Changeset 739
- Timestamp:
- 30/03/06 17:53:04 (15 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 1 added
- 15 edited
-
NDG/AttAuthorityIO.py (modified) (1 diff)
-
NDG/CredWallet.py (modified) (7 diffs)
-
NDG/Session.py (modified) (11 diffs)
-
NDG/SessionClient.py (modified) (14 diffs)
-
NDG/SessionMgrIO.py (modified) (3 diffs)
-
NDG/attAuthority_services.py (modified) (3 diffs)
-
NDG/attAuthority_services_server.py (modified) (2 diffs)
-
NDG/sessionMgr_services.py (modified) (3 diffs)
-
NDG/sessionMgr_services_server.py (modified) (3 diffs)
-
Tests/AttAuthorityClientTest.py (added)
-
Tests/SessionClientTest.py (modified) (2 diffs)
-
bin/ndgSessionClient.py (modified) (2 diffs)
-
conf/mapConfig.xml (modified) (1 diff)
-
conf/sessionMgrProperties.xml (modified) (1 diff)
-
www/html/attAuthority.wsdl (modified) (3 diffs)
-
www/html/sessionMgr.wsdl (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/NDG/AttAuthorityIO.py
r737 r739 372 372 raise TrustedHostInfoRespError(\ 373 373 "Error parsing tag \"%s\" in trusted host info response: %s" \ 374 % (trusted.tag, str(e))) 374 % (trusted.tag, str(e))) 375 376 377 #_____________________________________________________________________________ 378 class PubKeyReqError(XMLMsgError): 379 """Exception handling for NDG SessionMgr WS getPubKey request class.""" 380 pass 381 382 383 #_____________________________________________________________________________ 384 class PubKeyReq(XMLMsg): 385 """For client to Session Manager WS getPubKey(): formats inputs for 386 request into XML""" 387 pass 388 389 390 #_____________________________________________________________________________ 391 class PubKeyRespError(XMLMsgError): 392 """Exception handling for NDG SessionMgr WS getPubKey response class.""" 393 pass 394 395 396 #_____________________________________________________________________________ 397 class PubKeyResp(XMLMsg): 398 """For client to Session Manager WS getPubKey(): formats getPubKey 399 response from SessionMgr""" 400 401 # Override base class class variables 402 xmlTagTmpl = {"pubKey": "", "errMsg": ""} 403 404 405 def __init__(self, **xmlMsgKeys): 406 """XML for receiving credentials from Session Manager getPubKey call 407 408 xmlMsgKeys: keywords for XMLMsg super-class. If XML tags are 409 input as keywords then 'proxyCert' or 'sessCookie' 410 must be set. 411 """ 412 413 # Allow user credentials to be access like dictionary keys 414 super(self.__class__, self).__init__(**xmlMsgKeys) 415 416 417 # Check for valid output credentials 418 # XML tags input as keywords expected - check minimum 419 # required are present for SessionMgr getPubKey response 420 if 'pubKey' not in self and 'errMsg' not in self: 421 raise PubKeyRespError(\ 422 "PubKey response document must contain: \"pubKey\"" + \ 423 " or \"errMsg\" keywords") 424 -
TI12-security/trunk/python/NDG/CredWallet.py
r737 r739 135 135 proxyCertTxt, 136 136 caPubKeyFilePath=None, 137 aaPubKeyFilePath=None,138 137 clntPubKeyFilePath=None, 139 138 clntPriKeyFilePath=None, … … 149 148 If not set here, it must be input in call 150 149 to reqAuthorisation. 151 aaPubKeyFilePath: Public key of AA used to encrypt client152 requests to the AA.153 150 clntPubKeyFilePath: Public key certificate for this client. 154 151 Setting this enables return message from AA … … 177 174 178 175 self.__setCApubKeyFilePath(caPubKeyFilePath) 179 self.__setAApubKeyFilePath(aaPubKeyFilePath)180 176 self.__setClntPubKeyFilePath(clntPubKeyFilePath) 181 177 self.__setClntPriKeyFilePath(clntPriKeyFilePath) … … 521 517 "path must be a valid string") 522 518 519 try: 520 # Get Attribute Authority web service interface 521 if bDebug: 522 traceFile = sys.stderr 523 else: 524 traceFile = None 525 526 aaSrv = ServiceProxy(aaWSDL, 527 use_wsdl=True, 528 tracefile=traceFile) 529 except Exception, e: 530 raise CredWalletError(\ 531 "ServiceProxy for authorisation request: " + str(e)) 532 533 534 if aaPubKeyFilePath is None: 535 # Try retrieving from the web service 536 try: 537 pubKeyReq = PubKeyReq() 538 resp = aaSrv.getPubKey(pubKeyReq=pubKeyReq()) 539 pubKeyResp = PubKeyResp(xmlTxt=resp['pubKeyResp']) 540 541 if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']: 542 raise Exception(pubKeyResp['errMsg']) 543 544 aaPubKeyTmpFile = tempfile.NamedTemporaryFile() 545 open(aaPubKeyTmpFile.name,"w").write(pubKeyResp['pubKey']) 546 547 aaPubKeyFilePath = aaPubKeyTmpFile.name 548 549 except IOError, (errNo, errMsg): 550 raise SessionMgrError(\ 551 "Writing public key to temporary file: %s" % errMsg) 552 553 except Exception, e: 554 raise SessionMgrError(\ 555 "Retrieving Attribute Authority public key: "+ str(e)) 556 557 523 558 if self.__clntPubKeyFilePath: 559 try: 560 clntCert = open(self.__clntPubKeyFilePath).read() 561 562 except IOError, (errNo, errMsg): 563 raise CredWalletError(\ 564 "Reading client public key file \"%s\": %s" %\ 565 (self.__clntPubKeyFilePath, errMsg)) 566 567 except Exception, e: 568 raise CredWalletError(\ 569 "Reading client public key file \"%s\": %s" %\ 570 (self.__clntPubKeyFilePath, str(e))) 571 else: 572 clntCert = None 573 574 575 try: 576 # Format XML request message 577 # 578 # Message will be encrypted if aaPubKeyFilePath was set 579 authorisationReq = AuthorisationReq(\ 580 proxyCert=self.__proxyCertTxt, 581 userAttCert=extAttCert, 582 encrCert=clntCert, 583 encrPubKeyFilePath=aaPubKeyFilePath) 584 585 # Call Attribute Authority's Web service 586 resp = aaSrv.reqAuthorisation(\ 587 authorisationReq=authorisationReq()) 588 589 except socket.error, (dummy, e): 590 raise CredWalletError("Requesting authorisation: %s" % str(e)) 591 592 except Exception, e: 593 raise CredWalletError("Requesting authorisation: %s" % str(e)) 594 595 596 # Parse the response 597 authorisationResp = AuthorisationResp(\ 598 xmlTxt=resp['authorisationResp'], 599 encrPriKeyFilePath=self.__clntPriKeyFilePath, 600 encrPriKeyPwd=self.