Changeset 920

Timestamp:

12/05/06 17:30:41 (15 years ago)

Author:

pjkersha

Message:

Added XML signature to Logging WS clients for message security. XMLMsg can now perform
XML signature and checking but these are separate methods and not integrated with init

Location:

TI12-security/trunk/python/NDG

Files:

• Log.py (modified) (2 diffs)
• XMLMsg.py (modified) (5 diffs)
• XMLSecDoc.py (modified) (6 diffs)
• log_services_server.py (modified) (10 diffs)

TI12-security/trunk/python/NDG/Log.py

@@ -37 +37 @@
     __dateFmt = '%d %b %Y %H:%M:%S'
     
+    # Log file size limit and number of backups saved
+    __maxBytes = 1048576
+    __backUpCnt = 10
+    
     def __init__(self, logName='', logFilePath=None, console=False):
         """NDG Logging class
@@ -70 +74 @@
         if logFilePath:
             fileLog = RotatingFileHandler(logFilePath, 
-                                          maxBytes=1048576, 
-                                          backupCount=10)
+                                          maxBytes=self.__maxBytes, 
+                                          backupCount=self.__backUpCnt)
             fileLog.setFormatter(formatter)
             

TI12-security/trunk/python/NDG/XMLMsg.py

@@ -10 +10 @@
 version 1.0 or later.
 """
-
-cvsID = '$Id$'
 
 # For new line symbol
@@ -54 +52 @@
                  encrPriKeyFilePath=None,
                  encrPriKeyPwd=None,
+                 signingKeyFilePath=None,
+                 signingKeyPwd=None,
+                 signingCertFilePath=None,
+                 signatureChkCertFilePath=None,
                  xmlVers="1.0",
                  xmlEncoding="UTF-8",
@@ -96 +98 @@
         # Initialisation for XML Security class used for encryption
         try:
+            if signingCertFilePath:
+                # Add cert to signature
+                certFilePathList = signingCertFilePath
+                
+            elif signatureChkCertFilePath:
+                #  Check an existing doc using the input cert file
+                certFilePathList = signatureChkCertFilePath
+            else:
+                certFilePathList = None
+                    
             self.__xmlSecDoc=XMLSecDoc(encrPriKeyFilePath=encrPriKeyFilePath,
-                                       encrPubKeyFilePath=encrPubKeyFilePath)
+                                       encrPubKeyFilePath=encrPubKeyFilePath,
+                                       signingKeyFilePath=signingKeyFilePath,
+                                       certFilePathList=certFilePathList)
         except Exception, e:
             raise XMLMsgError("Error initialising XML security: %s" % e)     
@@ -115 +129 @@
             try:
                 self.decrypt(encrPriKeyPwd, encrXMLtxt)
-                           
+                
             except Exception, e:
                 raise XMLMsgError("Error decrypting input text: %s" % e)     
@@ -428 +442 @@
         self.__xmlSecDoc.decrypt(xmlTxt=xmlTxt, encrPriKeyPwd=encrPriKeyPwd)
         self.__xmlTxt = str(self.__xmlSecDoc)
+
    
+    #_________________________________________________________________________
+    def sign(self,
+             signingKeyFilePath=None,
+             signingKeyPwd=None,
+             signingCertFilePath=None):
+        """Digitally sign message"""
+        
+        self.__xmlSecDoc.sign(xmlTxt=self.__xmlTxt,
+                              signingKeyFilePath=signingKeyFilePath,
+                              signingKeyPwd=signingKeyPwd,
+                              certFilePathList=signingCertFilePath)
+        self.__xmlTxt = str(self.__xmlSecDoc)
+
+   
+    #_________________________________________________________________________
+    def isValidSig(self, *certFilePathList):
+        """Check digital signature of message"""
+        
+        if certFilePathList == ():
+            certFilePathList = None
+            
+        return self.__xmlSecDoc.isValidSig(xmlTxt=self.__xmlTxt,
+                                           certFilePathList=certFilePathList)

TI12-security/trunk/python/NDG/XMLSecDoc.py

@@ -31 +31 @@
 
 # XML security module
-import xmlsec
-
-
-
-class XMLSecDocMetaClass(type):
-    def __init__(cls, name, bases, dict):
-        
-        # Init xmlsec library
-        if xmlsec.init() < 0:
-            raise XMLSecDocError("xmlsec initialization failed.")
-
-        
-        # Check loaded library version
-        if xmlsec.checkVersion() != 1:
-            raise XMLSecDocError("xmlsec library version is not compatible.")
-
-
-        # Init crypto library
-        if xmlsec.cryptoAppInit(None) < 0:
-            raise XMLSecDocError("Crypto initialization failed.")
-
-        
-        # Init xmlsec-crypto library
-        if xmlsec.cryptoInit() < 0:
-            raise XMLSecDocError("xmlsec-crypto initialization failed.")
-        
+import xmlsec        
 
