Context Navigation

← Previous Changeset
Next Changeset →

Changeset 674

Timestamp:

14/03/06 17:03:18 (15 years ago)

Author:

pjkersha

Message:

* Working version for mapped certificates *

ndgSessionClient.py:

renamed dict to argDict to avoid clash with existing arg var.
added code for handling ext attCert list and trusted host list files.
Changed so that --connect and --req-autho can be specified together so that a connect call is

concatenated with a call to request authorisation.

attAuthorityIOtest.py: unit tests for AttAuthorityIO classes.
attCertTest.py: unit tests for AttCert?.

AttAuthorityIO.py:

AuthorisationReq? class has overridden update, updateXML and parseXML methods
Working TrustedHostInfoReq? and TrustedHostInfoResp? classes.

attAuthority_services_server.py: update and fixes to GetTrustedHostInfo? WS stub.

AttAuthority?.py:

Corrected SessionMgrError? refs to AttAuthorityError?.
fixed mapped certificate generation handling code.
getTrustedHostInfo i/o changed to TrustedHostInfoReq/TrustedHostInfoResp? classes.

AttCert?.py: !! important fix - added nonzero method so that test on AttCert? instance
yields True e.g. if attCert: ...

Session.py:

SessionMgr?.readProperties - only strip white space from XML data if it's string type -

elementtree sets content to None if an empty tag is present in the XML it's reading.

CredWallet?.py: changes to WS calls - use AttAuthorityIO classes - AuthorisationReq/?
AuthorisationResp? + TrustedHostInfoReq/TrustedHostInfoResp?.

Location:

TI12-security/trunk/python

Files:

: 2 added
: 7 edited

NDG/AttAuthority.py (modified) (12 diffs)
NDG/AttAuthorityIO.py (modified) (10 diffs)
NDG/AttCert.py (modified) (2 diffs)
NDG/CredWallet.py (modified) (6 diffs)
NDG/Session.py (modified) (2 diffs)
NDG/attAuthority_services_server.py (modified) (1 diff)
Tests/attAuthorityIOtest.py (added)
Tests/attCertTest.py (added)
ndgSessionClient.py (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/python/NDG/AttAuthority.py

