Ignore:
Timestamp:
03/04/09 17:14:44 (11 years ago)
Author:
pjkersha
Message:

Added new access control interface and functionality to OpenID Provider to enable a custom context object to be passed between login and logout calls.

Location:
TI12-security/trunk/python/ndg.security.common/ndg/security/common
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/__init__.py

    r5165 r5168  
    1414log = logging.getLogger(__name__) 
    1515 
    16 from ndg.security.common.authz.xacml.cond import FunctionFactory 
     16#from ndg.security.common.authz.xacml.cond import FunctionFactory 
     17import ndg.security.common.authz.xacml.cond 
     18class FunctionFactory: 
     19    pass 
     20 
    1721 
    1822# For parsing: ElementTree helpers  
     
    265269 
    266270    def match(self, context): 
    267         '''determines whether this <code>TargetMatch</code> matches 
     271        '''determines whether this TargetMatch matches 
    268272        the input request (whether it is applicable) 
    269273 
     
    348352 
    349353    def encode(self, output, indenter=None): 
    350         '''Encodes this TargetMatch</code> into its XML representation  
    351         and writes this encoding to the given <code>OutputStream</code> with no 
     354        '''Encodes this TargetMatch into its XML representation  
     355        and writes this encoding to the given OutputStream with no 
    352356        indentation. 
    353357        @param output a stream into which the XML-encoded data is written''' 
     
    372376        self.attributeValue = attributeValue 
    373377        self.indeterminate = indeterminate 
    374  
    375  
    376 class Evaluatable(XacmlBase): 
    377     '''Generic interface that is implemented by all objects that can appear in 
    378     an ApplyType. This lets the evaluation code of Apply and 
    379     functions iterate through their members and evaluate them, working only 
    380     on the returned values or errors.''' 
    381      
    382     def evaluate(self, context): 
    383         '''Evaluates the object using the given context, and either returns an 
    384         error or a resulting value. 
    385      
    386         @param context the representation of the request 
    387         @return the result of evaluation''' 
    388         raise NotImplementedError() 
    389  
    390     def getType(self): 
    391         '''Get the type of this object.  This may be the data type of an 
    392         Attribute or the return type of an 
    393         AttributeDesignator, etc. 
    394      
    395         @return the type of data represented by this object''' 
    396         raise NotImplementedError() 
    397  
    398     def evaluatesToBag(self): 
    399         '''Tells whether evaluation will return a bag or a single value. 
    400      
    401         @return true if evaluation will return a bag, false otherwise''' 
    402         raise NotImplementedError() 
    403  
    404     def getChildren(self): 
    405         '''Returns all children, in order, of this element in the Condition 
    406         tree, or en empty set if this element has no children. In XACML 1.x, 
    407         only the ApplyType ever has children. 
    408      
    409         @return a list of Evaluatables''' 
    410         raise NotImplementedError() 
    411  
    412     def encode(self, output, indenter=None): 
    413         '''Encodes this Evaluatable into its XML representation and 
    414         writes this encoding to the given OutputStream with 
    415         indentation. 
    416      
    417         @param output a stream into which the XML-encoded data is written 
    418         @param indenter an object that creates indentation strings''' 
    419         raise NotImplementedError() 
    420  
    421                      
     378       
     379 
    422380class Effect(XacmlBase): 
    423381    def __str__(self): 
    424382        raise NotImplementedError() 
    425           
     383 
     384              
    426385class DenyEffect(Effect): 
    427386    def __str__(self): 
     
    456415           
    457416class Attribute(XacmlBase): 
    458     def __init__(self, id, type=None, issuer=None, issueInstant=None, value=None): 
     417    def __init__(self, id, type=None, issuer=None, issueInstant=None,  
     418                 value=None): 
    459419        self.id = id 
    460420        self.type = type or value.__class__ 
     
