Changeset 1302
- Timestamp:
- 14/07/06 14:52:30 (15 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 2 edited
-
NDG/Session.py (modified) (9 diffs)
-
Tests/SecurityClientTest.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/NDG/Session.py
r1301 r1302 462 462 463 463 except Exception, e: 464 raise SessionMgrError ("Creating MyProxy interface: %s" % e)464 raise SessionMgrError, "Creating MyProxy interface: %s" % e 465 465 466 466 … … 470 470 471 471 except Exception, e: 472 raise SessionMgrError(\ 473 "Creating credential repository interface: %s" % e) 474 475 self.__sessList = [] 476 472 raise SessionMgrError, \ 473 "Creating credential repository interface: %s" % e 474 475 # Key user sessions by session ID 476 self.__sessDict = {} 477 478 # Key user sessions by user DN 479 self.__dnDict = {} 480 481 477 482 # Dictionary to hold properties 478 483 self.__prop = {} … … 716 721 else: 717 722 # Create a fresh session 718 proxyCert = self.__delegateProxy(reqKeys['userName'], 719 reqKeys['pPhrase']) 723 try: 724 # Get a proxy certificate to represent users ID for the new 725 # session 726 proxyCert = self.__myPx.getDelegation(reqKeys['userName'], 727 reqKeys['pPhrase']) 728 except Exception, e: 729 raise SessionMgrError, "Delegating from MyProxy: %s" % e 720 730 721 731 bGetCookie = 'getCookie' in reqKeys and reqKeys['getCookie'] … … 743 753 744 754 except Exception, e: 745 raise SessionMgrError (\746 "Error formatting connect response: %s" % e)755 raise SessionMgrError, \ 756 "Error formatting connect response: %s" % e 747 757 else: 748 758 # NDG Command line client - Return proxy certificate 749 return ConnectResp(proxyCert=proxyCert) 750 751 752 #_________________________________________________________________________ 753 def __delegateProxy(self, userName, passPhrase): 754 """Delegate a proxy certificate ID from input user credentials""" 755 756 if not userName: 757 raise SessionMgrError(\ 758 "Getting proxy delegation: username is null") 759 760 if not passPhrase: 761 raise SessionMgrError(\ 762 "Getting proxy delegation: pass-phrase is null") 763 764 try: 765 # Get a proxy certificate to represent users ID for the new 766 # session 767 return self.__myPx.getDelegation(userName, passPhrase) 768 769 except Exception, e: 770 raise SessionMgrError("Delegating from MyProxy: %s" % e) 759 return ConnectResp(proxyCert=proxyCert) 771 760 772 761 … … 779 768 780 769 try: 781 # Search for an existing session for the same user 782 userSess = None 783 # PJK 16/12/05 - DON'T search for existing sessions make a new one 784 # even if the user has one already. 785 # !! This allows users to have multiple sessions !! 786 # for u in self.__sessList: 787 # if u.credWallet['proxyCert'].dn['CN'] == userName: 788 # 789 # # Existing session found 790 # userSess = u 791 # 792 # # Replace it's Proxy Certificate with a more up to date 793 # # one 794 # userSess.credWallet.proxyCert = proxyCert 795 # break 796 797 798 if userSess is None: 799 # Create a new user session using the new proxy certificate 800 # and session ID 801 # 802 # Nb. Client pub/pri key info to allow message level 803 # encryption for responses from Attribute Authority WS 804 userSess = UserSession(proxyCert, 805 caPubKeyFilePath=self.__prop['caCertFile'], 806 clntPubKeyFilePath=self.__prop['certFile'], 807 clntPriKeyFilePath=self.__prop['keyFile'], 808 clntPriKeyPwd=self.__prop['keyPPhrase'], 809 credRepos=self.__credRepos) 810 newSessID = userSess.latestSessID 811 812 # Check for unique session ID 813 for existingUserSess in self.__sessList: 814 if newSessID in existingUserSess.sessIDlist: 815 raise SessionMgrError(\ 816 "Session ID is not unique:\n\n %s" % newSessID) 817 818 # Add new session to list 819 self.__sessList.append(userSess) 820 770 # Check for an existing session for the same user 771 userDN = proxyCert.dn 772 if userDN in self.__dnDict: 773 raise SessionMgrError, \ 774 "Session already exists for user \"%s\"" % dn 775 776 # Create a new user session using the new proxy certificate 777 # and session ID 778 # 779 # Nb. Client pub/pri key info to allow message level 780 # encryption for responses from Attribute Authority WS 781 userSess = UserSession(proxyCert, 782 caPubKeyFilePath=self.