Changeset 2884


Ignore:
Timestamp:
14/09/07 09:29:04 (12 years ago)
Author:
pjkersha
Message:

Explicitly setting of SSL timeout avoids hanging client for calls over https

ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • added ref to NDGSEC_INT_DEBUG environment variable -sets service to stop in debugger at the start of each SOAP call. Service must be restarted in order for variable to be picked up

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • running unit tests with https switched on to investigate timeout problems. SM calls to an AA over https currently fail with a HTTP bad status line error

ndg.security.common/ndg/security/common/AttAuthority/init.py: improve error reporting for getAttCert call.

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • added functionality to set read and write timeouts. M2Crypto default is 600s(!). Changed default to 3s
Location:
TI12-security/trunk
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2827 r2884  
    364364        if isinstance(userAttCert, AttCert): 
    365365            userAttCert = userAttCert.toString() 
    366              
     366 
    367367        try: 
    368368            sAttCert, msg = self.__srv.getAttCert(userId,userCert,userAttCert)   
    369369        except httplib.BadStatusLine, e: 
    370             raise AttAuthorityClientError, "HTTP bad status line: %s" % e 
     370            raise AttAuthorityClientError, \ 
     371                'Calling "%s" HTTP bad status line: %s' % (self.__uri, e) 
    371372 
    372373        except Exception, e: 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r2796 r2884  
    646646            except AttributeRequestDenied, e: 
    647647                raise CredWalletAttributeRequestDenied, str(e) 
    648              
    649             except Exception, e: 
    650                 raise CredWalletError, str(e) 
    651648                             
    652649        elif self.aaPropFilePath is not None: 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r2796 r2884  
    295295            locator = SessionMgrServiceLocator() 
    296296            self.__srv = locator.getSessionMgr(self.__uri, 
    297                                        sig_handler=self.__signatureHandler, 
    298                                        tracefile=self.__tracefile, 
     297                                         sig_handler=self.__signatureHandler, 
     298                                         tracefile=self.__tracefile, 
    299299                                         transport=self._transport, 
    300300                                         transdict=self._transdict) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r2685 r2884  
    6565            # Try match against peerCertDN set 
    6666            # file setting 
    67             peerCertDN = '/' + \ 
    68                     peerCert.get_subject().as_text().replace(', ', '/') 
     67            peerCertDN='/'+peerCert.get_subject().as_text().replace(', ', '/') 
    6968            if peerCertDN != self.peerCertDN: 
    7069                raise e 
     
    126125        else: 
    127126            self._postConnectionCheck = SSL.Checker.Checker 
     127         
     128        if 'readTimeout' in kw: 
     129            if not isinstance(readTimeout, SSL.timeout): 
     130                raise AttributeError, "readTimeout must be of type " + \ 
     131                                      "M2Crypto.SSL.timeout"  
     132            self.readTimeout = readTimeout 
     133            del kw['readTimeout'] 
     134        else: 
     135            self.readTimeout = SSL.timeout(sec=3.)  
     136               
     137        if 'writeTimeout' in kw: 
     138            if not isinstance(writeTimeout, SSL.timeout): 
     139                raise AttributeError, "writeTimeout must be of type " + \ 
     140                                      "M2Crypto.SSL.timeout"  
     141            self.writeTimeout = writeTimeout 
     142            del kw['writeTimeout'] 
     143        else: 
     144            self.writeTimeout = SSL.timeout(sec=3.) 
    128145             
    129146        _HTTPSConnection.__init__(self, *args, **kw) 
     
    132149    def connect(self): 
    133150        '''Overload M2Crypto.httpslib.HTTPSConnection to enable 
    134         custom post connection check of peer certificate''' 
     151        custom post connection check of peer certificate and socket timeout''' 
    135152        self.sock = SSL.Connection(self.ssl_ctx) 
    136153        self.sock.set_post_connection_check_callback( 
    137                                          self._postConnectionCheck) 
     154                                                 self._postConnectionCheck) 
     155     
     156        self.sock.set_socket_read_timeout(self.readTimeout) 
     157        self.sock.set_socket_write_timeout(self.writeTimeout) 
     158 
    138159        self.sock.connect((self.host, self.port)) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.tac

    r2866 r2884  
    4545        # picked up from default location under $NDG_DIR directory 
    4646        self.aa = AttAuthority() 
     47         
     48        # Stop in debugger at beginning of SOAP stub if environment variable  
     49        # is set 
     50        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG')) 
    4751 
    4852 
    4953    def soap_getAttCert(self, ps, **kw): 
     54        '''Retrieve an Attribute Certificate 
     55         
     56        @type ps: ZSI ParsedSoap 
     57        @param ps: client SOAP message 
     58        @rtype: tuple 
     59        @return: request and response objects''' 
     60        if self.__debug: 
     61                import pdb 
     62                pdb.set_trace() 
     63                 
    5064        request, response = AttAuthorityService.soap_getAttCert(self, ps) 
    5165 
     
