Changeset 6392 for TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py

Timestamp:

25/01/10 10:21:19 (11 years ago)

Author:

pjkersha

Message:

 

File:

• TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py (modified) (28 diffs)

TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/__init__.py

@@ -16 +16 @@
 import re
 import base64
+import traceback
 from datetime import datetime, timedelta
-
-# Digest and signature/verify
-from sha import sha
+from sha import sha # Digest and signature/verify
 
 from M2Crypto import X509, BIO, RSA
@@ -26 +25 @@
 from ZSI.wstools.Namespaces import ENCRYPTION, WSU
 from ZSI.wstools.Namespaces import OASIS as _OASIS
-from ConfigParser import RawConfigParser
 
 from ndg.wssecurity.common import WSSecurityConfigError, WSSecurityError
@@ -48 +46 @@
 #    WSSE11 = ("http://docs.oasis-open.org/wss/2005/xx/"
 #              "oasis-2005xx-wss-wssecurity-secext-1.1.xsd")
-
-
-class InvalidCertChain(WSSecurityError):    
-    """Raised from SignatureHandler.verify if the certificate submitted to
-    verify a signature is not from a known CA"""
     
     
@@ -58 +51 @@
     """Raised from SignatureHandler.verify if an error occurs in the signature
     verification"""
- 
- 
-class TimestampError(WSSecurityError):
-    """Raised from SignatureHandler._verifyTimestamp if there is a problem with
-    the created or expiry times in an input message Timestamp"""
-
-
-class MessageExpired(TimestampError):
-    """Raised from SignatureHandler._verifyTimestamp if the timestamp of
-    the message being processed is before the current time.  Can be caught in
-    order to set a wsu:MessageExpired fault code"""
     
     
@@ -159 +141 @@
     
     def __init__(self):
-        '''
-        @param cfg: object from which to read config items - a file path,
-        config parser object or WSSecurityConfig object
-        @type cfg: basestring/RawConfigParser/WSSecurityConfig
-        '''
+        ''''''
         log.debug("BaseSignatureHandler.__init__ ...")
         for name, val in BaseSignatureHandler.PROPERTY_DEFAULTS.items():
             setattr(self, name, val[0])
-            
-        self.__reqBinarySecurityTokValType = None
-        self.__refC14nKw = None
-        self._signedInfoC14nKw = None
         
     def __setattr__(self, name, val):
@@ -329 +303 @@
                                 doc="Keywords for C14N of SignedInfo element")
 
-
     def _refC14nIsExcl(self):
         '''
@@ -341 +314 @@
     refC14nIsExcl = property(fget=_refC14nIsExcl,
     doc="Return True/False C14N for reference elements set to exclusive type")
-
      
     def _signedInfoC14nIsExcl(self):
@@ -356 +328 @@
                                     "SignedInfo element set to exclusive type")
     
-    
     def _setCert(self, cert):
         """filter and convert input cert to signing verifying cert set 
@@ -384 +355 @@
         
         else:
-            raise AttributeError("X.509 Cert. must be type: ndg.security."
-                                 "common.X509.X509Cert, M2Crypto.X509.X509 or "
-                                 "a base64 encoded string")
+            raise TypeError("X.509 Cert. must be type: ndg.security."
+                            "common.X509.X509Cert, M2Crypto.X509.X509 or "
+                            "a base64 encoded string")
         
         # Check for expired certificate
@@ -394 +365 @@
         return x509Cert
 
-    
     def _getVerifyingCert(self):
         '''Return X.509 cert object corresponding to cert used to verify the 
@@ -408 +378 @@
         return self._verifyingCert
 
-
     def _setVerifyingCert(self, verifyingCert):
         "Set property method for X.509 cert. used to verify a signature"
@@ -419 +388 @@
                              fget=_getVerifyingCert,
                              doc="Set X.509 Cert. for verifying signature")
-
 
     def _setVerifyingCertFilePath(self, verifyingCertFilePath):
@@ -427 +395 @@
                 self._verifyingCert = X509CertRead(verifyingCertFilePath)
             else:
-                raise AttributeError, "X.509 Cert file path is not a valid string"
+                raise TypeError("X.509 Cert file path is not a valid string")
         
         self._verifyingCertFilePath = verifyingCertFilePath
@@ -434 +402 @@
                     doc="file path of X.509 Cert. for verifying signature")
 
-    
     def _getSigningCert(self):
         '''Return X.509 certificate object corresponding to certificate used 
@@ -444 +411 @@
         return self._signingCert
 
-
     def _setSigningCert(self, signingCert):
         "Set property method for X.509 cert. to be included with signature"
@@ -469 +435 @@
         self._signingCertFilePath = signingCertFilePath
         
-        
     signingCertFilePath = property(fset=_setSigningCertFilePath,
-                   doc="File path X.509 cert. to include with signed message")
-
-    
+                                   doc="File path X.509 cert. to include with "
+                                       "signed message")
+
     def _setSigningCertChain(self, signingCertChain):
         '''Signature set-up with "X509PKIPathv1" BinarySecurityToken 
@@ -504 +469 @@
                                     "to verify msg.")
 
