Changeset 4070 for TI12-security
- Timestamp:
- 25/07/08 17:09:56 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/saml/__init__.py
r4059 r4070 29 29 30 30 # XML signature module based on M2Crypto, ZSI Canonicalization and DOM 31 from ndg.security.common. XMLSec import XMLSecDoc, InvalidSignature, getParentNode31 from ndg.security.common.xmlsec.etree import XMLSecDoc, InvalidSignature 32 32 33 33 #_____________________________________________________________________________ … … 80 80 #_____________________________________________________________________________ 81 81 class AttributeAssertion(dict, XMLSecDoc): 82 """NDG SAML 1.1 Attribute Assertion 82 """NDG SAML 1.1 Attribute Assertion for use with NERC DataGrid 83 83 84 84 @type __validProvenanceSettings: tuple … … 94 94 # certificate 95 95 __validProvenanceSettings = ('original', 'mapped') 96 namespace = "urn:ndg:security:attributeCertificate" 96 97 ns = "urn:oasis:names:tc:SAML:1.0:assertion" 98 nsPfx = "saml" 99 issuer = 'http://badc.nerc.ac.uk' 100 attributeName = "urn:mace:dir:attribute-def:eduPersonAffiliation" 101 attributeNS = "urn:mace:shibboleth:1.0:attributeNamespace:uri" 97 102 98 103 #_________________________________________________________________________ … … 148 153 self.__dtNotAfter = None 149 154 155 self._createXML() 156 150 157 151 158 #_________________________________________________________________________ … … 159 166 """Override XMLSec.XMLSecDoc equivalent""" 160 167 return self.toString() 161 162 163 #_________________________________________________________________________ 164 def toString(self, **kw): 165 """Return certificate file content as a string 166 167 @param **kw: keywords to XMLSec.XMLSecDoc.toString() 168 @rtype: string 169 @return: content of document""" 170 171 # If doc hasn't been parsed by parent (ie. not signed) return elements 172 # set so far using createXML method 173 return super(AttributeAssertion, self).toString(**kw) or self.createXML() 174 168 175 169 176 170 #_________________________________________________________________________ … … 414 408 raise AttributeError("issuerName must be a string") 415 409 416 self._ _dat['issuerName'] = issuerName410 self._rootElem.set('Issuer', issuerName) 417 411 418 412 #_________________________________________________________________________ … … 420 414 """@rtype: string 421 415 @return: the name of the issuer""" 422 return self._ _dat['issuerName']416 return self._rootElem.get('Issuer') 423 417 424 418 issuerName = property(fget=__getIssuerName, … … 634 628 if rtnRootElem: 635 629 return rootElem 636 637 638 #_________________________________________________________________________639 def read(self, filePath=None, **xmlSecDocKw):640 """Read an Attribute Assertion from file641 642 @param filePath: file to be read, if omitted XMLSecDoc.__filePath643 member variable is used instead"""644 645 if filePath:646 self.filePath = filePath647 648 try:649 tree = ElementTree.parse(self.filePath)650 rootElem = tree.getroot()651 except Exception, e:652 raise AttributeAssertionError("Attribute Assertion: %s" % e)653 654 # Call generic ElementTree parser655 self.__parse(rootElem)656 657 # Call base class read method to initialise libxml2 objects for658 # signature validation659 try:660 XMLSecDoc.read(self, **xmlSecDocKw)661 662 except Exception, e:663 raise AttributeAssertionError("Attribute Assertion: %s" % e)664 630 665 631 … … 757 723 758 724 #_________________________________________________________________________ 759 def createXML(self):725 def _createXML(self): 760 726 """Create XML for Attribute Assertion from current data settings and 761 727 return as a string. The XML created is MINUS the digital signature. … … 769 735 # Nb. 770 736 # * this method is used by AttributeAssertion.read() 771 # * Signing by Attribute Authority is separate - see AttributeAssertion.sign() 737 # * Signing by Attribute Authority is separate - see 738 # AttributeAssertion.sign() 772 739 773 740 … … 775 742 if not self.isValidProvenance(): 776 743 raise AttributeAssertionError("Provenance must be set to \"" + \ 777 "\" or \"".join(AttributeAssertion.