Context Navigation

← Previous Change
Next Change →

MyProxyLogonWebService

Timestamp:

07/06/10 11:09:11 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 5: MyProxy? Logon HTTPS Interface

Added middleware for get trust roots interface

Location:

TI12-security/trunk/MyProxyLogonWebService

Files:

: 5 edited

myproxy/server/test/myproxywsgi.ini (modified) (1 diff)
myproxy/server/test/test_myproxywsgi.py (modified) (3 diffs)
myproxy/server/wsgi/app.py (modified) (4 diffs)
myproxy/server/wsgi/middleware.py (modified) (12 diffs)
setup.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/MyProxyLogonWebService/myproxy/server/test/myproxywsgi.ini

r6937	r6938
23	23	myproxy.logonFuncEnvKeyName = MYPROXY_LOGON_FUNC
24	24	myproxy.rePathMatchList = /logon
	25	myproxy.getTrustRoots.path = /get-trustroots
25	26	#myproxy.client.hostname = localhost
26	27	myproxy.client.hostname = gabriel.badc.rl.ac.uk

TI12-security/trunk/MyProxyLogonWebService/myproxy/server/test/test_myproxywsgi.py

-                      r6897
+                      r6938
         self.assert_(response)
+class MyProxyLogonAppTestCase(unittest.TestCase):
+class MyProxyPasteDeployTestCaseBase(unittest.TestCase):
+    """Base class for common Paste Deploy related set-up"""
     INI_FILENAME = 'myproxywsgi.ini'
     THIS_DIR = os.path.dirname(__file__)
 …
     def __init__(self, *args, **kwargs):
         here_dir = os.path.dirname(os.path.abspath(__file__))
         wsgiapp = loadapp('config:' + MyProxyLogonAppTestCase.INI_FILENAME,
+        wsgiapp = loadapp('config:' + self.__class__.INI_FILENAME,
                           relative_to=here_dir)
         self.app = paste.fixture.TestApp(wsgiapp)
         self.cfg = SafeConfigParser({'here': MyProxyLogonAppTestCase.THIS_DIR})
+        self.cfg = SafeConfigParser({'here': self.__class__.THIS_DIR})
         self.cfg.optionxform = str
         self.cfg.read(MyProxyLogonAppTestCase.CONFIG_FILEPATH)
+        self.cfg.read(self.__class__.CONFIG_FILEPATH)
+        unittest.TestCase.__init__(self, *args, **kwargs)
+        unittest.TestCase.__init__(self, *args, **kwargs)
+class MyProxyLogonAppTestCase(MyProxyPasteDeployTestCaseBase):
+    """Test HTTP MyProxy logon interface"""
     def _createRequestCreds(self):
 …
         self.assert_(response)
+class MyProxyGetTrustRootsMiddlewareTestCase(MyProxyPasteDeployTestCaseBase):
+    """Test HTTP MyProxy get trust roots interface"""
+    def test01(self):
+        response = self.app.get('/get-trustroots', status=200)
+        self.assert_(response)
+        print response
 if __name__ == "__main__":
     unittest.main()

