **kw) 54 # no output wsaction 55 response = self.binding.Receive(revokeCertOutputMsg.typecode) 56 return 40 57 41 def reqCert(self, request): 42 """ 43 @param: request to reqCertRequest:: 44 _usrCertReq: str 58 # op: <ZSI.wstools.WSDLTools.Message instance at 0x406ab7ec> 59 def getCRL(self): 45 60 46 @return: response from reqCertResponse:: 47 _errMsg: str 48 _usrCert: str 49 """ 61 request = getCRLInputMsg() 50 62 51 if not isinstance(request, reqCertRequest) and\52 not issubclass(reqCertRequest, request.__class__):53 raise TypeError, "%s incorrect request type" %(request.__class__)54 63 kw = {} 55 response = self.binding.Send(None, None, request, soapaction="urn:simpleCA#reqCert", **kw)56 response = self.binding.Receive(reqCertResponseWrapper())57 if not isinstance(response, reqCertResponse) and\58 not issubclass(reqCertResponse, response.__class__):59 raise TypeError, "%s incorrect response type" %(response.__class__)60 return response64 # no input wsaction 65 self.binding.Send(None, None, request, soapaction="getCRL", **kw) 66 # no output wsaction 67 response = self.binding.Receive(getCRLOutputMsg.typecode) 68 crl = response._crl 69 return crl 61 70 71 issueCertInputMsg = ns0.issueCert_Dec().pyclass 62 72 73 issueCertOutputMsg = ns0.issueCertResponse_Dec().pyclass 63 74 64 class reqCertRequest (ZSI.TCcompound.Struct): 65 def __init__(self, name=None, ns=None): 66 self._usrCertReq = None 75 revokeCertInputMsg = ns0.revokeCert_Dec().pyclass 67 76 68 oname = None 69 if name: 70 oname = name 71 if ns: 72 oname += ' xmlns="%s"' % ns 73 ZSI.TC.Struct.__init__(self, reqCertRequest, [ZSI.TC.String(pname="usrCertReq",aname="_usrCertReq",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 77 revokeCertOutputMsg = ns0.revokeCertResponse_Dec().pyclass 74 78 75 class reqCertRequestWrapper(reqCertRequest): 76 """wrapper for rpc:encoded message""" 79 getCRLInputMsg = ns0.getCRL_Dec().pyclass 77 80 78 typecode = reqCertRequest(name='reqCert', ns='urn:simpleCA') 79 def __init__( self, name=None, ns=None, **kw ): 80 reqCertRequest.__init__( self, name='reqCert', ns='urn:simpleCA' ) 81 82 class reqCertResponse (ZSI.TCcompound.Struct): 83 def __init__(self, name=None, ns=None): 84 self._usrCert = None 85 self._errMsg = None 86 87 oname = None 88 if name: 89 oname = name 90 if ns: 91 oname += ' xmlns="%s"' % ns 92 ZSI.TC.Struct.__init__(self, reqCertResponse, [ZSI.TC.String(pname="usrCert",aname="_usrCert",optional=1),ZSI.TC.String(pname="errMsg",aname="_errMsg",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 93 94 class reqCertResponseWrapper(reqCertResponse): 95 """wrapper for rpc:encoded message""" 96 97 typecode = reqCertResponse(name='reqCertResponse', ns='urn:simpleCA') 98 def __init__( self, name=None, ns=None, **kw ): 99 reqCertResponse.__init__( self, name='reqCertResponse', ns='urn:simpleCA' ) 81 getCRLOutputMsg = ns0.getCRLResponse_Dec().pyclass -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/ca/__init__.py
r2058 r2136 1 """NERC Data Grid Project 2 3 @author P J Kershaw 27/10/06 4 5 @copyright (C) 2007 CCLRC & NERC 6 7 @license This software may be distributed under the terms of the Q Public 1 #!/usr/bin/env python 2 """NDG Security Certificate Authority client - client interface classes to the 3 Certificate Authority. 4 5 NERC Data Grid Project 6 7 @author P J Kershaw 17/11/06 8 9 @copyright (C) 2006 CCLRC & NERC 10 11 @license This software may be distributed under the terms of the Q Public 8 12 License, version 1.0 or later. 9 13 """ 14 reposID = '$Id:$' 15 16 __all__ = [ 17 'CertificateAuthority_services', 18 'CertificateAuthority_services_types', 19 ] 20 21 # Handling for public key retrieval 22 import tempfile 23 from M2Crypto import X509, RSA, EVP 24 25 from CertificateAuthority_services import CertificateAuthorityServiceLocator 26 from ndg.security.common.wsSecurity import SignatureHandler 27 from ndg.security.common.openssl import OpenSSLConfig 28 29 30 #_____________________________________________________________________________ 31 class CertificateAuthorityClientError(Exception): 32 """Exception handling for CertificateAuthorityClient class""" 33 34 35 #_____________________________________________________________________________ 36 class CertificateAuthorityClient(object): 37 """Client interface to Certificate Authority web service 38 39 @ctype _certReqDNparamName: tuple 40 @cvar _certReqDNparamName: names of parameters needed to generate a 41 certificate request e.g. CN, OU etc.""" 42 43 _certReqDNparamName = ('O', 'OU') 44 45 #_________________________________________________________________________ 46 def __init__(self, uri=None, tracefile=None, **signatureHandlerKw): 47 """ 48 @type uri: string 49 @keyword uri: URI for Attribute Authority WS. Setting it will also 50 initialise the Service Proxy 51 52 @keyword tracefile: set to file object such as sys.stderr to give 53 extra WS debug information 54 55 @type **signatureHandlerKw: dict 56 @param **signatureHandlerKw: keywords for SignatureHandler class""" 57 58 self.