1 | """SAML 2.0 core module |
---|
2 | |
---|
3 | Implementation of SAML 2.0 for NDG Security |
---|
4 | |
---|
5 | NERC DataGrid Project |
---|
6 | |
---|
7 | This implementation is adapted from the Java OpenSAML implementation. The |
---|
8 | copyright and licence information are included here: |
---|
9 | |
---|
10 | Copyright [2005] [University Corporation for Advanced Internet Development, Inc.] |
---|
11 | |
---|
12 | Licensed under the Apache License, Version 2.0 (the "License"); |
---|
13 | you may not use this file except in compliance with the License. |
---|
14 | You may obtain a copy of the License at |
---|
15 | |
---|
16 | http://www.apache.org/licenses/LICENSE-2.0 |
---|
17 | |
---|
18 | Unless required by applicable law or agreed to in writing, software |
---|
19 | distributed under the License is distributed on an "AS IS" BASIS, |
---|
20 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
21 | See the License for the specific language governing permissions and |
---|
22 | limitations under the License. |
---|
23 | """ |
---|
24 | __author__ = "P J Kershaw" |
---|
25 | __date__ = "11/08/09" |
---|
26 | __copyright__ = "(C) 2009 Science and Technology Facilities Council" |
---|
27 | __contact__ = "Philip.Kershaw@stfc.ac.uk" |
---|
28 | __license__ = "BSD - see LICENSE file in top-level directory" |
---|
29 | __contact__ = "Philip.Kershaw@stfc.ac.uk" |
---|
30 | __revision__ = "$Id$" |
---|
31 | from datetime import datetime |
---|
32 | |
---|
33 | from saml.common import SAMLObject, SAMLVersion |
---|
34 | from saml.common.xml import SAMLConstants |
---|
35 | from saml.xml import QName |
---|
36 | from saml.utils import TypedList |
---|
37 | |
---|
38 | |
---|
39 | class Attribute(SAMLObject): |
---|
40 | '''SAML 2.0 Core Attribute.''' |
---|
41 | |
---|
42 | # Local name of the Attribute element. |
---|
43 | DEFAULT_ELEMENT_LOCAL_NAME = "Attribute" |
---|
44 | |
---|
45 | # Default element name. |
---|
46 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
47 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
48 | SAMLConstants.SAML20_PREFIX) |
---|
49 | |
---|
50 | # Local name of the XSI type. |
---|
51 | TYPE_LOCAL_NAME = "AttributeType" |
---|
52 | |
---|
53 | # QName of the XSI type. |
---|
54 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
55 | TYPE_LOCAL_NAME, |
---|
56 | SAMLConstants.SAML20_PREFIX) |
---|
57 | |
---|
58 | # Name of the Name attribute. |
---|
59 | NAME_ATTRIB_NAME = "Name" |
---|
60 | |
---|
61 | # Name for the NameFormat attribute. |
---|
62 | NAME_FORMAT_ATTRIB_NAME = "NameFormat" |
---|
63 | |
---|
64 | # Name of the FriendlyName attribute. |
---|
65 | FRIENDLY_NAME_ATTRIB_NAME = "FriendlyName" |
---|
66 | |
---|
67 | # Unspecified attribute format ID. |
---|
68 | UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" |
---|
69 | |
---|
70 | # URI reference attribute format ID. |
---|
71 | URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" |
---|
72 | |
---|
73 | # Basic attribute format ID. |
---|
74 | BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" |
---|
75 | |
---|
76 | def __init__(self): |
---|
77 | """Initialise Attribute Class attributes""" |
---|
78 | self.__name = None |
---|
79 | self.__nameFormat = None |
---|
80 | self.__friendlyName = None |
---|
81 | self.__attributeValues = [] |
---|
82 | |
---|
83 | def _get_name(self): |
---|
84 | return self.__name |
---|
85 | |
---|
86 | def _set_name(self, name): |
---|
87 | if not isinstance(name, basestring): |
---|
88 | raise TypeError("Expecting basestring type for name, got %r"% name) |
---|
89 | |
---|
90 | self.__name = name |
---|
91 | |
---|
92 | name = property(fget=_get_name, |
---|
93 | fset=_set_name, |
---|
94 | doc="name of this attribute") |
---|
95 | |
---|
96 | def _get_nameFormat(self): |
---|
97 | return self.__nameFormat |
---|
98 | |
---|
99 | def _set_nameFormat(self, nameFormat): |
---|
100 | if not isinstance(nameFormat, basestring): |
---|
101 | raise TypeError("Expecting basestring type for nameFormat, got %r" |
---|
102 | % nameFormat) |
---|
103 | |
---|
104 | self.__nameFormat = nameFormat |
---|
105 | |
---|
106 | nameFormat = property(fget=_get_nameFormat, |
---|
107 | fset=_set_nameFormat, |
---|
108 | doc="Get the name format of this attribute.") |
---|
109 | |
---|
110 | def _get_friendlyName(self): |
---|
111 | return self.__friendlyName |
---|
112 | |
---|
113 | def _set_friendlyName(self, friendlyName): |
---|
114 | if not isinstance(friendlyName, basestring): |
---|
115 | raise TypeError("Expecting basestring type for friendlyName, got " |
---|
116 | "%r" % friendlyName) |
---|
117 | |
---|
118 | self.__friendlyName = friendlyName |
---|
119 | |
---|
120 | friendlyName = property(fget=_get_friendlyName, |
---|
121 | fset=_set_friendlyName, |
---|
122 | doc="the friendly name of this attribute.") |
---|
123 | |
---|
124 | def _get_attributeValues(self): |
---|
125 | return self.__attributeValues |
---|
126 | |
---|
127 | def _set_attributeValues(self, attributeValues): |
---|
128 | if not isinstance(attributeValues, (list, tuple)): |
---|
129 | raise TypeError("Expecting basestring type for attributeValues, " |
---|
130 | "got %r" % attributeValues) |
---|
131 | |
---|
132 | self.__attributeValues = attributeValues |
---|
133 | |
---|
134 | attributeValues = property(fget=_get_attributeValues, |
---|
135 | fset=_set_attributeValues, |
---|
136 | doc="the list of attribute values for this " |
---|
137 | "attribute.") |
---|
138 | |
---|
139 | |
---|
140 | class Statement(SAMLObject): |
---|
141 | '''SAML 2.0 Core Statement. Abstract base class which all statement |
---|
142 | types must implement.''' |
---|
143 | |
---|
144 | # Element local name |
---|
145 | DEFAULT_ELEMENT_LOCAL_NAME = "Statement" |
---|
146 | |
---|
147 | # Default element name |
---|
148 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
149 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
150 | SAMLConstants.SAML20_PREFIX) |
---|
151 | |
---|
152 | # Local name of the XSI type |
---|
153 | TYPE_LOCAL_NAME = "StatementAbstractType" |
---|
154 | |
---|
155 | # QName of the XSI type |
---|
156 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
157 | TYPE_LOCAL_NAME, |
---|
158 | SAMLConstants.SAML20_PREFIX) |
---|
159 | |
---|
160 | |
---|
161 | class AttributeStatement(Statement): |
---|
162 | '''SAML 2.0 Core AttributeStatement''' |
---|
163 | |
---|
164 | def __init__(self): |
---|
165 | self.__attributes = TypedList(Attribute) |
---|
166 | self.__encryptedAttributes = TypedList(Attribute) |
---|
167 | |
---|
168 | # Element local name |
---|
169 | DEFAULT_ELEMENT_LOCAL_NAME = "AttributeStatement" |
---|
170 | |
---|
171 | # Default element name. |
---|
172 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
173 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
174 | SAMLConstants.SAML20_PREFIX) |
---|
175 | |
---|
176 | # Local name of the XSI type. |
---|
177 | TYPE_LOCAL_NAME = "AttributeStatementType" |
---|
178 | |
---|
179 | # QName of the XSI type. |
---|
180 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
181 | TYPE_LOCAL_NAME, |
---|
182 | SAMLConstants.SAML20_PREFIX) |
---|
183 | |
---|
184 | def _get_attributes(self): |
---|
185 | '''@return the attributes expressed in this statement |
---|
186 | ''' |
---|
187 | return self.__attributes |
---|
188 | |
---|
189 | attributes = property(fget=_get_attributes) |
---|
190 | |
---|
191 | def _get_encryptedAttributes(self): |
---|
192 | '''@return the encrypted attribtues expressed in this statement |
---|
193 | ''' |
---|
194 | return self.__encryptedAttributes |
---|
195 | |
---|
196 | encryptedAttributes = property(fget=_get_encryptedAttributes) |
---|
197 | |
---|
198 | |
---|
199 | class AuthnStatement(Statement): |
---|
200 | '''SAML 2.0 Core AuthnStatement. Currently implemented in abstract form |
---|
201 | only |
---|
202 | ''' |
---|
203 | |
---|
204 | # Element local name |
---|
205 | DEFAULT_ELEMENT_LOCAL_NAME = "AuthnStatement" |
---|
206 | |
---|
207 | # Default element name |
---|
208 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
209 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
210 | SAMLConstants.SAML20_PREFIX) |
---|
211 | |
---|
212 | # Local name of the XSI type |
---|
213 | TYPE_LOCAL_NAME = "AuthnStatementType" |
---|
214 | |
---|
215 | # QName of the XSI type |
---|
216 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
217 | TYPE_LOCAL_NAME, |
---|
218 | SAMLConstants.SAML20_PREFIX) |
---|
219 | |
---|
220 | # AuthnInstant attribute name |
---|
221 | AUTHN_INSTANT_ATTRIB_NAME = "AuthnInstant" |
---|
222 | |
---|
223 | # SessionIndex attribute name |
---|
224 | SESSION_INDEX_ATTRIB_NAME = "SessionIndex" |
---|
225 | |
---|
226 | # SessionNoOnOrAfter attribute name |
---|
227 | SESSION_NOT_ON_OR_AFTER_ATTRIB_NAME = "SessionNotOnOrAfter" |
---|
228 | |
---|
229 | def _getAuthnInstant(self): |
---|
230 | '''Gets the time when the authentication took place. |
---|
231 | |
---|
232 | @return the time when the authentication took place |
---|
233 | ''' |
---|
234 | raise NotImplementedError() |
---|
235 | |
---|
236 | def _setAuthnInstant(self, value): |
---|
237 | '''Sets the time when the authentication took place. |
---|
238 | |
---|
239 | @param newAuthnInstant the time when the authentication took place |
---|
240 | ''' |
---|
241 | raise NotImplementedError() |
---|
242 | |
---|
243 | def _getSessionIndex(self): |
---|
244 | '''Get the session index between the principal and the authenticating |
---|
245 | authority. |
---|
246 | |
---|
247 | @return the session index between the principal and the authenticating |
---|
248 | authority |
---|
249 | ''' |
---|
250 | raise NotImplementedError() |
---|
251 | |
---|
252 | def _setSessionIndex(self, value): |
---|
253 | '''Sets the session index between the principal and the authenticating |
---|
254 | authority. |
---|
255 | |
---|
256 | @param newIndex the session index between the principal and the |
---|
257 | authenticating authority |
---|
258 | ''' |
---|