__clntPriKeyPwd) 601 602 # Check the status code returned from the authorisation request 603 if authorisationResp['statCode'] == authorisationResp.accessError: 604 raise CredWalletError(authorisationResp['errMsg']) 605 606 elif authorisationResp['statCode'] == \ 607 authorisationResp.accessDenied: 608 raise CredWalletAuthorisationDenied(\ 609 "Authorisation denied: %s" % authorisationResp['errMsg']) 610 611 elif authorisationResp['statCode'] == \ 612 authorisationResp.accessGranted: 613 attCert = authorisationResp['credential'] 614 615 else: 616 raise CredWalletError("Attribute Authority authorisation " + \ 617 "status code not recognised") 618 619 elif aaPropFilePath is not None: 620 621 # Call local based Attribute Authority with settings from the 622 # configuration file aaPropFilePath 623 624 if not isinstance(aaPropFilePath, basestring): 625 raise CredWalletError("Attribute Authority Configuration " + \ 626 "file path must be a valid string") 627 628 try: 629 # Make a new attribute authority instance 630 aa = AttAuthority(aaPropFilePath) 631 632 # Request a new attribute certificate from the Attribute 633 # Authority 634 attCert = aa.authorise(proxyCert=self.__proxyCertTxt, 635 userAttCert=extAttCert) 636 637 except AttAuthorityAccessDenied, e: 638 raise CredWalletAuthorisationDenied(\ 639 "Authorisation denied: %s" % e) 640 641 except Exception, e: 642 raise CredWalletError("Requesting authorisation: %s" % e) 643 644 else: 645 raise CredWalletError("Error requesting authorisation: " + \ 646 "a WSDL file or Attribute Authority " + \ 647 "configuration file must be specified") 648 649 650 # Update attribute Certificate instance with CA's certificate ready 651 # for signature check in addCredential() 652 if self.__caPubKeyFilePath is None: 653 raise CredWalletError("No CA certificate has been set") 654 655 attCert.certFilePathList = self.__caPubKeyFilePath 656 657 658 # Add credential into wallet 659 # 660 # Nb. if the certificates signature is invalid, it will be rejected 661 self.addCredential(attCert) 662 663 664 return attCert 665 666 667 668 669 def getAATrustedHostInfo(self, 670 userRole=None, 671 aaWSDL=None, 672 aaPubKeyFilePath=None, 673 aaPropFilePath=None, 674 bDebug=False): 675 """Wrapper to Attribute Authority getTrustedHostInfo 676 677 userRole: get hosts which have a mapping to this role 678 aaWSDL|aaPropFilePath: to call as a web service, specify the file 679 path or URI for the Attribute Authority's 680 WSDL. Otherwise, to run on the local machine, 681 specify a local Attribute Authority 682 configuration file.""" 683 684 if userRole is not None and not isinstance(userRole, basestring): 685 raise CredWalletError("User Role must be a valid string") 686 687 688 if aaWSDL is not None: 689 # Call Attribute Authority WS 690 if not isinstance(aaWSDL, basestring): 691 raise CredWalletError("Attribute Authority WSDL file " + \ 692 "path must be a valid string") 693 694 try: 695 if bDebug: 696 traceFile = sys.stderr 697 else: 698 traceFile = None 699 700 aaSrv = ServiceProxy(aaWSDL, 701 use_wsdl=True, 702 tracefile=traceFile) 703 except Exception, e: 704 raise CredWalletError(\ 705 "ServiceProxy for authorisation request: " + str(e)) 706 707 708 if aaPubKeyFilePath is None: 709 # Try retrieving from the web service 710 try: 711 pubKeyReq = PubKeyReq() 712 resp = aaSrv.getPubKey(pubKeyReq=pubKeyReq()) 713 pubKeyResp = PubKeyResp(xmlTxt=resp['pubKeyResp']) 714 715 if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']: 716 raise Exception(pubKeyResp['errMsg']) 717 718 aaPubKeyTmpFile = tempfile.NamedTemporaryFile() 719 open(aaPubKeyTmpFile.name,"w").write(pubKeyResp['pubKey']) 720 721 aaPubKeyFilePath = aaPubKeyTmpFile.name 722 723 except IOError, (errNo, errMsg): 724 raise SessionMgrError(\ 725 "Writing public key to temporary file: %s" % errMsg) 726 727 except Exception, e: 728 raise SessionMgrError(\ 729 "Retrieving Attribute Authority public key: "+ str(e)) 730 731 732 if self.__clntPubKeyFilePath: 733 # Read client certificate into a string ready to pass over 734 # SOAP connection 524 735 try: 525 736 clntCert = open(self.__clntPubKeyFilePath).read() … … 536 747 else: 537 748 clntCert = None 538 539 749 750 540 751 try: 541 # Get Attribute Authority web service interface542 if bDebug:543 traceFile = sys.stderr544 else:545 traceFile = None546 547 aaSrv = ServiceProxy(aaWSDL,548 use_wsdl=True,549 tracefile=traceFile)550 551 # Format XML request message552 #553 # Message will be encrypted if aaPubKeyFilePath was set554 authorisationReq = AuthorisationReq(\555 proxyCert=self.__proxyCertTxt,556 userAttCert=extAttCert,557 encrCert=clntCert,558 encrPubKeyFilePath=aaPubKeyFilePath)559 560 # Call Attribute Authority's Web service561 resp = aaSrv.reqAuthorisation(\562 authorisationReq=authorisationReq())563 564 except socket.error, (dummy, e):565 raise CredWalletError("Requesting authorisation: %s" % str(e))566 567 except Exception, e:568 raise CredWalletError("Requesting authorisation: %s" % str(e))569 570 571 # Parse the response572 authorisationResp = AuthorisationResp(\573 xmlTxt=resp['authorisationResp'],574 encrPriKeyFilePath=self.__clntPriKeyFilePath,575 encrPriKeyPwd=self.__clntPriKeyPwd)576 577 # Check the status code returned from the authorisation request578 if authorisationResp['statCode'] == authorisationResp.accessError:579 raise CredWalletError(authorisationResp['errMsg'])580 581 elif authorisationResp['statCode'] == \582 authorisationResp.accessDenied:583 raise CredWalletAuthorisationDenied(\584 "Authorisation denied: %s" % authorisationResp['errMsg'])585 586 elif authorisationResp['statCode'] == \587 authorisationResp.accessGranted:588 attCert = authorisationResp['credential']589 590 else:591 raise CredWalletError("Attribute Authority authorisation " + \592 "status code not recognised")593 594 elif aaPropFilePath is not None:595 596 # Call local based Attribute Authority with settings from the597 # configuration file aaPropFilePath598 599 if not isinstance(aaPropFilePath, basestring):600 raise CredWalletError("Attribute Authority Configuration " + \601 "file path must be a valid string")602 603 try:604 # Make a new attribute authority instance605 aa = AttAuthority(aaPropFilePath)606 607 # Request a new attribute certificate from the Attribute608 # Authority609 attCert = aa.authorise(proxyCert=self.__proxyCertTxt,610 userAttCert=extAttCert)611 612 except AttAuthorityAccessDenied, e:613 raise CredWalletAuthorisationDenied(\614 "Authorisation denied: %s" % e)615 616 except Exception, e:617 raise CredWalletError("Requesting authorisation: %s" % e)618 619 else:620 raise CredWalletError("Error requesting authorisation: " + \621 "a WSDL file or Attribute Authority " + \622 "configuration file must be specified")623 624 625 # Update attribute Certificate instance with CA's certificate ready626 # for signature check in addCredential()627 if self.