__prop['caCertFile'], 783 clntPubKeyFilePath=self.__prop['certFile'], 784 clntPriKeyFilePath=self.__prop['keyFile'], 785 clntPriKeyPwd=self.__prop['keyPPhrase'], 786 credRepos=self.__credRepos) 787 newSessID = userSess.latestSessID 788 789 # Check for unique session ID 790 if newSessID in self.__sessDict: 791 raise SessionMgrError, \ 792 "New Session ID is already in use:\n\n %s" % newSessID 793 794 # Add new session to list 795 self.__sessDict[newSessID] = userSess 796 797 # Also allow access by user DN 798 self.__dnDict[userDN] = userSess 799 821 800 # Return new session 822 801 return userSess 823 802 824 803 except Exception, e: 825 raise SessionMgrError ("Creating User Session: %s" %e)804 raise SessionMgrError, "Creating User Session: %s" % str(e) 826 805 827 806 828 807 #_________________________________________________________________________ 829 808 def __connect2UserSession(self, **idKeys): 830 """Connect to an existing session by providing a valid session ID 809 """Connect to an existing session by providing a valid session ID or 810 proxy certificate 831 811 832 812 __connect2UserSession([proxyCert]|[sessID]) … … 841 821 if 'sessID' in idKeys: 842 822 try: 843 for userSess in self.__sessList: 844 if idKeys['sessID'] in userSess.sessIDlist: 845 846 # Check matched session has not expired 847 userSess.credWallet.isValid(raiseExcep=True) 848 return userSess 823 # Check matched session has not expired 824 userSess = self.__sessDict[idKeys['sessID']] 825 826 except KeyError: 827 # User session not found with given ID 828 raise SessionMgrError, \ 829 "No user session found matching input session ID" 830 831 try: 832 userSess.credWallet.isValid(raiseExcep=True) 833 return userSess 849 834 850 835 except Exception, e: 851 raise SessionMgrError(\ 852 "Matching session ID to existing user session: %s" % e) 853 854 # User session not found with given ID 855 raise SessionMgrError(\ 856 "No user session found matching input session ID") 836 raise SessionMgrError, \ 837 "Matching session ID to existing user session: %s" % e 838 857 839 858 840 elif 'proxyCert' in idKeys: 859 841 try: 860 for userSess in self.__sessList: 861 if userSess.credWallet.proxyCertTxt==idKeys['proxyCert']: 842 userDN = X509Cert(idKeys['proxyCert']).dn 843 844 except Exception, e: 845 raise SessionMgrError, \ 846 "Parsing input proxy certificate DN for session connect: %s"%\ 847 str(e) 848 try: 849 userSess = self.__dnDict[userDN] 862 850 863 # Check matched session has not expired 864 userSess.credWallet.isValid(raiseExcep=True) 865 return userSess 851 except KeyError: 852 # User session not found with given proxy cert 853 raise SessionMgrError, \ 854 "No user session found matching input proxy certificate" 855 856 try: 857 # Check matched session has not expired 858 userSess.credWallet.isValid(raiseExcep=True) 859 return userSess 866 860 867 861 except Exception, e: 868 862 raise SessionMgrError(\ 869 863 "Matching proxy certificate to existing user session: %s" % e) 870 871 # User session not found with given proxy cert872 raise SessionMgrError(\873 "No user session found matching input proxy certificate")874 864 else: 875 raise SessionMgrError(\ 876 '"sessID" or "proxyCert" keyword must be set') 877 865 raise SessionMgrError,\ 866 '"sessID" or "proxyCert" keywords must be set' 867 868 869 #_________________________________________________________________________ 870 def deleteUserSession(self, sessID=sessID, proxyCert=proxyCert): 871 """Delete an existing session by providing a valid session ID or 872 proxy certificate - use for user logout 873 874 __deleteUserSession([proxyCert]|[sessID]) 875 876 proxyCert: proxy certificate corresponding to an existing 877 session to connect to. 878 sessID: similiarly, a web browser session ID linking to an 879 an existing session.""" 880 881 882 # Look for a session corresponding to the session ID/proxy cert. 883 if sessID: 884 try: 885 userSess = self.__sessDict[sessID] 886 887 except KeyError: 888 raise SessionMgrError, \ 889 "Deleting user session - no matching session ID exists" 890 891 # Get associated user Distinguished Name 892 userDN = userSess.credWallet.proxyCert.dn 893 894 elif proxyCert: 895 try: 896 userDN = X509Cert(idKeys['proxyCert']).dn 897 898 except Exception, e: 899 raise SessionMgrError, \ 900 "Parsing input proxy certificate DN for session connect: %s"%\ 901 str(e) 902 try: 903 userSess = self.__dnDict[userDN] 904 905 except KeyError: 906 # User session not found with given proxy cert 907 raise SessionMgrError, \ 908 "No user session found matching input proxy certificate" 909 else: 910 # User session not found with given ID 911 raise SessionMgrError, \ 912 '"sessID" or "proxyCert" keywords must be set' 913 914 # Delete associated sessions 915 try: 916 # Each session may have a number of session IDs allocated to 917 # it 918 for userSessID in userSess.sessIDlist: 919 del self.__sessDict[userSessID] 920 921 del self.__dnDict[userDN] 922 923 except Exception, e: 924 raise SessionMgrError, "Deleting user session: %s" % e 878 925 879 926 … … 925 972 idKeys['proxyCert'] = reqKeys['proxyCert'] 926 973 else: 927 raise SessionMgrError(\ 928 'Expecting "sessID" or "proxyCert" keywords') 974 raise SessionMgrError,'Expecting "sessID" or "proxyCert" keywords' 929 975 930 976 userSess = self.__connect2UserSession(**idKeys) … … 964 1010 965 1011 except IOError, (errNo, errMsg): 966 raise SessionMgrError ("Making temporary file for Attribute " + \967 "Authority public key: %s" % errMsg )968 969 except Exception, e: 970 raise SessionMgrError ("Making temporary file for Attribute " + \971 "Authority public key: %s" % str(e) )1012 raise SessionMgrError, "Making temporary file for Attribute " + \ 1013 "Authority public key: %s" % errMsg 1014 1015 except Exception, e: 1016 raise SessionMgrError, "Making temporary file for Attribute " + \ 1017 "Authority public key: %s" % str(e) 972 1018 973 1019 … … 1041 1087 Repository""" 1042 1088 self.__credRepos.auditCredentials() 1043 1044 1045 1046 1047 def reqAuthorisationTest(userName, passPhrase=None, passPhraseFilePath='tmp'):1048 1049 import pdb1050 pdb.set_trace()1051 1052 try:1053 if passPhrase is None:1054 passPhrase = open(passPhraseFilePath).read().strip()1055 1056 # Start session manager1057 sessMgr = SessionMgr("./sessionMgrProperties.xml")1058 1059 # Create a new session1060 userSess = sessMgr.connect(userName, passPhrase)1061 1062 # Request authorisation from a data centre1063 return sessMgr.reqAuthorisation(\1064 aaWSDL='./attAuthority.wsdl',1065 #aaPropFilePath='./attAuthorityProperties.xml',1066 sessID=userSess['sessID'][0])1067 1068 except Exception, e:1069 print str(e)1070 1071 1072 1073 1074 def addUserTest(userName,1075 userPassPhrase,1076 caConfigFilePath="tmp.txt",1077 caPassPhrase=None):1078 1079 import pdb1080 pdb.set_trace()1081 1082 try:1083 # Add a new user using the session manager1084 sessMgr = SessionMgr("./sessionMgrProperties.xml")1085 sessMgr.addUser(userName,1086 userPassPhrase,1087 caConfigFilePath=caConfigFilePath)1088 1089 except Exception, e:1090 print str(e)1091 1092 1093 1089 1094 1090 -
TI12-security/trunk/python/Tests/SecurityClientTest.py
r1300 r1302 29 29 # Session Manager WSDL 30 30 # self.smWSDL = './sessionMgr.wsdl' 31 self.smWSDL = 'http://glue.badc.rl.ac.uk/sessionMgr.wsdl'32 #self.smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl'31 # self.smWSDL = 'http://glue.badc.rl.ac.uk/sessionMgr.wsdl' 32 self.smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl' 33 33 34 34 # self.aaWSDL = '/home/pjkersha/Development/security/python/Tests/attAuthority.wsdl' 35 self.aaWSDL = 'http://glue.badc.rl.ac.uk/attAuthority.wsdl'36 #self.aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'35 # self.aaWSDL = 'http://glue.badc.rl.ac.uk/attAuthority.wsdl' 36 self.aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl' 37 37 38 38 aaPubKeyFilePath = None … … 43 43 smPubKeyFilePath = None 44 44 45 self.newUserName = 'lawrence'46 #self.newUserName = 'YosemiteSam'47 48 #self.userName = 'gabriel'49 45 # self.newUserName = 'lawrence' 46 self.newUserName = 'YosemiteSam' 47 48 self.userName = 'gabriel' 49 # self.userName = 'lawrence' 50 50 51 51 # self.trustedHostRequiredRole = 'acsoe' 52 self.trustedHostRequiredRole = 'coapec'53 #self.trustedHostRequiredRole = 'academic'52 # self.trustedHostRequiredRole = 'coapec' 53 self.trustedHostRequiredRole = 'academic' 54 54 55 55 self.__clntPriKeyPwd = open("./tmp2").read().strip()
Note: See TracChangeset
for help on using the changeset viewer.