259 | raise NotImplementedError() |
---|
260 | |
---|
261 | def _getSessionNotOnOrAfter(self): |
---|
262 | '''Get the time when the session between the principal and the SAML |
---|
263 | authority ends. |
---|
264 | |
---|
265 | @return the time when the session between the principal and the SAML |
---|
266 | authority ends |
---|
267 | ''' |
---|
268 | raise NotImplementedError() |
---|
269 | |
---|
270 | def _setSessionNotOnOrAfter(self, value): |
---|
271 | '''Set the time when the session between the principal and the SAML |
---|
272 | authority ends. |
---|
273 | |
---|
274 | @param newSessionNotOnOrAfter the time when the session between the |
---|
275 | principal and the SAML authority ends |
---|
276 | ''' |
---|
277 | raise NotImplementedError() |
---|
278 | |
---|
279 | def _getSubjectLocality(self): |
---|
280 | '''Get the DNS domain and IP address of the system where the principal |
---|
281 | was authenticated. |
---|
282 | |
---|
283 | @return the DNS domain and IP address of the system where the principal |
---|
284 | was authenticated |
---|
285 | ''' |
---|
286 | raise NotImplementedError() |
---|
287 | |
---|
288 | def _setSubjectLocality(self, value): |
---|
289 | '''Set the DNS domain and IP address of the system where the principal |
---|
290 | was authenticated. |
---|
291 | |
---|
292 | @param newLocality the DNS domain and IP address of the system where |
---|
293 | the principal was authenticated |
---|
294 | ''' |
---|
295 | raise NotImplementedError() |
---|
296 | |
---|
297 | def _getAuthnContext(self): |
---|
298 | '''Gets the context used to authenticate the subject. |
---|
299 | |
---|
300 | @return the context used to authenticate the subject |
---|
301 | ''' |
---|
302 | raise NotImplementedError() |
---|
303 | |
---|
304 | def _setAuthnContext(self, value): |
---|
305 | '''Sets the context used to authenticate the subject. |
---|
306 | |
---|
307 | @param newAuthnContext the context used to authenticate the subject |
---|
308 | ''' |
---|
309 | raise NotImplementedError() |
---|
310 | |
---|
311 | |
---|
312 | class AuthzDecisionStatement(Statement): |
---|
313 | '''SAML 2.0 Core AuthzDecisionStatement. Currently implemented in abstract |
---|
314 | form only''' |
---|
315 | |
---|
316 | # Element local name |
---|
317 | DEFAULT_ELEMENT_LOCAL_NAME = "AuthzDecisionStatement" |
---|
318 | |
---|
319 | # Default element name |
---|
320 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
321 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
322 | SAMLConstants.SAML20_PREFIX) |
---|
323 | |
---|
324 | # Local name of the XSI type |
---|
325 | TYPE_LOCAL_NAME = "AuthzDecisionStatementType" |
---|
326 | |
---|
327 | # QName of the XSI type |
---|
328 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
329 | TYPE_LOCAL_NAME, |
---|
330 | SAMLConstants.SAML20_PREFIX) |
---|
331 | |
---|
332 | # Resource attribute name |
---|
333 | RESOURCE_ATTRIB_NAME = "Resource" |
---|
334 | |
---|
335 | # Decision attribute name |
---|
336 | DECISION_ATTRIB_NAME = "Decision" |
---|
337 | |
---|
338 | def _getResource(self): |
---|
339 | ''' |
---|
340 | Get URI of the resource to which authorization is saught. |
---|
341 | |
---|
342 | @return URI of the resource to which authorization is saught |
---|
343 | ''' |
---|
344 | raise NotImplementedError() |
---|
345 | |
---|
346 | def _setResource(self, value): |
---|
347 | ''' |
---|
348 | Sets URI of the resource to which authorization is saught. |
---|
349 | |
---|
350 | @param newResourceURI URI of the resource to which authorization is |
---|
351 | saught |
---|
352 | ''' |
---|
353 | raise NotImplementedError() |
---|
354 | |
---|
355 | def _getDecision(self): |
---|
356 | ''' |
---|
357 | Gets the decision of the authorization request. |
---|
358 | |
---|
359 | @return the decision of the authorization request |
---|
360 | ''' |
---|
361 | raise NotImplementedError() |
---|
362 | |
---|
363 | def _setDecision(self, value): |
---|
364 | ''' |
---|
365 | Sets the decision of the authorization request. |
---|
366 | |
---|
367 | @param newDecision the decision of the authorization request |
---|
368 | ''' |
---|
369 | raise NotImplementedError() |
---|
370 | |
---|
371 | def _getActions(self): |
---|
372 | ''' |
---|
373 | Gets the actions authorized to be performed. |
---|
374 | |
---|
375 | @return the actions authorized to be performed |
---|
376 | ''' |
---|
377 | raise NotImplementedError() |
---|
378 | |
---|
379 | |
---|
380 | def _getEvidence(self): |
---|
381 | ''' |
---|
382 | Get the SAML assertion the authority relied on when making the |
---|
383 | authorization decision. |
---|
384 | |
---|
385 | @return the SAML assertion the authority relied on when making the |
---|
386 | authorization decision |
---|
387 | ''' |
---|
388 | raise NotImplementedError() |
---|
389 | |
---|
390 | def _setEvidence(self, value): |
---|
391 | ''' |
---|
392 | Sets the SAML assertion the authority relied on when making the |
---|
393 | authorization decision. |
---|
394 | |
---|
395 | @param newEvidence the SAML assertion the authority relied on when |
---|
396 | making the authorization decision |
---|
397 | ''' |
---|
398 | raise NotImplementedError() |
---|
399 | |
---|
400 | |
---|
401 | class Subject(SAMLObject): |
---|
402 | '''Concrete implementation of @link org.opensaml.saml2.core.Subject.''' |
---|
403 | |
---|
404 | # Element local name. |
---|
405 | DEFAULT_ELEMENT_LOCAL_NAME = "Subject" |
---|
406 | |
---|
407 | # Default element name. |
---|
408 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
409 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
410 | SAMLConstants.SAML20_PREFIX) |
---|
411 | |
---|
412 | # Local name of the XSI type. |
---|
413 | TYPE_LOCAL_NAME = "SubjectType" |
---|
414 | |
---|
415 | # QName of the XSI type. |
---|
416 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
417 | TYPE_LOCAL_NAME, |
---|
418 | SAMLConstants.SAML20_PREFIX) |
---|
419 | |
---|
420 | def __init__(self, |
---|
421 | namespaceURI=SAMLConstants.SAML20_NS, |
---|
422 | elementLocalName=DEFAULT_ELEMENT_LOCAL_NAME, |
---|
423 | namespacePrefix=SAMLConstants.SAML20_PREFIX): |
---|
424 | '''@param namespaceURI the namespace the element is in |
---|
425 | @param elementLocalName the local name of the XML element this Object |
---|
426 | represents |
---|
427 | @param namespacePrefix the prefix for the given namespace |
---|
428 | ''' |
---|
429 | self.__qname = QName(namespaceURI, |
---|
430 | elementLocalName, |
---|
431 | namespacePrefix) |
---|
432 | |
---|
433 | # BaseID child element. |
---|
434 | self.__baseID = None |
---|
435 | |
---|
436 | # NameID child element. |
---|
437 | self.__nameID = None |
---|
438 | |
---|
439 | # EncryptedID child element. |
---|
440 | self.__encryptedID = None |
---|
441 | |
---|
442 | # Subject Confirmations of the Subject. |
---|
443 | self.__subjectConfirmations = [] |
---|
444 | |
---|
445 | def _get_qname(self): |
---|
446 | return self.__qname |
---|
447 | |
---|
448 | qname = property(fget=_get_qname, doc="Qualified Name for Subject") |
---|
449 | |
---|
450 | def _getBaseID(self): |
---|
451 | return self.__baseID |
---|
452 | |
---|
453 | def _setBaseID(self, value): |
---|
454 | if not isinstance(value, basestring): |
---|
455 | raise TypeError("Expecting %r type for \"baseID\" got %r" % |
---|
456 | (basestring, value.__class__)) |
---|
457 | self.__baseID = value |
---|
458 | |
---|
459 | baseID = property(fget=_getBaseID, |
---|
460 | fset=_setBaseID, |
---|
461 | doc="Base identifier") |
---|
462 | |
---|
463 | def _getNameID(self): |
---|
464 | return self.__nameID |
---|
465 | |
---|
466 | def _setNameID(self, value): |
---|
467 | if not isinstance(value, NameID): |
---|
468 | raise TypeError("Expecting %r type for \"nameID\" got %r" % |
---|
469 | (NameID, type(value))) |
---|
470 | self.__nameID = value |
---|
471 | |
---|
472 | nameID = property(fget=_getNameID, |
---|
473 | fset=_setNameID, |
---|
474 | doc="Name identifier") |
---|
475 | |
---|
476 | def _getEncryptedID(self): |
---|
477 | return self.__encryptedID |
---|
478 | |
---|
479 | def _setEncryptedID(self, value): |
---|
480 | self.__encryptedID = value |
---|
481 | |
---|
482 | encryptedID = property(fget=_getEncryptedID, |
---|
483 | fset=_setEncryptedID, |
---|
484 | doc="EncryptedID's Docstring") |
---|
485 | def _getSubjectConfirmations(self): |
---|
486 | return self.__subjectConfirmations |
---|
487 | |
---|
488 | subjectConfirmations = property(fget=_getSubjectConfirmations, |
---|
489 | doc="Subject Confirmations") |
---|
490 | def getOrderedChildren(self): |
---|
491 | children = [] |
---|
492 | |
---|
493 | if self.baseID is not None: |
---|
494 | children.append(self.baseID) |
---|
495 | |
---|
496 | if self.nameID is not None: |
---|
497 | children.append(self.nameID) |
---|
498 | |
---|
499 | if self.encryptedID is not None: |
---|
500 | children.append(self.encryptedID) |
---|
501 | |
---|
502 | children += self.subjectConfirmations |
---|
503 | |
---|
504 | return tuple(children) |
---|
505 | |
---|
506 | |
---|
507 | class AbstractNameIDType(SAMLObject): |
---|
508 | '''Abstract implementation of NameIDType''' |
---|
509 | |
---|
510 | # SPNameQualifier attribute name. |
---|
511 | SP_NAME_QUALIFIER_ATTRIB_NAME = "SPNameQualifier" |
---|
512 | |
---|
513 | # Format attribute name. |
---|
514 | FORMAT_ATTRIB_NAME = "Format" |
---|
515 | |
---|
516 | # SPProviderID attribute name. |
---|
517 | SPPROVIDED_ID_ATTRIB_NAME = "SPProvidedID" |
---|
518 | |
---|
519 | # URI for unspecified name format. |
---|
520 | UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" |
---|
521 | |
---|
522 | # URI for email name format. |
---|
523 | EMAIL = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" |
---|
524 | |
---|
525 | # URI for X509 subject name format. |
---|
526 | X509_SUBJECT = "urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName" |
---|
527 | |
---|
528 | # URI for windows domain qualified name name format. |
---|
529 | WIN_DOMAIN_QUALIFIED = \ |
---|