TI12-security/trunk/MyProxyLogonWebService/myproxy/server/wsgi/app.py

-                      r6897
+                      r6938
 __revision__ = "$Id: $"
 from myproxy.server.wsgi.httpbasicauth import HttpBasicAuthMiddleware
+from myproxy.server.wsgi.middleware import MyProxyClientMiddleware
+from myproxy.server.wsgi.middleware import (MyProxyClientMiddleware,
+                                            MyProxyGetTrustRootsMiddleware)
+class MyProxyLogonMiddlewareConfigError(Exception):
+    """Configuration error with MyProxyLogonMiddleware"""
+class MyProxyLogonApp(object):
+    """HTTP interface to MyProxy logon.  This interfaces creates a MyProxy
+    client instance with a HTTP Basic Auth based web service interface
+    to pass username/passphrase for MyProxy logon calls.
+class MyProxyApp(object):
+    """HTTP interface to MyProxy logon and get trsut roots.  This interfaces
+    creates a MyProxy client instance with a HTTP Basic Auth based web service
+    interface to pass username/passphrase for MyProxy logon calls.
     This WSGI must be run over HTTPS to ensure confidentiality of
 …
     Apache SSL configuration.
     """
+    PARAM_PREFIX = 'myproxy.logon.'
+    PARAM_PREFIX = 'myproxy.'
+    GET_TRUSTROOTS_PARAM_PREFIX = 'getTrustRoots.'
     HTTPBASICAUTH_REALM_OPTNAME = 'httpbasicauth.realm'
 …
         dictionary
         """
         logonFuncEnvKeyNameOptName = prefix + \
                         MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME_OPTNAME
+        # This app
+        app = cls()
+        logonFuncEnvironKeyName = app_conf.get(logonFuncEnvKeyNameOptName,
+                                MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME)
+        app = MyProxyLogonApp()
+        # HTTP Basic auth middleware - a container for MyProxy logon
         httpBasicAuthMWare = HttpBasicAuthMiddleware.filter_app_factory(app,
                                                                 global_conf,
 …
                                                                 **app_conf)
+        app = MyProxyClientMiddleware.filter_app_factory(httpBasicAuthMWare,
+        # MyProxy get trust roots middleware
+        getTrustRootsPrefix = prefix + cls.GET_TRUSTROOTS_PARAM_PREFIX
+        getTrustRootsMWare = MyProxyGetTrustRootsMiddleware.filter_app_factory(
+                                                    httpBasicAuthMWare,
+                                                    global_conf,
+                                                    prefix=getTrustRootsPrefix)
+        # Middleware to hold a MyProxy client and expose interface in environ
+        app = MyProxyClientMiddleware.filter_app_factory(getTrustRootsMWare,
                                                          global_conf,
                                                          prefix=prefix,