-                      r661
+                      r674
         """Request a new Attribute Certificate for authorisation
+        reqXMLtxt:              input keywords as tags in formatted XML string
+                                String must follow format for
+                                AttAuthorityIO.AuthorisationReq class to
+                                parse.
         proxyCertFilePath|proxyCert:
 …
             # parameters
             if not isinstance(reqXMLtxt, basestring):
                 raise SessionMgrError(\
+                raise AttAuthorityError(\
                             "XML Authorisation request must be a string")
 …
                 except Exception, e:
                     raise SessionMgrError(\
+                    raise AttAuthorityError(\
                         "Error parsing authorisation request: %s" % e)
 …
         # user roles are found, the user is not registered
         usrRoles = self.getRoles(str(usrDN))
+        if usrRoles:
+        if usrRoles:
             # Set as an Original Certificate
+            #
 …
             attCert['provenance'] = 'original'
+        else:
+        else:
             # Set as a Mapped Certificate
+            #
 …
             # Check for an externally provided certificate from another
             # trusted data centre
+            extAttCert = AttCert(certFilePathList=self.__prop['caCertFile'])
+            if userAttCertFilePath is None:
+                if not reqKeys['userAttCert']:
+                    raise AttAuthorityAccessDenied(\
+            if userAttCertFilePath:
+                # Read externally provided certificate
+                try:
+                    extAttCert = AttCertRead(userAttCertFilePath)
+                except Exception, e:
+                    raise AttAuthorityError(\
+                            "Reading external Attribute Certificate: %s" + e)
+            elif 'userAttCert' in reqKeys and reqKeys['userAttCert']:
+                extAttCert = reqKeys['userAttCert']
+            else:
+                raise AttAuthorityAccessDenied(\
                     "User \"%s\" is not registered " % attCert['holder'] + \
                     "and no external attribute certificate is available " + \
                     "to make a mapping.")
-                else:
-                    # Parse externally provided certificate
-                    try:
-                        extAttCert.parse(reqKeys['userAttCert'])
-                    except Exception, e:
-                        raise AttAuthorityError(\
-                                "External Attribute Certificate: %s" + e)
-            else:
-                # Read externally provided certificate
-                try:
-                    extAttCert.read(userAttCertFilePath)
-                except Exception, e:
-                    raise AttAuthorityError(\
-                                "External Attribute Certificate: %s" + e)
 …
             # Check it's valid and signed
             try:
+                extAttCert.isValid(raiseExcep=True)
+                # Give path to CA cert to allow check
+                extAttCert.isValid(raiseExcep=True,
+                                   certFilePathList=self.__prop['caCertFile'])
             except Exception, e:
 …
             attCert['provenance'] = 'mapped'
             # End if mapped certificate block
+            # End set mapped certificate block
 …
     def getTrustedHostInfo(self, localRole=None):
+    def getTrustedHostInfo(self, reqXMLtxt=None, **reqKeys):
         """Return a dictionary of the hosts that have trust relationships
         with this AA.  The dictionary is indexed by the trusted host name
 …
         their possible roles
+        Returns None if localRole isn't recognised"""
+        Returns None if role isn't recognised
+        reqXMLtxt:              input keywords as tags in formatted XML string
+                                String must follow format for
+                                AttAuthorityIO.TrustedHostInfoReq class to
+                                parse.
+                                """
+        if reqXMLtxt is not None:
+            # Parse XML text into keywords corresponding to the input
+            # parameters
+            if not isinstance(reqXMLtxt, basestring):
+                raise AttAuthorityError(\
+                            "XML Authorisation request must be a string")
+            # Parse and decrypt as necessary
+            try:
+                # 1st assume that the request was encrypted
+                reqKeys = TrustedHostInfoReq(encrXMLtxt=reqXMLtxt,
+                                    encrPriKeyFilePath=self.__prop['keyFile'],
+                                    encrPriKeyPwd=self.__prop['keyPwd'])
+            except Exception, e:
+                # Error occured decrypting - Trying parsing again, but this
+                # time assuming non-encrypted
+                try:
+                    reqKeys = TrustedHostInfoReq(xmlTxt=reqXMLtxt)
+                except Exception, e:
+                    raise AttAuthorityError(\
+                        "Error parsing authorisation request: %s" % e)
         if not self.__localRole2Trusted:
             raise AttAuthorityError("Roles to host look-up is not set - " + \
 …
         if localRole is None:
+        if 'role' not in reqKeys:
             # No role input - return all trusted hosts with their WSDL URIs
             # and roles
+            trustedHostInfo = dict([(i[0], \
+                        {'wsdl': i[1]['wsdl'], \
+                         'role': [role['remote'] for role in i[1]['role']]}) \
+                         for i in self.__mapConfig.items()])
+            return trustedHostInfo
+        # Get trusted hosts for given input local role
+        try:
+            trustedHosts = self.__localRole2TrustedHost[localRole]
+        except:
+            return None
+        # Get associated WSDL URI and roles for the trusted hosts identified
+        # and return as a dictionary indexed by host name
+        trustedHostInfo = dict([(host, \
+                        {'wsdl': self.__mapConfig[host]['wsdl'], \
+                         'role': self.__localRole2Trusted[host][localRole]}) \
+                         for host in trustedHosts])
+            trustedHostInfo = dict([\
+               (k, \
+                {'wsdl': v['wsdl'], \
+                 'role': [role['remote'] for role in v['role']]}) \
+                for k, v in self.__mapConfig.items()])
+        else:
+            # Get trusted hosts for given input local role
+            try:
+                trustedHosts = self.__localRole2TrustedHost[reqKeys['role']]
+            except:
+                return None
+            # Get associated WSDL URI and roles for the trusted hosts
+            # identified and return as a dictionary indexed by host name
+            trustedHostInfo = dict([(host, \
+                {'wsdl': self.__mapConfig[host]['wsdl'], \
+                 'role': self.__localRole2Trusted[host][reqKeys['role']]}) \
+                 for host in trustedHosts])
         return trustedHostInfo
 …
     def mapTrusted2LocalRoles(self,trustedHost,trustedHostRoles):
+    def mapTrusted2LocalRoles(self, trustedHost, trustedHostRoles):
         """Map roles of trusted hosts to roles for this data centre