- 
     def _setSigningPriKeyPwd(self, signingPriKeyPwd):
         "Set method for private key file password used to sign message"
@@ -570 +534 @@
         
         elif signingPriKeyFilePath is not None:
-            raise AttributeError("Private key file path must be a valid "
-                                 "string or None")
+            raise TypeError("Private key file path must be a valid string or "
+                            "None")
         
         self.__signingPriKeyFilePath = signingPriKeyFilePath
@@ -592 +556 @@
         
         if not hasattr(self, '_caX509Stack'):
-            self._caX509Stack = X509Stack()
+            self.__caX509Stack = X509Stack()
             
         for cert in caCertList:
-            self._caX509Stack.push(cert)
+            self.__caX509Stack.push(cert)
 
 
@@ -609 +573 @@
         reg = re.compile('\d+\.0')
         try:
-            caCertList = [X509CertRead(caFile) \
-                          for caFile in os.listdir(caCertDir) \
+            caCertList = [X509CertRead(caFile) 
+                          for caFile in os.listdir(caCertDir) 
                           if reg.match(caFile)]
         except Exception, e:
@@ -623 +587 @@
                                 "verification")
 
-
     def __setCAX509StackFromCertFileList(self, caCertFilePathList):
         '''Read CA certificates from file and add them to the X.509
@@ -639 +602 @@
         # of form <Hash cert subject name>.0
         try:
-            caCertList=[X509CertRead(caFile) for caFile in caCertFilePathList]
-        except Exception, e:
+            caCertList = [X509CertRead(caFile) for caFile in caCertFilePathList]
+        except Exception:
             raise WSSecurityError('Loading CA certificate "%s" from file '
-                                  'list: %s' % (caFile, str(e)))
+                                  'list: %s' % (caFile, traceback.format_exc()))
                     
         # Add to stack
@@ -648 +611 @@
         
     caCertFilePathList = property(fset=__setCAX509StackFromCertFileList,
-                      doc="List of CA cert. files used for verification")              
+                                  doc="List of CA cert. files used for "
+                                      "verification")              
         
     def _get_timestampClockSkew(self):
@@ -655 +619 @@
     def _set_timestampClockSkew(self, val):
         if isinstance(val, basestring):
-            self._timestampClockSkew = float(val)
+            self.__timestampClockSkew = float(val)
             
         elif isinstance(val, (float, int)):
-            self._timestampClockSkew = val
+            self.__timestampClockSkew = val
             
         else:
@@ -681 +645 @@
         @rtype: bool
         @return: input value converted to bool type
-        """
-        
+        """     
         if isinstance(val, bool):
             return val
@@ -700 +663 @@
         
     def _get_timestampMustBeSet(self):
-        return getattr(self, "_timestampMustBeSet", False)
+        return self.__timestampMustBeSet
 
     def _set_timestampMustBeSet(self, val):
-        self._timestampMustBeSet = self._setBool(val)
+        self.__timestampMustBeSet = self._setBool(val)
         
     timestampMustBeSet = property(fset=_set_timestampMustBeSet,
@@ -714 +677 @@
     
     def _get_createdElemMustBeSet(self):
-        return getattr(self, "_createdElemMustBeSet", False)
+        return self.__createdElemMustBeSet
 
     def _set_createdElemMustBeSet(self, val):
-        self._createdElemMustBeSet = self._setBool(val)
+        self.__createdElemMustBeSet = self._setBool(val)
         
     createdElemMustBeSet = property(fset=_set_createdElemMustBeSet,
@@ -729 +692 @@
     
     def _get_expiresElemMustBeSet(self):
-        return getattr(self, "_expiresElemMustBeSet", False)
+        return self.__expiresElemMustBeSet
 
     def _set_expiresElemMustBeSet(self, val):
-        self._expiresElemMustBeSet = self._setBool(val)
+        self.__expiresElemMustBeSet = self._setBool(val)
         
     expiresElemMustBeSet = property(fset=_set_expiresElemMustBeSet,