TI12-security/trunk/MyProxyLogonWebService/myproxy/server/wsgi/middleware.py

-                      r6937
+                      r6938
+class MyProxyClientMiddleware(object):
+class MyProxyClientMiddlewareBase(object):
+    """Base class for common functionality"""
+    __slots__ = ('__app', '__clientEnvironKeyName',)
+    CLIENT_ENV_KEYNAME_OPTNAME = 'clientEnvKeyName'
+    DEFAULT_CLIENT_ENV_KEYNAME = ('myproxy.server.wsgi.middleware.'
+                                  'MyProxyClientMiddleware.myProxyClient')
+    def __init__(self, app):
+        self.__app = app
+        self.__clientEnvironKeyName = None
+    def _getClientEnvironKeyName(self):
+        """Get MyProxyClient environ key name
+        @rtype: basestring
+        @return: MyProxyClient environ key name
+        """
+        return self.__clientEnvironKeyName
+    def _setClientEnvironKeyName(self, value):
+        """Set MyProxyClient environ key name
+        @type value: basestring
+        @param value: MyProxyClient environ key name
+        """
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "clientEnvironKeyName"; '
+                            'got %r type' % type(value))
+        self.__clientEnvironKeyName = value
+    clientEnvironKeyName = property(fget=_getClientEnvironKeyName,
+                                    fset=_setClientEnvironKeyName,
+                                    doc="key name in environ for the "
+                                        "MyProxyClient instance")
+    @property
+    def app(self):
+        """Get Property method for reference to next WSGI application in call
+        stack
+        @rtype: function
+        @return: WSGI application
+        """
+        return self.__app
+    @staticmethod
+    def getStatusMessage(statusCode):
+        '''Make a standard status message for use with start_response
+        @type statusCode: int
+        @param statusCode: HTTP status code
+        @rtype: str
+        @return: status code with standard message
+        @raise KeyError: for invalid status code
+        '''
+        return '%d %s' % (statusCode, httplib.responses[statusCode])
+class MyProxyClientMiddleware(MyProxyClientMiddlewareBase):
     '''
     Create a MyProxy client and make it available to other middleware in the
 …
     '''
     # Options for ini file
-    CLIENT_ENV_KEYNAME_OPTNAME = 'clientEnvKeyName'
     LOGON_FUNC_ENV_KEYNAME_OPTNAME = 'logonFuncEnvKeyName'
     # Default environ key names
-    CLIENT_ENV_KEYNAME = ('myproxy.server.wsgi.middleware.'
-                          'MyProxyClientMiddleware.myProxyClient')
     LOGON_FUNC_ENV_KEYNAME = ('myproxy.server.wsgi.middleware.'
                               'MyProxyClientMiddleware.logon')
+    CERTIFICATE_REQUST_POST_PARAM_KEYNAME = 'certificate_request'
+    GET_TRUSTROOTS_PARAM_KEYNAME = 'get_trustroots'
+    GET_TRUSTROOTS_TRUE_STR = '1'
+    CERT_REQ_POST_PARAM_KEYNAME = 'certificate_request'
     # Option prefixes
 …
         '__myProxyClient',
         '__logonFuncEnvironKeyName',
-        '__clientEnvironKeyName'
+    )
     def __init__(self, app):
+        ''''''
+        self.__app = app
+        '''Create attributes
+        @type app: function
+        @param app: WSGI callable for next application in stack
+        '''
+        super(MyProxyClientMiddleware, self).__init__(app)
         self.__myProxyClient = None
         self.__logonFuncEnvironKeyName = None
-        self.__clientEnvironKeyName = None
     @classmethod
 …
         self.clientEnvironKeyName = app_conf.get(clientEnvKeyOptName,
                                 MyProxyClientMiddleware.CLIENT_ENV_KEYNAME)
+                            MyProxyClientMiddleware.DEFAULT_CLIENT_ENV_KEYNAME)
         logonFuncEnvKeyOptName = prefix + \
 …
         self.logonFuncEnvironKeyName = app_conf.get(logonFuncEnvKeyOptName,
+                                MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME)
+    def _getClientEnvironKeyName(self):
+        return self.__clientEnvironKeyName
+    def _setClientEnvironKeyName(self, value):
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "clientEnvironKeyName"; '
+                            'got %r type' % type(value))
+        self.__clientEnvironKeyName = value
+    clientEnvironKeyName = property(fget=_getClientEnvironKeyName,
+                                    fset=_setClientEnvironKeyName,
+                                    doc="key name in environ for the "
+                                        "MyProxyClient instance")
+                                MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME)
     def _getLogonFuncEnvironKeyName(self):
+        """Get MyProxyClient logon function environ key name
+        @rtype: basestring
+        @return: MyProxyClient logon function environ key name
+        """
         return self.__logonFuncEnvironKeyName
     def _setLogonFuncEnvironKeyName(self, value):
+        """Set MyProxyClient environ key name
+        @type value: basestring
+        @param value: MyProxyClient logon function environ key name
+        """