__srv = None 59 self.__uri = None 60 61 62 # Set-up parameter names for certificate request 63 self.__certReqDNparam = {} 64 65 66 if uri: 67 self.__setURI(uri) 68 69 # WS-Security Signature handler 70 self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 71 72 self.__tracefile = tracefile 73 74 75 # Instantiate Attribute Authority WS proxy 76 if self.__uri: 77 self.initService() 78 79 80 #_________________________________________________________________________ 81 def __setURI(self, uri): 82 83 if not isinstance(uri, basestring): 84 raise CertificateAuthorityClientError, \ 85 "Attribute Authority WSDL URI must be a valid string" 86 87 self.__uri = uri 88 89 uri = property(fset=__setURI, doc="Set Attribute Authority WSDL URI") 90 91 92 #_________________________________________________________________________ 93 def __getSignatureHandler(self): 94 "Get SignatureHandler object property method" 95 return self.__signatureHandler 96 97 signatureHandler = property(fget=__getSignatureHandler, 98 doc="SignatureHandler object") 99 100 101 #_________________________________________________________________________ 102 def __setSrvCertFilePath(self, srvCertFilePath): 103 104 if not isinstance(srvCertFilePath, basestring): 105 raise CertificateAuthorityClientError, \ 106 "Attribute Authority public key URI must be a valid string" 107 108 self.__srvCertFilePath = srvCertFilePath 109 110 srvCertFilePath = property(fset=__setSrvCertFilePath, 111 doc="Set Attribute Authority public key URI") 112 113 114 #_________________________________________________________________________ 115 def __setClntCertFilePath(self, clntCertFilePath): 116 117 if not isinstance(clntCertFilePath, basestring): 118 raise CertificateAuthorityClientError, \ 119 "Client public key file path must be a valid string" 120 121 self.__clntCertFilePath = clntCertFilePath 122 123 try: 124 self.__clntCert = open(self.__clntCertFilePath).read() 125 126 except IOError, (errNo, errMsg): 127 raise CertificateAuthorityClientError, \ 128 "Reading certificate file \"%s\": %s" % \ 129 (self.__clntCertFilePath, errMsg) 130 131 except Exception, e: 132 raise CertificateAuthorityClientError, \ 133 "Reading certificate file \"%s\": %s" % \ 134 (self.__clntCertFilePath, str(e)) 135 136 clntCertFilePath = property(fset=__setClntCertFilePath, 137 doc="File path for client public key") 138 139 140 #_________________________________________________________________________ 141 def __setClntPriKeyFilePath(self, clntPriKeyFilePath): 142 143 if not isinstance(clntPriKeyFilePath, basestring): 144 raise CertificateAuthorityClientError(\ 145 "Client public key file path must be a valid string") 146 147 self.__clntPriKeyFilePath = clntPriKeyFilePath 148 149 clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath, 150 doc="File path for client private key") 151 152 153 #_________________________________________________________________________ 154 def __setClntPriKeyPwd(self, clntPriKeyPwd): 155 156 if not isinstance(clntPriKeyPwd, basestring): 157 raise SessionMgrClientError, \ 158 "Client private key password must be a valid string" 159 160 self.__clntPriKeyPwd = clntPriKeyPwd 161 162 clntPriKeyPwd = property(fset=__setClntPriKeyPwd, 163 doc="Password protecting client private key file") 164 165 166 #_________________________________________________________________________ 167 def __setCertReqDNparam(self, dict): 168 '''certReqDNparam property set method - forces setting of certificate 169 request parameter names to valid values 170 171 @param dict: dictionary of parameters''' 172 173 invalidKw = [k for k in dict \ 174 if k not in self.__class__._certReqDNparamName] 175 if invalidKw: 176 raise CertificateAuthorityClientError, \ 177 "Invalid certificate request keyword(s): %s. Valid keywords are: %s" % \ 178 (', '.join(invalidKw), ', '.join(self.__class__._certReqDNparamName)) 179 180 self.__certReqDNparam.update(dict) 181 182 183 #_________________________________________________________________________ 184 def __getCertReqDNparam(self): 185 """certReqDNparam property set method - for Certificate request 186 parameters dict""" 187 return self.