__caPubKeyFilePath is None:628 raise CredWalletError("No CA certificate has been set")629 630 attCert.certFilePathList = self.__caPubKeyFilePath631 632 633 # Add credential into wallet634 #635 # Nb. if the certificates signature is invalid, it will be rejected636 self.addCredential(attCert)637 638 639 return attCert640 641 642 643 644 def getAATrustedHostInfo(self,645 userRole=None,646 aaWSDL=None,647 aaPubKeyFilePath=None,648 aaPropFilePath=None):649 """Wrapper to Attribute Authority getTrustedHostInfo650 651 userRole: get hosts which have a mapping to this role652 aaWSDL|aaPropFilePath: to call as a web service, specify the file653 path or URI for the Attribute Authority's654 WSDL. Otherwise, to run on the local machine,655 specify a local Attribute Authority656 configuration file."""657 658 if userRole is not None and not isinstance(userRole, basestring):659 raise CredWalletError("User Role must be a valid string")660 661 662 if aaWSDL is not None:663 # Call Attribute Authority WS664 if not isinstance(aaWSDL, basestring):665 raise CredWalletError("Attribute Authority WSDL file " + \666 "path must be a valid string")667 668 669 if self.__clntPubKeyFilePath:670 # Read client certificate into a string ready to pass over671 # SOAP connection672 try:673 clntCert = open(self.__clntPubKeyFilePath).read()674 675 except IOError, (errNo, errMsg):676 raise optparse.OptionValueError(\677 "Reading client public key file \"%s\": %s" %\678 (self.__clntPubKeyFilePath, errMsg))679 680 except Exception, e:681 raise optparse.OptionValueError(\682 "Reading client public key file \"%s\": %s" %\683 (self.__clntPubKeyFilePath, str(e)))684 else:685 clntCert = None686 687 688 try:689 # Get Attribute Authority web service interface690 aaSrv = ServiceProxy(aaWSDL, use_wsdl=True)691 692 752 # Format request 693 753 trustedHostInfoReq = TrustedHostInfoReq(role=userRole, … … 914 974 try: 915 975 trustedHostInfo = self.getAATrustedHostInfo(reqRole, 916 aaWSDL=aaWSDL, 917 aaPropFilePath=aaPropFilePath) 976 aaWSDL=aaWSDL, 977 aaPubKeyFilePath=aaPubKeyFilePath, 978 aaPropFilePath=aaPropFilePath) 918 979 except Exception, e: 919 980 raise CredWalletError("Getting trusted hosts: %s" % e) … … 960 1021 961 1022 try: 962 # Get public key of Attribute Authority to allow963 # outgoing message to be encrypted964 aaPubKeyTemp = self.__retrieveURI(val['pubKey'])965 966 1023 extAttCert = self.__reqAuthorisation(\ 967 aaWSDL=val['wsdl'] 968 aaPubKeyFilePath=aaPubKeyTemp.name) 1024 aaWSDL=val['wsdl']) 969 1025 970 1026 # Check the certificate contains at least one of -
TI12-security/trunk/python/NDG/Session.py
r737 r739 49 49 # Tools for interfacing with SessionMgr WS 50 50 from NDG.SessionMgrIO import * 51 52 # Use client package to allow reidrection of authorisation requests 53 from NDG.SessionClient import * 51 54 52 55 # Use to pipe output from ZSI ServiceProxy … … 80 83 __sessIDlen = 128 81 84 82 __cookieTags = ("NDG-ID1", "NDG-ID2" , "NDG-ID3")85 __cookieTags = ("NDG-ID1", "NDG-ID2") 83 86 84 87 # Follow standard format for cookie path and expiry attributes … … 238 241 def createCookie(self, 239 242 sessMgrWSDLuri, 240 sessMgrPubKeyURI,241 243 encrKey, 242 244 sessID=None, … … 278 280 sessCookie = SimpleCookie() 279 281 280 tagValues = (sessID, 281 self.encrypt(sessMgrWSDLuri, encrKey), 282 self.encrypt(sessMgrPubKeyURI, encrKey)) 282 tagValues = (sessID, self.encrypt(sessMgrWSDLuri, encrKey)) 283 283 284 284 expiryStr = self.__getExpiryStr() … … 310 310 311 311 except Exception, e: 312 UserSessionError("Creating Session Cookie: %s" % e)312 raise UserSessionError("Creating Session Cookie: %s" % e) 313 313 314 314 … … 335 335 'sessMgrEncrKey', 336 336 'sessMgrWSDLuri', 337 'sessMgrPubKeyURI',338 337 'cookieDomain', 339 338 'myProxyProp', … … 607 606 userSess = self.__connect2UserSession(proxyCert=proxyCert) 608 607 sessCookie = userSess.createCookie(self.__prop['sessMgrWSDLuri'], 609 self.__prop['sessMgrPubKeyURI'], 610 self.__prop['sessMgrEncrKey']) 608 self.__prop['sessMgrEncrKey']) 611 609 return ConnectResp(sessCookie=sessCookie) 612 610 … … 630 628 # Web browser client - Return session cookie 631 629 userSess.cookieDomain = self.__prop['cookieDomain'] 630 632 631 sessCookie = userSess.createCookie(\ 633 632 self.__prop['sessMgrWSDLuri'], 634 self.__prop['sessMgrPubKeyURI'],635 633 self.__prop['sessMgrEncrKey']) 636 634 … … 806 804 # contain the encrypted XML sent by it. This should be 807 805 # discarded 808 return AuthorisationResp(**userSessMgrResp.xmlTags)806 return userSessMgrResp 809 807 810 808 … … 836 834 'encrCert', 837 835 'encrSessMgrWSDLuri', 838 'encrSessMgrPubKeyURI',839 836 'aaPubKey') 840 837 … … 889 886 # Instantiate WS proxy for remote session manager 890 887 try: 891 smSrv = ServiceProxy(userSessMgrWSDLuri, use_wsdl=True) 892 893 except Exception, e: 894 raise SessionMgrError("Error initialising WS for \"%s\": %s" % \ 895 (userSessMgrWSDLuri, e)) 896 897 898 # Decrypt URI for public key of remote session manager. The 899 # key is required to allow the forwarded message to be 900 # encrypted 901 userSessMgrPubKeyURI = UserSession.decrypt(\ 902 reqKeys['encrSessMgrPubKeyURI'], 903 self.__prop['sessMgrEncrKey']) 904 905 # Retrieve the public key from the URI 906 try: 907 userSessMgrPubKey = tempfile.NamedTemporaryFile() 908 (fileName, httpResp) = urllib.urlretrieve(userSessMgrPubKeyURI, 909 userSessMgrPubKey.name) 910 except Exception, e: 911 raise SessionMgrError("Error retrieving Session Manager " + \ 912 "public key from \"%s\": %s" % \ 913 (userSessMgrPubKeyURI, str(e))) 914 915 # Expecting plain text format for returned public key file 916 # 404 error would come back as 'text/html' 917 if 'text/plain' not in httpResp['Content-type']: 918 raise SessionMgrError("Error retrieving Session Manager " + \ 919 "public key from \"%s\": expecting \"plain/text\"" % \ 920 userSessMgrPubKeyURI) 921 922 923 # Get a copy of THIS Session Manager's public key so that the 924 # remote Session Manager can use it to encrypt its reply 925 try: 926 reqKeys['encrCert'] = open(self.__prop['certFile']).read() 927 928 except IOError, (errNo, errMsg): 888 sessClnt = SessionClient(smWSDL=userSessMgrWSDLuri, 889 clntPubKeyFilePath=self.__prop['certFile'], 890 clntPriKeyFilePath=self.__prop['keyFile']) 891 except Exception, e: 929 892 raise SessionMgrError(\ 930 "Reading Session Manager public key \"%s\": %s" % \ 931 (self.