__validProvenanceSettings) + "\"") 778 779 780 # Create string of all XML content 781 xmlTxt = '<attributeCertificate targetNamespace="%s">' % \ 782 AttributeAssertion.namespace + \ 783 """ 784 <acInfo> 785 <version>""" + self.__dat['version'] + """</version> 786 <holder>""" + self.__dat['holder'] + """</holder> 787 <issuer>""" + self.__dat['issuer'] + """</issuer> 788 <issuerName>""" + self.__dat['issuerName'] + """</issuerName> 789 <issuerSerialNumber>""" + str(self.__dat['issuerSerialNumber']) +\ 790 """</issuerSerialNumber> 791 <userId>""" + self.__dat['userId'] + """</userId> 792 <validity> 793 <notBefore>""" + self.__dat['validity']['notBefore'] + \ 794 """</notBefore> 795 <notAfter>""" + self.__dat['validity']['notAfter'] + \ 796 """</notAfter> 797 </validity> 798 <attributes> 799 <roleSet> 800 """ + "".join([\ 801 """ <role> 802 <name>""" + i['role']['name'] + """</name> 803 </role> 804 """ for i in self.__dat['attributes']['roleSet']]) + \ 805 """</roleSet> 806 </attributes> 807 <provenance>""" + self.__dat['provenance'] + """</provenance> 808 </acInfo> 809 </attributeCertificate>""" 810 811 # Return XML file content as a string 812 return xmlTxt 744 "\" or \"".join(AttributeAssertion.__validProvenanceSettings)+\ 745 "\"") 746 747 748 self._rootElem = ElementTree.Element("{%s}Assertion" % 749 AttributeAssertion.ns) 750 self._rootETree = ElementTree.ElementTree(element=self._rootElem) 751 752 self._rootElem.set('xmlns:%s' % AttributeAssertion.nsPfx, 753 AttributeAssertion.ns) 754 self._rootElem.set('MajorVersion', '1') 755 self._rootElem.set('MinorVersion', '1') 756 self._rootElem.set('Issuer', self.issuerName) 757 758 conditionsElem = ElementTree.SubElement(self._rootElem, 759 '{%s}Conditions' % \ 760 AttributeAssertion.ns) 761 conditionsElem.set('NotBefore', 'x') 762 conditionsElem.set('NotAfter', 'y') 763 764 attributeStatementElem = ElementTree.SubElement(self._rootElem, 765 '{%s}AttributeStatement' % \ 766 AttributeAssertion.ns) 767 768 subjectElem = ElementTree.SubElement(attributeStatementElem, 769 '{%s}Subject' % \ 770 AttributeAssertion.ns) 771 772 attributeElem = ElementTree.SubElement(attributeStatementElem, 773 '{%s}Attribute' % \ 774 AttributeAssertion.ns) 775 776 attributeElem.set('AttributeName', 777 "urn:mace:dir:attribute-def:eduPersonAffiliation") 778 attributeElem.set('AttributeNamespace', 779 "urn:mace:shibboleth:1.0:attributeNamespace:uri") 780 781 for val in ['member', 'student']: 782 attributeValElem = ElementTree.SubElement(attributeElem, 783 '{%s}AttributeValue' % \ 784 AttributeAssertion.ns) 785 attributeValElem.text = val 813 786 814 787 … … 820 793 XMLSecDoc.applyEnvelopedSignature() 821 794 ''' 822 self.parse(self. createXML())795 self.parse(self._createXML()) 823 796 super(AttributeAssertion, self).applyEnvelopedSignature(**xmlSecDocKw) 824 797 … … 1129 1102 conditionsElem.set('NotAfter', 'y') 1130 1103 1131 authNStatementElem = ElementTree.SubElement(assertionElem,1132 '{%s}AuthenticationStatement'%\1133 ns)1134 authNStatementElem.set('AuthenticationMethod', "...")1135 authNStatementElem.set('AuthenticationInstant', "...")1136 1137 subjectElem = ElementTree.SubElement(authNStatementElem,'{%s}Subject' % ns)1138 1139 1104 attributeStatementElem = ElementTree.SubElement(assertionElem, 1140 1105 '{%s}AttributeStatement' %\ … … 1168 1133 1169 1134 if __name__ == "__main__": 1170 print create() 1135 import pdb;pdb.set_trace() 1136 attrAss = AttributeAssertion() 1137 attrAss.issuerName = "http://badc.nerc.ac.uk" 1138 print attrAss.issuerName 1139 print attrAss
Note: See TracChangeset
for help on using the changeset viewer.