source: security/trunk/python/NDG/AttAuthorityIO.py @ 540

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/security/trunk/python/NDG/AttAuthorityIO.py@540
Revision 540, 8.2 KB checked in by pjkersha, 14 years ago (diff)

AttAuthorityIO.py: AuthorisationResp? class - format XML 'manually' rather
than using ElementTree as it adds in ns0 namespace qualifies which then
invalidate the digital signature.

CredWallet?.py: reqAuthorisation - set attCert CA certificate for
signature check using 'attCert.certFilePathList = ...'

SessionMgrIO.py: AuthorisationResp? - replace ElementTree formatting as in
AttAuthorityIO.AuthorisationResp?.

XMLSecDoc.py: isValidSig method - check setCertFilePathList is set
Changed property filePathList -> certFilePathList.

attAuthority_services_server.py: pass attCert as is to AuthorisationResp?
initialisation - no need to cast to str.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1"""NDG Attribute Authority Web Services helper classes for I/O between client
2and server
3
4NERC Data Grid Project
5
6P J Kershaw 14/12/05
7
8Copyright (C) 2005 CCLRC & NERC
9
10This software may be distributed under the terms of the Q Public License,
11version 1.0 or later.
12"""
13
14cvsID = '$Id$'
15       
16from XMLMsg import *
17
18# For use with AuthorisationResp class
19from AttCert import *
20
21#_____________________________________________________________________________
22class AuthorisationReqError(XMLMsgError):   
23    """Exception handling for NDG AttAuthority WS authorisation request class.
24    """
25    pass
26
27
28#_____________________________________________________________________________
29class AuthorisationReq(XMLMsg):
30    """For client to Attribute Authority WS reqAuthorisation(): formats inputs
31    for request into XML and encrypts.
32   
33    Attribute Authority enables decryption of result"""
34   
35    # Override base class class variables
36    xmlTagTmpl = {  "proxyCert":    "",
37                    "userAttCert":  "",
38                    "clntCert":     ""    }
39                   
40    xmlMandTags = ["proxyCert"]
41
42
43#_____________________________________________________________________________
44class AuthorisationRespError(XMLMsgError):   
45    """Exception handling for NDG AttAuthority WS connect response class."""
46    pass
47
48
49#_____________________________________________________________________________
50class AuthorisationResp(XMLMsg):
51    """For client to Attribute Authority WS reqAuthorisation(): formats
52    authorisation response from AttAuthority.
53   
54    For client, enables decryption of response"""
55   
56    # Override base class class variables
57    xmlTagTmpl = {  "credential":        "",
58                    "statCode":          "",
59                    "errMsg":            ""    }
60
61    xmlMandTags = ["statCode"]
62   
63    accessGranted = 'AccessGranted'   
64    accessDenied = 'AccessDenied'
65    accessError = 'AccessError'
66
67
68    def __init__(self, **xmlMsgKeys):
69        """XML for receiving output from Attribute Authority authorisation
70        call
71       
72        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
73                       input as keywords then 'errMsg' or 'statCode'
74                       must be set.
75        """       
76       
77        # Allow credentials to be accessed like dictionary keys
78        super(self.__class__, self).__init__(**xmlMsgKeys)
79       
80        if 'credential' not in self and 'errMsg' not in self:
81            raise AuthorisationRespError(\
82                                'Expecting "credential" or "errMsg" keywords')
83                               
84                               
85    #_________________________________________________________________________
86    def update(self, credential=None, **xmlTags):
87        """Override base class implementation to include extra code
88        to allow setting of extAttCertList tag"""
89
90        if credential is not None:
91            if isinstance(credential, basestring):
92                attCert = AttCertParse(credential)
93           
94            elif isinstance(credential, AttCert):
95                attCert = credential
96            else:
97                raise TypeError(\
98                    "credential keyword must contain string or AttCert type")
99                       
100        else:
101            attCert = None
102               
103        # Call super class update with revised attribute certificate list
104        super(self.__class__, self).update(credential=attCert, **xmlTags)
105                                           
106                                           
107    #_________________________________________________________________________
108    def updateXML(self, **xmlTags):
109        """Override base class implementation to include extra code
110        to allow attribute certificate to be set from a string or AttCert