TI12-security/trunk/python/NDG/AttAuthorityIO.py

-                      r540
+                      r674
     xmlMandTags = ["proxyCert"]
+    #_________________________________________________________________________
+    def update(self, userAttCert=None, **xmlTags):
+        """Override base class implementation to include extra code
+        to allow setting of userAttCert tag"""
+        if userAttCert:
+            if isinstance(userAttCert, basestring):
+                attCert = AttCertParse(userAttCert)
+            elif isinstance(userAttCert, AttCert):
+                attCert = userAttCert
+            else:
+                raise TypeError(\
+                    "userAttCert keyword must contain string or AttCert type")
+        else:
+            attCert = None
+        # Call super class update with revised attribute certificate list
+        super(self.__class__, self).update(userAttCert=attCert, **xmlTags)
+    #_________________________________________________________________________
+    def updateXML(self, **xmlTags):
+        """Override base class implementation to include extra code
+        to allow attribute certificate to be set from a string or AttCert
+        type"""
+        # Update dictionary
+        self.update(**xmlTags)
+        # Create XML formatted string ready for encryption
+        try:
+            xmlTxt = self.xmlHdr + os.linesep + \
+                "<" + self.__class__.__name__ + ">" + os.linesep
+            for tag, val in self.items():
+                if tag == "userAttCert":
+                    # Remove any XML header -
+                    # update() call will have converted val to AttCert type
+                    val = val.asString(stripXMLhdr=True)
+                xmlTxt += "    <%s>%s</%s>%s" % (tag, val, tag, os.linesep)
+            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep
+            self.xmlTxt = xmlTxt
+        except Exception, e:
+            raise XMLMsgError("Creating XML: %s" % e)
+    #_________________________________________________________________________
+    def parseXML(self):
+        """Override base class implementation to include extra code
+        to parse userAttCert tag - if left with the default, elementtree
+        adds extra "ns0" namespaces which invalidate the signature(!)"""
+        rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
+        if 'userAttCert' in self:
+            # Convert attribute certificate to AttCert instance
+            try:
+                attCertPat = re.compile(\
+                    '<attributeCertificate>.*</attributeCertificate>', re.S)
+                attCertTxt = attCertPat.findall(self.xmlTxt)[0]
+                self['userAttCert'] = AttCertParse(attCertTxt)
+            except Exception, e:
+                raise AuthorisationRespError(\
+                    "Error parsing Attribute Certificate: " + str(e))
 …
         to allow setting of extAttCertList tag"""
         if credential is not None:
+        if credential:
             if isinstance(credential, basestring):
                 attCert = AttCertParse(credential)
 …
                 "<" + self.__class__.__name__ + ">" + os.linesep
             for tag, val in xmlTags.items():
+            for tag, val in self.items():
                 if tag == "credential":
                     # Remove any XML header -
 …
     def parseXML(self):
         """Override base class implementation to include extra code
+        to parse extAttCertList tag"""
+        to parse extAttCertList tag - if left with the default, elementtree
+        adds extra "ns0" namespaces which invalidate the signature(!)"""
         rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
 …
 #_____________________________________________________________________________
 class GetTrustedHostInfoReqError(XMLMsgError):
+class TrustedHostInfoReqError(XMLMsgError):
     """Exception handling for NDG AttAuthority WS GetTrustedHostInfo request
     class."""
 …
 #_____________________________________________________________________________
 class GetTrustedHostInfoReq(XMLMsg):
+class TrustedHostInfoReq(XMLMsg):