 
@@ -67 +42 @@
     def __str__(self):
         return self.__msg
-
-
 
 
@@ -413 +386 @@
         elif isinstance(filePath, list):
             self.__certFilePathList = filePath
+                                            
+        elif isinstance(filePath, tuple):
+            self.__certFilePathList = list(filePath)
 
         else:
@@ -550 +526 @@
         signingKeyPwd:          password for signing key file.
 
-        certFilePathList:    file path to certificate file of Attribute
-                                Authority  - may also be set in  __init__
+        certFilePathList:       file paths to certificate files
                                 """
 
@@ -611 +586 @@
         signingKeyPwd:          password for signing key file.
         
-        certFilePathList:       file path to certificate file of Attribute
-                                Authority  - may also be set in  __init__
+        certFilePathList:       include certificate of signer 
             inclX509Cert:                   include MIME encoded content of X.509 
                                                 certificate that will sign the document
@@ -784 +758 @@
                                 by self.__filePath is read instead.
 
-        certFilePathList:    Certificate used to sign the document.
+        certFilePathList:       Certificate used to sign the document.
                                 """
 

TI12-security/trunk/python/NDG/log_services_server.py

@@ -13 +13 @@
 version 1.0 or later.
 """
+import os
 
 from log_services import *
@@ -18 +19 @@
 
 from Log import *
+from LogIO import *
 
 
@@ -36 +38 @@
         self.__srv = srv        
         self.__debug = debug
+        self.__caCertFilePath = os.path.expandvars(\
+                                             "$NDG_DIR/conf/certs/cacert.pem")
         
 
@@ -46 +50 @@
         
         # input vals in request object
-        args = ps.Parse(debugRequestWrapper)
-        reqTxt = str(args._debugReq)        
+        reqArgs = ps.Parse(debugRequestWrapper)        
+        req = DebugReq(xmlTxt=str(reqArgs._debugReq))        
 
         # assign return values to response object
         response = debugResponseWrapper()
         
-        try:
-            self.__srv.debug(reqTxt)
+        try:            
+            if not req.isValidSig(self.__caCertFilePath):
+                response._debugResp = "Client signature is invalid"
+                
+            self.__srv.debug(req['msg'])
 
         except Exception, e:
@@ -70 +77 @@
         
         # input vals in request object
-        args = ps.Parse(errorRequestWrapper)
-        reqTxt = str(args._errorReq)        
+        reqArgs = ps.Parse(errorRequestWrapper)
+        req = ErrorReq(xmlTxt=str(reqArgs._errorReq))       
 
         # assign return values to response object
@@ -77 +84 @@
         
         try:
-            self.__srv.error(reqTxt)
+            if not req.isValidSig(self.__caCertFilePath):
+                response._errorResp = "Client signature is invalid"
+                
+            self.__srv.error(req['msg'])
 
         except Exception, e:
@@ -94 +104 @@
         
         # input vals in request object
-        args = ps.Parse(infoRequestWrapper)
-        reqTxt = str(args._infoReq)        
+        reqArgs = ps.Parse(infoRequestWrapper)
+        req = InfoReq(xmlTxt=str(reqArgs._infoReq))       
 
         # assign return values to response object
@@ -101 +111 @@
         
         try:
-            self.__srv.info(reqTxt)
+            if not req.isValidSig(self.__caCertFilePath):
+                response._infoResp = "Client signature is invalid"
+
+            self.__srv.info(req['msg'])
 
         except Exception, e:
@@ -118 +131 @@
         
         # input vals in request object
-        args = ps.Parse(warningRequestWrapper)
-        reqTxt = str(args._warningReq)        
+        reqArgs = ps.Parse(warningRequestWrapper)
+        req = WarningReq(xmlTxt=str(reqArgs._warningReq))       
 
         # assign return values to response object
@@ -125 +138 @@
         
         try:
-            self.__srv.warning(reqTxt)
+            if not req.isValidSig(self.__caCertFilePath):
+                response._warningResp = "Client signature is invalid"
+                
+            self.__srv.warning(req['msg'])
 
         except Exception, e: