Changeset 546

Timestamp:

10/02/06 17:39:36 (15 years ago)

Author:

pjkersha

Message:

Session.py: SessionMgr?.readProperties - fixed conversion of environment
variables to file paths

SessionClient?.py:

• fixed setting of and refs to smEncrPubKeyFilePath
• fixed bug in setSMwsdl()

security.py: new working version - updated WS calls to use SessionClient?
class.

Location:

security/trunk/python

Files:

• NDG/Session.py (modified) (1 diff)
• NDG/SessionClient.py (modified) (5 diffs)
• Tests/security.py (modified) (13 diffs)

security/trunk/python/NDG/Session.py

@@ -347 +347 @@
                                                 dbPPhrase=credReposPPhrase)
             elif elem.tag in self.__validKeys:
-                self.__prop[elem.tag] = elem.text
-                
                 # Check for environment variables in file paths
                 tagCaps = elem.tag.upper()
                 if 'FILE' in tagCaps or 'PATH' in tagCaps or 'DIR' in tagCaps:
                     elem.text = os.path.expandvars(elem.text)
+                    
+                self.__prop[elem.tag] = elem.text                
             else:
                 raise SessionMgrError(\

security/trunk/python/NDG/SessionClient.py

@@ -50 +50 @@
                                  give extra WS debug information"""
 
-        
-        self.__setSMwsdl(smWSDL)
-        self.__setSMencrPubKeyFilePath(smEncrPubKeyFilePath)
+        if smWSDL:
+            self.__setSMwsdl(smWSDL)
+        
+        if smEncrPubKeyFilePath:
+            self.__setSMencrPubKeyFilePath(smEncrPubKeyFilePath)
+            
         self.__traceFile = traceFile
-        
+
+         
         # Instantiate Session Manager WS proxy
         if self.__smWSDL:
@@ -74 +78 @@
     def __setSMencrPubKeyFilePath(self, smEncrPubKeyFilePath):
         
-        if not isinstance(smWSDL, basestring):
+        if not isinstance(smEncrPubKeyFilePath, basestring):
             raise SessionClientError(\
                 "Session Manager public key file path must be a valid string")
@@ -210 +214 @@
                          extAttCertList=None,
                          extTrustedHostList=None,
-                         encrCert=None):    
+                         encrCert=None,
+                         smEncrPubKeyFilePath=None):    
         """Request authorisation from NDG Session Manager Web Service.
         
@@ -246 +251 @@
             # Instantiate WS proxy
             self.serviceProxy(smWSDL)
+            
+        if smEncrPubKeyFilePath:
+            self.__setSMencrPubKeyFilePath(smEncrPubKeyFilePath)
     
             
@@ -251 +259 @@
         try:
             authReq=AuthorisationReq(aaWSDL=aaWSDL,
-                                     sessID=sessID,
-                                     encrSessMgrWSDLuri=encrSessMgrWSDLuri,
-                                     reqRole=reqRole,
-                                     mapFromTrustedHosts=mapFromTrustedHosts,
-                                     extAttCertList=extAttCertList,
-                                     extTrustedHostList=extTrustedHostList,
-                                     encrCert=encrCert,
-                                     encrPubKeyFilePath=smEncrPubKeyFilePath) 
+                             sessID=sessID,
+                             encrSessMgrWSDLuri=encrSessMgrWSDLuri,
+                             reqRole=reqRole,
+                             mapFromTrustedHosts=mapFromTrustedHosts,
+                             extAttCertList=extAttCertList,
+                             extTrustedHostList=extTrustedHostList,
+                             encrCert=encrCert,
+                             encrPubKeyFilePath=self.__smEncrPubKeyFilePath) 
                                             
             resp = self.__smSrv.reqAuthorisation(authorisationReq=authReq())

security/trunk/python/Tests/security.py

@@ -22 +22 @@
 from ZSI import ServiceProxy
 
-try:
-    from NDG.AttCert import *
-    
-except ImportError, e:
-    # Temporary Hack - try getting from development area instead
-    sys.path.append('/home/users/pjkersha/Development/security/python')
-    from NDG.AttCert import *
+from NDG.AttCert import *
+from NDG.SessionClient import *
 
