From 2775522b8b9e4862efa0a29eb1acaddca821e5e5 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Thu, 11 Nov 2010 14:21:48 +0000
Subject: [PATCH] merged slc tgextra parts into trunk
git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@7741 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
.../rbacSoap/TgExtra.class.php | 466 ++++++++++++++----
.../rbacSoap/wsdl-8081/tgextra.wsdl | 243 ++++++++-
2 files changed, 604 insertions(+), 105 deletions(-)
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 182eeb6..30ab9c8 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -283,20 +283,38 @@ class TgExtra {
// Finally add the username and allowed
// operations for the current session.
$result->username = $this->rbac->sessionUser( $inRequest->auth );
- $result->operation = $this->rbac->userOperationsOnObject( $this->rbac->sessionUser( $inRequest->auth ), $inRequest->resource );
+
+ try {
+
+ $result->operation = $this->rbac->userOperationsOnObject( $result->username, $inRequest->resource );
- // Make sure that if the operation was "read" and the user
- // has access but has this right due to an extension the
- // permissionset contains the read operation.
- if( $inRequest->operation == "read" && $result->result && !in_array( "read", $result->operation ) ) {
+ // Make sure that if the operation was "read" and the user
+ // has access but has this right due to an extension the
+ // permissionset contains the read operation.
+ if( $inRequest->operation == "read" && $result->result && !in_array( "read", $result->operation ) ) {
+
+ $result->operation[] = "read";
+
+ }
- $result->operation[] = "read";
+
+ return $result;
}
+ catch( Exception $e ) {
+ $objFaultDetail->faultNo = $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" );
+ $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" );
+ $objFaultDetail->cause = "Object does not exist";
- return $result;
+
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $objFaultDetail );
+
+ }
}
else {
@@ -1020,7 +1038,7 @@ class TgExtra {
// Input: auth / xsd:string
// log / xsd:string
// resource / xsd:string
- // Output: result / xsd:boolean
+ // Output: result / xsd:string
// Description
// Returns the owner of a resource. This owner has nothing
// to do with any permissions, it is just the owner.
@@ -1060,6 +1078,64 @@ class TgExtra {
}
+ // -----------------------------------------------------
+ // Function: getUUID
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // resource / xsd:string
+ // Output: result / xsd:string
+ // Description
+ // Returns the UUID of a resource, possibly nothing if unset.
+ // -----------------------------------------------------
+ public function getUUID( $inRequest ) {
+
+ $result = new getUUIDResponse(); // The return-result
+ $filter = ""; // RBAC-filter
+ $arrResource = Array(); // Resoult of the RBAC-search
+
+
+ // Create a filter that searches for the
+ // given resource.
+ $filter = "(&" . $this->rbac->getConfiguration()->getValue( "resource", "filter" );
+ $filter .= "(|(" . $this->rbac->getConfiguration()->getValue( "resource", "namingattribute" ) . "=" . $inRequest->resource . ")";
+ $filter .= " (" . $this->rbac->getConfiguration()->getValue( "resource", "aliasattribute" ) . "=" . $inRequest->resource . ")))";
+
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "read", $inRequest->resource ) ) {
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ),
+ $filter, "sub",
+ Array( "tgresourceuuid" ) );
+
+
+ if( sizeof( $arrResource ) == 1 ) {
+
+ if (isset($arrResource[0]['tgresourceuuid'][0])) {
+
+ $result->uuid = $arrResource[0]['tgresourceuuid'][0];
+
+ } else {
+
+ $result->uuid = "No UUID defined"; // will be a fault later
+
+ }
+
+ } else {
+
+ $result->uuid = "Resource not found or no access right"; // will be a fault later
+
+ }
+
+ } else {
+
+ $result->uuid = "Resource not found or no access right"; // will be a fault later
+
+ }
+
+ return $result;
+
+ }
+
// -----------------------------------------------------
@@ -1435,7 +1511,7 @@ class TgExtra {
// organisation / xsd:string
// Output: userdetail[] / tns:userDetail
// Description
- // Searches for Names (alternatively mails) and returns matching users.
+ // Searches for name (alternatively mail or organisation) and returns matching users.