         if not isinstance(value, basestring):
             raise TypeError('Expecting string type for '
 …
     def _getMyProxyClient(self):
+        """Get MyProxyClient instance
+        @rtype: myproxy.client.MyProxyClient
+        @return: MyProxyClient instance
+        """
         return self.__myProxyClient
     def _setMyProxyClient(self, value):
+        """Set MyProxyClient instance
+        @type value: myproxy.client.MyProxyClient
+        @param value: MyProxyClient instance
+        """
         if not isinstance(value, MyProxyClient):
             raise TypeError('Expecting %r type for "myProxyClient" attribute '
 …
         environ[self.logonFuncEnvironKeyName] = self.myProxyLogon
         return self.__app(environ, start_response)
+        return self.app(environ, start_response)
     @property
 …
             request = Request(environ)
             certReqKey = self.__class__.CERTIFICATE_REQUST_POST_PARAM_KEYNAME
+            certReqKey = self.__class__.CERT_REQ_POST_PARAM_KEYNAME
             pemCertReq = request.POST.get(certReqKey)
             if pemCertReq is None:
 …
                                                      httplib.BAD_REQUEST)
             log.debug("cert req = %r", pemCertReq)
-            getTrustRootsKey = self.__class__.GET_TRUSTROOTS_PARAM_KEYNAME
-            getTrustRoots = (request.postvars.get(getTrustRootsKey) ==
-                             self.__class__.GET_TRUSTROOTS_TRUE_STR)
             # Expecting PEM encoded request
 …
             try:
-                if getTrustRoots:
-                    trustRootsDict = self.myProxyClient.getTrustRoots()
-                    trustRoots = '\n'.join([
-                        "FILEDATA_%s=%s" % (fileName, fileContents)
-                        for fileName, fileContents in trustRootsDict.items()
-                    ])
-                else:
-                    trustRoots = ''
                 credentials = self.myProxyClient.logon(username,
                                                        password,
 …
                 status = self.getStatusMessage(httplib.OK)
                 response = '\n'.join(credentials)
-                response += '\n'+trustRoots
                 start_response(status,
 …
                 raise # Trigger 500 Internal Server Error
         return _myProxylogon
+    @staticmethod
+    def getStatusMessage(statusCode):
+        '''Make a standard status message for use with start_response
+        @type statusCode: int
+        @param statusCode: HTTP status code
+        @rtype: str
+        @return: status code with standard message
+        @raise KeyError: for invalid status code
+class MyProxyGetTrustRootsMiddlewareError(Exception):
+    """MyProxyGetTrustRootsMiddleware exception class"""
+class MyProxyGetTrustRootsMiddleware(MyProxyClientMiddlewareBase):
+    """HTTP client interface for MyProxy server Get Trust Roots method
+    It relies on a myproxy.server.wsgi.MyProxyClientMiddleware instance called
+    upstream in the WSGI stack to set up a MyProxyClient instance and make it
+    available in the environ to call its getTrustRoots method.
+    """
+    # Options for ini file
+    CLIENT_ENV_KEYNAME_OPTNAME = \
+        MyProxyClientMiddleware.CLIENT_ENV_KEYNAME_OPTNAME
+    PATH_OPTNAME = 'path'
+    DEFAULT_CLIENT_ENV_KEYNAME = \
+        MyProxyClientMiddleware.DEFAULT_CLIENT_ENV_KEYNAME
+    DEFAULT_PATH = '/myproxy/get-trustroots'
+    # Option prefixes
+    PARAM_PREFIX = 'myproxy.getTrustRoots.'
+    __slots__ = (
+        '__path',
+    )
+    def __init__(self, app):
+        '''Create attributes
+        @type app: function
+        @param app: WSGI callable for next application in stack
         '''
+        return '%d %s' % (statusCode, httplib.responses[statusCode])
+        super(MyProxyGetTrustRootsMiddleware, self).__init__(app)
+        self.__path = None
+    @classmethod
+    def filter_app_factory(cls, app, global_conf, prefix=PARAM_PREFIX,
+                           **app_conf):
+        """Function following Paste filter app factory signature
+        @type app: callable following WSGI interface
+        @param app: next middleware/application in the chain
+        @type global_conf: dict
+        @param global_conf: PasteDeploy global configuration dictionary
+        @type prefix: basestring
+        @param prefix: prefix for configuration items
+        @type app_conf: dict
+        @param app_conf: PasteDeploy application specific configuration
+        dictionary
+        """
+        app = cls(app)
+        app.parseConfig(prefix=prefix, **app_conf)
+        return app
+    def parseConfig(self, prefix=PARAM_PREFIX, **app_conf):
+        """Parse dictionary of configuration items updating the relevant
+        attributes of this instance
+        @type prefix: basestring
+        @param prefix: prefix for configuration items
+        @type app_conf: dict
+        @param app_conf: PasteDeploy application specific configuration
+        dictionary
+        """
+        clientEnvKeyOptName = prefix + self.__class__.CLIENT_ENV_KEYNAME_OPTNAME
