Changeset 6392 for TI12-security


Ignore:
Timestamp:
25/01/10 10:21:19 (10 years ago)
Author:
pjkersha
Message:
 
Location:
TI12-security/trunk/WSSecurity/ndg/wssecurity/common
Files:
2 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/WSSecurity/ndg/wssecurity/common/__init__.py

    r6387 r6392  
    3030        super(WSSecurityError, self).__init__(errorMessage) 
    3131         
     32         
    3233class WSSecurityConfigError(WSSecurityError): 
    3334    """Configuration error with WS-Security setting or settings""" 
    3435     
     36     
    3537class WSSecurityConfigOpNotPermitted(WSSecurityConfigError): 
    3638    "Raise for dict methods not allowed in WSSecurityConfig" 
    37      
     39 
     40 
     41class InvalidCertChain(WSSecurityError):     
     42    """Raised from SignatureHandler.verify if the certificate submitted to 
     43    verify a signature is not from a known CA""" 
     44 
     45  
     46class TimestampError(WSSecurityError): 
     47    """Raised from SignatureHandler._verifyTimestamp if there is a problem with 
     48    the created or expiry times in an input message Timestamp""" 
     49 
     50 
     51class MessageExpired(TimestampError): 
     52    """Raised from SignatureHandler._verifyTimestamp if the timestamp of 
     53    the message being processed is before the current time.  Can be caught in 
     54    order to set a wsu:MessageExpired fault code"""     
    3855class WSSecurityConfig(dict): 
    3956    """Parser for WS-Security configuration.  Extends dict to enable 
  • TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py

    r6391 r6392  
    1616import re 
    1717import base64 
     18import traceback 
    1819from datetime import datetime, timedelta 
    19  
    20 # Digest and signature/verify 
    21 from sha import sha 
     20from sha import sha # Digest and signature/verify 
    2221 
    2322from M2Crypto import X509, BIO, RSA 
     
    2625from ZSI.wstools.Namespaces import ENCRYPTION, WSU 
    2726from ZSI.wstools.Namespaces import OASIS as _OASIS 
    28 from ConfigParser import RawConfigParser 
    2927 
    3028from ndg.wssecurity.common import WSSecurityConfigError, WSSecurityError 
     
    4846#    WSSE11 = ("http://docs.oasis-open.org/wss/2005/xx/" 
    4947#              "oasis-2005xx-wss-wssecurity-secext-1.1.xsd") 
    50  
    51  
    52 class InvalidCertChain(WSSecurityError):     
    53     """Raised from SignatureHandler.verify if the certificate submitted to 
    54     verify a signature is not from a known CA""" 
    5548     
    5649     
     
    5851    """Raised from SignatureHandler.verify if an error occurs in the signature 
    5952    verification""" 
    60   
    61   
    62 class TimestampError(WSSecurityError): 
    63     """Raised from SignatureHandler._verifyTimestamp if there is a problem with 
    64     the created or expiry times in an input message Timestamp""" 
    65  
    66  
    67 class MessageExpired(TimestampError): 
    68     """Raised from SignatureHandler._verifyTimestamp if the timestamp of 
    69     the message being processed is before the current time.  Can be caught in 
    70     order to set a wsu:MessageExpired fault code""" 
    7153     
    7254     
     
    159141     
    160142    def __init__(self): 
    161         ''' 
    162         @param cfg: object from which to read config items - a file path, 
    163         config parser object or WSSecurityConfig object 
    164         @type cfg: basestring/RawConfigParser/WSSecurityConfig 
    165         ''' 
     143        '''''' 
    166144        log.debug("BaseSignatureHandler.__init__ ...") 
    167145        for name, val in BaseSignatureHandler.PROPERTY_DEFAULTS.items(): 
    168146            setattr(self, name, val[0]) 
    169              
    170         self.__reqBinarySecurityTokValType = None 
    171         self.__refC14nKw = None 
    172         self._signedInfoC14nKw = None 
    173147         
    174148    def __setattr__(self, name, val): 
     
    329303                                doc="Keywords for C14N of SignedInfo element") 
    330304 
    331  
    332305    def _refC14nIsExcl(self): 
    333306        ''' 
     
    341314    refC14nIsExcl = property(fget=_refC14nIsExcl, 
    342315    doc="Return True/False C14N for reference elements set to exclusive type") 
    343  
    344316      
    345317    def _signedInfoC14nIsExcl(self): 
     
    356328                                    "SignedInfo element set to exclusive type") 
    357329     
    358      
    359330    def _setCert(self, cert): 
    360331        """filter and convert input cert to signing verifying cert set  
     
    384355         
    385356        else: 
    386             raise AttributeError("X.509 Cert. must be type: ndg.security." 
    387                                  "common.X509.X509Cert, M2Crypto.X509.X509 or " 
    388                                  "a base64 encoded string") 
     357            raise TypeError("X.509 Cert. must be type: ndg.security." 
     358                            "common.X509.X509Cert, M2Crypto.X509.X509 or " 
     359                            "a base64 encoded string") 
    389360         
    390361        # Check for expired certificate 
     
    394365        return x509Cert 
    395366 
    396      
    397367    def _getVerifyingCert(self): 
    398368        '''Return X.509 cert object corresponding to cert used to verify the  
     
    408378        return self._verifyingCert 
    409379 
    410  
    411380    def _setVerifyingCert(self, verifyingCert): 
    412381        "Set property method for X.509 cert. used to verify a signature" 
     
    419388                             fget=_getVerifyingCert, 
    420389                             doc="Set X.509 Cert. for verifying signature") 
    421  
    422390 
    423391    def _setVerifyingCertFilePath(self, verifyingCertFilePath): 
     
