Changeset 4070 for TI12-security

Timestamp:

25/07/08 17:09:56 (13 years ago)

Author:

pjkersha

Message:

Updated to AttributeAssertion?._createXML. All of the rest of the class needs refactoring from AttCert? original

File:

• TI12-security/trunk/python/ndg.security.common/ndg/security/common/saml/__init__.py (modified) (14 diffs)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/saml/__init__.py

@@ -29 +29 @@
    
 # XML signature module based on M2Crypto, ZSI Canonicalization and DOM
-from ndg.security.common.XMLSec import XMLSecDoc, InvalidSignature, getParentNode
+from ndg.security.common.xmlsec.etree import XMLSecDoc, InvalidSignature
 
 #_____________________________________________________________________________
@@ -80 +80 @@
 #_____________________________________________________________________________
 class AttributeAssertion(dict, XMLSecDoc):
-    """NDG SAML 1.1 Attribute Assertion
+    """NDG SAML 1.1 Attribute Assertion for use with NERC DataGrid
     
     @type __validProvenanceSettings: tuple
@@ -94 +94 @@
     # certificate
     __validProvenanceSettings = ('original', 'mapped')
-    namespace = "urn:ndg:security:attributeCertificate"
+    
+    ns = "urn:oasis:names:tc:SAML:1.0:assertion"
+    nsPfx = "saml"
+    issuer = 'http://badc.nerc.ac.uk'
+    attributeName = "urn:mace:dir:attribute-def:eduPersonAffiliation"
+    attributeNS = "urn:mace:shibboleth:1.0:attributeNamespace:uri"
 
     #_________________________________________________________________________    
@@ -148 +153 @@
         self.__dtNotAfter = None
 
+        self._createXML()
+        
 
     #_________________________________________________________________________    
@@ -159 +166 @@
         """Override XMLSec.XMLSecDoc equivalent"""
         return self.toString()
-    
-    
-    #_________________________________________________________________________
-    def toString(self, **kw):
-        """Return certificate file content as a string
-        
-        @param **kw: keywords to XMLSec.XMLSecDoc.toString()
-        @rtype: string
-        @return: content of document"""
-
-        # If doc hasn't been parsed by parent (ie. not signed) return elements
-        # set so far using createXML method
-        return super(AttributeAssertion, self).toString(**kw) or self.createXML()
-
+     
                 
     #_________________________________________________________________________    
@@ -414 +408 @@
             raise AttributeError("issuerName must be a string")
         
-        self.__dat['issuerName'] = issuerName
+        self._rootElem.set('Issuer', issuerName)
     
     #_________________________________________________________________________    
@@ -420 +414 @@
         """@rtype: string
         @return: the name of the issuer"""
-        return self.__dat['issuerName']
+        return self._rootElem.get('Issuer')
 
     issuerName = property(fget=__getIssuerName, 
@@ -634 +628 @@
         if rtnRootElem:
             return rootElem
-
-        
-    #_________________________________________________________________________    
-    def read(self, filePath=None, **xmlSecDocKw):
-        """Read an Attribute Assertion from file
-
-        @param filePath:   file to be read, if omitted XMLSecDoc.__filePath 
-        member variable is used instead"""
-
-        if filePath:
-            self.filePath = filePath
-
-        try:    
-            tree = ElementTree.parse(self.filePath)
-            rootElem = tree.getroot()
-        except Exception, e:
-            raise AttributeAssertionError("Attribute Assertion: %s" % e)
-        
-        # Call generic ElementTree parser
-        self.__parse(rootElem)
-
-        # Call base class read method to initialise libxml2 objects for
-        # signature validation
-        try:
-            XMLSecDoc.read(self, **xmlSecDocKw)
-
-        except Exception, e:
-            raise AttributeAssertionError("Attribute Assertion: %s" % e)
 
         
@@ -757 +723 @@
 
     #_________________________________________________________________________    
-    def createXML(self):
+    def _createXML(self):
         """Create XML for Attribute Assertion from current data settings and
         return as a string.  The XML created is MINUS the digital signature.
@@ -769 +735 @@
         # Nb.
         # * this method is used by AttributeAssertion.read()
-        # * Signing by Attribute Authority is separate - see AttributeAssertion.sign()
+        # * Signing by Attribute Authority is separate - see 
+        # AttributeAssertion.sign()
         