530 | "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName" |
---|
531 | |
---|
532 | # URI for kerberos name format. |
---|
533 | KERBEROS = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos" |
---|
534 | |
---|
535 | # URI for SAML entity name format. |
---|
536 | ENTITY = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" |
---|
537 | |
---|
538 | # URI for persistent name format. |
---|
539 | PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" |
---|
540 | |
---|
541 | # URI for transient name format. |
---|
542 | TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" |
---|
543 | |
---|
544 | # Special URI used by NameIDPolicy to indicate a NameID should be encrypted |
---|
545 | ENCRYPTED = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" |
---|
546 | |
---|
547 | def __init__(self, namespaceURI, elementLocalName, namespacePrefix): |
---|
548 | '''@param namespaceURI the namespace the element is in |
---|
549 | @param elementLocalName the local name of the XML element this Object |
---|
550 | represents |
---|
551 | @param namespacePrefix the prefix for the given namespace |
---|
552 | ''' |
---|
553 | self.__qname = QName(namespaceURI, elementLocalName, namespacePrefix) |
---|
554 | |
---|
555 | # Name of the Name ID. |
---|
556 | self.__name = None |
---|
557 | |
---|
558 | # Name Qualifier of the Name ID. |
---|
559 | self.__nameQualifier = None |
---|
560 | |
---|
561 | # SP Name Qualifier of the Name ID. |
---|
562 | self.__spNameQualifier = None |
---|
563 | |
---|
564 | # Format of the Name ID. |
---|
565 | self.__format = None |
---|
566 | |
---|
567 | # SP ProvidedID of the NameID. |
---|
568 | self.__spProvidedID = None |
---|
569 | |
---|
570 | self.__value = None |
---|
571 | |
---|
572 | def _getQName(self): |
---|
573 | return self.__qname |
---|
574 | |
---|
575 | def _setQName(self, value): |
---|
576 | if not isinstance(value, QName): |
---|
577 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
578 | "got %r" % (QName, type(value))) |
---|
579 | |
---|
580 | self.__qname = value |
---|
581 | |
---|
582 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
583 | |
---|
584 | def _getValue(self): |
---|
585 | return self.__value |
---|
586 | |
---|
587 | def _setValue(self, value): |
---|
588 | if not isinstance(value, basestring): |
---|
589 | raise TypeError("\"value\" must be a basestring derived type, " |
---|
590 | "got %r" % value.__class__) |
---|
591 | |
---|
592 | self.__value = value |
---|
593 | |
---|
594 | value = property(fget=_getValue, fset=_setValue, doc="string value") |
---|
595 | |
---|
596 | def _getNameQualifier(self): |
---|
597 | return self.__nameQualifier |
---|
598 | |
---|
599 | def _setNameQualifier(self, value): |
---|
600 | self.__nameQualifier = value |
---|
601 | |
---|
602 | nameQualifier = property(fget=_getNameQualifier, |
---|
603 | fset=_setNameQualifier, |
---|
604 | doc="Name qualifier") |
---|
605 | |
---|
606 | def _getSPNameQualifier(self): |
---|
607 | return self.__spNameQualifier |
---|
608 | |
---|
609 | def _setSPNameQualifier(self, value): |
---|
610 | self.__spNameQualifier = value |
---|
611 | |
---|
612 | spNameQualifier = property(fget=_getSPNameQualifier, |
---|
613 | fset=_setSPNameQualifier, |
---|
614 | doc="SP Name qualifier") |
---|
615 | |
---|
616 | def _getFormat(self): |
---|
617 | return self.__format |
---|
618 | |
---|
619 | def _setFormat(self, format): |
---|
620 | if not isinstance(format, basestring): |
---|
621 | raise TypeError("\"format\" must be a basestring derived type, " |
---|
622 | "got %r" % format.__class__) |
---|
623 | |
---|
624 | self.__format = format |
---|
625 | |
---|
626 | format = property(fget=_getFormat, fset=_setFormat, doc="Name format") |
---|
627 | |
---|
628 | def _getSPProvidedID(self): |
---|
629 | return self.__spProvidedID |
---|
630 | |
---|
631 | def _setSPProvidedID(self, value): |
---|
632 | self.__spProvidedID = value |
---|
633 | |
---|
634 | spProvidedID = property(fget=_getSPProvidedID, fset=_setSPProvidedID, |
---|
635 | doc="SP Provided Identifier") |
---|
636 | |
---|
637 | def getOrderedChildren(self): |
---|
638 | raise NotImplementedError() |
---|
639 | |
---|
640 | |
---|
641 | class Issuer(AbstractNameIDType): |
---|
642 | """SAML 2.0 Core Issuer type""" |
---|
643 | |
---|
644 | # Element local name. |
---|
645 | DEFAULT_ELEMENT_LOCAL_NAME = "Issuer" |
---|
646 | |
---|
647 | # Default element name. |
---|
648 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
649 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
650 | SAMLConstants.SAML20_PREFIX) |
---|
651 | |
---|
652 | # Local name of the XSI type. |
---|
653 | TYPE_LOCAL_NAME = "IssuerType" |
---|
654 | |
---|
655 | # QName of the XSI type. |
---|
656 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
657 | TYPE_LOCAL_NAME, |
---|
658 | SAMLConstants.SAML20_PREFIX) |
---|
659 | |
---|
660 | def __init__(self, |
---|
661 | namespaceURI=SAMLConstants.SAML20_NS, |
---|
662 | localPart=DEFAULT_ELEMENT_LOCAL_NAME, |
---|
663 | namespacePrefix=SAMLConstants.SAML20_PREFIX): |
---|
664 | super(Issuer, self).__init__(namespaceURI, |
---|
665 | localPart, |
---|
666 | namespacePrefix) |
---|
667 | |
---|
668 | |
---|
669 | class NameID(AbstractNameIDType): |
---|
670 | '''SAML 2.0 Core NameID''' |
---|
671 | # Element local name. |
---|
672 | DEFAULT_ELEMENT_LOCAL_NAME = "NameID" |
---|
673 | |
---|
674 | # Default element name. |
---|
675 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
676 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
677 | SAMLConstants.SAML20_PREFIX) |
---|
678 | |
---|
679 | # Local name of the XSI type. |
---|
680 | TYPE_LOCAL_NAME = "NameIDType" |
---|
681 | |
---|
682 | # QName of the XSI type. |
---|
683 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
684 | TYPE_LOCAL_NAME, |
---|
685 | SAMLConstants.SAML20_PREFIX) |
---|
686 | |
---|
687 | def __init__(self, |
---|
688 | namespaceURI=SAMLConstants.SAML20_NS, |
---|
689 | localPart=DEFAULT_ELEMENT_LOCAL_NAME, |
---|
690 | namespacePrefix=SAMLConstants.SAML20_PREFIX): |
---|
691 | super(NameID, self).__init__(namespaceURI, |
---|
692 | localPart, |
---|
693 | namespacePrefix) |
---|
694 | |
---|
695 | |
---|
696 | class Conditions(SAMLObject): |
---|
697 | '''SAML 2.0 Core Conditions.''' |
---|
698 | |
---|
699 | # Element local name. |
---|
700 | DEFAULT_ELEMENT_LOCAL_NAME = "Conditions" |
---|
701 | |
---|
702 | # Default element name. |
---|
703 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
704 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
705 | SAMLConstants.SAML20_PREFIX) |
---|
706 | |
---|
707 | # Local name of the XSI type. |
---|
708 | TYPE_LOCAL_NAME = "ConditionsType" |
---|
709 | |
---|
710 | # QName of the XSI type. |
---|
711 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
712 | TYPE_LOCAL_NAME, |
---|
713 | SAMLConstants.SAML20_PREFIX) |
---|
714 | |
---|
715 | # NotBefore attribute name. |
---|
716 | NOT_BEFORE_ATTRIB_NAME = "NotBefore" |
---|
717 | |
---|
718 | # NotOnOrAfter attribute name. |
---|
719 | NOT_ON_OR_AFTER_ATTRIB_NAME = "NotOnOrAfter" |
---|
720 | |
---|
721 | def __init__(self): |
---|
722 | |
---|
723 | # A Condition. |
---|
724 | self.__conditions = [] |
---|
725 | |
---|
726 | # Not Before conditions. |
---|
727 | self.__notBefore = None |
---|
728 | |
---|
729 | # Not On Or After conditions. |
---|
730 | self.__notOnOrAfter = None |
---|
731 | |
---|
732 | def _getNotBefore(self): |
---|
733 | '''Get the date/time before which the assertion is invalid. |
---|
734 | |
---|
735 | @return the date/time before which the assertion is invalid''' |
---|
736 | return self.__notBefore |
---|
737 | |
---|
738 | def _setNotBefore(self, value): |
---|
739 | '''Sets the date/time before which the assertion is invalid. |
---|
740 | |
---|
741 | @param newNotBefore the date/time before which the assertion is invalid |
---|
742 | ''' |
---|
743 | if not isinstance(value, datetime): |
---|
744 | raise TypeError('Expecting "datetime" type for "notBefore", ' |
---|
745 | 'got %r' % type(value)) |
---|
746 | self.__notBefore = value |
---|
747 | |
---|
748 | def _getNotOnOrAfter(self): |
---|
749 | '''Gets the date/time on, or after, which the assertion is invalid. |
---|
750 | |
---|
751 | @return the date/time on, or after, which the assertion is invalid' |
---|
752 | ''' |
---|
753 | return self.__notBefore |
---|
754 | |
---|
755 | def _setNotOnOrAfter(self, value): |
---|
756 | '''Sets the date/time on, or after, which the assertion is invalid. |
---|
757 | |
---|
758 | @param newNotOnOrAfter the date/time on, or after, which the assertion |
---|
759 | is invalid |
---|
760 | ''' |
---|
761 | if not isinstance(value, datetime): |
---|
762 | raise TypeError('Expecting "datetime" type for "notOnOrAfter", ' |
---|
763 | 'got %r' % type(value)) |
---|
764 | self.__notOnOrAfter = value |
---|
765 | |
---|
766 | def _getConditions(self): |
---|
767 | '''Gets all the conditions on the assertion. |
---|
768 | |
---|
769 | @return all the conditions on the assertion |
---|
770 | ''' |
---|
771 | return self.__conditions |
---|
772 | |
---|
773 | conditions = property(fget=_getConditions, |
---|
774 | doc="List of conditions") |
---|
775 | |
---|
776 | def _getAudienceRestrictions(self): |
---|
777 | '''Gets the audience restriction conditions for the assertion. |
---|
778 | |
---|
779 | @return the audience restriction conditions for the assertion |
---|
780 | ''' |
---|
781 | raise NotImplementedError() |
---|
782 | |
---|
783 | def _getOneTimeUse(self): |
---|
784 | '''Gets the OneTimeUse condition for the assertion. |
---|
785 | |
---|
786 | @return the OneTimeUse condition for the assertion |
---|
787 | ''' |
---|
788 | raise NotImplementedError() |
---|
789 | |
---|
790 | def _getProxyRestriction(self): |
---|
791 | '''Gets the ProxyRestriction condition for the assertion. |
---|
792 | |
---|
793 | @return the ProxyRestriction condition for the assertion |
---|
794 | ''' |
---|
795 | raise NotImplementedError() |
---|
796 | |
---|
797 | |