    573533    def getCurrentTime(self): 
    574534        '''Returns the cached value for the current time. If the value has  
    575         never been set by a call to <code>setCurrentTime</code>, or if caching  
     535        never been set by a call to setCurrentTime, or if caching  
    576536        is not enabled in this instance, then this will return null.''' 
    577537        raise NotImplementedError() 
     
    586546    def getCurrentDate(self): 
    587547        '''Returns the cached value for the current date. If the value has  
    588         never been set by a call to <code>setCurrentDate</code>, or if caching  
     548        never been set by a call to setCurrentDate, or if caching  
    589549        is not enabled in this instance, then this will return null.''' 
    590550        raise NotImplementedError() 
     
    597557    def getCurrentDateTime(self): 
    598558        '''Returns the cached value for the current dateTime. If the value has 
    599         never been set by a call to <code>setCurrentDateTime</code>, or if 
     559        never been set by a call to setCurrentDateTime, or if 
    600560        caching is not enabled in this instance, then this will return null. 
    601561        ''' 
     
    685645        Indeterminate result''' 
    686646        raise NotImplementedError() 
    687  
    688  
    689 class Apply(Evaluatable): 
    690     '''Represents the XACML ApplyType and ConditionType XML types.''' 
    691  
    692     def __init__(self, function, evals, bagFunction=None, isCondition=False): 
    693         '''Constructs an Apply object. Throws an 
    694         IllegalArgumentException if the given parameter list 
    695         isn't valid for the given function. 
    696          
    697         @param function the Function to use in evaluating the elements in the  
    698         apply 
    699         @param evals the contents of the apply which will be the parameters 
    700         to the function, each of which is an Evaluatable 
    701         @param bagFunction the higher-order function to use 
    702         @param isCondition Rrue if this Apply is a Condition, False otherwise 
    703         ''' 
    704      
    705         # check that the given inputs work for the function 
    706         inputs = evals 
    707         if bagFunction is not None: 
    708             inputs = [bagFunction] 
    709             inputs += evals 
    710          
    711         function.checkInputs(inputs) 
    712  
    713         # if everything checks out, then store the inputs 
    714         self.function = function 
    715         self.evals = tuple(evals) 
    716         self.bagFunction = bagFunction 
    717         self.isCondition = isCondition 
    718      
    719      
    720     @staticmethod 
    721     def getConditionInstance(root, xpathVersion): 
    722         '''Returns an instance of an Apply based on the given DOM 
    723         root node. This will actually return a special kind of 
    724         Apply, namely an XML ConditionType, which is the root 
    725         of the condition logic in a RuleType. A ConditionType is the same 
    726         as an ApplyType except that it must use a FunctionId that returns 
    727         a boolean value. 
    728          
    729         @param root the DOM root of a ConditionType XML type 
    730         @param xpathVersion the XPath version to use in any selectors or XPath 
    731                             functions, or null if this is unspecified (ie, not 
    732                             supplied in the defaults section of the policy) 
    733          
    734         ''' 
    735         raise NotImplementedError() 
    736           
    737     def getInstance(self,  
    738                     root,  
    739                     factory=None,  
    740                     isCondition=False,  
    741                     xpathVersion=None): 
    742         '''Returns an instance of Apply based on the given DOM root. 
    743          
    744         @param root the DOM root of an ApplyType XML type 
    745         @param xpathVersion the XPath version to use in any selectors or XPath 
    746                             functions, or null if this is unspecified (ie, not 
    747                             supplied in the defaults section of the policy)''' 
    748          
    749         raise NotImplementedError() 
    750      
    751     @staticmethod 
    752     def getFunction(root, version, factory): 
    753         '''Helper method that tries to get a function instance''' 
    754         raise NotImplementedError() 
    755              
    756     def getFunction(self): 
    757         '''Returns the Function used by this Apply. 
    758          
    759         @return the Function''' 
    760         return function 
    761      
    762     def getChildren(self): 
    763         '''Returns the List of children for this Apply. 
    764         The List contains Evaluatables. The list is 
    765         unmodifiable, and may be empty. 
    766          
    767         @return a List of Evaluatables''' 
    768         return self.evals 
    769      
    770     def getHigherOrderFunction(self): 
    771         '''Returns the higher order bag function used by this Apply 
    772         if it exists, or null if no higher order function is used. 
    773          
    774         @return the higher order Function or null''' 
    775         return self.bagFunction 
    776      
    777     def isCondition(self): 
    778         '''Returns whether or not this ApplyType is actually a ConditionType. 
    779          
    780         @return whether or not this represents a ConditionType''' 
    781         return isCondition 
    782  
    783     def evaluate(self, context): 
    784         '''Evaluates the apply object using the given function. This will in 
    785         turn call evaluate on all the given parameters, some of which may be 
    786         other Apply objects. 
    787          
    788         @param context the representation of the request 
    789          
    790         @return the result of trying to evaluate this apply object''' 
    791         parameters = self.evals 
    792  
    793         # see if there is a higher-order function in here 
    794         if bagFunction != None: 
    795             # this is a special case, so we setup the parameters, starting 
    796             # with the function 
    797             parameters = [bagFunction] 
    798  
    799             # now we evaluate all the parameters, returning INDETERMINATE 
    800             # if that's what any of them return, and otherwise tracking 
    801             # all the AttributeValues that get returned 
    802             for eval in self.evals: 
    803                 result = eval.evaluate(context) 
    804                  
    805                 # in a higher-order case, if anything is INDETERMINATE, then 
    806                 # we stop right away 
    807                 if result.indeterminate(): 
    808                     return result 
    809  
    810                 parameters.add(result.getAttributeValue()) 
    811              
    812         # now we can call the base function 
    813         return function.evaluate(parameters, context) 
    814           
    815     def getType(self): 
    816         '''Returns the type of attribute that this object will return on a call 
    817         to evaluate. In practice, this will always be the same as 
    818         the result of calling getReturnType on the function used 
    819         by this object. 
    820          
    821         @return the type returned by evaluate''' 
    822         return self.function.getReturnType() 
    823        
    824     def evaluatesToBag(self): 
    825         '''Returns whether or not the Function will return a bag 
    826         of values on evaluation. 
    827          
    828         @return true if evaluation will return a bag of values, false otherwise 
    829         ''' 
    830         return self.function.returnsBag() 
    831  
    832     def encode(self, output, indenter): 
    833         '''Encodes this Apply into its XML representation and 
    834         writes this encoding to the given OutputStream with 
    835         indentation. 
    836          
    837         @param output a stream into which the XML-encoded data is written 
    838         @param indenter an object that creates indentation strings''' 
    839         raise NotImplementedError() 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond.py