+        self.clientEnvironKeyName = app_conf.get(clientEnvKeyOptName,
+                                    self.__class__.DEFAULT_CLIENT_ENV_KEYNAME)
+        pathOptName = prefix + self.__class__.PATH_OPTNAME
+        self.path = app_conf.get(pathOptName, self.__class__.DEFAULT_PATH)
+    def _getPath(self):
+        """Get URI path for get trust roots method
+        @rtype: basestring
+        @return: path for get trust roots method
+        """
+        return self.__path
+    def _setPath(self, value):
+        """Set URI path for get trust roots method
+        @type value: basestring
+        @param value: path for get trust roots method
+        """
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "path"; got %r' %
+                            type(value))
+        self.__path = value
+    path = property(fget=_getPath, fset=_setPath,
+                    doc="environ SCRIPT_NAME path which invokes the "
+                        "getTrustRoots method on this middleware")
+    def __call__(self, environ, start_response):
+        '''Get MyProxyClient instance from environ and call MyProxy
+        getTrustRoots method returning the response.
+        MyProxyClientMiddleware must be in place upstream in the WSGI stack
+        @type environ: dict
+        @param environ: WSGI environment variables dictionary
+        @type start_response: function
+        @param start_response: standard WSGI start response function
+        '''
+        # Skip if path doesn't match
+        if environ['PATH_INFO'] != self.path:
+            return self.app(environ, start_response)
+        log.debug("MyProxyGetTrustRootsMiddleware.__call__ ...")
+        # Check method
+        requestMethod = environ.get('REQUEST_METHOD')
+        if requestMethod != 'GET':
+            response = "HTTP Request method not recognised"
+            log.error("HTTP Request method %r not recognised", requestMethod)
+            status = self.__class__.getStatusMessage(httplib.BAD_REQUEST)
+            start_response(status,
+                           [('Content-type', 'text/plain'),
+                            ('Content-length', str(len(response)))])
+            return [response]
+        myProxyClient = environ[self.clientEnvironKeyName]
+        if not isinstance(myProxyClient, MyProxyClient):
+            raise TypeError('Expecting %r type for "myProxyClient" environ[%r] '
+                            'attribute got %r' % (MyProxyClient,
+                                                  self.clientEnvironKeyName,
+                                                  type(myProxyClient)))
+        response = self._getTrustRoots(myProxyClient)
+        start_response(self.getStatusMessage(httplib.OK),
+                       [('Content-length', str(len(response))),
+                        ('Content-type', 'text/plain')])
+        return [response]
+    @classmethod
+    def _getTrustRoots(cls, myProxyClient):
+        """Call getTrustRoots method on MyProxyClient instance retrieved from
+        environ and format and return a HTTP response
+        @type myProxyClient: myproxy.client.MyProxyClient
+        @param myProxyClient: MyProxyClient instance on which to call
+        getTrustRoots method
+        @rtype: basestring
+        @return: trust roots formatted as a HTTP response
+        """
+        try:
+            trustRoots = myProxyClient.getTrustRoots()
+            # Serialise dict response
+            response = "\n".join(["%s=%s" % i for i in trustRoots.items()])
+            return response
+        except MyProxyClientError, e:
+            log.error("MyProxyClient.getTrustRoots raised an "
+                      "MyProxyClientError exception calling %r: %s",
+                      myProxyClient.hostname,
+                      traceback.format_exc())
+        except socket.error, e:
+            raise MyProxyGetTrustRootsMiddlewareError("Socket error with "
+                                                      "MyProxy server %r: %s" %
+                                                      (myProxyClient.hostname,
+                                                       e))
+        except Exception, e:
+            log.error("MyProxyClient.getTrustRoots raised an unknown exception "
+                      "calling %r: %s",
+                      myProxyClient.hostname,
+                      traceback.format_exc())
+            raise # Trigger 500 Internal Server Error

TI12-security/trunk/MyProxyLogonWebService/setup.py

-                      r6886
+                      r6938
     url =               'http://proj.badc.rl.ac.uk/ndg/wiki/Security/MyProxyClient',
     platforms =         ['POSIX', 'Linux', 'Windows'],
+    install_requires =  ['MyProxyClient'],
+    install_requires =  ['PasteDeploy',
+                         'PasteSecript',
+                         'WebOb',
+                         'MyProxyClient'],
     license =           __license__,
     test_suite =        'myproxy.server.test',

Note: See TracChangeset for help on using the changeset viewer.