    427395                self._verifyingCert = X509CertRead(verifyingCertFilePath) 
    428396            else: 
    429                 raise AttributeError, "X.509 Cert file path is not a valid string" 
     397                raise TypeError("X.509 Cert file path is not a valid string") 
    430398         
    431399        self._verifyingCertFilePath = verifyingCertFilePath 
     
    434402                    doc="file path of X.509 Cert. for verifying signature") 
    435403 
    436      
    437404    def _getSigningCert(self): 
    438405        '''Return X.509 certificate object corresponding to certificate used  
     
    444411        return self._signingCert 
    445412 
    446  
    447413    def _setSigningCert(self, signingCert): 
    448414        "Set property method for X.509 cert. to be included with signature" 
     
    469435        self._signingCertFilePath = signingCertFilePath 
    470436         
    471          
    472437    signingCertFilePath = property(fset=_setSigningCertFilePath, 
    473                    doc="File path X.509 cert. to include with signed message") 
    474  
    475      
     438                                   doc="File path X.509 cert. to include with " 
     439                                       "signed message") 
     440 
    476441    def _setSigningCertChain(self, signingCertChain): 
    477442        '''Signature set-up with "X509PKIPathv1" BinarySecurityToken  
     
    504469                                    "to verify msg.") 
    505470 
    506   
    507471    def _setSigningPriKeyPwd(self, signingPriKeyPwd): 
    508472        "Set method for private key file password used to sign message" 
     
    570534         
    571535        elif signingPriKeyFilePath is not None: 
    572             raise AttributeError("Private key file path must be a valid " 
    573                                  "string or None") 
     536            raise TypeError("Private key file path must be a valid string or " 
     537                            "None") 
    574538         
    575539        self.__signingPriKeyFilePath = signingPriKeyFilePath 
     
    592556         
    593557        if not hasattr(self, '_caX509Stack'): 
    594             self._caX509Stack = X509Stack() 
     558            self.__caX509Stack = X509Stack() 
    595559             
    596560        for cert in caCertList: 
    597             self._caX509Stack.push(cert) 
     561            self.__caX509Stack.push(cert) 
    598562 
    599563 
     
    609573        reg = re.compile('\d+\.0') 
    610574        try: 
    611             caCertList = [X509CertRead(caFile) \ 
    612                           for caFile in os.listdir(caCertDir) \ 
     575            caCertList = [X509CertRead(caFile)  
     576                          for caFile in os.listdir(caCertDir)  
    613577                          if reg.match(caFile)] 
    614578        except Exception, e: 
     
    623587                                "verification") 
    624588 
    625  
    626589    def __setCAX509StackFromCertFileList(self, caCertFilePathList): 
    627590        '''Read CA certificates from file and add them to the X.509 
     
    639602        # of form <Hash cert subject name>.0 
    640603        try: 
    641             caCertList=[X509CertRead(caFile) for caFile in caCertFilePathList] 
    642         except Exception, e: 
     604            caCertList = [X509CertRead(caFile) for caFile in caCertFilePathList] 
     605        except Exception: 
    643606            raise WSSecurityError('Loading CA certificate "%s" from file ' 
    644                                   'list: %s' % (caFile, str(e))) 
     607                                  'list: %s' % (caFile, traceback.format_exc())) 
    645608                     
    646609        # Add to stack 
     
    648611         
    649612    caCertFilePathList = property(fset=__setCAX509StackFromCertFileList, 
    650                       doc="List of CA cert. files used for verification")               
     613                                  doc="List of CA cert. files used for " 
     614                                      "verification")               
    651615         
    652616    def _get_timestampClockSkew(self): 
     
    655619    def _set_timestampClockSkew(self, val): 
    656620        if isinstance(val, basestring): 
    657             self._timestampClockSkew = float(val) 
     621            self.__timestampClockSkew = float(val) 
    658622             
    659623        elif isinstance(val, (float, int)): 
    660             self._timestampClockSkew = val 
     624            self.__timestampClockSkew = val 
    661625             
    662626        else: 
     
    681645        @rtype: bool 
    682646        @return: input value converted to bool type 
    683         """ 
    684          
     647        """      
    685648        if isinstance(val, bool): 
    686649            return val 
     
    700663         
    701664    def _get_timestampMustBeSet(self): 
    702         return getattr(self, "_timestampMustBeSet", False) 
     665        return self.__timestampMustBeSet 
    703666 
    704667    def _set_timestampMustBeSet(self, val): 
    705         self._timestampMustBeSet = self._setBool(val) 
     668        self.__timestampMustBeSet = self._setBool(val) 
    706669         
    707670    timestampMustBeSet = property(fset=_set_timestampMustBeSet, 
     
    714677     
    715678    def _get_createdElemMustBeSet(self): 
    716         return getattr(self, "_createdElemMustBeSet", False) 
     679        return self.__createdElemMustBeSet 
    717680 
    718681    def _set_createdElemMustBeSet(self, val): 
    719         self._createdElemMustBeSet = self._setBool(val) 
     682        self.__createdElemMustBeSet = self._setBool(val) 
    720683         
    721684    createdElemMustBeSet = property(fset=_set_createdElemMustBeSet, 
     
    729692     
    730693    def _get_expiresElemMustBeSet(self): 
    731         return getattr(self, "_expiresElemMustBeSet", False) 
     694        return self.__expiresElemMustBeSet 
    732695 
    733696    def _set_expiresElemMustBeSet(self, val): 
    734         self._expiresElemMustBeSet = self._setBool(val) 
     697        self.__expiresElemMustBeSet = self._setBool(val) 
    735698         
    736699    expiresElemMustBeSet = property(fset=_set_expiresElemMustBeSet, 
Note: See TracChangeset for help on using the changeset viewer.