    r5165 r5168  
    1414 
    1515from ndg.security.common.utils import UniqList 
    16  
    17 class FunctionBase(object): 
     16from ndg.security.common.authz.xacml.attr import AnyURIAttribute, \ 
     17    Base64BinaryAttribute, BooleanAttribute, DateAttribute, DateTimeAttribute,\ 
     18    DayTimeDurationEqual, DoubleAttribute, HexBinaryAttribute, \ 
     19    IntegerAttribute, RFC822NameAttribute, StringAttribute, TimeAttribute, \ 
     20    X500NameAttribute, YearMonthDurationAttribute 
     21 
     22 
     23class Evaluatable(object): 
     24    '''Generic interface that is implemented by all objects that can appear in 
     25    an ApplyType. This lets the evaluation code of Apply and 
     26    functions iterate through their members and evaluate them, working only 
     27    on the returned values or errors.''' 
     28     
     29    def evaluate(self, context): 
     30        '''Evaluates the object using the given context, and either returns an 
     31        error or a resulting value. 
     32     
     33        @param context the representation of the request 
     34        @return the result of evaluation''' 
     35        raise NotImplementedError() 
     36 
     37    def getType(self): 
     38        '''Get the type of this object.  This may be the data type of an 
     39        Attribute or the return type of an 
     40        AttributeDesignator, etc. 
     41     
     42        @return the type of data represented by this object''' 
     43        raise NotImplementedError() 
     44 
     45    def evaluatesToBag(self): 
     46        '''Tells whether evaluation will return a bag or a single value. 
     47     
     48        @return true if evaluation will return a bag, false otherwise''' 
     49        raise NotImplementedError() 
     50 
     51    def getChildren(self): 
     52        '''Returns all children, in order, of this element in the Condition 
     53        tree, or en empty set if this element has no children. In XACML 1.x, 
     54        only the ApplyType ever has children. 
     55     
     56        @return a list of Evaluatables''' 
     57        raise NotImplementedError() 
     58 
     59    def encode(self, output, indenter=None): 
     60        '''Encodes this Evaluatable into its XML representation and 
     61        writes this encoding to the given OutputStream with 
     62        indentation. 
     63     
     64        @param output a stream into which the XML-encoded data is written 
     65        @param indenter an object that creates indentation strings''' 
     66        raise NotImplementedError() 
     67 
     68 
     69class Apply(Evaluatable): 
     70    '''Represents the XACML ApplyType and ConditionType XML types.''' 
     71 
     72    def __init__(self, function, evals, bagFunction=None, isCondition=False): 
     73        '''Constructs an Apply object. Throws an 
     74        IllegalArgumentException if the given parameter list 
     75        isn't valid for the given function. 
     76         
     77        @param function the Function to use in evaluating the elements in the  
     78        apply 
     79        @param evals the contents of the apply which will be the parameters 
     80        to the function, each of which is an Evaluatable 
     81        @param bagFunction the higher-order function to use 
     82        @param isCondition Rrue if this Apply is a Condition, False otherwise 
     83        ''' 
     84     
     85        # check that the given inputs work for the function 
     86        inputs = evals 
     87        if bagFunction is not None: 
     88            inputs = [bagFunction] 
     89            inputs += evals 
     90         
     91        function.checkInputs(inputs) 
     92 
     93        # if everything checks out, then store the inputs 
     94        self.function = function 
     95        self.evals = tuple(evals) 
     96        self.bagFunction = bagFunction 
     97        self.isCondition = isCondition 
     98     
     99     
     100    @staticmethod 
     101    def getConditionInstance(root, xpathVersion): 
     102        '''Returns an instance of an Apply based on the given DOM 
     103        root node. This will actually return a special kind of 
     104        Apply, namely an XML ConditionType, which is the root 
     105        of the condition logic in a RuleType. A ConditionType is the same 
     106        as an ApplyType except that it must use a FunctionId that returns 
     107        a boolean value. 
     108         
     109        @param root the DOM root of a ConditionType XML type 
     110        @param xpathVersion the XPath version to use in any selectors or XPath 
     111                            functions, or null if this is unspecified (ie, not 
     112                            supplied in the defaults section of the policy) 
     113         
     114        ''' 
     115        raise NotImplementedError() 
     116          
     117    def getInstance(self,  
     118                    root,  
     119                    factory=None,  
     120                    isCondition=False,  
     121                    xpathVersion=None): 
