source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/attributeauthority/saml/test_samlinterface.py @ 5510

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/attributeauthority/saml/test_samlinterface.py@5510
Revision 5510, 6.5 KB checked in by pjkersha, 11 years ago (diff)

Working SAML Assertion code with ESG specific Group/Role? attributes

Line 
1"""Attribute Authority SAML Interface unit test package
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "21/07/09"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id$'
11import logging
12logging.basicConfig(level=logging.DEBUG)
13   
14from datetime import datetime
15import base64 
16import os
17from uuid import uuid4
18
19from ndg.security.test.unit import BaseTestCase
20
21from ndg.security.common.saml import Assertion, Attribute, AttributeValue, \
22    AttributeStatement, SAMLVersion, XSStringAttributeValue, \
23    XSGroupRoleAttributeValue
24from ndg.security.common.saml.xml import XMLConstants
25from ndg.security.common.saml.xml.etree import AssertionETreeObject, \
26    XSGroupRoleAttributeValueETreeObject
27
28class Request(object):
29    pass
30
31class Response(object):
32    pass
33
34class AttributeQuery(object):
35    pass
36
37
38class SamlAttributeAuthorityInterfaceTestCase(BaseTestCase):
39    thisDir = os.path.dirname(os.path.abspath(__file__))
40   
41    def test01(self):
42        samlUtil = SamlUtil()
43       
44        # ESG core attributes
45        samlUtil.firstName = "Philip"
46        samlUtil.lastName = "Kershaw"
47        samlUtil.emailAddress = "p.j.k@somewhere"
48       
49        # BADC specific attributes
50        badcRoleList = (
51            'urn:badc:security:authz:1.0:attr:rapid', 
52            'urn:badc:security:authz:1.0:attr:coapec', 
53            'urn:badc:security:authz:1.0:attr:midas', 
54            'urn:badc:security:authz:1.0:attr:quest', 
55            'urn:badc:security:authz:1.0:attr:staff'
56        )
57        for role in badcRoleList:
58            samlUtil.addAttribute("urn:badc:security:authz:1.0:attr", role)
59       
60        # ESG Group/Role type list
61        esgGroupRoleList = (
62            ("ESG-NCAR", "admin"),
63            ("ESG-PCMDI", "testUser"),
64        )
65        for group, role in esgGroupRoleList:
66            samlUtil.addGroupRole(group, role)
67       
68        # Make an assertion object
69        assertion = samlUtil.buildAssertion()
70       
71        # Create XML rendering class using the ElementTree implementation
72        assertionETreeObject = AssertionETreeObject()
73       
74        # Add mapping for ESG Group/Role Attribute Value to enable ElementTree
75        # Attribute Value factory to render the XML output
76        attributeValueETreeObjectClassMap = {
77            XSGroupRoleAttributeValue: XSGroupRoleAttributeValueETreeObject           
78        }
79       
80        # Create ElementTree Assertion Element
81        assertionElem = assertionETreeObject.create(assertion,
82                            customClassMap=attributeValueETreeObjectClassMap)
83       
84        # Serialise to output
85        print(assertionETreeObject.prettyPrint())
86
87
88class SamlUtil(object):
89    def __init__(self):
90        self.__initialized = False
91   
92        self.firstName = None
93        self.lastName = None
94        self.emailAddress = None
95       
96        self.__groupRoleList = []
97        self.__miscAttrList = []
98
99    def addGroupRole(self, group, role):
100        self.__groupRoleList.append((group, role))
101   
102    def addAttribute(self, name, value):
103        self.__miscAttrList.append((name, value))
104
105    def buildAssertion(self):
106   
107        assertion = Assertion()
108        assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
109        assertion.id = str(uuid4())
110        assertion.issueInstant = datetime.utcnow()
111
112        attributeStatement = AttributeStatement()
113
114        if self.firstName is not None:   
115            # special case handling for 'FirstName' attribute
116            fnAttribute = Attribute()
117            fnAttribute.name = "urn:esg:first:name"
118            fnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
119            fnAttribute.friendlyName = "FirstName"
120
121            firstName = XSStringAttributeValue()
122            firstName.value = self.firstName
123            fnAttribute.attributeValues.append(firstName)
124
125            attributeStatement.attributes.append(fnAttribute)
126       
127
128        if self.lastName is not None:
129            # special case handling for 'LastName' attribute
130            lnAttribute = Attribute()
131            lnAttribute.name = "urn:esg:last:name"
132            lnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
133            lnAttribute.friendlyName = "LastName"
134
135            lastName = XSStringAttributeValue()
136            lastName.value = self.lastName
137            lnAttribute.attributeValues.append(lastName)
138
139            attributeStatement.attributes.append(lnAttribute)
140       
141
142        if self.emailAddress is not None:
143            # special case handling for 'LastName' attribute
144            emailAddressAttribute = Attribute()
145            emailAddressAttribute.name = "urn:esg:email:address"
146            emailAddressAttribute.nameFormat = XMLConstants.XSD_NS+"#"+\
147                                        XSStringAttributeValue.TYPE_LOCAL_NAME
148            emailAddressAttribute.friendlyName = "emailAddress"
149
150            emailAddress = XSStringAttributeValue()
151            emailAddress.value = self.emailAddress
152            emailAddressAttribute.attributeValues.append(emailAddress)
153
154            attributeStatement.attributes.append(emailAddressAttribute)
155       
156        if len(self.__groupRoleList) > 0:
157            # custom group/role attribute to be added to attr statement
158            groupRoleAttribute = Attribute()
159            groupRoleAttribute.name = "GroupRole"
160            groupRoleAttribute.nameFormat = \
161                                    XSGroupRoleAttributeValue.TYPE_LOCAL_NAME
162
163            for group, role in self.__groupRoleList:
164                groupRole = XSGroupRoleAttributeValue()
165                groupRole.group = group
166                groupRole.role = role
167
168                groupRoleAttribute.attributeValues.append(groupRole)
169           
170            attributeStatement.attributes.append(groupRoleAttribute)
171       
172        for name, value in self.__miscAttrList:
173            attribute = Attribute()
174            attribute.name = name
175            attribute.nameFormat="http://www.w3.org/2001/XMLSchema#string"
176
177            stringAttributeValue = XSStringAttributeValue()
178            stringAttributeValue.value = value
179            attribute.attributeValues.append(stringAttributeValue)
180
181            # add all attributes to the attribute statement                                                                                                   
182            attributeStatement.attributes.append(attribute)
183           
184        assertion.attributeStatements.append(attributeStatement)
185        return assertion
186   
187
Note: See TracBrowser for help on using the repository browser.