// -----------------------------------------------------
public function getIDs( $inRequest ) {
@@ -1468,8 +1544,8 @@ class TgExtra {
$entry = $arrUserEntry[$i];
$result[] = new userDetail (
- mb_strtolower ($entry['uid'][0]), // ePPN
- $entry['cn'][0], // name
+ mb_strtolower ($entry['uid'][0]), // ePPN
+ isset ($entry['displayname'][0]) ? $entry['displayname'][0] : $entry['cn'][0], // name, alternatively the ePPN residing in cn
isset ($entry['mail'][0]) ? $entry['mail'][0] : null,
isset ($entry['o'][0]) ? $entry['o'][0]: null, // organisation
isset ($entry['tgagreesearch'][0]) ? ($entry['tgagreesearch'][0] === "TRUE" ? TRUE : FALSE) : null, // bool
@@ -1929,6 +2005,212 @@ class TgExtra {
}
+ // -----------------------------------------------------
+ // Function: getSLC
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // secret / xsd:string
+ // Output: slc / xsd:base64binary
+ // Description
+ // CRUD may use this to retrieve a Short-Lived Certificate Key pair for the user
+ // -----------------------------------------------------
+ function getSLC ( $inRequest ) {
+
+ if ($inRequest->secret !== $this->config->getValue( "crud", "secret" ) ) {
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+ }
+
+ // Search for Session entry
+ $filter = "(" . $this->rbac->getConfiguration()->getValue( "session", "namingattribute" ) .
+ "=" . $inRequest->auth . ")";
+ $arrSessionEntry = $this->connection['user']->search(
+ $this->rbac->getConfiguration()->getValue( "session", "base" ),
+ $filter, "sub", Array( "rbacSessionUser" ) );
+
+ // retrieve rbacSessionUser attribute (ePPN)
+ if( isset( $arrSessionEntry[0] ) && isset( $arrSessionEntry[0]['dn'] ) ) {
+ $eppn = $arrSessionEntry[0]['rbacsessionuser'][0];
+ } else {
+ // echo ("Could not find Session entry");
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ // Search for user entry
+ $filter = "(" . $this->config->getValue( "authentication", "namingattribute" ) . "=" . $eppn . ")";
+ $arrUserEntry = $this->connection['user']->search(
+ $this->config->getValue( "authentication", "base" ),
+ $filter, "sub", Array( "dn" ) );
+
+
+ // Retrieve userPKCS12 attribute (certificate + key)
+ if( isset( $arrUserEntry[0] ) && isset( $arrUserEntry[0]['dn'] ) ) {
+ // have to set binary mode to TRUE...
+ $certArr = $this->connection['user']->getEntry( $arrUserEntry[0]['dn'], array("userpkcs12"), TRUE);
+ $pkcs12 = $certArr['userpkcs12'][0];
+ } else {
+ //echo ("Failed finding the user entry");
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "AUTHENTICATION_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "AUTHENTICATION_ERROR" ) );
+
+ }
+
+ // find the passphrase for the p12 from the mapSIDtoePassphrase demon
+ $sock = socket_create( AF_UNIX, SOCK_STREAM, 0 );
+ $response = new stdClass();
+ $socketfilename = $this->config->getValue( "SLCPassphraseMap", "socketfile" );
+
+ if( socket_connect( $sock, $socketfilename ) ) {
+ socket_write ( $sock, "getPassphrase\n");
+ socket_write ( $sock, $inRequest->auth . "\n" );
+ socket_write ( $sock, "\n" . '>>>EOF<<<' . "\n");
+
+ $result = socket_read( $sock, 4096 , PHP_NORMAL_READ );
+
+ if ( strpos ($result, "getPassphraseresult") == 0 ){
+ $passphrase = chop(socket_read( $sock, 4096 , PHP_NORMAL_READ ));
+ } else {
+ // no passphrase returned
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+ }
+
+ socket_shutdown( $sock, 2 );
+ socket_close( $sock );
+
+ } else {
+ // could not connect to socket
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+ // Encode certificate into PEM format
+ $both = '';
+ if ( openssl_pkcs12_read($pkcs12, $allpem, $passphrase) ) {
+ $both = $allpem['cert'] . $allpem['pkey'];
+ } else {
+ //echo ("Failed reading the user's certificate");
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+
+ $result = new getSLCResponse();
+ $result->slc = base64_encode($both);
+
+ return $result;
+
+ }
+
+
+
+ // -----------------------------------------------------
+ // Function: getCSR