     122        '''Returns an instance of Apply based on the given DOM root. 
     123         
     124        @param root the DOM root of an ApplyType XML type 
     125        @param xpathVersion the XPath version to use in any selectors or XPath 
     126                            functions, or null if this is unspecified (ie, not 
     127                            supplied in the defaults section of the policy)''' 
     128         
     129        raise NotImplementedError() 
     130     
     131    @staticmethod 
     132    def getFunction(root, version, factory): 
     133        '''Helper method that tries to get a function instance''' 
     134        raise NotImplementedError() 
     135             
     136    def getFunction(self): 
     137        '''Returns the Function used by this Apply. 
     138         
     139        @return the Function''' 
     140        return function 
     141     
     142    def getChildren(self): 
     143        '''Returns the List of children for this Apply. 
     144        The List contains Evaluatables. The list is 
     145        unmodifiable, and may be empty. 
     146         
     147        @return a List of Evaluatables''' 
     148        return self.evals 
     149     
     150    def getHigherOrderFunction(self): 
     151        '''Returns the higher order bag function used by this Apply 
     152        if it exists, or null if no higher order function is used. 
     153         
     154        @return the higher order Function or null''' 
     155        return self.bagFunction 
     156     
     157    def isCondition(self): 
     158        '''Returns whether or not this ApplyType is actually a ConditionType. 
     159         
     160        @return whether or not this represents a ConditionType''' 
     161        return isCondition 
     162 
     163    def evaluate(self, context): 
     164        '''Evaluates the apply object using the given function. This will in 
     165        turn call evaluate on all the given parameters, some of which may be 
     166        other Apply objects. 
     167         
     168        @param context the representation of the request 
     169         
     170        @return the result of trying to evaluate this apply object''' 
     171        parameters = self.evals 
     172 
     173        # see if there is a higher-order function in here 
     174        if bagFunction != None: 
     175            # this is a special case, so we setup the parameters, starting 
     176            # with the function 
     177            parameters = [bagFunction] 
     178 
     179            # now we evaluate all the parameters, returning INDETERMINATE 
     180            # if that's what any of them return, and otherwise tracking 
     181            # all the AttributeValues that get returned 
     182            for eval in self.evals: 
     183                result = eval.evaluate(context) 
     184                 
     185                # in a higher-order case, if anything is INDETERMINATE, then 
     186                # we stop right away 
     187                if result.indeterminate(): 
     188                    return result 
     189 
     190                parameters.add(result.getAttributeValue()) 
     191             
     192        # now we can call the base function 
     193        return function.evaluate(parameters, context) 
     194          
     195    def getType(self): 
     196        '''Returns the type of attribute that this object will return on a call 
     197        to evaluate. In practice, this will always be the same as 
     198        the result of calling getReturnType on the function used 
     199        by this object. 
     200         
     201        @return the type returned by evaluate''' 
     202        return self.function.getReturnType() 
     203       
     204    def evaluatesToBag(self): 
     205        '''Returns whether or not the Function will return a bag 
     206        of values on evaluation. 
     207         
     208        @return true if evaluation will return a bag of values, false otherwise 
     209        ''' 
     210        return self.function.returnsBag() 
     211 
     212    def encode(self, output, indenter): 
     213        '''Encodes this Apply into its XML representation and 
     214        writes this encoding to the given OutputStream with 
     215        indentation. 
     216         
     217        @param output a stream into which the XML-encoded data is written 
     218        @param indenter an object that creates indentation strings''' 
     219        raise NotImplementedError() 
     220         
     221class Function(object): 
     222    '''Interface that all functions in the system must implement.''' 
     223  
     224    def evaluate(self, inputs, context): 
     225        '''Evaluates the Function using the given inputs. 
     226        The List contains Evaluatables which are all 
     227        of the correct type if the Function has been created as 
     228        part of an Apply or TargetMatch, but which 
     229        may otherwise be invalid. Each parameter should be evaluated by the 
