Ignore:
Timestamp:
21/11/08 12:47:38 (12 years ago)
Author:
pjkersha
Message:

Combined Services tests:

  • added capability for Session Manager to call a local Attribute Authority in the WSGI stack of the same Paste instance
  • SOAP client can specify that the Session Manager call a local Attribute Authority by setting AttAuthorityURI to nill in the web service call.
Location:
TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py

    r4437 r4480  
    7272                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
    7373                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
    74                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"attAuthorityURI\" type=\"xsd:string\"/> 
    75                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attAuthorityCert\" type=\"xsd:string\"/> 
     74                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"attAuthorityURI\" type=\"xsd:string\"/> 
    7675                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"reqRole\" type=\"xsd:string\"/> 
    7776                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"mapFromTrustedHosts\" type=\"xsd:boolean\"/> 
     
    270269    def soap_getAttCert(self, ps): 
    271270        self.request = ps.Parse(getAttCertInputMsg.typecode) 
    272         parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
    273  
    274         # If we have an implementation object use it 
    275         if hasattr(self,'impl'): 
    276             parameters = self.impl.getAttCert(parameters[0],parameters[1],parameters[2],parameters[3],parameters[4],parameters[5],parameters[6],parameters[7],parameters[8]) 
     271        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
     272 
     273        # If we have an implementation object use it 
     274        if hasattr(self,'impl'): 
     275            parameters = self.impl.getAttCert(parameters[0],parameters[1],parameters[2],parameters[3],parameters[4],parameters[5],parameters[6],parameters[7]) 
    277276 
    278277        result = getAttCertOutputMsg() 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

    r4437 r4480  
    2828from ndg.security.common.X509 import X509Cert, X509CertRead 
    2929 
    30  
     30class SessionManagerWSConfigError(Exception): 
     31    '''Raise for errors related to the Session Manager Web Service  
     32    configuration''' 
     33     
    3134class SessionManagerWS(_SessionManagerService): 
    3235    '''Session Manager ZSI SOAP Service Binding class''' 
     
    4043            import pdb 
    4144            pdb.set_trace() 
    42           
     45         
     46        # Extract local Attribute Authority environ identifier 
     47        self.attributeAuthorityFilterID = kw.pop('attributeAuthorityFilterID',  
     48                                                 None) 
     49         
    4350        # Initialise Attribute Authority class - property file will be 
    4451        # picked up from default location under $NDG_DIR directory 
     
    8996        sessID = request.SessID or None 
    9097             
    91         # Derive designated holder cert differently according to whether 
     98        # Derive designated holder X.509 cert differently according to whether 
     99        # a signed message is expected from the client - NB, this is dependent 
     100        # on whether a reference to the signature filter was set in the  
     101        # environment 
     102        signatureFilter = \ 
     103            self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01') 
     104        if signatureFilter is not None: 
     105            # Get certificate corresponding to private key that signed the 
     106            # message - i.e. the user's certificate 
     107            userX509Cert = signatureFilter.signatureHandler.verifyingCert 
     108        else: 
     109            # No signature from client - they must instead provide the 
     110            # designated holder cert via the UserX509Cert input 
     111            userX509Cert = request.UserX509Cert 
     112             
     113        self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert) 
     114        return response 
     115 
     116 
     117    def soap_getSessionStatus(self, ps, **kw): 
     118        '''Check for existence of a session with given session ID or user 
     119        Distinguished Name 
     120         
     121        @type ps: ZSI ParsedSoap 
     122        @param ps: client SOAP message 
     123        @rtype: tuple 
     124        @return: request and response objects''' 
     125 
     126        if self.__debug: 
     127            import pdb 
     128            pdb.set_trace() 
     129             
     130        request = ps.Parse(getSessionStatusInputMsg.typecode)              
     131        response = _SessionManagerService.soap_getSessionStatus(self, ps) 
     132         
     133        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN, 
     134                                                    sessID=request.SessID) 
     135                  
     136        return response 
     137 
     138 
     139    def soap_getAttCert(self, ps, **kw): 
     140        '''Get Attribute Certificate from a given Attribute Authority 
     141        and cache it in user's Credential Wallet 
     142         
     143        @type ps: ZSI ParsedSoap 
     144        @param ps: client SOAP message 
     145        @rtype: tuple 
     146        @return: request and response objects''' 
     147        if self.__debug: 
     148            import pdb 
     149            pdb.set_trace() 
     150             
     151        request = ps.Parse(getAttCertInputMsg.typecode)              
     152        response = _SessionManagerService.soap_getAttCert(self, ps) 
     153 
     154        # Derive designated holder X.509 cert. differently according to whether 
    92155        # a signed message is expected from the client - NB, this is dependent 
    93156        # on whether a reference to the signature filter was set in the  
     