    7488 
    7589    def soap_getHostInfo(self, ps, **kw): 
     90        '''Get information about this host 
     91                 
     92        @type ps: ZSI ParsedSoap 
     93        @param ps: client SOAP message 
     94        @rtype: tuple 
     95        @return: request and response objects''' 
     96        if self.__debug: 
     97                import pdb 
     98                pdb.set_trace() 
     99                 
    76100        request, response = AttAuthorityService.soap_getHostInfo(self, ps) 
    77101         
     
    84108 
    85109    def soap_getTrustedHostInfo(self, ps, **kw): 
     110        '''Get information about other trusted hosts 
     111                 
     112        @type ps: ZSI ParsedSoap 
     113        @param ps: client SOAP message 
     114        @rtype: tuple 
     115        @return: request and response objects''' 
     116        if self.__debug: 
     117                import pdb 
     118                pdb.set_trace() 
     119                 
    86120        request, response = \ 
    87121                        AttAuthorityService.soap_getTrustedHostInfo(self, ps) 
     
    107141 
    108142    def soap_getX509Cert(self, ps, **kw): 
    109         '''Retrieve Attribute Authority's X.509 certificate''' 
     143        '''Retrieve Attribute Authority's X.509 certificate 
     144         
     145        @type ps: ZSI ParsedSoap 
     146        @param ps: client SOAP message 
     147        @rtype: tuple 
     148        @return: request and response objects''' 
     149        if self.__debug: 
     150                import pdb 
     151                pdb.set_trace() 
     152                 
    110153        request, response = AttAuthorityService.soap_getX509Cert(self, ps) 
    111154         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac

    r2866 r2884  
    1414License, version 1.0 or later. 
    1515""" 
    16 import base64 
     16import os, base64 
    1717 
    1818from ZSI.twisted.WSresource import WSResource 
     
    4848        WSResource.__init__(self)  
    4949        self.sm = SessionMgr() 
     50         
     51        # Stop in debugger at beginning of SOAP stub if environment variable  
     52        # is set 
     53        self.__debug = bool(os.environ.get('NDGSEC_INT_DEBUG')) 
    5054 
    5155 
     
    7074        @return: request and response objects''' 
    7175 
     76        if self.__debug: 
     77                import pdb 
     78                pdb.set_trace() 
     79                 
    7280        request, response = SessionMgrService.soap_connect(self, ps) 
    7381         
     
    8997        @rtype: tuple 
    9098        @return: request and response objects''' 
    91              
     99        if self.__debug: 
     100                import pdb 
     101                pdb.set_trace() 
     102                             
    92103        request, response = SessionMgrService.soap_disconnect(self, ps) 
    93104         
     
    115126        @rtype: tuple 
    116127        @return: request and response objects''' 
    117  
     128        if self.__debug: 
     129                import pdb 
     130                pdb.set_trace() 
     131                 
    118132        request, response = SessionMgrService.soap_getAttCert(self, ps) 
    119133 
     
    154168        @param ps: client SOAP message 
    155169        @rtype: tuple 
    156         @return: request and response objects''' 
    157          
     170        @return: request and response objects'''         
     171        if self.__debug: 
     172                import pdb 
     173                pdb.set_trace() 
     174                 
    158175        request, response = SessionMgrService.soap_getX509Cert(self, ps) 
    159176 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2685 r2884  
    1010# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1111# setting for test6GetMappedAttCert 
    12 uri = http://localhost:5000/AttributeAuthority 
     12uri = https://localhost:5000/AttributeAuthority 
    1313#uri = https://localhost:5000/AttributeAuthority 
    1414#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2685 r2884  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL></useSSL> <!-- leave blank to use http --> 
     5    <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

    r2866 r2884  
    5656username = raphaelTest 
    5757#username = gabriel 
    58 passphrase =  
     58passphrase = testpassword 
    5959 
    6060[test3ConnectNoCreateServerSess]          
     
    6464 
    6565[test6GetAttCertUsingSessID] 
    66 aaURI = http://localhost:5000/AttributeAuthority 
     66aaURI = https://localhost:5000/AttributeAuthority 
    6767acOutFilePath = ac-out.xml 
    6868 
     
    7979 
    8080[test7GetAttCertUsingProxyCert] 
    81 aaURI = http://localhost:5000/AttributeAuthority 
     81aaURI = https://localhost:5000/AttributeAuthority 
    8282#aaURI = http://glue.badc.rl.ac.uk/services/ndg/security/AttributeAuthority 
Note: See TracChangeset for help on using the changeset viewer.