Changeset 6392 for TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py
- Timestamp:
- 25/01/10 10:21:19 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py
r6391 r6392 16 16 import re 17 17 import base64 18 import traceback 18 19 from datetime import datetime, timedelta 19 20 # Digest and signature/verify 21 from sha import sha 20 from sha import sha # Digest and signature/verify 22 21 23 22 from M2Crypto import X509, BIO, RSA … … 26 25 from ZSI.wstools.Namespaces import ENCRYPTION, WSU 27 26 from ZSI.wstools.Namespaces import OASIS as _OASIS 28 from ConfigParser import RawConfigParser29 27 30 28 from ndg.wssecurity.common import WSSecurityConfigError, WSSecurityError … … 48 46 # WSSE11 = ("http://docs.oasis-open.org/wss/2005/xx/" 49 47 # "oasis-2005xx-wss-wssecurity-secext-1.1.xsd") 50 51 52 class InvalidCertChain(WSSecurityError):53 """Raised from SignatureHandler.verify if the certificate submitted to54 verify a signature is not from a known CA"""55 48 56 49 … … 58 51 """Raised from SignatureHandler.verify if an error occurs in the signature 59 52 verification""" 60 61 62 class TimestampError(WSSecurityError):63 """Raised from SignatureHandler._verifyTimestamp if there is a problem with64 the created or expiry times in an input message Timestamp"""65 66 67 class MessageExpired(TimestampError):68 """Raised from SignatureHandler._verifyTimestamp if the timestamp of69 the message being processed is before the current time. Can be caught in70 order to set a wsu:MessageExpired fault code"""71 53 72 54 … … 159 141 160 142 def __init__(self): 161 ''' 162 @param cfg: object from which to read config items - a file path, 163 config parser object or WSSecurityConfig object 164 @type cfg: basestring/RawConfigParser/WSSecurityConfig 165 ''' 143 '''''' 166 144 log.debug("BaseSignatureHandler.__init__ ...") 167 145 for name, val in BaseSignatureHandler.PROPERTY_DEFAULTS.items(): 168 146 setattr(self, name, val[0]) 169 170 self.__reqBinarySecurityTokValType = None171 self.__refC14nKw = None172 self._signedInfoC14nKw = None173 147 174 148 def __setattr__(self, name, val): … … 329 303 doc="Keywords for C14N of SignedInfo element") 330 304 331 332 305 def _refC14nIsExcl(self): 333 306 ''' … … 341 314 refC14nIsExcl = property(fget=_refC14nIsExcl, 342 315 doc="Return True/False C14N for reference elements set to exclusive type") 343 344 316 345 317 def _signedInfoC14nIsExcl(self): … … 356 328 "SignedInfo element set to exclusive type") 357 329 358 359 330 def _setCert(self, cert): 360 331 """filter and convert input cert to signing verifying cert set … … 384 355 385 356 else: 386 raise AttributeError("X.509 Cert. must be type: ndg.security."387 388 357 raise TypeError("X.509 Cert. must be type: ndg.security." 358 "common.X509.X509Cert, M2Crypto.X509.X509 or " 359 "a base64 encoded string") 389 360 390 361 # Check for expired certificate … … 394 365 return x509Cert 395 366 396 397 367 def _getVerifyingCert(self): 398 368 '''Return X.509 cert object corresponding to cert used to verify the … … 408 378 return self._verifyingCert 409 379 410 411 380 def _setVerifyingCert(self, verifyingCert): 412 381 "Set property method for X.509 cert. used to verify a signature" … … 419 388 fget=_getVerifyingCert, 420 389 doc="Set X.509 Cert. for verifying signature") 421 422 390 423 391 def _setVerifyingCertFilePath(self, verifyingCertFilePath): … … 427 395 self._verifyingCert = X509CertRead(verifyingCertFilePath) 428 396 else: 429 raise AttributeError, "X.509 Cert file path is not a valid string"397 raise TypeError("X.509 Cert file path is not a valid string") 430 398 431 399 self._verifyingCertFilePath = verifyingCertFilePath … … 434 402 doc="file path of X.509 Cert. for verifying signature") 435 403 436 437 404 def _getSigningCert(self): 438 405 '''Return X.509 certificate object corresponding to certificate used … … 444 411 return self._signingCert 445 412 446 447 413 def _setSigningCert(self, signingCert): 448 414 "Set property method for X.509 cert. to be