__prop['certFile'], errMsg)) 932 933 except Exception, e: 934 raise SessionMgrError("Reading Session Manager public key: " + \ 935 str(e)) 893 "Re-directing authorisation request to \"%s\": %s" % \ 894 (userSessMgrWSDLuri, str(e))) 936 895 937 896 938 897 # Call remote session manager's authorisation request method 939 898 # and return result to caller 940 try: 941 # Format parsed request into a new request encrypted by 942 # the target SessionMgr's public key 943 redirectAuthReq = AuthorisationReq(\ 944 encrPubKeyFilePath=userSessMgrPubKey.name, 899 try: 900 # encrCert key not needed - it gets set above via 901 # 'clntPubKeyFilePath' 902 if 'encrCert' in reqKeys: 903 del reqKeys['encrCert'] 904 905 # Call remote SessionMgr where users session lies 906 redirectAuthResp = sessClnt.reqAuthorisation(\ 907 clntPriKeyPwd=self.__prop['keyPPhrase'], 945 908 **reqKeys) 946 947 # Call remote SessionMgr where users session lies948 redirectAuthResp = smSrv.reqAuthorisation(\949 authorisationReq=redirectAuthReq())950 909 951 # Decrypt and parse XML contained in response 952 resp = AuthorisationResp(\ 953 encrXMLtxt=redirectAuthResp['authorisationResp'], 954 encrPriKeyFilePath=self.__prop['keyFile'], 955 encrPriKeyPwd=self.__prop['keyPPhrase']) 956 return resp 910 return redirectAuthResp 957 911 958 912 except Exception, e: 959 913 raise SessionMgrError(\ 960 "Error requesting authorisation for Session Manager %s: %s" %\914 "Forwarding Authorisation request for Session Manager \"%s\": %s" %\ 961 915 (userSessMgrWSDLuri, e)) 962 916 -
TI12-security/trunk/python/NDG/SessionClient.py
r737 r739 44 44 def __init__(self, 45 45 smWSDL=None, 46 smPubKey URI=None,46 smPubKeyFilePath=None, 47 47 clntPubKeyFilePath=None, 48 48 clntPriKeyFilePath=None, … … 51 51 smWSDL: WSDL URI for Session Manager WS. Setting it 52 52 will set the Service Proxy 53 smPubKey URI:53 smPubKeyFilePath: 54 54 Public key of Session Manager used to encrypt 55 55 the outgoing message if required - set as a … … 68 68 self.__smWSDL = None 69 69 self.__smPubKeyFilePath = None 70 self.__smPubKey URI= None70 self.__smPubKeyFilePath = None 71 71 self.__clntPubKeyFilePath = None 72 72 self.__clntPubKey = None … … 79 79 self.__setSMwsdl(smWSDL) 80 80 81 if smPubKey URI:82 self.__setSMpubKey URI(smPubKeyURI)81 if smPubKeyFilePath: 82 self.__setSMpubKeyFilePath(smPubKeyFilePath) 83 83 84 84 if clntPriKeyFilePath: … … 115 115 116 116 #_________________________________________________________________________ 117 def __setSMpubKey URI(self, smPubKeyURI):118 119 if not isinstance(smPubKey URI, basestring):117 def __setSMpubKeyFilePath(self, smPubKeyFilePath): 118 119 if not isinstance(smPubKeyFilePath, basestring): 120 120 raise SessionClientError(\ 121 121 "Session Manager public key URI must be a valid string") 122 122 123 self.__smPubKeyURI = smPubKeyURI 124 self.__smPubKeyFilePath = None 125 126 smPubKeyURI = property(fset=__setSMpubKeyURI, 123 self.__smPubKeyFilePath = smPubKeyFilePath 124 125 smPubKeyFilePath = property(fset=__setSMpubKeyFilePath, 127 126 doc="Set Session Manager public key URI") 128 127 … … 140 139 141 140 except IOError, (errNo, errMsg): 142 raise optparse.OptionValueError(\ 143 "Reading certificate file \"%s\": %s" % (value, errMsg)) 141 raise SessionClientError(\ 142 "Reading certificate file \"%s\": %s" % \ 143 (self.__clntPubKeyFilePath, errMsg)) 144 144 145 145 except Exception, e: 146 raise optparse.OptionValueError(\ 147 "Reading certificate file \"%s\": %s" % (value, str(e))) 146 raise SessionClientError(\ 147 "Reading certificate file \"%s\": %s" % \ 148 (self.__clntPubKeyFilePath, str(e))) 148 149 149 150 clntPubKeyFilePath = property(fset=__setClntPubKeyFilePath, … … 165 166 166 167 #_________________________________________________________________________ 167 def __ convSMpubKeyURI2File(self):168 def __getSessionMgrPubKey(self): 168 169 """Retrieve the public key from the URI""" 169 170 170 171 # Don't proceed unless URI was set - user may have set public key via 171 172 # smPubKeyFilePath instead 172 if self.__smPubKey URI isNone:173 if self.__smPubKeyFilePath is not None: 173 174 return 174 175 # If no http prefix, assume a local file 176 if self.__smPubKeyURI[:5] != "http:": 177 self.__smPubKeyFilePath = self.__smPubKeyURI 178 return 179 175 180 176 try: 181 177 self.__smPubKeyTempFile = tempfile.NamedTemporaryFile() 182 178 183 (self.__smPubKeyFilePath, httpResp) = \ 184 urllib.urlretrieve(self.__smPubKeyURI, 185 self.__smPubKeyTempFile.name) 186 187 except Exception, e: 188 raise SessionClientError("Error retrieving Session Manager "+\ 189 "public key from \"%s\": %s" % \ 190 (self.__smPubKeyURI, str(e))) 191 192 # Expecting plain text format for returned public key file 193 # 404 error would come back as 'text/html' 194 if 'text/plain' not in httpResp['Content-type']: 195 raise SessionClientError("Error retrieving Session Manager "+\ 196 "public key from \"%s\": expecting \"plain/text\"" % \ 197 self.__smPubKeyURI) 179 pubKey = self.getPubKey() 180 open(self.__smPubKeyTempFile.name, "w").write(pubKey) 181 182 self.__smPubKeyFilePath = self.__smPubKeyTempFile.name 183 184 except IOError, (errNo, errMsg): 185 raise SessionClientError(\ 186 "Writing public key to temp \"%s\": %s" % \ 187 (self.__smPubKeyTempFile.name, errMsg)) 188 except Exception, e: 189 raise SessionClientError("Retrieving Session Manager " + \ 190 "public key: %s" % str(e)) 198 191 199 192 … … 238 231 239 232 240 # If Public key was set by URI, retrieve to local temp file241 self.__ convSMpubKeyURI2File()233 # If Public key was not set, retrieve from server 234 self.__getSessionMgrPubKey() 242 235 243 236 … … 304 297 305 298 306 # If Public key was set by URI, retrieve otherwise get from 307 # smPubKeyFilePath 308 self.__convSMpubKeyURI2File() 299 # If Public key was not set, retrieve from server 300 self.__getSessionMgrPubKey() 309 301 310 302 … … 345 337 #_________________________________________________________________________ 346 338 def reqAuthorisation(self, 339 proxyCert=None, 347 340 sessCookie=None, 348 proxyCert=None, 341 sessID=None, 342 encrSessMgrWSDLuri=None, 349 343 aaWSDL=None, 350 344 aaPubKey=None, … … 357 351 """Request authorisation from NDG Session Manager Web Service. 358 352 353 reqAuthorisation([sessCookie=s]|[sessID=i, encrSessMgrWSDLuri=e]| 354 [proxyCert=p][key=arg, ...]) 355 proxyCert: proxy certificate - use as ID instead of 356 a cookie in the case of a command line client. 359 357 sessCookie: session cookie returned from call to connect() 360 358 for a browser client. Input as a string or 361 359 SimpleCookie type. 362 proxyCert: proxy certificate - use as ID instead of 363 a cookie in the case of a command line client. 360 sessID: session ID. Input this as well as 361 encrSessMgrWSDLuri as an alternative to 362 sessCookie in the case of a browser client. 363 encrSessMgrWSDLuri: encrypted Session Manager WSDL URI. 364 364 aaWSDL: WSDL URI for Attribute Authority WS. 365 365 aaPubKey: The Session Manager uses the Public key of the … … 385 385 Session Manager. 386 386 """ 387 388 if sessCookie and isinstance(sessCookie, basestring): 389 try: 390 sessCookie = SimpleCookie(sessCookie) 391 except Exception, e: 392 raise SessionClientError("Error parsing session cookie: " + \ 393 str(e)) 394 395 396 # If Public key was set by URI, retrieve otherwise get from 397 # smPubKeyFilePath 398 self.__convSMpubKeyURI2File() 387 388 if sessCookie: 389 if isinstance(sessCookie, basestring): 390 try: 391 sessCookie = SimpleCookie(sessCookie) 392 except Exception, e: 393 raise SessionClientError(\ 394 "Error parsing session cookie: " + str(e)) 395 396 sessID = sessCookie['NDG-ID1'].value 397 encrSessMgrWSDLuri = sessCookie['NDG-ID2'].value 398 399 elif not sessID and not encrSessMgrWSDLuri and not proxyCert: 400 raise SessionClientError(\ 401 '"proxyCert" or "sessCookie or "sessID" and ' + \ 402 '"encrSessMgrWSDLuri" keywords must be set') 403 404 405 # If Public key was not set, retrieve from server 406 self.__getSessionMgrPubKey() 399 407 400 408 … … 402 410 try: 403 411 authReq = AuthorisationReq(aaWSDL=aaWSDL, 404 aaPubKey=aaPubKey, 405 sessID=sessCookie['NDG-ID1'].value, 406 encrSessMgrWSDLuri=sessCookie['NDG-ID2'].value, 407 encrSessMgrPubKeyURI=sessCookie['NDG-ID3'].value, 408 proxyCert=proxyCert, 409 reqRole=reqRole, 410 mapFromTrustedHosts=mapFromTrustedHosts, 411 rtnExtAttCertList=rtnExtAttCertList, 412 extAttCertList=extAttCertList, 413 extTrustedHostList=extTrustedHostList, 414 encrCert=self.__clntPubKey, 415 encrPubKeyFilePath=self.__smPubKeyFilePath) 412 aaPubKey=aaPubKey, 413 sessID=sessID, 414 encrSessMgrWSDLuri=encrSessMgrWSDLuri, 415 proxyCert=proxyCert, 416 reqRole=reqRole, 417 mapFromTrustedHosts=mapFromTrustedHosts, 418 rtnExtAttCertList=rtnExtAttCertList, 419 extAttCertList=extAttCertList, 420 extTrustedHostList=extTrustedHostList, 421 encrCert=self.__clntPubKey, 422 encrPubKeyFilePath=self.__smPubKeyFilePath) 416 423 417 424 resp = self.__smSrv.reqAuthorisation(authorisationReq=authReq()) … … 425 432 raise SessionClientError(\ 426 433 "Error in authorisation request: " + str(e)) 434 435 436 #_________________________________________________________________________ 437 def getPubKey(self): 438 """Retrieve the public key of the Session Manager""" 439 440 try: 441 pubKeyReq = PubKeyReq() 442 443 # Pass request 444 resp = self.__smSrv.getPubKey(pubKeyReq=pubKeyReq()) 445 446 pubKeyResp = PubKeyResp(xmlTxt=resp['pubKeyResp']) 447 448 if 'errMsg' in pubKeyResp and pubKeyResp['errMsg']: 449 raise SessionClientError(pubKeyResp['errMsg']) 450 451 return pubKeyResp['pubKey'] 452 453 except Exception, e: 454 raise SessionClientError("Error retrieving public key: " + str(e)) 455 -
TI12-security/trunk/python/NDG/SessionMgrIO.py
r737 r739 228 228 xmlTagTmpl = { "sessID": "", 229 229 "encrSessMgrWSDLuri": "", 230 "encrSessMgrPubKeyURI": "",231 230 "proxyCert": "", 232 231 "aaWSDL": "", … … 254 253 255 254 # Check for encrypted text or valid credentials 256 if 'sessID' not in self and \ 257 'encrSessMgrWSDLuri' not in self and \ 258 'encrSessMgrPubKeyURI' not in self: 255 if 'sessID' not in self and 'encrSessMgrWSDLuri' not in self: 259 256 if 'proxyCert' not in self: 260 257 raise AuthorisationReqError(\ 261 258 "Authorisation request must include the credentials: " + \ 262 "\"sessID\", \"encrSessMgrWSDLuri\" and " + \ 263 "\"encrSessMgrPubKeyURI\" or \"proxyCert\"") 259 "\"sessID\" and \"encrSessMgrWSDLuri\" or \"proxyCert\"") 264 260 265 261 if 'aaWSDL' not in self: … … 414 410 raise AuthorisationRespError(\ 415 411 "Error parsing Ext. Attribute Certificate List: "+str(e)) 416 417 412 413 414 #_____________________________________________________________________________ 415 class PubKeyReqError(XMLMsgError): 416 """Exception handling for NDG SessionMgr WS getPubKey request class.""" 417 pass 418 419 420 #_____________________________________________________________________________ 421 class PubKeyReq(XMLMsg): 422 """For client to Session Manager WS getPubKey(): formats inputs for 423 request into XML""" 424 pass 425 426 427 #_____________________________________________________________________________ 428 class PubKeyRespError(XMLMsgError): 429 """Exception handling for NDG SessionMgr WS getPubKey response class.""" 430 pass 431 432 433 #_____________________________________________________________________________ 434 class PubKeyResp(XMLMsg): 435 """For client to Session Manager WS getPubKey(): formats getPubKey 436 response from SessionMgr""" 437 438 # Override base class class variables 439 xmlTagTmpl = {"pubKey": "", "errMsg": ""} 440 441 442 def __init__(self, **xmlMsgKeys): 443 """XML for receiving credentials from Session Manager getPubKey call 444 445 xmlMsgKeys: keywords for XMLMsg super-class. If XML tags are 446 input as keywords then 'proxyCert' or 'sessCookie' 447 must be set. 448 """ 449 450 # Allow user credentials to be access like dictionary keys 451 super(self.__class__, self).__init__(**xmlMsgKeys) 452 453 454 # Check for valid output credentials 455 # XML tags input as keywords expected - check minimum 456 # required are present for SessionMgr getPubKey response 457 if 'pubKey' not in self and 'errMsg' not in self: 458 raise PubKeyRespError(\ 459 "PubKey response document must contain: \"pubKey\"" + \ 460 " or \"errMsg\" keywords") 461 -
TI12-security/trunk/python/NDG/attAuthority_services.py
