Changeset 4515


Ignore:
Timestamp:
28/11/08 12:59:09 (11 years ago)
Author:
pjkersha
Message:

usercertauthn module renamed to userx509certauthn in Session Manager / SM client unit tests.

Location:
TI12-security/trunk/python
Files:
2 edited
2 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

    r4501 r4515  
     1 
     2class WSGIAttributeAuthorityClient(object): 
     3     
     4    environKey = "ndg.security.server.attributeauthority.AttributeAuthority" 
     5     
     6    def __init__(self, environKey=None, environ={}, **soapClientKw): 
     7        """""" 
     8 
     9        log.debug("WSGIAttributeAuthorityClient.__init__ ...") 
     10         
     11        self._environKey=environKey or WSGIAttributeAuthorityClient.environKey 
     12         
     13        # Standard WSGI environment dict 
     14        self._environ = environ 
     15         
     16        if 'uri' in soapClientKw: 
     17            self._soapClient = AttributeAuthorityClient(**soapClientKw) 
     18             
     19    _refInEnviron=lambda self: self._environKey in self._environ 
     20     
     21    # Define as property for convenient call syntax 
     22    refInEnviron = property(fget=_refInEnviron, 
     23                            doc="return True if a Attribute Authority " 
     24                                "instance is available in WSGI environ") 
     25     
     26    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa 
     27    ref = property(fget=_getRef, doc="Attribute Authority local instance") 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4513 r4515  
    2020import os 
    2121 
    22 # Determine https http transport 
    23 import urlparse 
     22from ndg.security.server.wsgi.utils.attributeauthorityclient import \ 
     23    WSGIAttributeAuthorityClient 
    2424 
    25 from ZSI.wstools.Utility import HTTPResponse 
    26  
    27 from ndg.security.common.wssecurity.dom import SignatureHandler 
    28 from ndg.security.common.X509 import * 
    29 from ndg.security.common.AttCert import AttCert, AttCertParse 
    30 from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection, \ 
    31     HostCheck 
    32 from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection 
    33 from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 
    34                                                 SessionManagerServiceLocator 
    35  
    36  
    37  
    38 class SessionManagerClientError(Exception): 
    39     """Exception handling for WSGISessionManagerClient class""" 
    40  
    41 class SessionNotFound(SessionManagerClientError): 
    42     """Raise when a session ID input doesn't match with an active session on 
    43     the Session Manager""" 
    44  
    45 class SessionCertTimeError(SessionManagerClientError): 
    46     """Session's X.509 Cert. not before time is BEFORE the system time -  
    47     usually caused by server's clocks being out of sync.  Fix by all servers 
    48     running NTP""" 
    49  
    50 class SessionExpired(SessionManagerClientError): 
    51     """Session's X.509 Cert. has expired""" 
    52  
    53 class InvalidSession(SessionManagerClientError): 
    54     """Session is invalid""" 
    55  
    56 class InvalidSessionManagerClientCtx(SessionManagerClientError): 
    57     """Session Manager ZSI Client is not initialised""" 
    58   
    59 class AttributeRequestDenied(SessionManagerClientError): 
    60     """Raise when a getAttCert call to the Attribute Authority is denied""" 
     25class WSGISessionManagerClientError(Exception): 
     26    """Base class exception for WSGI Session Manager client errors""" 
    6127     
    62     def __init__(self, *args, **kw): 
    63         """Raise exception for attribute request denied with option to give 
    64         caller hint to certificates that could used to try to obtain a 
    65         mapped certificate 
    66          
    67         @type extAttCertList: list 
    68         @param extAttCertList: list of candidate Attribute Certificates that 
    69         could be used to try to get a mapped certificate from the target  
    70         Attribute Authority""" 
    71          
    72         # Prevent None type setting 
    73         self.__extAttCertList = [] 
    74         if 'extAttCertList' in kw and kw['extAttCertList'] is not None: 
    75             for ac in kw['extAttCertList']: 
    76                 if isinstance(ac, basestring): 
    77                     ac = AttCertParse(ac) 
    78                 elif not isinstance(ac, AttCert): 
    79                     raise SessionManagerClientError( 
    80                         "Input external Attribute Cert. must be AttCert type") 
    81                           
    82                 self.__extAttCertList += [ac] 
    83                  
    84             del kw['extAttCertList'] 
    85              
    86         Exception.__init__(self, *args, **kw) 
    87  
    88          
    89     def __getExtAttCertList(self): 
    90         """Return list of candidate Attribute Certificates that could be used 
    91         to try to get a mapped certificate from the target Attribute Authority 
    92         """ 
    93         return self.__extAttCertList 
    94  
    95     extAttCertList = property(fget=__getExtAttCertList, 
    96                               doc="list of candidate Attribute Certificates " 
    97                                   "that could be used to try to get a mapped " 
    98                                   "certificate from the target Attribute " 
    99                                   "Authority") 
    100  
     28class WSGISessionManagerClientConfigError(WSGISessionManagerClientError): 
     29    """Configuration error for WSGI Session Manager Client""" 
     30     
    10131class WSGISessionManagerClient(object): 
    10232    """Client interface to Session Manager for WSGI based applications 
     