     230        Function, unless this is a higher-order function (in 
     231        which case the Apply has already evaluated the inputs 
     232        to check for any INDETERMINATE conditions), or the Function 
     233        doesn't need to evaluate all inputs to determine a result (as in the 
     234        case of the or function). The order of the List is 
     235        significant, so a Function should have a very good reason 
     236        if it wants to evaluate the inputs in a different order. 
     237        <p> 
     238        Note that if this is a higher-order function, like any-of, then 
     239        the first argument in the List will actually be a Function 
     240        object representing the function to apply to some bag. In this case, 
     241        the second and any subsequent entries in the list are 
     242        AttributeValue objects (no INDETERMINATE values are 
     243        allowed, so the function is not given the option of dealing with 
     244        attributes that cannot be resolved). A function needs to know if it's 
     245        a higher-order function, and therefore whether or not to look for 
     246        this case. Also, a higher-order function is responsible for checking 
     247        that the inputs that it will pass to the Function 
     248        provided as the first parameter are valid, ie. it must do a 
     249        checkInputs on its sub-function when 
     250        checkInputs is called on the higher-order function. 
     251         
     252        @param inputs the List of inputs for the function 
     253        @param context the representation of the request 
     254         
     255        @return a result containing the AttributeValue computed 
     256                when evaluating the function, or Status 
     257                specifying some error condition''' 
     258        raise NotImplementedError() 
     259 
     260 
     261    def getIdentifier(self): 
     262        '''Returns the identifier of this function as known by the factories. 
     263        In the case of the standard XACML functions, this will be one of the 
     264        URIs defined in the standard namespace. This function must always 
     265        return the complete namespace and identifier of this function. 
     266         
     267        @return the function's identifier''' 
     268        raise NotImplementedError() 
     269 
     270    def getReturnType(self): 
     271        '''Provides the type of AttributeValue that this function 
     272        returns from evaluate in a successful evaluation. 
     273         
     274        @return the type returned by this function 
     275        ''' 
     276        raise NotImplementedError() 
     277  
     278    def returnsBag(self): 
     279        '''Tells whether this function will return a bag of values or just a 
     280        single value. 
     281         
     282        @return true if evaluation will return a bag, false otherwise''' 
     283        raise NotImplementedError() 
     284 
     285    def checkInputs(self, inputs): 
     286        '''Checks that the given inputs are of the right types, in the right 
     287        order, and are the right number for this function to evaluate. If 
     288        the function cannot accept the inputs for evaluation, an 
     289        IllegalArgumentException is thrown. 
     290         
     291        @param inputs a list of Evaluatables, with the first argument being a  
     292        Function if this is a higher-order function 
     293         
     294        @throws TypeError if the inputs do match what the function accepts for 
     295        evaluation 
     296        ''' 
     297        raise NotImplementedError() 
     298 
     299    def checkInputsNoBag(self, inputs): 
     300        '''Checks that the given inputs are of the right types, in the right 
     301        order, and are the right number for this function to evaluate. If 
     302        the function cannot accept the inputs for evaluation, an 
     303        IllegalArgumentException is thrown. Unlike the other 
     304        checkInput method in this interface, this assumes that 
     305        the parameters will never provide bags of values. This is useful if 
     306        you're considering a target function which has a designator or 
     307        selector in its input list, but which passes the values from the 
     308        derived bags one at a time to the function, so the function doesn't 
     309        have to deal with the bags that the selector or designator 
     310        generates. 
     311         
     312        @param inputs a list of Evaluatables, with the first argument being a  
     313        Function if this is a higher-order function 
     314         
     315        @throws TypeError if the inputs do match what the function accepts for 
     316        evaluation''' 
     317        raise NotImplementedError() 
     318 
     319 
     320class FunctionBase(Function): 
    18321    FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:" 
    19322    supportedIdentifiers = () 
     