r533 r739 18 18 19 19 class attAuthorityServiceLocator(attAuthorityServiceInterface): 20 attAuthority_address = "http:// 127.0.0.1:5000/attAuthority.wsdl"20 attAuthority_address = "http://glue.badc.rl.ac.uk/attAuthority" 21 21 def getattAuthorityAddress(self): 22 22 return attAuthorityServiceLocator.attAuthority_address … … 37 37 kw["url"] = urlparse.urlparse(addr)[2] 38 38 self.binding = client.Binding(**kw) 39 40 41 def getPubKey(self, request): 42 """ 43 @param: request to pubKeyRequest:: 44 _pubKeyReq: str 45 46 @return: response from pubKeyResponse:: 47 _pubKeyResp: str 48 """ 49 50 if not isinstance(request, pubKeyRequest) and\ 51 not issubclass(pubKeyRequest, request.__class__): 52 raise TypeError, "%s incorrect request type" %(request.__class__) 53 kw = {} 54 response = self.binding.Send(None, None, request, soapaction="urn:attAuthority#getPubKey", **kw) 55 response = self.binding.Receive(pubKeyResponseWrapper()) 56 if not isinstance(response, pubKeyResponse) and\ 57 not issubclass(pubKeyResponse, response.__class__): 58 raise TypeError, "%s incorrect response type" %(response.__class__) 59 return response 39 60 40 61 … … 118 139 authorisationResponse.__init__( self, name='reqAuthorisationResponse', ns='urn:attAuthority' ) 119 140 141 class pubKeyRequest (ZSI.TCcompound.Struct): 142 def __init__(self, name=None, ns=None): 143 self._pubKeyReq = None 144 145 oname = None 146 if name: 147 oname = name 148 if ns: 149 oname += ' xmlns="%s"' % ns 150 ZSI.TC.Struct.__init__(self, pubKeyRequest, [ZSI.TC.String(pname="pubKeyReq",aname="_pubKeyReq",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 151 152 class pubKeyRequestWrapper(pubKeyRequest): 153 """wrapper for rpc:encoded message""" 154 155 typecode = pubKeyRequest(name='getPubKey', ns='urn:attAuthority') 156 def __init__( self, name=None, ns=None, **kw ): 157 pubKeyRequest.__init__( self, name='getPubKey', ns='urn:attAuthority' ) 158 159 class pubKeyResponse (ZSI.TCcompound.Struct): 160 def __init__(self, name=None, ns=None): 161 self._pubKeyResp = None 162 163 oname = None 164 if name: 165 oname = name 166 if ns: 167 oname += ' xmlns="%s"' % ns 168 ZSI.TC.Struct.__init__(self, pubKeyResponse, [ZSI.TC.String(pname="pubKeyResp",aname="_pubKeyResp",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 169 170 class pubKeyResponseWrapper(pubKeyResponse): 171 """wrapper for rpc:encoded message""" 172 173 typecode = pubKeyResponse(name='getPubKeyResponse', ns='urn:attAuthority') 174 def __init__( self, name=None, ns=None, **kw ): 175 pubKeyResponse.__init__( self, name='getPubKeyResponse', ns='urn:attAuthority' ) 176 120 177 class trustedHostInfoRequest (ZSI.TCcompound.Struct): 121 178 def __init__(self, name=None, ns=None): -
TI12-security/trunk/python/NDG/attAuthority_services_server.py
r737 r739 29 29 'urn:attAuthority#getTrustedHostInfo': 'soap_getTrustedHostInfo', 30 30 'urn:attAuthority#reqAuthorisation': 'soap_reqAuthorisation', 31 'urn:attAuthority#getPubKey': 'soap_getPubKey', 31 32 } 32 33 … … 152 153 resp._authorisationResp = authResp() 153 154 return resp 155 156 157 #_________________________________________________________________________ 158 def soap_getPubKey(self, ps): 159 """Get session manager public key in order to initiate a encrypted 160 request""" 161 162 if self.__debug: 163 import pdb 164 pdb.set_trace() 165 166 # assign return values to response object 167 resp = pubKeyResponseWrapper() 168 169 try: 170 # Get public key file and read into string 171 pubKey = open(self.__srv['certFile']).read() 172 pubKeyResp = PubKeyResp(pubKey=pubKey) 173 174 except IOError, (errNo, errMsg): 175 pubKeyResp = PubKeyResp(errMsg="Reading public key \"%s\": %s" % \ 176 (self.__srv['certFile'], errMsg)) 177 except Exception, e: 178 pubKeyResp = PubKeyResp(errMsg=str(e)) 179 180 181 # Convert response into encrypted XML formatted string 182 resp._pubKeyResp = pubKeyResp() 183 return resp 184 -
TI12-security/trunk/python/NDG/sessionMgr_services.py
r533 r739 18 18 19 19 class sessionMgrServiceLocator(sessionMgrServiceInterface): 20 sessionMgr_address = "http:// 127.0.0.1:5700/sessionMgr.wsdl"20 sessionMgr_address = "http://glue.badc.rl.ac.uk/sessionMgr" 21 21 def getsessionMgrAddress(self): 22 22 return sessionMgrServiceLocator.sessionMgr_address … … 81 81 82 82 83 def getPubKey(self, request): 84 """ 85 @param: request to pubKeyRequest:: 86 _pubKeyReq: str 87 88 @return: response from pubKeyResponse:: 89 _pubKeyResp: str 90 """ 91 92 if not isinstance(request, pubKeyRequest) and\ 93 not issubclass(pubKeyRequest, request.__class__): 94 raise TypeError, "%s incorrect request type" %(request.__class__) 95 kw = {} 96 response = self.binding.Send(None, None, request, soapaction="urn:sessionMgr#getPubKey", **kw) 97 response = self.binding.Receive(pubKeyResponseWrapper()) 98 if not isinstance(response, pubKeyResponse) and\ 99 not issubclass(pubKeyResponse, response.__class__): 100 raise TypeError, "%s incorrect response type" %(response.__class__) 101 return response 102 103 83 104 def reqAuthorisation(self, request): 84 105 """ … … 210 231 def __init__( self, name=None, ns=None, **kw ): 211 232 connectResponse.__init__( self, name='connectResponse', ns='urn:sessionMgr' ) 233 234 class pubKeyRequest (ZSI.TCcompound.Struct): 235 def __init__(self, name=None, ns=None): 236 self._pubKeyReq = None 237 238 oname = None 239 if name: 240 oname = name 241 if ns: 242 oname += ' xmlns="%s"' % ns 243 ZSI.TC.Struct.__init__(self, pubKeyRequest, [ZSI.TC.String(pname="pubKeyReq",aname="_pubKeyReq",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 244 245 class pubKeyRequestWrapper(pubKeyRequest): 246 """wrapper for rpc:encoded message""" 247 248 typecode = pubKeyRequest(name='getPubKey', ns='urn:sessionMgr') 249 def __init__( self, name=None, ns=None, **kw ): 250 pubKeyRequest.__init__( self, name='getPubKey', ns='urn:sessionMgr' ) 251 252 class pubKeyResponse (ZSI.TCcompound.Struct): 253 def __init__(self, name=None, ns=None): 254 self._pubKeyResp = None 255 256 oname = None 257 if name: 258 oname = name 259 if ns: 260 oname += ' xmlns="%s"' % ns 261 ZSI.TC.Struct.__init__(self, pubKeyResponse, [ZSI.TC.String(pname="pubKeyResp",aname="_pubKeyResp",optional=1),], pname=name, aname="_%s" % name, oname=oname ) 262 263 class pubKeyResponseWrapper(pubKeyResponse): 264 """wrapper for rpc:encoded message""" 265 266 typecode = pubKeyResponse(name='getPubKeyResponse', ns='urn:sessionMgr') 267 def __init__( self, name=None, ns=None, **kw ): 268 pubKeyResponse.__init__( self, name='getPubKeyResponse', ns='urn:sessionMgr' ) -
TI12-security/trunk/python/NDG/sessionMgr_services_server.py