    10737    environKey = "ndg.security.server.sessionmanager.SessionManager" 
    10838     
    109     def __init__(self, environKey=None, environ={},  
    110                  **SessionManagerClientKw): 
     39    def __init__(self, environKey=None, environ={}, **soapClientKw): 
    11140        """""" 
    11241 
     
    11847        self._environ = environ 
    11948         
    120         if 'uri' in SessionManagerClientKw: 
    121             self._soapClient = SessionManagerClient(**SessionManagerClientKw) 
     49        if 'uri' in soapClientKw: 
     50            self._soapClient = SessionManagerClient(**soapClientKw) 
    12251 
    12352    _sessionManagerInEnviron = lambda self: self._environKey in self._environ 
     
    12958                                           "WSGI environ") 
    13059     
    131     _getSessionManager = lambda self:\ 
    132                         self._environ[self._environKey].serviceSOAPBinding.sm 
    133     sessionManager = property(fget=_getSessionManager, 
    134                               doc="Session Manager local instance") 
     60    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.sm 
     61    ref = property(fget=_getRef, doc="Session Manager local instance") 
    13562     
    13663    def connect(self, username, **kw): 
     
    14168        """ 
    14269     
    143         if self.sessionManagerInEnviron: 
     70        if self.refInEnviron: 
    14471            # Connect to local instance 
    145             res = self.sessionManager.connect(username=username, **kw) 
     72            res = self.ref.connect(username=username, **kw) 
    14673        else: 
    14774            # Filter out keywords which apply to a Session Manager local  
     
    197124        return self._soapClient.getSessionStatus(**kw) 
    198125 
     126 
    199127    def getAttCert(self, **kw): 
    200         """Request NDG Session Manager Web Service to retrieve an Attribute 
     128        """Request NDG Session Manager to retrieve an Attribute 
    201129        Certificate from the given Attribute Authority and cache it in the 
    202130        user's credential wallet held by the session manager. 
    203131         
    204132        """ 
    205         if self.sessionManagerInEnviron: 
     133        if self.refInEnviron: 
    206134            # Connect to local instance 
    207             res = self.sessionManager.getAttCert(username=username, **kw) 
     135            if kw.get('attributeAuthorityURI') is None and \ 
     136               kw.get('attributeAuthority') is None: 
     137                wsgiAttributeAuthorityClient = WSGIAttributeAuthorityClient( 
     138                                                        environ=self._environ) 
     139 
     140                if wsgiAttributeAuthorityClient.refInEnviron: 
     141                    kw['attributeAuthority'] = wsgiAttributeAuthorityClient.ref 
     142                else: 
     143                    raise WSGISessionManagerClientConfigError( 
     144                        "No Attribute Authority URI or server object has been " 
     145                        "set and no reference is available in environ") 
     146                     
     147            return self.ref.getAttCert(username=username, **kw) 
    208148        else: 
    209149            # Filter out keywords which apply to a Session Manager local  
    210150            # instance call 
    211             if 'userX509Cert' in kw: 
    212                  
    213              
    214      
    215            username=None, 
    216            userX509Cert=None, 
    217            sessID=None, 
    218            reqRole=None, 
    219            attributeAuthority=None, 
    220            attributeAuthorityURI=None, 
    221            mapFromTrustedHosts=None, 
    222            rtnExtAttCertList=None, 
    223            extAttCertList=None, 
    224            extTrustedHostList=None, 
    225151           kw.pop('refreshAttCert', None) 
    226152           kw.pop('attCertRefreshElapse', None) 
    227153 
    228            userCert=None, 
    229            sessID=None, 
    230            attAuthorityURI=None, 
    231            reqRole=None, 
    232            mapFromTrustedHosts=True, 
    233            rtnExtAttCertList=False, 
    234            extAttCertList=[], 
    235            extTrustedHostList=[]):     
     154           return self._soapClient.getAttCert(username=username, **kw) 
Note: See TracChangeset for help on using the changeset viewer.