---|
798 | class Advice(SAMLObject): |
---|
799 | '''SAML 2.0 Core Advice. |
---|
800 | ''' |
---|
801 | |
---|
802 | # Element local name |
---|
803 | DEFAULT_ELEMENT_LOCAL_NAME = "Advice" |
---|
804 | |
---|
805 | # Default element name. |
---|
806 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
807 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
808 | SAMLConstants.SAML20_PREFIX) |
---|
809 | |
---|
810 | # Local name of the XSI type |
---|
811 | TYPE_LOCAL_NAME = "AdviceType" |
---|
812 | |
---|
813 | # QName of the XSI type |
---|
814 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, |
---|
815 | TYPE_LOCAL_NAME, |
---|
816 | SAMLConstants.SAML20_PREFIX) |
---|
817 | |
---|
818 | def _getChildren(self, typeOrName=None): |
---|
819 | ''' |
---|
820 | Gets the list of all child elements attached to this advice. |
---|
821 | |
---|
822 | @return the list of all child elements attached to this advice |
---|
823 | ''' |
---|
824 | raise NotImplementedError() |
---|
825 | |
---|
826 | def _getAssertionIDReferences(self): |
---|
827 | '''Gets the list of AssertionID references used as advice. |
---|
828 | |
---|
829 | @return the list of AssertionID references used as advice |
---|
830 | ''' |
---|
831 | raise NotImplementedError() |
---|
832 | |
---|
833 | def _getAssertionURIReferences(self): |
---|
834 | '''Gets the list of AssertionURI references used as advice. |
---|
835 | |
---|
836 | @return the list of AssertionURI references used as advice |
---|
837 | ''' |
---|
838 | raise NotImplementedError() |
---|
839 | |
---|
840 | def _getAssertions(self): |
---|
841 | '''Gets the list of Assertions used as advice. |
---|
842 | |
---|
843 | @return the list of Assertions used as advice |
---|
844 | ''' |
---|
845 | raise NotImplementedError() |
---|
846 | |
---|
847 | def _getEncryptedAssertions(self): |
---|
848 | '''Gets the list of EncryptedAssertions used as advice. |
---|
849 | |
---|
850 | @return the list of EncryptedAssertions used as advice |
---|
851 | ''' |
---|
852 | raise NotImplementedError() |
---|
853 | |
---|
854 | |
---|
855 | class Assertion(SAMLObject): |
---|
856 | """SAML 2.0 Attribute Assertion for use with NERC DataGrid |
---|
857 | """ |
---|
858 | ns = "urn:oasis:names:tc:SAML:1.0:assertion" |
---|
859 | nsPfx = "saml" |
---|
860 | issuer = 'http:#badc.nerc.ac.uk' |
---|
861 | attributeName = "urn:mace:dir:attribute-def:eduPersonAffiliation" |
---|
862 | attributeNS = "urn:mace:shibboleth:1.0:attributeNamespace:uri" |
---|
863 | |
---|
864 | # Element local name. |
---|
865 | DEFAULT_ELEMENT_LOCAL_NAME = "Assertion" |
---|
866 | |
---|
867 | # Default element name. |
---|
868 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
869 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
870 | SAMLConstants.SAML20_PREFIX) |
---|
871 | |
---|
872 | # Local name of the XSI type. |
---|
873 | TYPE_LOCAL_NAME = "AssertionType" |
---|
874 | |
---|
875 | # QName of the XSI type. |
---|
876 | TYPE_NAME = QName(SAMLConstants.SAML20_NS, TYPE_LOCAL_NAME, |
---|
877 | SAMLConstants.SAML20_PREFIX) |
---|
878 | |
---|
879 | # Version attribute name. |
---|
880 | VERSION_ATTRIB_NAME = "Version" |
---|
881 | |
---|
882 | # IssueInstant attribute name. |
---|
883 | ISSUE_INSTANT_ATTRIB_NAME = "IssueInstant" |
---|
884 | |
---|
885 | # ID attribute name. |
---|
886 | ID_ATTRIB_NAME = "ID" |
---|
887 | |
---|
888 | def __init__(self): |
---|
889 | # Base class initialisation |
---|
890 | super(Assertion, self).__init__() |
---|
891 | |
---|
892 | self.__version = None |
---|
893 | self.__issueInstant = None |
---|
894 | self.__id = None |
---|
895 | self.__issuer = None |
---|
896 | self.__subject = None |
---|
897 | |
---|
898 | self.__conditions = None |
---|
899 | self.__advice = None |
---|
900 | self.__statements = TypedList(Statement) |
---|
901 | |
---|
902 | # TODO: Implement AuthnStatement and AuthzDecisionStatement classes |
---|
903 | self.__authnStatements = [] |
---|
904 | self.__authzDecisionStatements = [] |
---|
905 | self.__attributeStatements = TypedList(AttributeStatement) |
---|
906 | |
---|
907 | def _get_version(self): |
---|
908 | '''@return the SAML Version of this assertion. |
---|
909 | ''' |
---|
910 | return self.__version |
---|
911 | |
---|
912 | def _set_version(self, version): |
---|
913 | '''@param version the SAML Version of this assertion |
---|
914 | ''' |
---|
915 | if not isinstance(version, SAMLVersion): |
---|
916 | raise TypeError("Expecting SAMLVersion type got: %r" % |
---|
917 | version.__class__) |
---|
918 | |
---|
919 | self.__version = version |
---|
920 | |
---|
921 | version = property(fget=_get_version, |
---|
922 | fset=_set_version, |
---|
923 | doc="SAML Version of the assertion") |
---|
924 | |
---|
925 | def _get_issueInstant(self): |
---|
926 | '''Gets the issue instance of this assertion. |
---|
927 | |
---|
928 | @return the issue instance of this assertion''' |
---|
929 | return self.__issueInstant |
---|
930 | |
---|
931 | def _set_issueInstant(self, issueInstant): |
---|
932 | '''Sets the issue instance of this assertion. |
---|
933 | |
---|
934 | @param newIssueInstance the issue instance of this assertion |
---|
935 | ''' |
---|
936 | if not isinstance(issueInstant, datetime): |
---|
937 | raise TypeError('Expecting "datetime" type for "issueInstant", ' |
---|
938 | 'got %r' % issueInstant.__class__) |
---|
939 | |
---|
940 | self.__issueInstant = issueInstant |
---|
941 | |
---|
942 | issueInstant = property(fget=_get_issueInstant, |
---|
943 | fset=_set_issueInstant, |
---|
944 | doc="Issue instant of the assertion") |
---|
945 | |
---|
946 | def _get_id(self): |
---|
947 | '''Sets the ID of this assertion. |
---|
948 | |
---|
949 | @return the ID of this assertion |
---|
950 | ''' |
---|
951 | return self.__id |
---|
952 | |
---|
953 | def _set_id(self, _id): |
---|
954 | '''Sets the ID of this assertion. |
---|
955 | |
---|
956 | @param newID the ID of this assertion |
---|
957 | ''' |
---|
958 | if not isinstance(_id, basestring): |
---|
959 | raise TypeError('Expecting basestring derived type for "id", got ' |
---|
960 | '%r' % _id.__class__) |
---|
961 | self.__id = _id |
---|
962 | |
---|
963 | id = property(fget=_get_id, fset=_set_id, doc="ID of assertion") |
---|
964 | |
---|
965 | def _set_issuer(self, issuer): |
---|
966 | """Set issuer""" |
---|
967 | if not isinstance(issuer, Issuer): |
---|
968 | raise TypeError("issuer must be %r, got %r" % (Issuer, |
---|
969 | type(issuer))) |
---|
970 | self.__issuer = issuer |
---|
971 | |
---|
972 | def _get_issuer(self): |
---|
973 | """Get the issuer name """ |
---|
974 | return self.__issuer |
---|
975 | |
---|
976 | issuer = property(fget=_get_issuer, |
---|
977 | fset=_set_issuer, |
---|
978 | doc="Issuer of assertion") |
---|
979 | |
---|
980 | def _set_subject(self, subject): |
---|
981 | """Set subject string.""" |
---|
982 | if not isinstance(subject, Subject): |
---|
983 | raise TypeError("subject must be %r, got %r" % (Subject, |
---|
984 | type(subject))) |
---|
985 | |
---|
986 | self.__subject = subject |
---|
987 | |
---|
988 | def _get_subject(self): |
---|
989 | """Get subject string.""" |
---|
990 | return self.__subject |
---|
991 | |
---|
992 | subject = property(fget=_get_subject, |
---|
993 | fset=_set_subject, |
---|
994 | doc="Attribute Assertion subject") |
---|
995 | |
---|
996 | def _get_conditions(self): |
---|
997 | """Get conditions string.""" |
---|
998 | return self.__conditions |
---|
999 | |
---|
1000 | def _set_conditions(self, value): |
---|
1001 | """Get conditions string.""" |
---|
1002 | if not isinstance(value, Conditions): |
---|
1003 | raise TypeError("Conditions must be %r, got %r" % (Conditions, |
---|
1004 | type(value))) |
---|
1005 | |
---|
1006 | self.__conditions = value |
---|
1007 | |
---|
1008 | conditions = property(fget=_get_conditions, |
---|
1009 | fset=_set_conditions, |
---|
1010 | doc="Attribute Assertion conditions") |
---|
1011 | |
---|
1012 | def _set_advice(self, advice): |
---|
1013 | """Set advice string.""" |
---|
1014 | if not isinstance(advice, basestring): |
---|
1015 | raise TypeError("advice must be a string") |
---|
1016 | |
---|
1017 | self.__advice = advice |
---|
1018 | |
---|
1019 | def _get_advice(self): |
---|
1020 | """Get advice string.""" |
---|
1021 | return self.__advice |
---|
1022 | |
---|
1023 | advice = property(fget=_get_advice, |
---|
1024 | fset=_set_advice, |
---|
1025 | doc="Attribute Assertion advice") |
---|
1026 | |
---|
1027 | def _get_statements(self): |
---|
1028 | """Get statements string.""" |
---|
1029 | return self.__statements |
---|
1030 | |
---|
1031 | statements = property(fget=_get_statements, |
---|
1032 | doc="Attribute Assertion statements") |
---|
1033 | |
---|
1034 | def _get_authnStatements(self): |
---|
1035 | """Get authnStatements string.""" |
---|
1036 | return self.__authnStatements |
---|
1037 | |
---|
1038 | authnStatements = property(fget=_get_authnStatements, |
---|
1039 | doc="Attribute Assertion authentication " |
---|
1040 | "statements") |
---|
1041 | |
---|
1042 | def _get_authzDecisionStatements(self): |
---|
1043 | """Get authorisation decision statements.""" |
---|
1044 | return self.__authzDecisionStatements |
---|
1045 | |
---|
1046 | authzDecisionStatements = property(fget=_get_authzDecisionStatements, |
---|
1047 | doc="Attribute Assertion authorisation " |
---|
1048 | "decision statements") |
---|
1049 | |
---|
1050 | def _get_attributeStatements(self): |
---|
1051 | """Get attributeStatements string.""" |
---|
1052 | return self.__attributeStatements |
---|
1053 | |
---|
1054 | attributeStatements = property(fget=_get_attributeStatements, |
---|
1055 | doc="Attribute Assertion attribute " |
---|
1056 | "statements") |
---|
1057 | |
---|
1058 | |
---|
1059 | class AttributeValue(SAMLObject): |
---|
1060 | """Base class for Attribute Value type""" |
---|
1061 | |
---|
1062 | # Element name, no namespace |
---|
1063 | DEFAULT_ELEMENT_LOCAL_NAME = "AttributeValue" |
---|
1064 | |
---|
1065 | # Default element name |