 
@@ -51 +46 @@
                  userName=None,
                  passPhrase=None,
+                 smEncrPubKeyFilePath=None,
                  org=None):
         """Omit username, passphrase and org if running from CGI"""
@@ -58 +54 @@
         self.__userName = userName
         self.__passPhrase = passPhrase
+        self.__smEncrPubKeyFilePath = smEncrPubKeyFilePath
+
 
         # Authenticating organisation
@@ -229 +227 @@
     <option>BODC</option>
     <option>PML</option>
-    <option>SOC</option>
+    <option>NOCS</option>
 </td></tr>
 <tr>
@@ -290 +288 @@
             # Instantiate WS proxy and request connection
             try:
-                smSrv = ServiceProxy(self.__smWSDL,
-                                     use_wsdl=True,
-                                     tracefile=traceFile)               
-
-                resp = smSrv.addUser(userName=self.__userName,
-                                     passPhrase=self.__passPhrase)
-            except socket.error, e:
+                smClient = SessionClient(
+                        smWSDL=self.__smWSDL,
+                        smEncrPubKeyFilePath=self.__smEncrPubKeyFilePath,
+                        traceFile=traceFile)
+                        
+
+                resp = smClient.addUser(userName=self.__userName,
+                                        pPhrase=self.__passPhrase)
+            except Exception, e:
                 # Socket error returns tuple - reformat to just give msg
-                raise SecurityCGIError(str(e[1]))
+                raise SecurityCGIError("Session Client: " + str(e))
             
             if resp['errMsg']:
@@ -359 +359 @@
             # Instantiate WS proxy and request connection
             try:
-                smSrv = ServiceProxy(self.__smWSDL,
-                                     use_wsdl=True,
-                                     tracefile=traceFile)
-            
-                resp = smSrv.connect(userName=self.__userName,
-                                     passPhrase=self.__passPhrase,
-                                     rtnAsCookie=True)                
-            except socket.error, e:
+                smClient = SessionClient(
+                        smWSDL=self.__smWSDL,
+                        smEncrPubKeyFilePath=self.__smEncrPubKeyFilePath,
+                        traceFile=traceFile)
+
+                sessCookie = smClient.connect(userName=self.__userName,
+                                              pPhrase=self.__passPhrase) 
+            except Exception, e:
                 # Socket error returns tuple - reformat to just give msg
-                raise SecurityCGIError(str(e[1]))
-
-            if resp['errMsg']:
-                raise SecurityCGIError(str(resp['errMsg']))
-
-            cookie = str(resp['cookie'])
-
-            if setCookie:
-                
-                print \
+                raise SecurityCGIError("Session client: " + str(e))
+
+            print \
 """Content-type: text/html
 %s
@@ -391 +384 @@
     <p>User %s authenticated</p>
     <p>Cookie is: %s</p>
-</body>""" % (cookie, self.__userName, cookie)
-
-            return cookie
+</body>""" % (sessCookie, self.__userName, sessCookie)
+            return sessCookie
         
         except Exception, e:
@@ -449 +441 @@
         bSetCookie = False
         
+                               
         try:
             # Check for session ID input
@@ -454 +447 @@
                 bSetCookie = True
 