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // Output: csr / xsd:base64binary
+ // Description
+ // Returns a dummy certificate signing request, where the contacted deamon will hold the key in memory
+ // -----------------------------------------------------
+ function getCSR ( $inRequest ) {
+
+ # TODO should check whether auth is valid
+ $sock = socket_create( AF_UNIX, SOCK_STREAM, 0 );
+ $response = new stdClass();
+ $socketfilename = $this->config->getValue( "SLCPassphraseMap", "socketfile" );
+
+ if( socket_connect( $sock, $socketfilename ) ) {
+
+ socket_write ( $sock, "getCSR\n");
+ socket_write ( $sock, $inRequest->auth . "\n" );
+ $result = socket_read( $sock, 80, PHP_NORMAL_READ );
+ if ( strpos ($result , "getCSRresult") == 0 ) {
+ $result = socket_read( $sock, 80, PHP_NORMAL_READ );
+ $csr = "";
+ while ( $result && !(strpos ($result, '>>>EOF<<<') === 0 )) {
+ $csr .= $result;
+ $result = socket_read( $sock, 80, PHP_NORMAL_READ );
+ }
+
+ $response->csr = $csr;
+
+ return $response;
+ } else {
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+ socket_shutdown( $sock, 2 );
+ socket_close( $sock );
+
+ } else {
+ $response->csr = base64_encode(socket_strerror(socket_last_error()));
+ return $response;
+
+ return new SoapFault( "unknownResourceFault",
+ $this->config->getValue( "errorCode", "RESOURCENOTFOUND_ERROR" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "RESOURCENOTFOUND_ERROR" ) );
+
+ }
+}
+
+
+
+ // -----------------------------------------------------
+ // Function: putCRT
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // crt / xsd:string
+ // Output: success / xsd:boolean
+ // Description
+ // Returns a dummy certificate signing request
+ // -----------------------------------------------------
+ function putCRT ( $inRequest ) {
+
+ # TODO should check whether auth is valid
+ $sock = socket_create( AF_UNIX, SOCK_STREAM, 0 );
+ $response = new stdClass();
+ $socketfilename = $this->config->getValue( "SLCPassphraseMap", "socketfile" );
+
+ if( socket_connect( $sock, $socketfilename ) ) {
+
+ socket_write ( $sock, "putCRT\n");
+ socket_write ( $sock, $inRequest->auth . "\n" );
+ socket_write ( $sock, $inRequest->crt );
+ socket_write ( $sock, "\n" . '>>>EOF<<<' . "\n");
+
+ $result = socket_read( $sock, 4096, PHP_NORMAL_READ );
+ if ( strpos ($result, "putCRTresult") == 0 ) {
+ $success = chop(socket_read( $sock, 4096 , PHP_NORMAL_READ));
+ if ($success == "true") {
+ $response->success = true;
+ return $response;
+ }
+ }
+ socket_shutdown( $sock, 2 );
+ socket_close( $sock );
+ }
+ $response->success = false;
+ return $response;
+ }
+
// -----------------------------------------------------
@@ -1937,6 +2219,7 @@ class TgExtra {
// log / xsd:string
// project / xsd:string
// uri / xsd:string
+ // uuid / xsd:string
// Output: result / xsd:boolean
// Description
// Tries to add a resource to the directory. There for
@@ -2033,6 +2316,9 @@ class TgExtra {
$arrEntry['rbacoperation'][] = "delete";
$arrEntry['rbacoperation'][] = "publish";
$arrEntry['tgresourceuri'][] = $inRequest->uri;
+ if (isset($inRequest->uuid)) {
+ $arrEntry['tgresourceuuid'][] = $inRequest->uuid;
+ }
$arrEntry['tgprojectid'][] = $inRequest->project;
$arrEntry['tgispublic'][] = "FALSE";
$arrEntry[$resourceNamingAttribute][] = "TGRS" . ($freeNumber);
@@ -2372,6 +2658,84 @@ class TgExtra {
+ // -----------------------------------------------------
+ // Function: deleteProject
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // project / xsd:string
+ // Output: result / xsd:boolean
+ // Description:
+ // Removes a project/role from the database if there are
+ // no resources containing any role that belongs to
+ // this project/role.
+ // -----------------------------------------------------
+ public function deleteProject( $inRequest ) {
+
+ $result = new booleanResponse();
+ $objFaultDetail = new stdClass();
+
+
+ // Search for any resources within the project. If
+ // there are any the project cannot be deleted.