    28331                 returnType='',  
    29332                 returnsBag=False): 
     333        ''' 
     334        @param functionName the name of this function as used by the factory 
     335                            and any XACML policies 
     336        @param functionId an optional identifier that can be used by your 
     337                          code for convenience 
     338        @param paramTypes the type of each parameter, in order, required by 
     339                          this function, as used by the factory and any XACML 
     340                           documents 
     341        @param paramIsBag whether or not each parameter is actually a bag 
     342                          of values 
     343        @param returnType the type returned by this function, as used by 
     344                          the factory and any XACML documents 
     345        @param returnsBag whether or not this function returns a bag of values 
     346        ''' 
    30347           
    31348        self.functionName = functionName 
     
    103420# TODO: Condition classes - minimal implementation until opportunity to fully  
    104421# implement    
    105 class Function(object): 
    106     def __init__(self, *arg, **kw): 
    107         raise NotImplementedError() 
    108  
    109     @classmethod 
    110     def getInstance(cls, root): 
    111         raise NotImplementedError() 
    112  
    113422class BagFunction(FunctionBase): 
    114423    def __init__(self, *arg, **kw): 
     
    154463 
    155464class MatchFunction(FunctionBase): 
    156     NAME_REGEXP_STRING_MATCH = \ 
    157           "urn:oasis:names:tc:xacml:1.0:function:regexp-string-match" 
    158     NAME_RFC822NAME_MATCH = \ 
    159           "urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match" 
    160     NAME_X500NAME_MATCH = \ 
    161           "urn:oasis:names:tc:xacml:1.0:function:x500Name-match"      
     465    NAME_REGEXP_STRING_MATCH = FunctionBase.FUNCTION_NS + "regexp-string-match" 
     466    NAME_RFC822NAME_MATCH = FunctionBase.FUNCTION_NS + "rfc822Name-match" 
     467    NAME_X500NAME_MATCH = FunctionBase.FUNCTION_NS + "x500Name-match"      
    162468 
    163469    supportedIdentifiers = (NAME_REGEXP_STRING_MATCH,  
     