-                # Get session ID from cookie
-                sessID = SimpleCookie(cookie)['Hash'].value
-                
+            elif 'HTTP_COOKIE' not in os.environ:
+                # Check for session ID set in existing cookie
+                    
+                # Re-display login screen
+                print "Content-type: text/html" + os.linesep                    
+                self.showLogin(bAuthorise=True,
+                               bodyTag=True,
+                               heading="NDG User Authorisation (Test)")
+
+                return
             else:
-                # Check for session ID set in existing cookie
-                if 'HTTP_COOKIE' not in os.environ:
-                    
-                    # Re-display login screen
-                    print "Content-type: text/html" + os.linesep                    
-                    self.showLogin(bAuthorise=True,
-                                   bodyTag=True,
-                                   heading="NDG User Authorisation (Test)")
-
-                    return
-
-                # Get session ID from existing cookie
-                sessID = SimpleCookie(os.environ['HTTP_COOKIE'])['Hash'].value
+                cookie = os.environ['HTTP_COOKIE']
+                
+                
+            # Get session ID from existing cookie
+            cookieObj = SimpleCookie(cookie)
+            if "NDG-ID1" not in cookieObj:
+                raise SecurityCGIError(\
+                            'Expecting "NDG-ID1" ID for session cookie')
+                             
+            if "NDG-ID2" not in cookieObj:
+                raise SecurityCGIError(\
+                            'Expecting "NDG-ID2" ID for session cookie') 
 
 
@@ -481 +480 @@
             # Instantiate WS proxy and request authorisation
             try:
-                smSrv = ServiceProxy(self.__smWSDL,
-                                     use_wsdl=True,
-                                     tracefile=traceFile)
-
-                resp = smSrv.reqAuthorisation(aaWSDL=self.__aaWSDL,
-                                    sessID=sessID,
+                smClient = SessionClient(
+                            smWSDL=self.__smWSDL,
+                            smEncrPubKeyFilePath=self.__smEncrPubKeyFilePath,
+                            traceFile=traceFile)
+
+                resp = smClient.reqAuthorisation(cookieObj["NDG-ID1"].value,
+                                    cookieObj["NDG-ID2"].value,
+                                    aaWSDL=self.__aaWSDL,
                                     reqRole=reqRole,
                                     mapFromTrustedHosts=bMapFromTrustedHosts,
-                                    extAttCertList='',
                                     extTrustedHostList=extTrustedHostList)
-            except socket.error, e:
+            except Exception, e:
                 # Socket error returns tuple - reformat to just give msg
-                raise SecurityCGIError(str(e[1]))
+                raise SecurityCGIError("Session client: " + str(e))
 
             if resp['statCode'] == 'AccessGranted':
@@ -503 +503 @@
                 if not resp['extAttCertList']:
                     raise SecurityCGIError(str(resp['errMsg']))
-                                           
-                # Convert from unicode
-                extAttCertList = [str(attCert) \
-                                  for attCert in resp['extAttCertList']]
 
             elif resp['statCode'] == 'AccessError':
@@ -538 +534 @@
                       re.sub("<", "&lt;", re.sub(">", "&gt;", self.__attCert))
                 
-            elif extAttCertList:
+            elif 'extAttCertList' in resp:
                 # Display available certificates from other AAs in a table
-                self.showExtAttCertSelect(extAttCertList)
+                self.showExtAttCertSelect(resp['extAttCertList'])
                 
             print "</body>" 
@@ -703 +699 @@
 if __name__ == "__main__":
     
+    smWSDL = "http://glue.badc.rl.ac.uk/sessionMgr.wsdl"
+    aaWSDL = "http://glue.badc.rl.ac.uk/attAuthority.wsdl"
+    smPubKey = os.path.expandvars("/usr/local/NDG/conf/certs/badc-sm-cert.pem")
+    
     # Instantiate and call CGI
-    security = SecurityCGI("http://glue.badc.rl.ac.uk/sessionMgr.wsdl",
-                           #"../html/sessionMgr.wsdl",
-                           "http://glue.badc.rl.ac.uk/attAuthority.wsdl")
-                           #"../html/attAuthority.wsdl")
+    security = SecurityCGI(smWSDL, aaWSDL, smEncrPubKeyFilePath=smPubKey)
     security.cgi()