__certReqDNparam 188 189 190 certReqDNparam = property(fset=__setCertReqDNparam, 191 fget=__getCertReqDNparam, 192 doc="Dictionary of parameters for cert. request") 193 194 195 #_________________________________________________________________________ 196 def initService(self, uri=None): 197 """Set the WS proxy for the Attribute Authority 198 199 @type uri: string 200 @param uri: URI for service to invoke""" 201 202 if uri: 203 self.__setURI(uri) 204 205 # WS-Security Signature handler object is passed to binding 206 try: 207 locator = CertificateAuthorityServiceLocator() 208 self.__srv = locator.getCertificateAuthority(self.__uri, 209 sig_handler=self.__signatureHandler, 210 tracefile=self.__tracefile) 211 except HTTPResponse, e: 212 raise CertificateAuthorityClientError, \ 213 "Error initialising WSDL Service for \"%s\": %s %s" % \ 214 (self.__uri, e.status, e.reason) 215 216 except Exception, e: 217 raise CertificateAuthorityClientError, \ 218 "Initialising WSDL Service for \"%s\": %s" % \ 219 (self.__uri, str(e)) 220 221 222 #_________________________________________________________________________ 223 def _createCertReq(self, CN, nBitsForKey=1024, messageDigest="md5"): 224 """ 225 Create a certificate request. 226 227 @param CN: Common Name for certificate - effectively the same as the 228 username for the MyProxy credential 229 @param nBitsForKey: number of bits for private key generation - 230 default is 1024 231 @param messageDigest: message disgest type - default is MD5 232 @return tuple of certificate request PEM text and private key PEM text 233 """ 234 235 # Check all required certifcate request DN parameters are set 236 # Create certificate request 237 req = X509.Request() 238 239 # Generate keys 240 key = RSA.gen_key(nBitsForKey, m2.RSA_F4) 241 242 # Create public key object 243 pubKey = EVP.PKey() 244 pubKey.assign_rsa(key) 245 246 # Add the public key to the request 247 req.set_version(0) 248 req.set_pubkey(pubKey) 249 250 if self.__certReqDNparam: 251 certReqDNparam = self.__certReqDNparam 252 else: 253 defaultReqDN = self.__openSSLConf.getReqDN() 254 255 certReqDNparam = {} 256 certReqDNparam['O'] = defaultReqDN['0.organizationName'] 257 certReqDNparam['OU'] = defaultReqDN['0.organizationalUnitName'] 258 259 # Set DN 260 x509Name = X509.X509_Name() 261 x509Name.CN = CN 262 x509Name.OU = certReqDNparam['OU'] 263 x509Name.O = certReqDNparam['O'] 264 req.set_subject_name(x509Name) 265 266 req.sign(pubKey, messageDigest) 267 268 return (req.as_pem(), key.as_pem(cipher=None)) 269 270 271 #_________________________________________________________________________ 272 def signCert(self, 273 certReq=None, 274 CN=None, 275 opensslConfigFilePath=None, 276 **createCertReqKw): 277 """Send a certificate request to the CA for signing 278 279 signCert([certReq=cr]|[CN=cn, opensslConfigFilePath=p, **kw]) 280 281 @type certReq: M2Crypto.X509.Request 282 @keyword certReq: X.509 certificate request. If omitted, 283 _createCertReq method is called to create a new public and private 284 key and a certificate request 285 286 @type CN: string 287 @keyword CN: common name component of Distinguished Name for new 288 cert. This keyword is ignored if certReq keyword is set. 289 290 @type opensslConfigFilePath: string 291 @keyword opensslConfigFilePath: file path for OpenSSL configuration 292 file from which to get settings for Distinguished Name for new 293 certificate. This keyword is ignored if certReq keyword is set. 294 @rtype: tuple 295 @return: signed certificate and private key. Private key will be 296 None if certReq keyword was passed in 297 """ 298 299 priKey = None 300 if not certReq: 301 # Create the certificate request 302 certReq, priKey = self._createCertReq(CN, **createCertReqKw) 303 304 try: 305 cert = self.__srv.signCert(certReq.as_pem()) 306 307 except Exception, e: 308 raise CertificateAuthorityClientError, \ 309 "Signing Certificate: " + str(e) 310 return cert, priKey 311 312 313 #_________________________________________________________________________ 314 def revokeCert(self, x509Cert): 315 """Request that the CA revoke the given certificate 316 317 @type x509Cert: string 318 @param x509Cert: X.509 certificate to be revoked""" 319 320 try: 321 self.__srv.revokeCert(x509Cert) 322 323 except Exception, e: 324 raise CertificateAuthorityClientError, \ 325 "Revoking certificate: " + str(e) 326 327 328 #_________________________________________________________________________ 329 def getCRL(self): 330 """Request Certificate Revocation List (CRL) for the CA 331 332 @rtype string 333 @return PEM encoded CRL""" 334 335 try: 336 crl = self.__srv.getCRL() 337 338 except Exception, e: 339 raise CertificateAuthorityClientError, "Requesting CRL: " + str(e) 340 341 return crl
Note: See TracChangeset
for help on using the changeset viewer.