     """For client to Attribute Authority WS GetTrustedHostInfo(): formats
     inputs for request into XML and encrypts.
 …
     # Override base class class variables
     xmlTagTmpl = {  "role":    ""}
+    xmlMandTags = ["role"]
+#_____________________________________________________________________________
+class GetTrustedHostInfoRespError(XMLMsgError):
+#_____________________________________________________________________________
+class TrustedHostInfoRespError(XMLMsgError):
     """Exception handling for NDG AttAuthority WS GetTrustedHostInfo response
     class."""
 …
 #_____________________________________________________________________________
 class GetTrustedHostInfoResp(XMLMsg):
+class TrustedHostInfoResp(XMLMsg):
     """For client to Attribute Authority WS getTrustedInfo(): formats
     response from AttAuthority.
 …
     # Override base class class variables
+    xmlTagTmpl = {"trustedHostInfo": "", "errMsg": ""}
+    xmlMandTags = ["errMsg"]
+    xmlTagTmpl = {"trustedHosts": "", "errMsg": ""}
 …
         # Allow user credentials to be access like dictionary keys
         super(self.__class__, self).__init__(**xmlMsgKeys)
+    #_________________________________________________________________________
+    def updateXML(self, **xmlTags):
+        """Override base class implementation to include extra code
+        to allow attribute certificate to be set from a string or AttCert
+        type"""
+        # Update dictionary
+        self.update(**xmlTags)
+        # Create XML formatted string ready for encryption
+        try:
+            xmlTxt = self.xmlHdr + os.linesep + \
+                "<" + self.__class__.__name__ + ">" + os.linesep
+            if "trustedHosts" in xmlTags:
+                xmlTxt += "    <trustedHosts>%s" % os.linesep
+                for host, hostInfo in xmlTags['trustedHosts'].items():
+                    xmlTxt += "        <trusted name=\"%s\">" % host
+                    xmlTxt += os.linesep
+                    xmlTxt += "            <wsdl>%s</wsdl>" % hostInfo['wsdl']
+                    xmlTxt += os.linesep
+                    xmlTxt += "            <roleSet>" + os.linesep
+                    xmlTxt += ''.join(["                <role>%s</role>%s" % \
+                                        (role, os.linesep) \
+                                        for role in hostInfo['role']])
+                    xmlTxt += "            </roleSet>" + os.linesep
+                    xmlTxt += "        </trusted>" + os.linesep
+                xmlTxt += "    </trustedHosts>%s" % os.linesep
+            if "errMsg" in xmlTags:
+                xmlTxt += "    <errMsg>%s</errMsg>%s" % \
+                                            (xmlTags['errMsg'], os.linesep)
+            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep
+            self.xmlTxt = xmlTxt
+        except Exception, e:
+            raise XMLMsgError("Creating XML: %s" % e)
+    #_________________________________________________________________________
+    def parseXML(self):
+        """Override base class implementation to include extra code
+        to parse trusted hosts info"""
+        rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
+        self['trustedHosts'] = {}
+        trustedHostsElem = rootElem.find('trustedHosts')
+        if not trustedHostsElem:
+            raise TrustedHostInfoRespError(\
+            "\"trustedHosts\" tag not found in trusted host info response")
+        for trusted in trustedHostsElem:
+            try:
+                host = trusted.items()[0][1]
+                # Add key for trusted host name
+                self['trustedHosts'][host] = {}
+                # Add WSDL URI and role set for that host
+                self['trustedHosts'][host]['wsdl'] = \
+                                            trusted.find('wsdl').text.strip()
+                self['trustedHosts'][host]['role'] = \
+                    [role.text.strip() for role in trusted.find('roleSet')]
+            except Exception, e:
+                raise TrustedHostInfoRespError(\
+                "Error parsing tag \"%s\" in trusted host info response: %s" \
+                % (trusted.tag, str(e)))