    192498class EqualFunction(FunctionBase): 
    193499    supportedIdentifiers = ( 
    194           "urn:oasis:names:tc:xacml:1.0:function:anyURI-equal", 
    195           "urn:oasis:names:tc:xacml:1.0:function:base64Binary-equal", 
    196           "urn:oasis:names:tc:xacml:1.0:function:boolean-equal", 
    197           "urn:oasis:names:tc:xacml:1.0:function:date-equal", 
    198           "urn:oasis:names:tc:xacml:1.0:function:dateTime-equal", 
    199           "urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-equal", 
    200           "urn:oasis:names:tc:xacml:1.0:function:double-equal", 
    201           "urn:oasis:names:tc:xacml:1.0:function:hexBinary-equal", 
    202           "urn:oasis:names:tc:xacml:1.0:function:integer-equal", 
    203           "urn:oasis:names:tc:xacml:1.0:function:rfc822Name-equal", 
    204           "urn:oasis:names:tc:xacml:1.0:function:string-equal", 
    205           "urn:oasis:names:tc:xacml:1.0:function:time-equal", 
    206           "urn:oasis:names:tc:xacml:1.0:function:x500Name-equal", 
    207           "urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-equal" 
     500          FunctionBase.FUNCTION_NS + "anyURI-equal", 
     501          FunctionBase.FUNCTION_NS + "base64Binary-equal", 
     502          FunctionBase.FUNCTION_NS + "boolean-equal", 
     503          FunctionBase.FUNCTION_NS + "date-equal", 
     504          FunctionBase.FUNCTION_NS + "dateTime-equal", 
     505          FunctionBase.FUNCTION_NS + "dayTimeDuration-equal", 
     506          FunctionBase.FUNCTION_NS + "double-equal", 
     507          FunctionBase.FUNCTION_NS + "hexBinary-equal", 
     508          FunctionBase.FUNCTION_NS + "integer-equal", 
     509          FunctionBase.FUNCTION_NS + "rfc822Name-equal", 
     510          FunctionBase.FUNCTION_NS + "string-equal", 
     511          FunctionBase.FUNCTION_NS + "time-equal", 
     512          FunctionBase.FUNCTION_NS + "x500Name-equal", 
     513          FunctionBase.FUNCTION_NS + "yearMonthDuration-equal" 
    208514    ) 
    209515 
     