---|
1066 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, |
---|
1067 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
1068 | SAMLConstants.SAML20_PREFIX) |
---|
1069 | |
---|
1070 | |
---|
1071 | class XSStringAttributeValue(AttributeValue): |
---|
1072 | """XML XS:String Attribute Value type""" |
---|
1073 | |
---|
1074 | # Local name of the XSI type |
---|
1075 | TYPE_LOCAL_NAME = "string" |
---|
1076 | |
---|
1077 | # QName of the XSI type |
---|
1078 | TYPE_NAME = QName(SAMLConstants.XSD_NS, |
---|
1079 | TYPE_LOCAL_NAME, |
---|
1080 | SAMLConstants.XSD_PREFIX) |
---|
1081 | |
---|
1082 | def __init__(self): |
---|
1083 | self.__value = None |
---|
1084 | |
---|
1085 | def _getValue(self): |
---|
1086 | return self.__value |
---|
1087 | |
---|
1088 | def _setValue(self, value): |
---|
1089 | if not isinstance(value, basestring): |
---|
1090 | raise TypeError("Input must be a basestring derived type, got %r" % |
---|
1091 | value.__class__) |
---|
1092 | |
---|
1093 | self.__value = value |
---|
1094 | |
---|
1095 | value = property(fget=_getValue, fset=_setValue, doc="string value") |
---|
1096 | |
---|
1097 | |
---|
1098 | # TODO: Move this class out of the SAML package back into ndg.security.common |
---|
1099 | class XSGroupRoleAttributeValue(AttributeValue): |
---|
1100 | '''ESG Specific Group/Role attribute value. ESG attribute permissions are |
---|
1101 | organised into group/role pairs |
---|
1102 | ''' |
---|
1103 | DEFAULT_NS = "http://www.earthsystemgrid.org" |
---|
1104 | DEFAULT_PREFIX = "esg" |
---|
1105 | TYPE_LOCAL_NAME = "groupRole" |
---|
1106 | |
---|
1107 | GROUP_ATTRIB_NAME = "group" |
---|
1108 | ROLE_ATTRIB_NAME = "role" |
---|
1109 | |
---|
1110 | # QName of the XSI type |
---|
1111 | TYPE_NAME = QName(DEFAULT_NS, |
---|
1112 | TYPE_LOCAL_NAME, |
---|
1113 | DEFAULT_PREFIX) |
---|
1114 | |
---|
1115 | def __init__(self, |
---|
1116 | namespaceURI=DEFAULT_NS, |
---|
1117 | elementLocalName=TYPE_LOCAL_NAME, |
---|
1118 | namespacePrefix=DEFAULT_PREFIX): |
---|
1119 | '''@param namespaceURI: the namespace the element is in |
---|
1120 | @param elementLocalName: the local name of the XML element this Object |
---|
1121 | represents |
---|
1122 | @param namespacePrefix: the prefix for the given namespace''' |
---|
1123 | self.__namespaceURI = namespaceURI |
---|
1124 | self.__elementLocalName = elementLocalName |
---|
1125 | self.__namespacePrefix = namespacePrefix |
---|
1126 | self.__group = None |
---|
1127 | self.__role = None |
---|
1128 | |
---|
1129 | def _getNamespaceURI(self): |
---|
1130 | return self.__namespaceURI |
---|
1131 | |
---|
1132 | def _setNamespaceURI(self, value): |
---|
1133 | if not isinstance(value, basestring): |
---|
1134 | raise TypeError("Expecting %r type for namespaceURI got %r" % |
---|
1135 | (basestring, value.__class__)) |
---|
1136 | self.__namespaceURI = value |
---|
1137 | |
---|
1138 | def _getElementLocalName(self): |
---|
1139 | return self.__elementLocalName |
---|
1140 | |
---|
1141 | def _setElementLocalName(self, value): |
---|
1142 | if not isinstance(value, basestring): |
---|
1143 | raise TypeError("Expecting %r type for elementLocalName got %r" % |
---|
1144 | (basestring, value.__class__)) |
---|
1145 | self.__elementLocalName = value |
---|
1146 | |
---|
1147 | def _getNamespacePrefix(self): |
---|
1148 | return self.__namespacePrefix |
---|
1149 | |
---|
1150 | def _setNamespacePrefix(self, value): |
---|
1151 | if not isinstance(value, basestring): |
---|
1152 | raise TypeError("Expecting %r type for namespacePrefix got %r" % |
---|
1153 | (basestring, value.__class__)) |
---|
1154 | self.__namespacePrefix = value |
---|
1155 | |
---|
1156 | namespaceURI = property(fget=_getNamespaceURI, |
---|
1157 | fset=_setNamespaceURI, |
---|
1158 | doc="the namespace the element is in") |
---|
1159 | |
---|
1160 | elementLocalName = property(fget=_getElementLocalName, |
---|
1161 | fset=_setElementLocalName, |
---|
1162 | doc="the local name of the XML element this " |
---|
1163 | "Object represents") |
---|
1164 | |
---|
1165 | namespacePrefix = property(fget=_getNamespacePrefix, |
---|
1166 | fset=_setNamespacePrefix, |
---|
1167 | doc="the prefix for the given namespace") |
---|
1168 | |
---|
1169 | def _getGroup(self): |
---|
1170 | return self.__group |
---|
1171 | |
---|
1172 | def _setGroup(self, group): |
---|
1173 | self.__group = group |
---|
1174 | |
---|
1175 | group = property(fget=_getGroup, fset=_setGroup) |
---|
1176 | |
---|
1177 | def _getRole(self): |
---|
1178 | return self.__role |
---|
1179 | |
---|
1180 | def _setRole(self, role): |
---|
1181 | self.__role = role |
---|
1182 | |
---|
1183 | role = property(fget=_getRole, fset=_setRole) |
---|
1184 | |
---|
1185 | def getOrderedChildren(self): |
---|
1186 | # no children |
---|
1187 | return None |
---|
1188 | |
---|
1189 | |
---|
1190 | class StatusDetail(SAMLObject): |
---|
1191 | '''Implementation of SAML 2.0 StatusDetail''' |
---|
1192 | |
---|
1193 | # Local Name of StatusDetail. |
---|
1194 | DEFAULT_ELEMENT_LOCAL_NAME = "StatusDetail" |
---|
1195 | |
---|
1196 | # Default element name. |
---|
1197 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1198 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
1199 | SAMLConstants.SAML20P_PREFIX) |
---|
1200 | |
---|
1201 | # Local name of the XSI type. |
---|
1202 | TYPE_LOCAL_NAME = "StatusDetailType" |
---|
1203 | |
---|
1204 | # QName of the XSI type. |
---|
1205 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1206 | TYPE_LOCAL_NAME, |
---|
1207 | SAMLConstants.SAML20P_PREFIX) |
---|
1208 | |
---|
1209 | def __init__(self): |
---|
1210 | # child "any" elements. |
---|
1211 | self.__unknownChildren = TypedList(SAMLObject) |
---|
1212 | self.__qname = QName(StatusDetail.DEFAULT_ELEMENT_NAME.namespaceURI, |
---|
1213 | StatusDetail.DEFAULT_ELEMENT_NAME, |
---|
1214 | StatusDetail.DEFAULT_ELEMENT_NAME.prefix) |
---|
1215 | |
---|
1216 | def getUnknownXMLTypes(self, qname=None): |
---|
1217 | if qname is not None: |
---|
1218 | if not isinstance(qname, QName): |
---|
1219 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1220 | "got %r" % (QName, type(qname))) |
---|
1221 | |
---|
1222 | children = [] |
---|
1223 | for child in self.__unknownChildren: |
---|
1224 | childQName = getattr(child, "qname", None) |
---|
1225 | if childQName is not None: |
---|
1226 | if childQName.namespaceURI == qname.namespaceURI or \ |
---|
1227 | childQName.localPart == qname.localPart: |
---|
1228 | children.append(child) |
---|
1229 | |
---|
1230 | return children |
---|
1231 | else: |
---|
1232 | return self.__unknownChildren |
---|
1233 | |
---|
1234 | unknownChildren = property(fget=getUnknownXMLTypes, |
---|
1235 | doc="Child objects of Status Detail - may be " |
---|
1236 | "any type") |
---|
1237 | |
---|
1238 | def _getQName(self): |
---|
1239 | return self.__qname |
---|
1240 | |
---|
1241 | def _setQName(self, value): |
---|
1242 | if not isinstance(value, QName): |
---|
1243 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1244 | "got %r" % (QName, type(value))) |
---|
1245 | |
---|
1246 | self.__qname = value |
---|
1247 | |
---|
1248 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
1249 | |
---|
1250 | |
---|
1251 | class StatusMessage(SAMLObject): |
---|
1252 | '''Implementation of SAML 2.0 Status Message''' |
---|
1253 | |
---|
1254 | def __init__(self): |
---|
1255 | # Value attribute URI. |
---|
1256 | self.__value = None |
---|
1257 | self.__qname = None |
---|
1258 | |
---|
1259 | def _getValue(self): |
---|
1260 | return self.__value |
---|
1261 | |
---|
1262 | def _setValue(self, value): |
---|
1263 | if not isinstance(value, basestring): |
---|
1264 | raise TypeError("\"value\" must be a basestring derived type, " |
---|
1265 | "got %r" % value.__class__) |
---|
1266 | |
---|
1267 | self.__value = value |
---|
1268 | |
---|
1269 | value = property(fget=_getValue, fset=_setValue, |
---|
1270 | doc="Status message value") |
---|
1271 | |
---|
1272 | def _getQName(self): |
---|
1273 | return self.__qname |
---|
1274 | |
---|
1275 | def _setQName(self, value): |
---|
1276 | if not isinstance(value, QName): |
---|
1277 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1278 | "got %r" % (QName, type(value))) |
---|
1279 | |
---|
1280 | self.__qname = value |
---|
1281 | |
---|
1282 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
1283 | |
---|
1284 | |
---|
1285 | class StatusCode(SAMLObject): |
---|
1286 | '''Implementation of SAML 2.0 StatusCode.''' |
---|
1287 | |
---|
1288 | # Local Name of StatusCode. |
---|
1289 | DEFAULT_ELEMENT_LOCAL_NAME = "StatusCode" |
---|
1290 | |
---|
1291 | # Default element name. |
---|
1292 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1293 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
1294 | SAMLConstants.SAML20P_PREFIX) |
---|
1295 | |
---|
1296 | # Local name of the XSI type. |
---|
1297 | TYPE_LOCAL_NAME = "StatusCodeType" |
---|
1298 | |
---|
1299 | # QName of the XSI type. |
---|
1300 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1301 | TYPE_LOCAL_NAME, |
---|
1302 | SAMLConstants.SAML20P_PREFIX) |
---|
1303 | |
---|
1304 | # Local Name of the Value attribute. |
---|
1305 | VALUE_ATTRIB_NAME = "Value" |
---|
1306 | |
---|
1307 | # URI for Success status code. |
---|
1308 | SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success" |
---|
1309 | |
---|
1310 | # URI for Requester status code. |
---|
1311 | REQUESTER_URI = "urn:oasis:names:tc:SAML:2.0:status:Requester" |
---|
1312 | |
---|
1313 | # URI for Responder status code. |
---|
1314 | RESPONDER_URI = "urn:oasis:names:tc:SAML:2.0:status:Responder" |
---|
1315 | |
---|
1316 | # URI for VersionMismatch status code. |
---|
1317 | VERSION_MISMATCH_URI = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch" |
---|
1318 | |
---|
1319 | # URI for AuthnFailed status code. |
---|
1320 | AUTHN_FAILED_URI = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" |
---|
1321 | |
---|
1322 | # URI for InvalidAttrNameOrValue status code. |