 
@@ -775 +742 @@
         if not self.isValidProvenance():
             raise AttributeAssertionError("Provenance must be set to \"" + \
-                "\" or \"".join(AttributeAssertion.__validProvenanceSettings) + "\"")
-
-        
-        # Create string of all XML content        
-        xmlTxt = '<attributeCertificate targetNamespace="%s">' % \
-                                         AttributeAssertion.namespace + \
-"""
-    <acInfo>
-        <version>""" + self.__dat['version'] + """</version>
-        <holder>""" + self.__dat['holder'] + """</holder>
-        <issuer>""" + self.__dat['issuer'] + """</issuer>
-        <issuerName>""" + self.__dat['issuerName'] + """</issuerName>
-        <issuerSerialNumber>""" + str(self.__dat['issuerSerialNumber']) +\
-            """</issuerSerialNumber> 
-        <userId>""" + self.__dat['userId'] + """</userId>
-    <validity>
-          <notBefore>""" + self.__dat['validity']['notBefore'] + \
-          """</notBefore> 
-        <notAfter>""" + self.__dat['validity']['notAfter'] + \
-        """</notAfter> 
-    </validity>
-    <attributes>
-        <roleSet>
-            """ + "".join([\
-"""    <role>
-                <name>""" + i['role']['name'] + """</name>
-        </role>
-        """ for i in self.__dat['attributes']['roleSet']]) + \
-        """</roleSet>
-    </attributes>
-    <provenance>""" + self.__dat['provenance'] + """</provenance> 
-    </acInfo>
-</attributeCertificate>"""
-
-        # Return XML file content as a string
-        return xmlTxt
+                "\" or \"".join(AttributeAssertion.__validProvenanceSettings)+\
+                "\"")
+
+        
+        self._rootElem = ElementTree.Element("{%s}Assertion" % 
+                                             AttributeAssertion.ns)
+        self._rootETree = ElementTree.ElementTree(element=self._rootElem)
+        
+        self._rootElem.set('xmlns:%s' % AttributeAssertion.nsPfx, 
+                           AttributeAssertion.ns)
+        self._rootElem.set('MajorVersion', '1')
+        self._rootElem.set('MinorVersion', '1')
+        self._rootElem.set('Issuer', self.issuerName)
+    
+        conditionsElem = ElementTree.SubElement(self._rootElem,
+                                                '{%s}Conditions' % \
+                                                AttributeAssertion.ns)    
+        conditionsElem.set('NotBefore', 'x')
+        conditionsElem.set('NotAfter', 'y')
+        
+        attributeStatementElem = ElementTree.SubElement(self._rootElem,
+                                                '{%s}AttributeStatement' % \
+                                                AttributeAssertion.ns)
+        
+        subjectElem = ElementTree.SubElement(attributeStatementElem,
+                                             '{%s}Subject' % \
+                                             AttributeAssertion.ns)
+        
+        attributeElem = ElementTree.SubElement(attributeStatementElem,
+                                               '{%s}Attribute' % \
+                                               AttributeAssertion.ns)
+    
+        attributeElem.set('AttributeName',
+                          "urn:mace:dir:attribute-def:eduPersonAffiliation")
+        attributeElem.set('AttributeNamespace',
+                          "urn:mace:shibboleth:1.0:attributeNamespace:uri")
+        
+        for val in ['member', 'student']:
+           attributeValElem = ElementTree.SubElement(attributeElem,
+                                                     '{%s}AttributeValue' % \
+                                                     AttributeAssertion.ns)
+           attributeValElem.text = val
 
 
@@ -820 +793 @@
         XMLSecDoc.applyEnvelopedSignature()
         '''       
-        self.parse(self.createXML())
+        self.parse(self._createXML())
         super(AttributeAssertion, self).applyEnvelopedSignature(**xmlSecDocKw)
 
@@ -1129 +1102 @@
     conditionsElem.set('NotAfter', 'y')
     
-    authNStatementElem = ElementTree.SubElement(assertionElem,
-                                                '{%s}AuthenticationStatement'%\
-                                                ns)
-    authNStatementElem.set('AuthenticationMethod', "...")
-    authNStatementElem.set('AuthenticationInstant', "...")
-    
-    subjectElem = ElementTree.SubElement(authNStatementElem,'{%s}Subject' % ns)
-    
     attributeStatementElem = ElementTree.SubElement(assertionElem,
                                                     '{%s}AttributeStatement' %\
@@ -1168 +1133 @@
 
 if __name__ == "__main__":
-    print create()
+    import pdb;pdb.set_trace()
+    attrAss = AttributeAssertion()
+    attrAss.issuerName = "http://badc.nerc.ac.uk"
+    print attrAss.issuerName
+    print attrAss