+ $strFilter .= "(&(objectClass=TextGridResource)(TGProjectId=" . $inRequest->project . "))";
+
+
+ $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $strFilter, "sub" );
+
+
+ if( sizeof( $arrResource ) != 0 ) {
+
+ $objFaultDetail->faultNo = 7;
+ $objFaultDetail->faultMessage = "Project could not be deleted";
+ $objFaultDetail->cause = "There are still " . sizeof( $arrResource ) . " resources belonging to this project.";
+
+ return new SoapFault( "notEmptyFault", 7, get_class( $this ), $objFaultDetail );
+// return new SoapFault( Array( "http://textgrid.info/namespaces/middleware/tgauth", "notEmptyFault" ), 7, get_class( $this ), "There are still " . sizeof( $arrResource ) . " resources belonging to this project." );
+
+ }
+ else {
+
+ $strFilter = "(&(objectClass=rbacRole)(rbacName=" . $inRequest->project . "))";
+
+
+ $arrRole = $this->rbac->getConnection( "role" )->search( $this->rbac->getConfiguration()->getValue( "role", "base" ), $strFilter, "sub" );
+
+
+ if( sizeof( $arrRole ) == 1 ) {
+
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
+
+ $result->result = $this->rbac->getConnection( "role" )->delete( $arrRole[0]['dn'], true );
+
+ }
+ else {
+
+ $objFaultDetail->faultNo = $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" );
+ $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" );
+ $objFaultDetail->cause = "You do not have permission to delete project " . $inRequest->project . ".";
+
+ return new SoapFault( "authenticationFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $objFaultDetail );
+
+ }
+
+ }
+ else {
+
+ $result->result = false;
+
+ }
+
+ }
+
+
+ return $result;
+
+ }
+
+
// -----------------------------------------------------
// Function: getNumberOfResources
@@ -2642,86 +3006,6 @@ class TgExtra {
-
- // -----------------------------------------------------
- // Function: deleteProject
- // Input: auth / xsd:string
- // log / xsd:string
- // project / xsd:string
- // Output: result / xsd:boolean
- // Description:
- // Removes a project/role from the database if there are
- // no resources containing any role that belongs to
- // this project/role.
- // -----------------------------------------------------
- public function deleteProject( $inRequest ) {
-
- $result = new booleanResponse();
- $objFaultDetail = new stdClass();
-
-
- // Search for any resources within the project. If
- // there are any the project cannot be deleted.
- $strFilter .= "(&(objectClass=TextGridResource)(TGProjectId=" . $inRequest->project . "))";
-
-
- $arrResource = $this->connection['resource']->search( $this->rbac->getConfiguration()->getValue( "resource", "base" ), $strFilter, "sub" );
-
-
- if( sizeof( $arrResource ) != 0 ) {
-
- $objFaultDetail->faultNo = 7;
- $objFaultDetail->faultMessage = "Project could not be deleted";
- $objFaultDetail->cause = "There are still " . sizeof( $arrResource ) . " resources belonging to this project.";
-
- return new SoapFault( "notEmptyFault", 7, get_class( $this ), $objFaultDetail );
-// return new SoapFault( Array( "http://textgrid.info/namespaces/middleware/tgauth", "notEmptyFault" ), 7, get_class( $this ), "There are still " . sizeof( $arrResource ) . " resources belonging to this project." );
-
- }
- else {
-
- $strFilter = "(&(objectClass=rbacRole)(rbacName=" . $inRequest->project . "))";
-
-
- $arrRole = $this->rbac->getConnection( "role" )->search( $this->rbac->getConfiguration()->getValue( "role", "base" ), $strFilter, "sub" );
-
-
- if( sizeof( $arrRole ) == 1 ) {
-
- if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $inRequest->project ) ) {
-
- $result->result = $this->rbac->getConnection( "role" )->delete( $arrRole[0]['dn'], true );
-
- }
- else {
-
- $objFaultDetail->faultNo = $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" );
- $objFaultDetail->faultMessage = $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" );
- $objFaultDetail->cause = "You do not have permission to delete project " . $inRequest->project . ".";
-
- return new SoapFault( "authenticationFault",
- $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
- get_class( $this ),
- $objFaultDetail );
-
- }
-
- }
- else {
-
- $result->result = false;
-
- }
-
- }
-
-
- return $result;
-
- }
-
-
-
// -----------------------------------------------------
// Function: renameRbacPerformers
// Input: inBase / string
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
index 7fba7b3..c74c36f 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
@@ -98,6 +98,56 @@
</xsd:sequence>
</xsd:complexType>
</xsd:element>
+<!-- ### getSLC ### //-->
+ <xsd:element name="getSLCRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="secret" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="getSLCResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="slc" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+<!-- ### getCSR ### //-->