TI12-security/trunk/python/NDG/AttCert.py

-                      r660
+                      r674
+    def __nonzero__(self):
+        """Ensure if <attCertInstance> test yields True"""
+        return True
     def clear(self):
+        raise AttCertError("Data cannot be cleared from " + self.__class__.__name__)
+        raise AttCertError("Data cannot be cleared from " + \
+                           self.__class__.__name__)
 …
                                 by self.__filePath is read instead.
         certFilePathList:       list of files paths must contain certificate of
                                 trusted authority used to validate the
                                 signature.  If set, it is copied
                                 into self.__certFilePathList.  If omitted
+        certFilePathList:       list of files paths must contain certificate
+                                of trusted authority used to validate the
+                                signature.  If set, it is copied into
+                                self.__certFilePathList.  If omitted
                                 self.__certFilePathList is used unchanged.
         """

TI12-security/trunk/python/NDG/CredWallet.py

-                      r661
+                      r674
         self.__credRepos.addCredentials(self.__dn, attCertList)
     def __reqAuthorisation(self,
 …
                 raise CredWalletError(\
                     "Input Attribute Certificate must be AttCert type")
-            extAttCertTxt = extAttCert.asString()
-        else:
-            extAttCertTxt = '' # None
         if aaWSDL is not None:
             if not isinstance(aaWSDL, basestring):
                 raise CredWalletError("Attribute Authority WSDL file " + \
 …
                 authorisationReq = AuthorisationReq(\
                                             proxyCert=self.__proxyCertTxt,
                                             userAttCert=extAttCertTxt,
+                                            userAttCert=extAttCert,
                                             clntCert=clntCertTxt,
                                             encrPubKeyFilePath=aaCertFilePath)
 …
                 # Authority
                 attCert = aa.authorise(proxyCert=self.__proxyCertTxt,
                                        userAttCertTxt=extAttCertTxt)
+                                       userAttCert=extAttCert)
             except AttAuthorityAccessDenied, e:
 …
         """Wrapper to Attribute Authority getTrustedHostInfo
         userRole:               get hosts which have a mpping to this role
+        userRole:               get hosts which have a mapping to this role
         aaWSDL|aaPropFilePath:  to call as a web service, specify the file
                                 path or URI for the Attribute Authority's
 …
                 aaSrv = ServiceProxy(aaWSDL, use_wsdl=True)
+                # Format request
+                trustedHostInfoReq = TrustedHostInfoReq(role=userRole)
                 # Call Attribute Authority's Web service
+                resp = aaSrv.getTrustedHostInfo(usrRole=userRole)
+                if resp['errMsg']:
+                    raise Exception(resp['errMsg'])
+                # De-serialise output into a dictionary of roles indexed by
+                # host name
+                hostList = []
+                for host in resp['trustedHostInfo']:
+                    hostSplit = re.split("\s*:\s*", str(host))
+                    roleList = re.split("\s*,\s*", hostSplit[2])
+                    hostList.append((hostSplit[0], \
+                                    {'wsdl': hostSplit[1], 'role': roleList}))
+                return dict(hostList)
+                resp = aaSrv.getTrustedHostInfo(\
+                                    trustedHostInfoReq=trustedHostInfoReq())
+                # Parse response
+                trustedHostInfoResp = TrustedHostInfoResp(\
+                                    xmlTxt=str(resp['trustedHostInfoResp']))
+                if 'errMsg' in trustedHostInfoResp and \
+                   trustedHostInfoResp['errMsg']:
+                    raise Exception(trustedHostInfoResp['errMsg'])
+                return trustedHostInfoResp['trustedHosts']
             except socket.error, e:

TI12-security/trunk/python/NDG/Session.py

-                      r668
+                      r674
             except Exception, e:
+                raise SessionMgrError("Error parsing properties file: %s" % e)
+                raise SessionMgrError(\
+                    "Error parsing properties file: \"%s\": %s" % \
+                    (propFilePath, e))
         if propElem is None:
 …
                                                 dbPPhrase=credReposPPhrase)
             elif elem.tag in self.__validKeys:
+                # Check for environment variables in file paths
+                tagCaps = elem.tag.upper()
+                if 'FILE' in tagCaps or 'PATH' in tagCaps or 'DIR' in tagCaps:
+                    elem.text = os.path.expandvars(elem.text)
+                try:
+                    # Check for environment variables in file paths
+                    tagCaps = elem.tag.upper()
+                    if 'FILE' in tagCaps or \
+                       'PATH' in tagCaps or \
+                       'DIR' in tagCaps:
+                        elem.text = os.path.expandvars(elem.text)
+                    self.__prop[elem.tag] = elem.text
+                self.__prop[elem.tag] = elem.text
+                # Strip white space but not in the case of pass-phrase field
+                # as pass-phrase might contain leading or trailing white space
+                if elem.tag != 'keyPPhrase':
+                    self.__prop[elem.tag].strip()
+                    # Strip white space but not in the case of pass-phrase
+                    # field as pass-phrase might contain leading or trailing
+                    # white space
+                    if elem.tag != 'keyPPhrase' and \
+                       isinstance(self.__prop[elem.tag], basestring):
+                        self.__prop[elem.tag].strip()
+                except Exception, e:
+                    raise SessionMgrError(\
+                        "Error parsing properties file tag: \"%s\": %s" % \
+                        (elem.tag, e))
             else:
                 raise SessionMgrError(\

TI12-security/trunk/python/NDG/attAuthority_services_server.py

-                      r540
+                      r674
         try:
+            resp._trustedHostInfoResp = self.__srv.getTrustedHostInfo(\
+                                                                reqTxt=reqTxt)
+            trustedHosts = self.__srv.getTrustedHostInfo(reqXMLtxt=reqTxt)
+            trustedHostInfoResp = TrustedHostInfoResp(\
+                                                   trustedHosts=trustedHosts)
         except Exception, e:
             resp._trustedHostInfoResp=str(TrustedHostInfoResp(errMsg=str(e)))
+            trustedHostInfoResp = TrustedHostInfoResp(errMsg=str(e))
+        resp._trustedHostInfoResp = str(trustedHostInfoResp)
         return resp