    227533    } 
    228534     
    229     typeMap = {NAME_STRING_EQUAL: "http://www.w3.org/2001/XMLSchema#string"} 
    230      
    231     def __init__(self, functionName, **kw): 
    232           super(EqualFunction, self).__init__(functionName, **kw) 
     535    _attrClasses = ( 
     536        AnyURIAttribute, 
     537        Base64BinaryAttribute, 
     538        BooleanAttribute, 
     539        DateAttribute, 
     540        DateTimeAttribute, 
     541        DayTimeDurationEqual, 
     542        DoubleAttribute, 
     543        HexBinaryAttribute, 
     544        IntegerAttribute, 
     545        RFC822NameAttribute, 
     546        StringAttribute, 
     547        TimeAttribute, 
     548        X500NameAttribute, 
     549        YearMonthDurationAttribute 
     550    ) 
     551     
     552    typeMap = dict([(i, j.identifier) for i,j in zip(supportedIdentifiers, 
     553                                                     _attrClasses)]) 
     554     
     555    def __init__(self, functionName, argumentType=None, **kw): 
     556        if kw.get('functionId') is None: 
     557            kw['functionId'] = 0 
     558             
     559        if kw.get('paramType') is None: 
     560            kw['paramType'] = EqualFunction._getArgumentType(functionName) 
     561             
     562        super(EqualFunction, self).__init__(functionName, **kw) 
    233563 
    234564    def evaluate(self, inputs, evaluationCtx): 
     
    252582        return EvaluationResult(argValues[0] == argValues[1]) 
    253583     
    254     def getArgumentType(functionName): 
    255         datatype = EqualFunction.typeMap.get(functionName); 
    256         if datatype is None: 
    257             raise AttributeError("Not a standard function: %s" % functionName) 
     584    @classmethod 
     585    def _getArgumentType(cls, functionName): 
     586        argumentType = cls.typeMap.get(functionName) 
     587        if argumentType is None: 
     588            if functionName in cls.supportedIdentifiers: 
     589                raise NotImplementedError('No implementation is currently ' 
     590                                          'available for "%s"' % functionName) 
     591            else: 
     592                raise TypeError("Not a standard function: %s" % functionName) 
    258593           
    259         return datatype 
     594        return argumentType 
    260595 
    261596class AddFunction(FunctionBase): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/signaturehandler/__init__.py

    r5067 r5168  
    3939from ZSI.wstools.Namespaces import ENCRYPTION, WSU 
    4040from ZSI.wstools.Namespaces import OASIS as _OASIS 
     41from ConfigParser import RawConfigParser 
    4142 
    4243# Enable settings from a config file 
     
    225226            self.cfg = cfgClass() 
    226227            self.cfg.read(cfg) 
    227         else: 
     228            self.cfg.parse(section=cfgFileSection, prefix=cfgFilePrefix) 
     229 
     230        elif isinstance(cfg, RawConfigParser): 
    228231            log.debug("BaseSignatureHandler.__init__: config object input ...") 
    229232            self.cfg = cfgClass(cfg=cfg) 
    230              
    231         if cfg: # config object or config file path was set 
    232             log.debug("BaseSignatureHandler.__init__: Processing config " 
    233                       "file...") 
    234233            self.cfg.parse(section=cfgFileSection, prefix=cfgFilePrefix) 
     234             
     235        elif isinstance(cfg, WSSecurityConfig): 
     236            log.debug("BaseSignatureHandler.__init__:  WSSSecurityConfig " 
     237                      "object input ...") 
     238            self.cfg = cfg 
     239        else: 
     240            raise TypeError("cfg keyword set to %s type.  cfg must be a " 
     241                            "file path string, RawConfigParser derived " 
     242                            "class instance or WSSecurityConfig type" % 
     243                            cfg.__class__) 
    235244 
    236245        # Also update config from keywords set  
Note: See TracChangeset for help on using the changeset viewer.