+ <xsd:element name="getCSRRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="getCSRResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="csr" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+<!-- ### putCRT ### //-->
+ <xsd:element name="putCRTRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="crt" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="putCRTResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="success" type="xsd:boolean" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
<!-- #### getSupportedUserAttributes #### //-->
<xsd:element name="getSupportedUserAttributesRequest">
<xsd:complexType>
@@ -117,7 +167,7 @@
<xsd:complexType>
<xsd:sequence>
<xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- </xsd:sequence>
+ </xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="getMyUserAttributesResponse">
@@ -134,7 +184,7 @@
<xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
<xsd:element name="webAuthSecret" type="xsd:string" minOccurs="1" maxOccurs="1"/>
<xsd:element name="attribute" type="tns:userAttribute" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
+ </xsd:sequence>
</xsd:complexType>
</xsd:element>
<!-- #### registerResource #### //-->
@@ -145,6 +195,7 @@
<xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="project" type="xsd:string" minOccurs="1" maxOccurs="1"/>
<xsd:element name="uri" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="uuid" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="secret" type="xsd:string" minOccurs="1" maxOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
@@ -318,6 +369,23 @@
</xsd:sequence>
</xsd:complexType>
</xsd:element>
+<!-- #### getUUID #### //-->
+ <xsd:element name="getUUIDRequest">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="resource" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="getUUIDResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="uuid" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
<!-- #### getMembers #### //-->
<xsd:element name="getMembersRequest">
<xsd:complexType>
@@ -574,11 +642,11 @@
<xsd:element name="value" type="xsd:string" minOccurs="0" maxOccurs="1"/>
<xsd:element name="description" type="xsd:string" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
- <xsd:attribute name="name" type="xsd:string" use="required"/>
- <xsd:attribute name="mandatory" type="xsd:boolean" />
- <xsd:attribute name="ldapname" type="xsd:string" />
- <xsd:attribute name="inclass" type="xsd:string" />
- <xsd:attribute name="displayname" type="xsd:string" />
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
+ <xsd:attribute name="mandatory" type="xsd:boolean"/>
+ <xsd:attribute name="ldapname" type="xsd:string"/>
+ <xsd:attribute name="inclass" type="xsd:string"/>
+ <xsd:attribute name="displayname" type="xsd:string"/>
</xsd:complexType>
<xsd:element name="getFriendsResponse">
<xsd:complexType>
@@ -785,6 +853,13 @@
<wsdl:message name="getOwnerResponse">
<wsdl:part element="tns:getOwnerResponse" name="getOwnerOutput"/>
</wsdl:message>
+<!-- #### getUUID #### //-->
+ <wsdl:message name="getUUIDRequest">
+ <wsdl:part element="tns:getUUIDRequest" name="getUUIDInput"/>
+ </wsdl:message>
+ <wsdl:message name="getUUIDResponse">
+ <wsdl:part element="tns:getUUIDResponse" name="getUUIDOutput"/>
+ </wsdl:message>
<!-- #### getMembers #### //-->
<wsdl:message name="getMembersRequest">
<wsdl:part element="tns:getMembersRequest" name="getMembersInput"/>
@@ -869,6 +944,29 @@
<wsdl:message name="getProjectDescriptionResponse">
<wsdl:part element="tns:getProjectDescriptionResponse" name="getProjectDescriptionOutput"/>
</wsdl:message>
+
+<!-- #### getSLC #### //-->
+ <wsdl:message name="getSLCRequest">
+ <wsdl:part element="tns:getSLCRequest" name="getSLCInput"/>
+ </wsdl:message>
+ <wsdl:message name="getSLCResponse">
+ <wsdl:part element="tns:getSLCResponse" name="getSLCOutput"/>
+ </wsdl:message>
+<!-- #### getCSR #### //-->
+ <wsdl:message name="getCSRRequest">
+ <wsdl:part element="tns:getCSRRequest" name="getCSRInput"/>
+ </wsdl:message>
+ <wsdl:message name="getCSRResponse">
+ <wsdl:part element="tns:getCSRResponse" name="getCSROutput"/>
+ </wsdl:message>
+<!-- #### putCRT #### //-->
+ <wsdl:message name="putCRTRequest">
+ <wsdl:part element="tns:putCRTRequest" name="putCRTInput"/>
+ </wsdl:message>
+ <wsdl:message name="putCRTResponse">
+ <wsdl:part element="tns:putCRTResponse" name="putCRTOutput"/>
+ </wsdl:message>
+
<!-- #### deactivateProject #### //-->
<wsdl:message name="deactivateProjectRequest">
<wsdl:part element="tns:deactivateProjectRequest" name="deactivateProjectInput"/>
@@ -1013,7 +1111,7 @@
Registers the URI of a TextGridObject to be the project file
for
project-specific settings. The URI must be registered at
- RBAC.