---|
1323 | INVALID_ATTR_NAME_VALUE_URI = \ |
---|
1324 | "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue" |
---|
1325 | |
---|
1326 | # URI for InvalidNameIDPolicy status code. |
---|
1327 | INVALID_NAMEID_POLICY_URI = \ |
---|
1328 | "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" |
---|
1329 | |
---|
1330 | # URI for NoAuthnContext status code. |
---|
1331 | NO_AUTHN_CONTEXT_URI = "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" |
---|
1332 | |
---|
1333 | # URI for NoAvailableIDP status code. |
---|
1334 | NO_AVAILABLE_IDP_URI = "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP" |
---|
1335 | |
---|
1336 | # URI for NoPassive status code. |
---|
1337 | NO_PASSIVE_URI = "urn:oasis:names:tc:SAML:2.0:status:NoPassive" |
---|
1338 | |
---|
1339 | # URI for NoSupportedIDP status code. |
---|
1340 | NO_SUPPORTED_IDP_URI = "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP" |
---|
1341 | |
---|
1342 | # URI for PartialLogout status code. |
---|
1343 | PARTIAL_LOGOUT_URI = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout" |
---|
1344 | |
---|
1345 | # URI for ProxyCountExceeded status code. |
---|
1346 | PROXY_COUNT_EXCEEDED_URI = \ |
---|
1347 | "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded" |
---|
1348 | |
---|
1349 | # URI for RequestDenied status code. |
---|
1350 | REQUEST_DENIED_URI = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied" |
---|
1351 | |
---|
1352 | # URI for RequestUnsupported status code. |
---|
1353 | REQUEST_UNSUPPORTED_URI = \ |
---|
1354 | "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported" |
---|
1355 | |
---|
1356 | # URI for RequestVersionDeprecated status code. |
---|
1357 | REQUEST_VERSION_DEPRECATED_URI = \ |
---|
1358 | "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated" |
---|
1359 | |
---|
1360 | # URI for RequestVersionTooHigh status code. |
---|
1361 | REQUEST_VERSION_TOO_HIGH_URI = \ |
---|
1362 | "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh" |
---|
1363 | |
---|
1364 | # URI for RequestVersionTooLow status code. |
---|
1365 | REQUEST_VERSION_TOO_LOW_URI = \ |
---|
1366 | "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow" |
---|
1367 | |
---|
1368 | # URI for ResourceNotRecognized status code. |
---|
1369 | RESOURCE_NOT_RECOGNIZED_URI = \ |
---|
1370 | "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized" |
---|
1371 | |
---|
1372 | # URI for TooManyResponses status code. |
---|
1373 | TOO_MANY_RESPONSES = "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses" |
---|
1374 | |
---|
1375 | # URI for UnknownAttrProfile status code. |
---|
1376 | UNKNOWN_ATTR_PROFILE_URI = \ |
---|
1377 | "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile" |
---|
1378 | |
---|
1379 | # URI for UnknownPrincipal status code. |
---|
1380 | UNKNOWN_PRINCIPAL_URI = \ |
---|
1381 | "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal" |
---|
1382 | |
---|
1383 | # URI for UnsupportedBinding status code. |
---|
1384 | UNSUPPORTED_BINDING_URI = \ |
---|
1385 | "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding" |
---|
1386 | |
---|
1387 | def __init__(self): |
---|
1388 | # Value attribute URI. |
---|
1389 | self.__value = None |
---|
1390 | |
---|
1391 | # Nested secondary StatusCode child element. |
---|
1392 | self.__childStatusCode = None |
---|
1393 | |
---|
1394 | self.__qname = QName(StatusCode.DEFAULT_ELEMENT_NAME.namespaceURI, |
---|
1395 | StatusCode.DEFAULT_ELEMENT_NAME.localPart, |
---|
1396 | StatusCode.DEFAULT_ELEMENT_NAME.prefix) |
---|
1397 | |
---|
1398 | def _getStatusCode(self): |
---|
1399 | return self.__childStatusCode |
---|
1400 | |
---|
1401 | def _setStatusCode(self, value): |
---|
1402 | if not isinstance(value, StatusCode): |
---|
1403 | raise TypeError('Child "statusCode" must be a %r derived type, ' |
---|
1404 | "got %r" % (StatusCode, type(value))) |
---|
1405 | |
---|
1406 | self.__childStatusCode = value |
---|
1407 | |
---|
1408 | value = property(fget=_getStatusCode, |
---|
1409 | fset=_setStatusCode, |
---|
1410 | doc="Child Status code") |
---|
1411 | |
---|
1412 | def _getValue(self): |
---|
1413 | return self.__value |
---|
1414 | |
---|
1415 | def _setValue(self, value): |
---|
1416 | if not isinstance(value, basestring): |
---|
1417 | raise TypeError("\"value\" must be a basestring derived type, " |
---|
1418 | "got %r" % value.__class__) |
---|
1419 | |
---|
1420 | self.__value = value |
---|
1421 | |
---|
1422 | value = property(fget=_getValue, fset=_setValue, doc="Status code value") |
---|
1423 | |
---|
1424 | def _getQName(self): |
---|
1425 | return self.__qname |
---|
1426 | |
---|
1427 | def _setQName(self, value): |
---|
1428 | if not isinstance(value, QName): |
---|
1429 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1430 | "got %r" % (QName, type(value))) |
---|
1431 | |
---|
1432 | self.__qname = value |
---|
1433 | |
---|
1434 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
1435 | |
---|
1436 | |
---|
1437 | class Status(SAMLObject): |
---|
1438 | '''SAML 2.0 Core Status''' |
---|
1439 | |
---|
1440 | # Local Name of Status. |
---|
1441 | DEFAULT_ELEMENT_LOCAL_NAME = "Status" |
---|
1442 | |
---|
1443 | # Default element name. |
---|
1444 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1445 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
1446 | SAMLConstants.SAML20P_PREFIX) |
---|
1447 | |
---|
1448 | # Local name of the XSI type. |
---|
1449 | TYPE_LOCAL_NAME = "StatusType" |
---|
1450 | |
---|
1451 | # QName of the XSI type. |
---|
1452 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1453 | TYPE_LOCAL_NAME, |
---|
1454 | SAMLConstants.SAML20P_PREFIX) |
---|
1455 | |
---|
1456 | def __init__(self): |
---|
1457 | # StatusCode element. |
---|
1458 | self.__statusCode = None |
---|
1459 | |
---|
1460 | # StatusMessage element. |
---|
1461 | self.__statusMessage = None |
---|
1462 | |
---|
1463 | # StatusDetail element. |
---|
1464 | self.__statusDetail = None |
---|
1465 | |
---|
1466 | self.__qname = QName(Status.DEFAULT_ELEMENT_NAME.namespaceURI, |
---|
1467 | Status.DEFAULT_ELEMENT_NAME.localPart, |
---|
1468 | Status.DEFAULT_ELEMENT_NAME.prefix) |
---|
1469 | |
---|
1470 | def _getQName(self): |
---|
1471 | return self.__qname |
---|
1472 | |
---|
1473 | def _setQName(self, value): |
---|
1474 | if not isinstance(value, QName): |
---|
1475 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1476 | "got %r" % (QName, type(value))) |
---|
1477 | |
---|
1478 | self.__qname = value |
---|
1479 | |
---|
1480 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
1481 | |
---|
1482 | def _getStatusCode(self): |
---|
1483 | ''' |
---|
1484 | Gets the Code of this Status. |
---|
1485 | |
---|
1486 | @return Status StatusCode |
---|
1487 | ''' |
---|
1488 | return self.__statusCode |
---|
1489 | |
---|
1490 | def _setStatusCode(self, value): |
---|
1491 | ''' |
---|
1492 | Sets the Code of this Status. |
---|
1493 | |
---|
1494 | @param newStatusCode the Code of this Status |
---|
1495 | ''' |
---|
1496 | if not isinstance(value, StatusCode): |
---|
1497 | raise TypeError('"statusCode" must be a %r derived type, ' |
---|
1498 | "got %r" % (StatusCode, type(value))) |
---|
1499 | |
---|
1500 | self.__statusCode = value |
---|
1501 | |
---|
1502 | statusCode = property(fget=_getStatusCode, |
---|
1503 | fset=_setStatusCode, |
---|
1504 | doc="status code object") |
---|
1505 | |
---|
1506 | def _getStatusMessage(self): |
---|
1507 | ''' |
---|
1508 | Gets the Message of this Status. |
---|
1509 | |
---|
1510 | @return Status StatusMessage |
---|
1511 | ''' |
---|
1512 | return self.__statusMessage |
---|
1513 | |
---|
1514 | def _setStatusMessage(self, value): |
---|
1515 | ''' |
---|
1516 | Sets the Message of this Status. |
---|
1517 | |
---|
1518 | @param newStatusMessage the Message of this Status |
---|
1519 | ''' |
---|
1520 | if not isinstance(value, basestring): |
---|
1521 | raise TypeError('"statusMessage" must be a %r derived type, ' |
---|
1522 | "got %r" % (basestring, type(value))) |
---|
1523 | |
---|
1524 | self.__statusMessage = value |
---|
1525 | |
---|
1526 | statusMessage = property(fget=_getStatusMessage, |
---|
1527 | fset=_setStatusMessage, |
---|
1528 | doc="status message") |
---|
1529 | |
---|
1530 | def _getStatusDetail(self): |
---|
1531 | ''' |
---|
1532 | Gets the Detail of this Status. |
---|
1533 | |
---|
1534 | @return Status StatusDetail |
---|
1535 | ''' |
---|
1536 | return self.__statusDetail |
---|
1537 | |
---|
1538 | def _setStatusDetail(self, value): |
---|
1539 | ''' |
---|
1540 | Sets the Detail of this Status. |
---|
1541 | |
---|
1542 | @param newStatusDetail the Detail of this Status |
---|
1543 | ''' |
---|
1544 | self.__statusDetail = value |
---|
1545 | |
---|
1546 | statusDetail = property(fget=_getStatusDetail, |
---|
1547 | fset=_setStatusDetail, |
---|
1548 | doc="status message") |
---|
1549 | |
---|
1550 | |
---|
1551 | class RequestAbstractType(SAMLObject): |
---|
1552 | '''SAML 2.0 Core RequestAbstractType''' |
---|
1553 | |
---|
1554 | # Local name of the XSI type. |
---|
1555 | TYPE_LOCAL_NAME = "RequestAbstractType" |
---|
1556 | |
---|
1557 | # QName of the XSI type. |
---|
1558 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1559 | TYPE_LOCAL_NAME, |
---|
1560 | SAMLConstants.SAML20P_PREFIX) |
---|
1561 | |
---|
1562 | # ID attribute name. |
---|
1563 | ID_ATTRIB_NAME = "ID" |
---|
1564 | |
---|
1565 | # Version attribute name. |
---|
1566 | VERSION_ATTRIB_NAME = "Version" |
---|
1567 | |
---|
1568 | # IssueInstant attribute name. |
---|
1569 | ISSUE_INSTANT_ATTRIB_NAME = "IssueInstant" |
---|
1570 | |
---|
1571 | # Destination attribute name. |
---|
1572 | DESTINATION_ATTRIB_NAME = "Destination" |
---|
1573 | |
---|
1574 | # Consent attribute name. |
---|
1575 | CONSENT_ATTRIB_NAME = "Consent" |
---|
1576 | |
---|
1577 | # Unspecified consent URI. |
---|
1578 | UNSPECIFIED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified" |
---|
1579 | |
---|
1580 | # Obtained consent URI. |
---|