r737 r739 13 13 version 1.0 or later. 14 14 """ 15 16 cvsID = '$Id$'17 15 18 16 from ZSI.ServiceContainer import ServiceSOAPBinding … … 32 30 'urn:sessionMgr#connect': 'soap_connect', 33 31 'urn:sessionMgr#reqAuthorisation': 'soap_reqAuthorisation', 32 'urn:sessionMgr#getPubKey': 'soap_getPubKey', 34 33 } 35 34 … … 200 199 return resp 201 200 201 202 #_________________________________________________________________________ 203 def soap_getPubKey(self, ps): 204 """Get session manager public key in order to initiate a encrypted 205 request""" 206 207 if self.__debug: 208 import pdb 209 pdb.set_trace() 210 211 212 # assign return values to response object 213 resp = pubKeyResponseWrapper() 214 215 216 try: 217 # Get public key file and read into string 218 pubKey = open(self.__srv['certFile']).read() 219 pubKeyResp = PubKeyResp(pubKey=pubKey) 220 221 except IOError, (errNo, errMsg): 222 pubKeyResp = PubKeyResp(errMsg="Reading public key \"%s\": %s" % \ 223 (self.__srv['certFile'], errMsg)) 224 except Exception, e: 225 pubKeyResp = PubKeyResp(errMsg=str(e)) 226 227 228 # Convert response into encrypted XML formatted string 229 resp._pubKeyResp = pubKeyResp() 230 return resp -
TI12-security/trunk/python/Tests/SessionClientTest.py
r662 r739 13 13 version 1.0 or later. 14 14 """ 15 import unittest 15 16 import os 17 16 18 from Cookie import SimpleCookie 17 19 … … 19 21 20 22 21 #_____________________________________________________________________________ 22 if __name__ == '__main__': 23 class sessionClientTestCase(unittest.TestCase): 24 25 def setUp(self): 26 try: 27 # Session Manager WSDL 28 smWSDL = 'http://glue.badc.rl.ac.uk/sessionMgr.wsdl' 29 #smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl' 30 31 # Public key of session manager used to encrypt requests 32 # If no public key is set, it will be retrieved using the 33 # getPubKey WS method 34 #smPubKeyFilePath = \ 35 # os.path.expandvars("$NDG_DIR/conf/certs/badc-sm-cert.pem") 36 smPubKeyFilePath = None 23 37 24 # Set -d on command line to run in debug mode 25 if len(sys.argv) > 1 and sys.argv[1] == '-d': 26 import pdb 27 pdb.set_trace() 38 self.__clntPriKeyPwd = open("./tmp2").read().strip() 28 39 29 try: 30 # Modify settings as required for tests... 40 clntPubKeyFilePath = os.path.expandvars("$HOME/Junk-cert.pem") 41 clntPriKeyFilePath = os.path.expandvars("$HOME/Junk-key.pem") 42 43 # Initialise the Session Manager client connection 44 # Omit traceFile keyword to leave out SOAP debug info 45 self.sessClnt = SessionClient(smWSDL=smWSDL, 46 smPubKeyFilePath=smPubKeyFilePath, 47 clntPubKeyFilePath=clntPubKeyFilePath, 48 clntPriKeyFilePath=clntPriKeyFilePath, 49 traceFile=sys.stderr) 50 except Exception, e: 51 self.fail(str(e)) 52 53 54 def tearDown(self): 55 pass 56 57 58 def addUserTest(self): 31 59 32 # Attribute Authority WSDL 33 aaWSDL = 'http://.../attAuthority.wsdl' 60 userName = 'pjkersha' 34 61 35 # Session Manager WSDL 36 smWSDL = 'http://.../sessionMgr.wsdl' 37 #smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl' 62 try: 63 # Uncomment to add a new user ID to the MyProxy repository 64 # Note the pass-phrase is read from the file tmp. To pass 65 # explicitly as a string use the 'pPhrase' keyword instead 66 self.sessClnt.addUser(userName, 67 pPhraseFilePath="./tmp", 68 clntPriKeyPwd=self.__clntPriKeyPwd) 69 print "Added user '%s'" % userName 70 71 except Exception, e: 72 self.fail(str(e)) 73 38 74 39 # Public key of session manager used to encrypt requests 40 smEncrPubKeyFilePath = \ 41 os.path.expandvars("$NDG_DIR/conf/certs/<name>-sm-cert.pem") 42 #smEncrPubKeyFilePath = None 75 def cookieConnectTest(self): 43 76 44 # 45 # If no public key is set, requests will be made in clear text without 46 # encryption! 47 #smEncrPubKeyFilePath = None 77 userName = 'pjkersha' 78 try: 79 # Connect as if acting as a browser client - a cookie is returned 80 sSessCookie = self.sessClnt.connect(userName, 81 pPhraseFilePath="./tmp", 82 clntPriKeyPwd=self.__clntPriKeyPwd) 83 self.sessCookie = SimpleCookie(sSessCookie) 84 print "User '%s' connected to Session Manager:\n%s" % \ 85 (userName, sSessCookie) 86 87 except Exception, e: 88 self.fail(str(e)) 89 90 91 def proxyCertConnectTest(self): 48 92 49 # User ID to register with NDG MyProxy OR an existing ID to connect 50 #userName = 'gabriel' 51 userName = 'a.n.other@somewhere.ac.uk' 93 userName = 'pjkersha' 94 95 try: 96 # Connect as a command line client - a proxyCert is returned 97 proxyCert = self.sessClnt.connect(userName, 98 pPhraseFilePath="./tmp", 99 createServerSess=True, 100 getCookie=False, 101 clntPriKeyPwd=self.__clntPriKeyPwd) 102 print "User '%s' connected to Session Manager:\n%s" % \ 103 (userName, proxyCert) 52 104 53 # Initialise the Session Manager client connection 54 # Omit traceFile keyword to leave out SOAP debug info 55 sessClnt = SessionClient(smWSDL=smWSDL, 56 smEncrPubKeyFilePath=smEncrPubKeyFilePath, 57 traceFile=sys.stderr) 105 except Exception, e: 106 self.fail(str(e)) 58 107 59 # Uncomment to add a new user ID to the MyProxy repository60 # Note the pass-phrase is read from the file tmp.txt. To pass61 # explicitly as a string use the 'pPhrase' keyword instead62 # sessClnt.addUser(userName, pPhraseFilePath="./tmp")63 # print "Added user '%s'" % userName64 65 # Connect using an existing user ID or using the one just created66 # above67 #68 # Connect as if acting as a browser client - a cookie is returned69 # sSessCookie = sessClnt.connect(userName, pPhraseFilePath="./tmp")70 # sessCookie = SimpleCookie(sSessCookie)71 # print "User '%s' connected to Session Manager" % userName72 #73 # # Request an attribute certificate from an Attribute Authority using74 # # the cookie returned from connect()75 # authResp = sessClnt.reqAuthorisation(76 # sessID=sessCookie['NDG-ID1'].value,77 # encrSessMgrWSDLuri=sessCookie['NDG-ID2'].value,78 # aaWSDL=aaWSDL)79 108 80 proxyCert = sessClnt.connect(userName, 81 pPhraseFilePath="./tmp", 82 createServerSess=True, 83 getCookie=False) 84 print "User '%s' connected to Session Manager" % userName 109 def cookieReqAuthorisationTest(self): 110 try: 111 # Request an attribute certificate from an Attribute Authority 112 # using the cookie returned from connect() 113 authResp = self.sessClnt.reqAuthorisation(\ 114 sessID=self.sessCookie['NDG-ID1'].value, 115 encrSessMgrWSDLuri=self.sessCookie['NDG-ID2'].value, 116 aaWSDL=aaWSDL, 117 clntPriKeyPwd=self.