+ RBAC beforehand.
<ul><li><b>Input Parameters</b>
setProjectFileRequest, with elements
<ul><li>auth - String, SessionID of Project Leader</li><li>log - String for log information, optional</li><li>project - String with projectID</li><li>file - String with URI of project file</li></ul></li><li><b>Output Parameters</b>
@@ -1546,6 +1644,23 @@
<wsdl:output message="tns:getOwnerResponse"/>
<wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
</wsdl:operation>
+
+<!-- #### getUUID #### //-->
+ <wsdl:operation name="getUUID">
+ <wsdl:documentation>
+ Returns UUID (full path including server address) of the resource. User
+ must have read permission on the resource, or resource must be
+ public.
+ <ul><li><b>Input Parameters</b> getUUIDRequest, with elements
+ <ul><li>auth - String, SessionID of user that wants to query
+ for the UUID</li><li>log - String for log information, optional</li><li>resource - String, URI of TgObject</li></ul></li><li><b>Output Parameters</b> getUUIDResponse, with element
+ <ul><li>uuid - String, UUID if defined.</li></ul></li><li><b>Faults</b><ul><li>authenticationFault</li></ul></li></ul>
+ </wsdl:documentation>
+ <wsdl:input message="tns:getUUIDRequest"/>
+ <wsdl:output message="tns:getUUIDResponse"/>
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
+ </wsdl:operation>
+
<!-- #### getMembers #### //-->
<wsdl:operation name="getMembers">
<wsdl:documentation>
@@ -1775,6 +1890,48 @@
<wsdl:input message="tns:getProjectDescriptionRequest"/>
<wsdl:output message="tns:getProjectDescriptionResponse"/>
</wsdl:operation>
+
+<!-- #### getSLC #### //-->
+ <wsdl:operation name="getSLC">
+ <wsdl:documentation>
+ CRUD may use this to retrieve a Short-Lived Certificate Key pair in PEM format for the user
+ <ul><li><b>Input Parameters</b> getSLCRequest, with elements
+ <ul><li>auth - String, SessionID of user</li><li>log - String for log information, optional</li><li>secret - String known by TG-crud to authenticate itself</li></ul></li><li><b>Output Parameters</b> getSLCResponse, with element
+ <ul><li>slc - Base64binary String with the key pair. Contains only printable ASCII Character.</li></ul></li></ul>
+ </wsdl:documentation>
+ <wsdl:input message="tns:getSLCRequest"/>
+ <wsdl:output message="tns:getSLCResponse"/>
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
+ <wsdl:fault name="unknownResourceFault" message="tns:unknownResourceFault"/>
+ </wsdl:operation>
+<!-- #### getCSR #### //-->
+ <wsdl:operation name="getCSR">
+ <wsdl:documentation>
+ The Portal may use this to retrieve a Dummy Certificate Signing Request (CSR)
+in PEM format, for which the RBAC's accompanying daemon will hold the real key.
+ <ul><li><b>Input Parameters</b> getCSRRequest, with elements
+ <ul><li>auth - String, SessionID of user</li><li>log - String for log information, optional</li></ul></li><li><b>Output Parameters</b> getCSRResponse, with element
+ <ul><li>csr - Base64binary String with the CSR. Contains only printable ASCII Character.</li></ul></li></ul>
+ </wsdl:documentation>
+ <wsdl:input message="tns:getCSRRequest"/>
+ <wsdl:output message="tns:getCSRResponse"/>
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
+ <wsdl:fault name="unknownResourceFault" message="tns:unknownResourceFault"/>
+ </wsdl:operation>
+<!-- #### putCRT #### //-->
+ <wsdl:operation name="putCRT">
+ <wsdl:documentation>
+ Puts the signed Certificate into the RBAC's accompanying daemon that holds the key.
+ <ul><li><b>Input Parameters</b> putCRTRequest, with elements
+ <ul><li>auth - String, SessionID of user</li><li>log - String for log information, optional</li><li>crt - the Certificate as a String</li></ul></li><li><b>Output Parameters</b> putCRTResponse, with element
+ <ul><li>success, Boolean.</li></ul></li></ul>
+ </wsdl:documentation>
+ <wsdl:input message="tns:putCRTRequest"/>
+ <wsdl:output message="tns:putCRTResponse"/>
+ <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
+ <wsdl:fault name="unknownResourceFault" message="tns:unknownResourceFault"/>
+ </wsdl:operation>
+
<!-- #### getSid #### //-->
<wsdl:operation name="getSid">
<wsdl:documentation>
@@ -1789,15 +1946,12 @@
<wsdl:input message="tns:getSidRequest"/>
<wsdl:output message="tns:getSidResponse"/>
</wsdl:operation>
-
-
<!-- #### getSupportedUserAttributes #### //-->
<wsdl:operation name="getSupportedUserAttributes">
<wsdl:documentation>TODO</wsdl:documentation>
<wsdl:input message="tns:getSupportedUserAttributesRequest"/>
<wsdl:output message="tns:getSupportedUserAttributesResponse"/>
</wsdl:operation>
-
<!-- #### getMyUserAttributes #### //-->
<wsdl:operation name="getMyUserAttributes">
<wsdl:documentation>TODO</wsdl:documentation>
@@ -1805,7 +1959,6 @@
<wsdl:output message="tns:getMyUserAttributesResponse"/>
<wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
</wsdl:operation>
-
<!-- #### setMyUserAttributes #### //-->
<wsdl:operation name="setMyUserAttributes">
<wsdl:documentation>TODO</wsdl:documentation>
@@ -1813,8 +1966,6 @@
<wsdl:output message="tns:setMyUserAttributesResponse"/>
<wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
</wsdl:operation>
-
-
</wsdl:portType>
<!--
###########
@@ -2105,6 +2256,21 @@
<soap:fault use="literal" name="authenticationFault"/>
</wsdl:fault>
</wsdl:operation>
+
+<!-- #### getUUID #### //-->
+ <wsdl:operation name="getUUID">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getUUID"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="authenticationFault">
+ <soap:fault name="authenticationFault" use="literal"/>
+ </wsdl:fault>
+ </wsdl:operation>
+
<!-- #### getMembers #### //-->
<wsdl:operation name="getMembers">
<soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getMembers"/>
@@ -2295,6 +2461,55 @@
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
+<!-- #### getSLC #### //-->
+ <wsdl:operation name="getSLC">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getSLC"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="authenticationFault">
+ <soap:fault name="authenticationFault" use="literal"/>
+ </wsdl:fault>
+ <wsdl:fault name="unknownResourceFault">
+ <soap:fault name="unknownResourceFault" use="literal"/>
+ </wsdl:fault>
+ </wsdl:operation>
+<!-- #### getCSR #### //-->
+ <wsdl:operation name="getCSR">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getCSR"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="authenticationFault">
+ <soap:fault name="authenticationFault" use="literal"/>
+ </wsdl:fault>
+ <wsdl:fault name="unknownResourceFault">
+ <soap:fault name="unknownResourceFault" use="literal"/>
+ </wsdl:fault>
+ </wsdl:operation>
+<!-- #### putCRT #### //-->
+ <wsdl:operation name="putCRT">
+ <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/putCRT"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="authenticationFault">
+ <soap:fault name="authenticationFault" use="literal"/>
+ </wsdl:fault>
+ <wsdl:fault name="unknownResourceFault">
+ <soap:fault name="unknownResourceFault" use="literal"/>
+ </wsdl:fault>
+ </wsdl:operation>
+
</wsdl:binding>
<!--
##################### # Servicedefinition # ##################### //
--
GitLab