    103166            # designated holder cert via the UserX509Cert input 
    104167            userX509Cert = request.UserX509Cert 
    105         self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert) 
    106         return response 
    107  
    108  
    109     def soap_getSessionStatus(self, ps, **kw): 
    110         '''Check for existence of a session with given session ID or user 
    111         Distinguished Name 
    112          
    113         @type ps: ZSI ParsedSoap 
    114         @param ps: client SOAP message 
    115         @rtype: tuple 
    116         @return: request and response objects''' 
    117  
    118         if self.__debug: 
    119             import pdb 
    120             pdb.set_trace() 
    121              
    122         request = ps.Parse(getSessionStatusInputMsg.typecode)              
    123         response = _SessionManagerService.soap_getSessionStatus(self, ps) 
    124          
    125         response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN, 
    126                                                     sessID=request.SessID) 
    127                   
    128         return response 
    129  
    130  
    131     def soap_getAttCert(self, ps, **kw): 
    132         '''Get Attribute Certificate from a given Attribute Authority 
    133         and cache it in user's Credential Wallet 
    134          
    135         @type ps: ZSI ParsedSoap 
    136         @param ps: client SOAP message 
    137         @rtype: tuple 
    138         @return: request and response objects''' 
    139         if self.__debug: 
    140             import pdb 
    141             pdb.set_trace() 
    142              
    143         request = ps.Parse(getAttCertInputMsg.typecode)              
    144         response = _SessionManagerService.soap_getAttCert(self, ps) 
    145  
    146         # Derive designated holder cert differently according to whether 
    147         # a signed message is expected from the client - NB, this is dependent 
    148         # on whether a reference to the signature filter was set in the  
    149         # environment 
    150         signatureFilter = \ 
    151             self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01') 
    152         if signatureFilter is not None: 
    153             # Get certificate corresponding to private key that signed the 
    154             # message - i.e. the user's proxy 
    155             userX509Cert = signatureFilter.signatureHandler.verifyingCert 
     168 
     169        # If no Attribute Authority URI is set pick up local Attribute  
     170        # instance Authority 
     171        if request.AttAuthorityURI is None: 
     172            attributeAuthorityFilter = \ 
     173                self.referencedWSGIFilters.get(self.attributeAuthorityFilterID) 
     174                 
     175            try: 
     176                attributeAuthority = \ 
     177                    attributeAuthorityFilter.serviceSOAPBinding.aa 
     178            except AttributeError, e: 
     179                raise SessionManagerWSConfigError("No Attribute Authority URI " 
     180                        "was input and no Attribute Authority instance " 
     181                        "reference set in environ: %s" % e) 
    156182        else: 
    157             # No signature from client - they must instead provide the 
    158             # designated holder cert via the UserX509Cert input 
    159             userX509Cert = request.UserX509Cert 
    160  
    161          
    162         # Cert used in signature is prefered over userX509Cert input element -  
    163         # userX509Cert may have been omitted. 
     183            attributeAuthority = None 
     184                 
     185        # X.509 Cert used in signature is preferred over userX509Cert input  
     186        # element - userX509Cert may have been omitted. 
    164187        result = self.sm.getAttCert( 
    165188                            userX509Cert=userX509Cert or request.UserX509Cert, 
    166189                            sessID=request.SessID, 
    167190                            attributeAuthorityURI=request.AttAuthorityURI, 
     191                            attributeAuthority=attributeAuthority, 
    168192                            reqRole=request.ReqRole, 
    169193                            mapFromTrustedHosts=request.MapFromTrustedHosts, 
     
    171195                            extAttCertList=request.ExtAttCert, 
    172196                            extTrustedHostList=request.ExtTrustedHost) 
    173  
    174197        if result[0]: 
    175198            response.AttCert = result[0].toString()  
Note: See TracChangeset for help on using the changeset viewer.