111        type"""
112       
113        # Update dictionary
114        self.update(**xmlTags)
115       
116        # Create XML formatted string ready for encryption
117        try:
118            xmlTxt = self.xmlHdr + os.linesep + \
119                "<" + self.__class__.__name__ + ">" + os.linesep
120               
121            for tag, val in xmlTags.items():
122                if tag == "credential":
123                    # Remove any XML header -
124                    # update() call will have converted val to AttCert type
125                    val = val.asString(stripXMLhdr=True)
126                   
127                xmlTxt += "    <%s>%s</%s>%s" % (tag, val, tag, os.linesep)
128                   
129            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep   
130            self.xmlTxt = xmlTxt
131           
132#            rootNode = ElementTree.Element(self.__class__.__name__)
133#            rootNode.tail = os.linesep
134#           
135#            for tag in xmlTags:
136#                # ElementTree tostring doesn't like bool types
137#                elem = ElementTree.SubElement(rootNode, tag)
138#                elem.tail = os.linesep
139#               
140#                if isinstance(self[tag], bool):
141#                    elem.text = "%d" % self[tag]
142#               
143#                elif tag == 'credential':
144#
145#                    # str() will convert self[tag] correctly if it is an
146#                    # AttCert type
147#                    attCertElem = ElementTree.XML(str(self[tag]))
148#                    attCertElem.tail = os.linesep
149#                    elem.append(attCertElem)
150#                else:       
151#                    elem.text = self[tag]
152#                     
153#            self.xmlTxt = self.xmlHdr + os.linesep + \
154#                                                ElementTree.tostring(rootNode)
155        except Exception, e:
156            raise XMLMsgError("Creating XML: %s" % e)
157
158
159    #_________________________________________________________________________
160    def parseXML(self):
161        """Override base class implementation to include extra code
162        to parse extAttCertList tag"""
163       
164        rootElem = super(self.__class__, self).parseXML(rtnRootElem=True)
165        if 'credential' in self:
166
167            # Convert attribute certificate to AttCert instance
168            try:
169                attCertPat = re.compile(\
170                    '<attributeCertificate>.*</attributeCertificate>', re.S)
171                attCertTxt = attCertPat.findall(self.xmlTxt)[0]
172               
173                self['credential'] = AttCertParse(attCertTxt)
174               
175            except Exception, e:
176                raise AuthorisationRespError(\
177                    "Error parsing Attribute Certificate: " + str(e)) 
178
179
180#_____________________________________________________________________________
181class GetTrustedHostInfoReqError(XMLMsgError):   
182    """Exception handling for NDG AttAuthority WS GetTrustedHostInfo request
183    class."""
184    pass
185
186
187#_____________________________________________________________________________
188class GetTrustedHostInfoReq(XMLMsg):
189    """For client to Attribute Authority WS GetTrustedHostInfo(): formats
190    inputs for request into XML and encrypts.
191   
192    Attribute Authority enables decryption of result"""
193   
194    # Override base class class variables
195    xmlTagTmpl = {  "role":    ""}
196                   
197    xmlMandTags = ["role"]
198
199
200#_____________________________________________________________________________
201class GetTrustedHostInfoRespError(XMLMsgError):   
202    """Exception handling for NDG AttAuthority WS GetTrustedHostInfo response
203    class."""
204    pass
205
206
207#_____________________________________________________________________________
208class GetTrustedHostInfoResp(XMLMsg):                             
209    """For client to Attribute Authority WS getTrustedInfo(): formats
210    response from AttAuthority.
211   
212    For client, enables decryption of response"""
213   
214    # Override base class class variables
215    xmlTagTmpl = {"trustedHostInfo": "", "errMsg": ""}
216
217    xmlMandTags = ["errMsg"]
218
219
220    def __init__(self, **xmlMsgKeys):
221        """XML for receiving output from Attribute Authority authorisation
222        call
223       
224        xmlMsgKeys:    keywords for XMLMsg super-class.  If XML tags are
225                       input as keywords then 'errMsg' or 'statCode'
226                       must be set.
227        """       
228       
229        # Allow user credentials to be access like dictionary keys
230        super(self.__class__, self).__init__(**xmlMsgKeys)
Note: See TracBrowser for help on using the repository browser.