__clntPriKeyPwd) 118 119 # The authorisation response is returned as an object which 120 # behaves like a python dictionary. See 121 # NDG.SessionMgrIO.AuthorisationResp 122 if 'errMsg' in authResp: 123 print "Authorisation failed for user '%s':\n" % userName 124 else: 125 print "User '%s' authorised:\n" % userName 126 127 print authResp 85 128 86 # Request an attribute certificate from an Attribute Authority using 87 # the cookie returned from connect() 88 authResp = sessClnt.reqAuthorisation(proxyCert=proxyCert, 89 aaWSDL=aaWSDL) 90 91 # The authorisation response is returned as an object which behaves 92 # like a python dictionary. See NDG.SessionMgrIO.AuthorisationResp 93 if 'errMsg' in authResp: 94 print "Authorisation failed for user '%s':\n" % userName 95 else: 96 print "User '%s' authorised:\n" % userName 129 except Exception, e: 130 self.fail(str(e)) 131 132 133 def proxyCertReqAuthorisationTest(self): 134 try: 135 # Request an attribute certificate from an Attribute Authority 136 # using the proxyCert returned from connect() 137 authResp = self.sessClnt.reqAuthorisation(\ 138 proxyCert=self.proxyCert, 139 aaWSDL=aaWSDL, 140 clntPriKeyPwd=self.__clntPriKeyPwd) 141 142 # The authorisation response is returned as an object which 143 # behaves like a python dictionary. See 144 # NDG.SessionMgrIO.AuthorisationResp 145 if 'errMsg' in authResp: 146 print "Authorisation failed for user '%s':\n" % userName 147 else: 148 print "User '%s' authorised:\n" % userName 149 150 print authResp 151 152 except Exception, e: 153 self.fail(str(e)) 154 155 156 def getPubKeyTest(self): 157 try: 158 # Request an attribute certificate from an Attribute Authority 159 # using the proxyCert returned from connect() 160 import pdb 161 pdb.set_trace() 162 pubKey = self.sessClnt.getPubKey() 163 164 print "Public Key:\n" + pubKey 165 166 except Exception, e: 167 self.fail(str(e)) 97 168 98 print authResp 99 sys.exit(0) 100 101 except Exception, e: 102 sys.stderr.write(str(e) + os.linesep) 103 sys.exit(1) 104 169 170 #_____________________________________________________________________________ 171 class sessionClientTestSuite(unittest.TestSuite): 172 def __init__(self): 173 map = map(sessionClientTestCase, 174 ( 175 "addUserTest", 176 "connectTest", 177 "reqAuthorisationTest", 178 "getPubKeyTest", 179 )) 180 unittest.TestSuite.__init__(self, map) 181 182 if __name__ == "__main__": 183 unittest.main() -
TI12-security/trunk/python/bin/ndgSessionClient.py
r737 r739 160 160 161 161 parser.add_option("-y", 162 "--session-mgr-pubkey- uri",163 dest="smPubKey URI",162 "--session-mgr-pubkey-file", 163 dest="smPubKeyFilePath", 164 164 help=\ 165 165 """X.509 Certificate of Session Manager. This is used to encrypt the request 166 to the Session Manager. Set as a local file path or remote URI. WARNING:167 If this is not set, the request will be sentin clear text""")166 to the Session Manager. WARNING: if this is not set, the request will be sent 167 in clear text""") 168 168 169 169 parser.add_option("-s", … … 327 327 try: 328 328 sessClnt = SessionClient(smWSDL=options.sessMgrWSDLuri, 329 smPubKey URI=options.smPubKeyURI,329 smPubKeyFilePath=options.smPubKeyFilePath, 330 330 clntPubKeyFilePath=options.clntPubKeyFilePath, 331 331 clntPriKeyFilePath=options.clntPriKeyFilePath, -
TI12-security/trunk/python/conf/mapConfig.xml
r737 r739 3 3 <trusted name="BODC"> 4 4 <wsdl>bodcAttAuthorityURI</wsdl> 5 <pubKey>bodcAttAuthorityPubKeyURI</pubKey>6 5 <role remote="aBODCrole" local="aLocalRole"/> 7 6 </trusted> 8 7 <trusted name="escience"> 9 8 <wsdl>eScienceAttAuthorityURI</wsdl> 10 <pubKey>eScienceAttAuthorityURI</pubKey>11 9 <role remote="anEScienceRole" local="anotherLocalRole"/> 12 10 </trusted> -
TI12-security/trunk/python/conf/sessionMgrProperties.xml
r689 r739 7 7 <sessMgrEncrKey></sessMgrEncrKey> 8 8 <sessMgrWSDLuri></sessMgrWSDLuri> 9 <sessMgrPubKeyURI></sessMgrPubKeyURI>10 9 <cookieDomain></cookieDomain> 11 10 <myProxyProp> -
TI12-security/trunk/python/www/html/attAuthority.wsdl
r689 r739 27 27 </message> 28 28 29 <message name="pubKeyRequest"> 30 <part name="pubKeyReq" type="xsd:string"/> 31 </message> 32 33 <message name="pubKeyResponse"> 34 <part name="pubKeyResp" type="xsd:string"/> 35 </message> 36 29 37 30 38 <portType name="attAuthority"> … … 37 45 <input message="tns:trustedHostInfoRequest"/> 38 46 <output message="tns:trustedHostInfoResponse"/> 47 </operation> 48 49 <operation name="getPubKey"> 50 <input message="tns:pubKeyRequest"/> 51 <output message="tns:pubKeyResponse"/> 39 52 </operation> 40 53 </portType> … … 66 79 </output> 67 80 </operation> 68 81 82 <operation name="getPubKey"> 83 <soap:operation soapAction="urn:attAuthority#getPubKey"/> 84 <input> 85 <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 86 namespace="urn:attAuthority" use="encoded"/> 87 </input> 88 <output> 89 <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 90 namespace="urn:attAuthority" use="encoded"/> 91 </output> 92 </operation> 69 93 </binding> 70 94 -
TI12-security/trunk/python/www/html/sessionMgr.wsdl
r689 r739 35 35 </message> 36 36 37 <message name="pubKeyRequest"> 38 <part name="pubKeyReq" type="xsd:string"/> 39 </message> 40 41 <message name="pubKeyResponse"> 42 <part name="pubKeyResp" type="xsd:string"/> 43 </message> 44 37 45 38 46 <portType name="sessionMgr"> … … 46 54 <output message="tns:connectResponse"/> 47 55 </operation> 48 56 49 57 <operation name="reqAuthorisation"> 50 58 <input message="tns:authorisationRequest"/> 51 59 <output message="tns:authorisationResponse"/> 60 </operation> 61 62 <operation name="getPubKey"> 63 <input message="tns:pubKeyRequest"/> 64 <output message="tns:pubKeyResponse"/> 52 65 </operation> 53 66 </portType> … … 87 100 <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 88 101 namespace="urn:sessionMgr" use="encoded"/> 89 </output> 102 </output> 103 </operation> 104 <operation name="getPubKey"> 105 <soap:operation soapAction="urn:sessionMgr#getPubKey"/> 106 <input> 107 <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 108 namespace="urn:sessionMgr" use="encoded"/> 109 </input> 110 <output> 111 <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 112 namespace="urn:sessionMgr" use="encoded"/> 113 </output> 90 114 </operation> 91 115 </binding> 92 116 93 117 <service name="sessionMgrService"> 94 <documentation>NDG Session Manager Web Service</documentation>118 <documentation>NDG BADC Session Manager Web Service</documentation> 95 119 <port name="sessionMgr" binding="tns:sessionMgrBinding"> 96 120 <soap:address location=""/>
Note: See TracChangeset
for help on using the changeset viewer.