1581 | OBTAINED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:obtained" |
---|
1582 | |
---|
1583 | # Prior consent URI. |
---|
1584 | PRIOR_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:prior" |
---|
1585 | |
---|
1586 | # Implicit consent URI. |
---|
1587 | IMPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:implicit" |
---|
1588 | |
---|
1589 | # Explicit consent URI. |
---|
1590 | EXPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:explicit" |
---|
1591 | |
---|
1592 | # Unavailable consent URI. |
---|
1593 | UNAVAILABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unavailable" |
---|
1594 | |
---|
1595 | # Inapplicable consent URI. |
---|
1596 | INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable" |
---|
1597 | |
---|
1598 | def __init__(self): |
---|
1599 | # SAML Version of the request. |
---|
1600 | self.__version = None |
---|
1601 | |
---|
1602 | # Unique identifier of the request. |
---|
1603 | self.__id = None |
---|
1604 | |
---|
1605 | # Date/time request was issued. |
---|
1606 | self.__issueInstant = None |
---|
1607 | |
---|
1608 | # URI of the request destination. |
---|
1609 | self.__destination = None |
---|
1610 | |
---|
1611 | # URI of the SAML user consent type. |
---|
1612 | self.__consent = None |
---|
1613 | |
---|
1614 | # URI of the SAML user consent type. |
---|
1615 | self.__issuer = None |
---|
1616 | |
---|
1617 | # Extensions child element. |
---|
1618 | self.__extensions = None |
---|
1619 | |
---|
1620 | def _get_version(self): |
---|
1621 | '''@return the SAML Version of this assertion. |
---|
1622 | ''' |
---|
1623 | return self.__version |
---|
1624 | |
---|
1625 | def _set_version(self, version): |
---|
1626 | '''@param version the SAML Version of this assertion |
---|
1627 | ''' |
---|
1628 | if not isinstance(version, SAMLVersion): |
---|
1629 | raise TypeError("Expecting SAMLVersion type got: %r" % |
---|
1630 | version.__class__) |
---|
1631 | |
---|
1632 | self.__version = version |
---|
1633 | |
---|
1634 | version = property(fget=_get_version, |
---|
1635 | fset=_set_version, |
---|
1636 | doc="SAML Version of the assertion") |
---|
1637 | |
---|
1638 | def _get_issueInstant(self): |
---|
1639 | '''Gets the date/time the request was issued |
---|
1640 | |
---|
1641 | @return the issue instance of this request''' |
---|
1642 | return self.__issueInstant |
---|
1643 | |
---|
1644 | def _set_issueInstant(self, value): |
---|
1645 | '''Sets the date/time the request was issued |
---|
1646 | |
---|
1647 | @param value the issue instance of this request |
---|
1648 | ''' |
---|
1649 | if not isinstance(value, datetime): |
---|
1650 | raise TypeError('Expecting "datetime" type for "issueInstant", ' |
---|
1651 | 'got %r' % type(value)) |
---|
1652 | |
---|
1653 | self.__issueInstant = value |
---|
1654 | |
---|
1655 | issueInstant = property(fget=_get_issueInstant, |
---|
1656 | fset=_set_issueInstant, |
---|
1657 | doc="Issue instant of the request") |
---|
1658 | |
---|
1659 | def _get_id(self): |
---|
1660 | '''Sets the unique identifier for this request. |
---|
1661 | |
---|
1662 | @return the ID of this request |
---|
1663 | ''' |
---|
1664 | return self.__id |
---|
1665 | |
---|
1666 | def _set_id(self, value): |
---|
1667 | '''Sets the unique identifier for this request |
---|
1668 | |
---|
1669 | @param newID the ID of this assertion |
---|
1670 | ''' |
---|
1671 | if not isinstance(value, basestring): |
---|
1672 | raise TypeError('Expecting basestring derived type for "id", got ' |
---|
1673 | '%r' % type(value)) |
---|
1674 | self.__id = value |
---|
1675 | |
---|
1676 | id = property(fget=_get_id, fset=_set_id, doc="ID of request") |
---|
1677 | |
---|
1678 | def _get_destination(self): |
---|
1679 | '''Gets the URI of the destination of the request. |
---|
1680 | |
---|
1681 | @return the URI of the destination of the request |
---|
1682 | ''' |
---|
1683 | return self.__destination |
---|
1684 | |
---|
1685 | def _set_destination(self, value): |
---|
1686 | '''Sets the URI of the destination of the request. |
---|
1687 | |
---|
1688 | @param newDestination the URI of the destination of the request''' |
---|
1689 | if not isinstance(value, basestring): |
---|
1690 | raise TypeError('Expecting basestring derived type for ' |
---|
1691 | '"destination", got %r' % type(value)) |
---|
1692 | self.__destination = value |
---|
1693 | |
---|
1694 | destination = property(fget=_get_destination, |
---|
1695 | fset=_set_destination, |
---|
1696 | doc="Destination of request") |
---|
1697 | |
---|
1698 | def _get_consent(self): |
---|
1699 | '''Gets the consent obtained from the principal for sending this |
---|
1700 | request. |
---|
1701 | |
---|
1702 | @return: the consent obtained from the principal for sending this |
---|
1703 | request |
---|
1704 | ''' |
---|
1705 | return self.__consent |
---|
1706 | |
---|
1707 | def _set_consent(self, value): |
---|
1708 | '''Sets the consent obtained from the principal for sending this |
---|
1709 | request. |
---|
1710 | |
---|
1711 | @param value: the new consent obtained from the principal for |
---|
1712 | sending this request |
---|
1713 | ''' |
---|
1714 | if not isinstance(value, basestring): |
---|
1715 | raise TypeError('Expecting basestring derived type for "consent", ' |
---|
1716 | 'got %r' % type(value)) |
---|
1717 | self.__consent = value |
---|
1718 | |
---|
1719 | consent = property(fget=_get_consent, |
---|
1720 | fset=_set_consent, |
---|
1721 | doc="Consent for request") |
---|
1722 | |
---|
1723 | def _set_issuer(self, issuer): |
---|
1724 | """Set issuer of request""" |
---|
1725 | if not isinstance(issuer, Issuer): |
---|
1726 | raise TypeError('"issuer" must be a %r, got %r' % (Issuer, |
---|
1727 | type(issuer))) |
---|
1728 | |
---|
1729 | self.__issuer = issuer |
---|
1730 | |
---|
1731 | def _get_issuer(self): |
---|
1732 | """Get the issuer name """ |
---|
1733 | return self.__issuer |
---|
1734 | |
---|
1735 | issuer = property(fget=_get_issuer, |
---|
1736 | fset=_set_issuer, |
---|
1737 | doc="Issuer of request") |
---|
1738 | |
---|
1739 | def _get_extensions(self): |
---|
1740 | '''Gets the Extensions of this request. |
---|
1741 | |
---|
1742 | @return: the Status of this request |
---|
1743 | ''' |
---|
1744 | return self.__extensions |
---|
1745 | |
---|
1746 | def _set_extensions(self, value): |
---|
1747 | '''Sets the Extensions of this request. |
---|
1748 | |
---|
1749 | @param value: the Extensions of this request |
---|
1750 | ''' |
---|
1751 | self.__extensions = value |
---|
1752 | |
---|
1753 | extensions = property(fget=_get_extensions, |
---|
1754 | fset=_set_extensions, |
---|
1755 | doc="Request extensions") |
---|
1756 | |
---|
1757 | |
---|
1758 | class SubjectQuery(RequestAbstractType): |
---|
1759 | """SAML 2.0 Core Subject Query type""" |
---|
1760 | |
---|
1761 | def __init__(self): |
---|
1762 | self.__subject = None |
---|
1763 | |
---|
1764 | def _getSubject(self): |
---|
1765 | '''Gets the Subject of this request. |
---|
1766 | |
---|
1767 | @return the Subject of this request''' |
---|
1768 | return self.__subject |
---|
1769 | |
---|
1770 | def _setSubject(self, value): |
---|
1771 | '''Sets the Subject of this request. |
---|
1772 | |
---|
1773 | @param newSubject the Subject of this request''' |
---|
1774 | if not isinstance(value, Subject): |
---|
1775 | raise TypeError('Setting "subject", got %r, expecting %r' % |
---|
1776 | (Subject, type(value))) |
---|
1777 | |
---|
1778 | self.__subject = value |
---|
1779 | |
---|
1780 | subject = property(fget=_getSubject, fset=_setSubject, doc="Query subject") |
---|
1781 | |
---|
1782 | |
---|
1783 | class AttributeQuery(SubjectQuery): |
---|
1784 | '''SAML 2.0 AttributeQuery''' |
---|
1785 | |
---|
1786 | # Element local name. |
---|
1787 | DEFAULT_ELEMENT_LOCAL_NAME = "AttributeQuery" |
---|
1788 | |
---|
1789 | # Default element name. |
---|
1790 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1791 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
1792 | SAMLConstants.SAML20P_PREFIX) |
---|
1793 | |
---|
1794 | # Local name of the XSI type. |
---|
1795 | TYPE_LOCAL_NAME = "AttributeQueryType" |
---|
1796 | |
---|
1797 | # QName of the XSI type. |
---|
1798 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1799 | TYPE_LOCAL_NAME, |
---|
1800 | SAMLConstants.SAML20P_PREFIX) |
---|
1801 | |
---|
1802 | def __init__(self): |
---|
1803 | self.__attributes = TypedList(Attribute) |
---|
1804 | |
---|
1805 | def _getAttributes(self): |
---|
1806 | '''Gets the Attributes of this query. |
---|
1807 | |
---|
1808 | @return the list of Attributes of this query''' |
---|
1809 | return self.__attributes |
---|
1810 | |
---|
1811 | def _setAttributes(self, value): |
---|
1812 | self.__attributes = value |
---|
1813 | |
---|
1814 | attributes = property(fget=_getAttributes, |
---|
1815 | fset=_setAttributes, |
---|
1816 | doc="Attributes") |
---|
1817 | |
---|
1818 | |
---|
1819 | class StatusResponseType(SAMLObject): |
---|
1820 | '''SAML 2.0 Core Status Response Type |
---|
1821 | ''' |
---|
1822 | |
---|
1823 | # Local name of the XSI type. |
---|
1824 | TYPE_LOCAL_NAME = "StatusResponseType" |
---|
1825 | |
---|
1826 | # QName of the XSI type. |
---|
1827 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
1828 | TYPE_LOCAL_NAME, |
---|
1829 | SAMLConstants.SAML20P_PREFIX) |
---|
1830 | |
---|
1831 | # ID attribute name |
---|
1832 | ID_ATTRIB_NAME = "ID" |
---|
1833 | |
---|
1834 | # InResponseTo attribute name |
---|
1835 | IN_RESPONSE_TO_ATTRIB_NAME = "InResponseTo" |
---|
1836 | |
---|
1837 | # Version attribute name |
---|
1838 | VERSION_ATTRIB_NAME = "Version" |
---|
1839 | |
---|
1840 | # IssueInstant attribute name |
---|
1841 | ISSUE_INSTANT_ATTRIB_NAME = "IssueInstant" |
---|
1842 | |
---|
1843 | # Destination attribute name |
---|
1844 | DESTINATION_ATTRIB_NAME = "Destination" |
---|
1845 | |
---|
1846 | # Consent attribute name. |
---|
1847 | CONSENT_ATTRIB_NAME = "Consent" |
---|
1848 | |
---|
1849 | # Unspecified consent URI |