TI12-security/trunk/python/ndgSessionClient.py

-                      r668
+                      r674
         sys.exit(1)
     # Use long options to make a disctionary
     args = {}.fromkeys([opt.split('=')[0] for opt in optLongNames])
+    # Use long options to make a dictionary
+    argDict = {}.fromkeys([opt.split('=')[0] for opt in optLongNames])
     extTrustedHostList = None
 …
         elif opt in ("-n", "--add-user"):
             args['add-user'] = True
+            argDict['add-user'] = True
         elif opt in ("-c", "--connect"):
             args['connect'] = True
+            argDict['connect'] = True
         elif opt in ("-r", "--req-autho"):
             args['req-autho'] = True
+            argDict['req-autho'] = True
         elif opt in ("-s", "--session-mgr-wsdl-uri"):
             args['session-mgr-wsdl-uri'] = arg
+            argDict['session-mgr-wsdl-uri'] = arg
         elif opt in ("-a", "--att-authority-wsdl-uri"):
             args['att-authority-wsdl-uri'] = arg
+            argDict['att-authority-wsdl-uri'] = arg
         elif opt in ("-u", "--username"):
             args['username'] = arg
+            argDict['username'] = arg
         elif opt in ("-p", "--pass-phrase-from-stdin"):
             args['pass-phrase-from-stdin'] = True
+            argDict['pass-phrase-from-stdin'] = True
         elif opt in ("-i", "--session-id"):
             args['session-id'] = arg
+            argDict['session-id'] = arg
         elif opt in ("-e", "--encr-sess-mgr-wsdl-uri"):
             args['encr-sess-mgr-wsdl-uri'] = arg
+            argDict['encr-sess-mgr-wsdl-uri'] = arg
         elif opt in ("-d", "--soap-debug"):
             args['soap-debug'] = sys.stderr
+            argDict['soap-debug'] = sys.stderr
         elif opt in ("-m", "--map-from-trusted-hosts"):
             args['map-from-trusted-hosts'] = True
+            argDict['map-from-trusted-hosts'] = True
         elif opt in ("-q", "--req-role"):
             args['req-role'] = arg
+            argDict['req-role'] = arg
         elif opt in ("-l", "--rtn-ext-att-cert-list"):
             args['rtn-ext-att-cert-list'] = True
+            argDict['rtn-ext-att-cert-list'] = True
         elif opt in ("-f", "--ext-att-cert-list-file"):
             args['ext-att-cert-list-file'] = arg
+            argDict['ext-att-cert-list-file'] = arg
             try:
                 # Open and read file removing any <?xml ... ?> headers
                 fpExtAttCertList = open(args['ext-att-cert-list-file'])
+                fpExtAttCertList = open(argDict['ext-att-cert-list-file'])
                 sAttCertList = \
                      re.sub("\s*<\?xml.*\?>\s*", "", fpExtAttCertList.read())
 …
             try:
                 extTrustedHostList = \
+                re.split("\s*,\s*",open(args['ext-trusted-host-file']).read())
+                    re.split("\s*,\s*",
+                             open(argDict['ext-trusted-host-file']).read())
             except Exception, e:
 …
     # For connect/addUser a pass-phrase is needed
     if args['add-user'] or args['connect']:
         if args['pass-phrase-from-stdin']:
+    if argDict['add-user'] or argDict['connect']:
+        if argDict['pass-phrase-from-stdin']:
             # Read from standard input
             passPhrase = sys.stdin.read().strip()
 …
             import getpass
             try:
+                passPhrase = getpass.getpass(prompt="pass-phrase: ")
+#                passPhrase = getpass.getpass(prompt="pass-phrase: ")
+                passPhrase = open('./Tests/tmp').read().strip()
             except KeyboardInterrupt:
                 sys.exit(1)
 …
     # Initialise session client
     try:
         sessClnt = SessionClient(smWSDL=args['session-mgr-wsdl-uri'],
                                  traceFile=args['soap-debug'])
+        sessClnt = SessionClient(smWSDL=argDict['session-mgr-wsdl-uri'],
+                                 traceFile=argDict['soap-debug'])
     except Exception, e:
         sys.stderr.write("Initialising client: %s\n" % str(e))
 …
     try:
         if args['add-user']:
             sessClnt.addUser(userName=args['username'], pPhrase=passPhrase)
+        if argDict['add-user']:
+            sessClnt.addUser(userName=argDict['username'], pPhrase=passPhrase)
             sys.exit(0)
         if args['connect']:
             sSessCookie = sessClnt.connect(userName=args['username'],
+        if argDict['connect']:
+            sSessCookie = sessClnt.connect(userName=argDict['username'],
                                            pPhrase=passPhrase)
             print sSessCookie
             # Don't exit here - req-autho may have been set too
         if args['req-autho']:
             if args['connect']:
+        if argDict['req-autho']:
+            if argDict['connect']:
                 # Connect was set also - parse cookie in order to session ID
                 # and WSDL address
 …
                 sessCookie = SimpleCookie(sSessCookie)
                 args['session-id'] = sessCookie['NDG-ID1'].value
                 args['encr-sess-mgr-wsdl-uri'] = sessCookie['NDG-ID2'].value
+                argDict['session-id'] = sessCookie['NDG-ID1'].value
+                argDict['encr-sess-mgr-wsdl-uri']=sessCookie['NDG-ID2'].value
             authResp = sessClnt.reqAuthorisation(\
                         sessID=args['session-id'],
                         encrSessMgrWSDLuri=args['encr-sess-mgr-wsdl-uri'],
                         aaWSDL=args['att-authority-wsdl-uri'],
                         mapFromTrustedHosts=args['map-from-trusted-hosts'],
                         reqRole=args['req-role'],
                         rtnExtAttCertList=args['rtn-ext-att-cert-list'],
+                        sessID=argDict['session-id'],
+                        encrSessMgrWSDLuri=argDict['encr-sess-mgr-wsdl-uri'],
+                        aaWSDL=argDict['att-authority-wsdl-uri'],
+                        mapFromTrustedHosts=argDict['map-from-trusted-hosts'],
+                        reqRole=argDict['req-role'],
+                        rtnExtAttCertList=argDict['rtn-ext-att-cert-list'],
                         extAttCertList=extAttCertList,
                         extTrustedHostList=extTrustedHostList)

Note: See TracChangeset for help on using the changeset viewer.