included with signature" … … 469 435 self._signingCertFilePath = signingCertFilePath 470 436 471 472 437 signingCertFilePath = property(fset=_setSigningCertFilePath, 473 doc="File path X.509 cert. to include with signed message")474 475 438 doc="File path X.509 cert. to include with " 439 "signed message") 440 476 441 def _setSigningCertChain(self, signingCertChain): 477 442 '''Signature set-up with "X509PKIPathv1" BinarySecurityToken … … 504 469 "to verify msg.") 505 470 506 507 471 def _setSigningPriKeyPwd(self, signingPriKeyPwd): 508 472 "Set method for private key file password used to sign message" … … 570 534 571 535 elif signingPriKeyFilePath is not None: 572 raise AttributeError("Private key file path must be a valid"573 "string orNone")536 raise TypeError("Private key file path must be a valid string or " 537 "None") 574 538 575 539 self.__signingPriKeyFilePath = signingPriKeyFilePath … … 592 556 593 557 if not hasattr(self, '_caX509Stack'): 594 self._ caX509Stack = X509Stack()558 self.__caX509Stack = X509Stack() 595 559 596 560 for cert in caCertList: 597 self._ caX509Stack.push(cert)561 self.__caX509Stack.push(cert) 598 562 599 563 … … 609 573 reg = re.compile('\d+\.0') 610 574 try: 611 caCertList = [X509CertRead(caFile) \612 for caFile in os.listdir(caCertDir) \575 caCertList = [X509CertRead(caFile) 576 for caFile in os.listdir(caCertDir) 613 577 if reg.match(caFile)] 614 578 except Exception, e: … … 623 587 "verification") 624 588 625 626 589 def __setCAX509StackFromCertFileList(self, caCertFilePathList): 627 590 '''Read CA certificates from file and add them to the X.509 … … 639 602 # of form <Hash cert subject name>.0 640 603 try: 641 caCertList =[X509CertRead(caFile) for caFile in caCertFilePathList]642 except Exception , e:604 caCertList = [X509CertRead(caFile) for caFile in caCertFilePathList] 605 except Exception: 643 606 raise WSSecurityError('Loading CA certificate "%s" from file ' 644 'list: %s' % (caFile, str(e)))607 'list: %s' % (caFile, traceback.format_exc())) 645 608 646 609 # Add to stack … … 648 611 649 612 caCertFilePathList = property(fset=__setCAX509StackFromCertFileList, 650 doc="List of CA cert. files used for verification") 613 doc="List of CA cert. files used for " 614 "verification") 651 615 652 616 def _get_timestampClockSkew(self): … … 655 619 def _set_timestampClockSkew(self, val): 656 620 if isinstance(val, basestring): 657 self._ timestampClockSkew = float(val)621 self.__timestampClockSkew = float(val) 658 622 659 623 elif isinstance(val, (float, int)): 660 self._ timestampClockSkew = val624 self.__timestampClockSkew = val 661 625 662 626 else: … … 681 645 @rtype: bool 682 646 @return: input value converted to bool type 683 """ 684 647 """ 685 648 if isinstance(val, bool): 686 649 return val … … 700 663 701 664 def _get_timestampMustBeSet(self): 702 return getattr(self, "_timestampMustBeSet", False)665 return self.__timestampMustBeSet 703 666 704 667 def _set_timestampMustBeSet(self, val): 705 self._ timestampMustBeSet = self._setBool(val)668 self.__timestampMustBeSet = self._setBool(val) 706 669 707 670 timestampMustBeSet = property(fset=_set_timestampMustBeSet, … … 714 677 715 678 def _get_createdElemMustBeSet(self): 716 return getattr(self, "_createdElemMustBeSet", False)679 return self.__createdElemMustBeSet 717 680 718 681 def _set_createdElemMustBeSet(self, val): 719 self._ createdElemMustBeSet = self._setBool(val)682 self.__createdElemMustBeSet = self._setBool(val) 720 683 721 684 createdElemMustBeSet = property(fset=_set_createdElemMustBeSet, … … 729 692 730 693 def _get_expiresElemMustBeSet(self): 731 return getattr(self, "_expiresElemMustBeSet", False)694 return self.__expiresElemMustBeSet 732 695 733 696 def _set_expiresElemMustBeSet(self, val): 734 self._ expiresElemMustBeSet = self._setBool(val)697 self.__expiresElemMustBeSet = self._setBool(val) 735 698 736 699 expiresElemMustBeSet = property(fset=_set_expiresElemMustBeSet,
Note: See TracChangeset
for help on using the changeset viewer.