---|
1850 | UNSPECIFIED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified" |
---|
1851 | |
---|
1852 | # Obtained consent URI |
---|
1853 | OBTAINED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:obtained" |
---|
1854 | |
---|
1855 | # Prior consent URI |
---|
1856 | PRIOR_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:prior" |
---|
1857 | |
---|
1858 | # Implicit consent URI |
---|
1859 | IMPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:implicit" |
---|
1860 | |
---|
1861 | # Explicit consent URI |
---|
1862 | EXPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:explicit" |
---|
1863 | |
---|
1864 | # Unavailable consent URI |
---|
1865 | UNAVAILABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unavailable" |
---|
1866 | |
---|
1867 | # Inapplicable consent URI |
---|
1868 | INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable" |
---|
1869 | |
---|
1870 | def __init__(self): |
---|
1871 | self.__qname = None |
---|
1872 | |
---|
1873 | self.__version = SAMLVersion(SAMLVersion.VERSION_20) |
---|
1874 | self.__id = None |
---|
1875 | self.__inResponseTo = None |
---|
1876 | self.__issueInstant = None |
---|
1877 | self.__destination = None |
---|
1878 | self.__consent = None |
---|
1879 | self.__issuer = None |
---|
1880 | self.__status = None |
---|
1881 | self.__extensions = None |
---|
1882 | |
---|
1883 | def _getQName(self): |
---|
1884 | return self.__qname |
---|
1885 | |
---|
1886 | def _setQName(self, value): |
---|
1887 | if not isinstance(value, QName): |
---|
1888 | raise TypeError("\"qname\" must be a %r derived type, " |
---|
1889 | "got %r" % (QName, type(value))) |
---|
1890 | |
---|
1891 | self.__qname = value |
---|
1892 | |
---|
1893 | qname = property(fget=_getQName, fset=_setQName, doc="qualified name") |
---|
1894 | |
---|
1895 | def _get_version(self): |
---|
1896 | '''@return the SAML Version of this response. |
---|
1897 | ''' |
---|
1898 | return self.__version |
---|
1899 | |
---|
1900 | def _set_version(self, version): |
---|
1901 | '''@param version the SAML Version of this response |
---|
1902 | ''' |
---|
1903 | if not isinstance(version, SAMLVersion): |
---|
1904 | raise TypeError("Expecting SAMLVersion type got: %r" % |
---|
1905 | version.__class__) |
---|
1906 | |
---|
1907 | self.__version = version |
---|
1908 | |
---|
1909 | version = property(fget=_get_version, |
---|
1910 | fset=_set_version, |
---|
1911 | doc="SAML Version of the response") |
---|
1912 | |
---|
1913 | def _get_id(self): |
---|
1914 | '''Sets the ID of this response. |
---|
1915 | |
---|
1916 | @return the ID of this response |
---|
1917 | ''' |
---|
1918 | return self.__id |
---|
1919 | |
---|
1920 | def _set_id(self, value): |
---|
1921 | '''Sets the ID of this response. |
---|
1922 | |
---|
1923 | @param value: the ID of this response |
---|
1924 | ''' |
---|
1925 | if not isinstance(value, basestring): |
---|
1926 | raise TypeError('Expecting basestring derived type for "id", got ' |
---|
1927 | '%r' % type(value)) |
---|
1928 | self.__id = value |
---|
1929 | |
---|
1930 | id = property(fget=_get_id, fset=_set_id, doc="ID of response") |
---|
1931 | |
---|
1932 | def _getInResponseTo(self): |
---|
1933 | '''Get the unique request identifier for which this is a response |
---|
1934 | |
---|
1935 | @return value: the unique identifier of the originating |
---|
1936 | request |
---|
1937 | ''' |
---|
1938 | return self.__inResponseTo |
---|
1939 | |
---|
1940 | def _setInResponseTo(self, value): |
---|
1941 | '''Set the unique request identifier for which this is a response |
---|
1942 | |
---|
1943 | @param value: the unique identifier of the originating |
---|
1944 | request |
---|
1945 | ''' |
---|
1946 | if not isinstance(value, basestring): |
---|
1947 | raise TypeError('Expecting basestring derived type for ' |
---|
1948 | '"inResponseTo", got %r' % type(value)) |
---|
1949 | self.__inResponseTo = value |
---|
1950 | |
---|
1951 | inResponseTo = property(fget=_getInResponseTo, |
---|
1952 | fset=_setInResponseTo, |
---|
1953 | doc="unique request identifier for which this is " |
---|
1954 | "a response") |
---|
1955 | |
---|
1956 | def _get_issueInstant(self): |
---|
1957 | '''Gets the issue instance of this response. |
---|
1958 | |
---|
1959 | @return the issue instance of this response''' |
---|
1960 | return self.__issueInstant |
---|
1961 | |
---|
1962 | def _set_issueInstant(self, issueInstant): |
---|
1963 | '''Sets the issue instance of this response. |
---|
1964 | |
---|
1965 | @param newIssueInstance the issue instance of this response |
---|
1966 | ''' |
---|
1967 | if not isinstance(issueInstant, datetime): |
---|
1968 | raise TypeError('Expecting "datetime" type for "issueInstant", ' |
---|
1969 | 'got %r' % issueInstant.__class__) |
---|
1970 | |
---|
1971 | self.__issueInstant = issueInstant |
---|
1972 | |
---|
1973 | issueInstant = property(fget=_get_issueInstant, |
---|
1974 | fset=_set_issueInstant, |
---|
1975 | doc="Issue instant of the response") |
---|
1976 | |
---|
1977 | def _get_destination(self): |
---|
1978 | '''Gets the URI of the destination of the response. |
---|
1979 | |
---|
1980 | @return the URI of the destination of the response |
---|
1981 | ''' |
---|
1982 | return self.__destination |
---|
1983 | |
---|
1984 | def _set_destination(self, value): |
---|
1985 | '''Sets the URI of the destination of the response. |
---|
1986 | |
---|
1987 | @param value: the URI of the destination of the response''' |
---|
1988 | if not isinstance(value, basestring): |
---|
1989 | raise TypeError('Expecting basestring derived type for ' |
---|
1990 | '"destination", got %r' % type(value)) |
---|
1991 | self.__destination = value |
---|
1992 | |
---|
1993 | destination = property(fget=_get_destination, |
---|
1994 | fset=_set_destination, |
---|
1995 | doc="Destination of response") |
---|
1996 | |
---|
1997 | def _get_consent(self): |
---|
1998 | '''Gets the consent obtained from the principal for sending this |
---|
1999 | response. |
---|
2000 | |
---|
2001 | @return: the consent obtained from the principal for sending this |
---|
2002 | response |
---|
2003 | ''' |
---|
2004 | return self.__consent |
---|
2005 | |
---|
2006 | def _set_consent(self, value): |
---|
2007 | '''Sets the consent obtained from the principal for sending this |
---|
2008 | response. |
---|
2009 | |
---|
2010 | @param value: the new consent obtained from the principal for |
---|
2011 | sending this response |
---|
2012 | ''' |
---|
2013 | if not isinstance(value, basestring): |
---|
2014 | raise TypeError('Expecting basestring derived type for "consent", ' |
---|
2015 | 'got %r' % type(value)) |
---|
2016 | self.__consent = value |
---|
2017 | |
---|
2018 | consent = property(fget=_get_consent, |
---|
2019 | fset=_set_consent, |
---|
2020 | doc="Consent for response") |
---|
2021 | |
---|
2022 | def _set_issuer(self, issuer): |
---|
2023 | """Set issuer of response""" |
---|
2024 | if not isinstance(issuer, Issuer): |
---|
2025 | raise TypeError('"issuer" must be a %r, got %r' % (Issuer, |
---|
2026 | type(issuer))) |
---|
2027 | self.__issuer = issuer |
---|
2028 | |
---|
2029 | def _get_issuer(self): |
---|
2030 | """Get the issuer name """ |
---|
2031 | return self.__issuer |
---|
2032 | |
---|
2033 | issuer = property(fget=_get_issuer, |
---|
2034 | fset=_set_issuer, |
---|
2035 | doc="Issuer of response") |
---|
2036 | |
---|
2037 | def _getStatus(self): |
---|
2038 | '''Gets the Status of this response. |
---|
2039 | |
---|
2040 | @return the Status of this response |
---|
2041 | ''' |
---|
2042 | return self.__status |
---|
2043 | |
---|
2044 | def _setStatus(self, value): |
---|
2045 | '''Sets the Status of this response. |
---|
2046 | |
---|
2047 | @param newStatus the Status of this response |
---|
2048 | ''' |
---|
2049 | if not isinstance(value, Status): |
---|
2050 | raise TypeError('"status" must be a %r, got %r' % (Status, |
---|
2051 | type(value))) |
---|
2052 | self.__status = value |
---|
2053 | |
---|
2054 | status = property(fget=_getStatus, fset=_setStatus, doc="Response status") |
---|
2055 | |
---|
2056 | def _get_extensions(self): |
---|
2057 | '''Gets the Extensions of this response. |
---|
2058 | |
---|
2059 | @return: the Status of this response |
---|
2060 | ''' |
---|
2061 | return self.__extensions |
---|
2062 | |
---|
2063 | def _set_extensions(self, value): |
---|
2064 | '''Sets the Extensions of this response. |
---|
2065 | |
---|
2066 | @param value: the Extensions of this response |
---|
2067 | ''' |
---|
2068 | if not isinstance(value, (list, tuple)): |
---|
2069 | raise TypeError('Expecting list or tuple for "extensions", got %r' |
---|
2070 | % type(value)) |
---|
2071 | self.__extensions = value |
---|
2072 | |
---|
2073 | extensions = property(fget=_get_extensions, |
---|
2074 | fset=_set_extensions, |
---|
2075 | doc="Response extensions") |
---|
2076 | |
---|
2077 | |
---|
2078 | class Response(StatusResponseType): |
---|
2079 | '''SAML2 Core Response''' |
---|
2080 | |
---|
2081 | # Element local name. |
---|
2082 | DEFAULT_ELEMENT_LOCAL_NAME = "Response" |
---|
2083 | |
---|
2084 | # Default element name. |
---|
2085 | DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
2086 | DEFAULT_ELEMENT_LOCAL_NAME, |
---|
2087 | SAMLConstants.SAML20P_PREFIX) |
---|
2088 | |
---|
2089 | # Local name of the XSI type. |
---|
2090 | TYPE_LOCAL_NAME = "ResponseType" |
---|
2091 | |
---|
2092 | # QName of the XSI type. |
---|
2093 | TYPE_NAME = QName(SAMLConstants.SAML20P_NS, |
---|
2094 | TYPE_LOCAL_NAME, |
---|
2095 | SAMLConstants.SAML20P_PREFIX) |
---|
2096 | |
---|
2097 | def __init__(self): |
---|
2098 | '''''' |
---|
2099 | super(Response, self).__init__() |
---|
2100 | |
---|
2101 | # Assertion child elements |
---|
2102 | self.__indexedChildren = [] |
---|
2103 | |
---|
2104 | def _getAssertions(self): |
---|
2105 | return self.__indexedChildren |
---|
2106 | |
---|
2107 | assertions = property(fget=_getAssertions, |
---|
2108 | doc="Assertions contained in this response") |
---|