Changeset 6570
- Timestamp:
- 12/02/10 17:05:04 (11 years ago)
- Location:
- TI12-security/trunk/NDGSecurity/python
- Files:
-
- 1 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/NDGSecurity/python/.project
r6243 r6570 4 4 <comment></comment> 5 5 <projects> 6 <project>ndg_security_saml</project> 6 7 </projects> 7 8 <buildSpec> -
TI12-security/trunk/NDGSecurity/python/.pydevproject
r6243 r6570 5 5 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.5</pydev_property> 6 6 <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property> 7 <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH"> 8 <path>/ndg_security_python</path> 9 </pydev_pathproperty> 10 <pydev_pathproperty name="org.python.pydev.PROJECT_EXTERNAL_SOURCE_PATH"> 11 <path>/home/pjkersha/workspace/ndg_security_saml</path> 12 </pydev_pathproperty> 7 13 </pydev_project> -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/__init__.py
r6440 r6570 2 2 server and client packages 3 3 4 NERC Data 4 NERC DataGrid Project 5 5 """ 6 6 __author__ = "P J Kershaw" -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/credentialwallet.py
r6512 r6570 759 759 "This class will be deprecated in future releases. Use " 760 760 "SAMLCredentialWallet and " 761 "ndg.security.common.saml_utils.bindings.AttributeQuerySslSOAPbinding " 762 "client interface instead for retrieving and caching user attributes.") 761 "ndg.security.common.saml_utils.binding.soap.attributequery." 762 "AttributeQuerySslSOAPbinding client interface instead for retrieving " 763 "and caching user attributes.") 763 764 764 765 def __init__(self, -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/__init__.py
r6069 r6570 1 """SAML 2.0 common package for NDG Security. This contains the bindings module 2 with an implementation of the SOAP Bindings for attribute queries 1 """SAML 2.0 common package for NDG Security. This contains the bindings package 2 with an implementation of the SOAP Bindings for attribute and authorisation 3 decision queries 3 4 4 5 NERC DataGrid Project -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/__init__.py
r6567 r6570 17 17 from saml.common import SAMLObject 18 18 19 from ndg.security.common.utils.factory import importModuleObject 19 20 from ndg.security.common.utils.configfileparsers import ( 20 21 CaseSensitiveConfigParser) 21 from ndg.security.common.utils.etree import QName22 from ndg.security.common.X509 import X500DN23 22 from ndg.security.common.soap import SOAPEnvelopeBase 24 23 from ndg.security.common.soap.etree import SOAPEnvelope … … 40 39 class SOAPBinding(object): 41 40 '''Client SAML SOAP Binding''' 41 REQUEST_ENVELOPE_CLASS_OPTNAME = 'requestEnvelopeClass' 42 RESPONSE_ENVELOPE_CLASS_OPTNAME = 'responseEnvelopeClass' 43 SERIALISE_OPTNAME = 'serialise' 44 DESERIALISE_OPTNAME = 'deserialise' 45 46 CONFIG_FILE_OPTNAMES = ( 47 REQUEST_ENVELOPE_CLASS_OPTNAME, 48 RESPONSE_ENVELOPE_CLASS_OPTNAME, 49 SERIALISE_OPTNAME, 50 DESERIALISE_OPTNAME 51 ) 52 53 __PRIVATE_ATTR_PREFIX = "__" 54 __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i 55 for i in CONFIG_FILE_OPTNAMES + ("__client",)]) 56 del i 42 57 43 58 isIterable = staticmethod(_isIterable) 44 __slots__ = (45 "__client",46 "__requestEnvelopeClass",47 "__serialise",48 "__deserialise"49 )50 59 51 60 def __init__(self, … … 54 63 serialise=None, 55 64 deserialise=None, 56 handlers=( HTTPSHandler,)):65 handlers=()): 57 66 '''Create SAML SOAP Client - Nb. serialisation functions must be set 58 67 before send()ing the request''' … … 69 78 self.client = UrlLib2SOAPClient() 70 79 71 # ElementTree based envelope class80 # Configurable envelope classes 72 81 self.requestEnvelopeClass = requestEnvelopeClass 73 82 self.client.responseEnvelopeClass = responseEnvelopeClass … … 84 93 85 94 def _setSerialise(self, value): 86 if not callable(value): 95 if isinstance(value, basestring): 96 self.__deserialise = importModuleObject(value) 97 98 elif callable(value): 99 self.__deserialise = value 100 else: 87 101 raise TypeError('Expecting callable for "serialise"; got %r' % 88 102 value) … … 96 110 97 111 def _setDeserialise(self, value): 98 if not callable(value): 112 if isinstance(value, basestring): 113 self.__deserialise = importModuleObject(value) 114 115 elif callable(value): 116 self.__deserialise = value 117 else: 99 118 raise TypeError('Expecting callable for "deserialise"; got %r' % 100 119 value) 101 self.__deserialise = value120 102 121 103 122 deserialise = property(_getDeserialise, … … 110 129 111 130 def _setRequestEnvelopeClass(self, value): 112 if not issubclass(value, SOAPEnvelopeBase): 113 raise TypeError('Expecting %r for "requestEnvelopeClass"; got %r' % 131 if isinstance(value, basestring): 132 self.client.responseEnvelopeClass = importClass(value) 133 134 elif issubclass(value, SOAPEnvelopeBase): 135 self.client.responseEnvelopeClass = value 136 else: 137 raise TypeError('Expecting %r derived type or string for ' 138 '"requestEnvelopeClass" attribute; got %r' % 114 139 (SOAPEnvelopeBase, value)) 115 140 … … 173 198 raise SOAPBindingInvalidResponse("Expecting single child element " 174 199 "is SOAP body") 175 176 if QName.getLocalPart(response.envelope.body.elem[0].tag)!='Response':177 raise SOAPBindingInvalidResponse('Expecting "Response" element in '178 'SOAP body')179 200 180 201 response = self.deserialise(response.envelope.body.elem[0]) … … 225 246 # No prefix set - attempt to set all attributes 226 247 setattr(self, optName, val) 227 248 249 def __setattr__(self, name, value): 250 """Enable setting of SOAPBinding.client.responseEnvelopeClass as if it 251 were an attribute of self 252 """ 253 try: 254 super(SOAPBinding, self).__setattr__(name, value) 255 256 except AttributeError: 257 if 'name' == SOAPBinding.RESPONSE_ENVELOPE_CLASS_OPTNAME: 258 if isinstance(value, basestring): 259 self.client.responseEnvelopeClass = importClass(value) 260 elif issubclass(value, SOAPEnvelopeBase): 261 self.client.responseEnvelopeClass = value 262 else: 263 raise TypeError('Expecting string or type instance for %r; ' 264 'got %r instead.' % (name, type(value))) 265 else: 266 raise 267 228 268 def __getstate__(self): 229 269 '''Explicit implementation needed with __slots__''' -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/attributequery.py
r6567 r6570 9 9 __contact__ = "Philip.Kershaw@stfc.ac.uk" 10 10 __revision__ = '$Id: $' 11 import re 11 12 import logging 12 13 log = logging.getLogger(__name__) … … 17 18 18 19 from ndg.security.common.utils import TypedList 19 from ndg.security.common.sam _utils.binding.soap.subjectquery import (20 from ndg.security.common.saml_utils.binding.soap.subjectquery import ( 20 21 SubjectQuerySOAPBinding, 21 22 SubjectQueryResponseError) … … 35 36 36 37 37 class AttributeQuerySOAPBinding(SubjectQuery ):38 class AttributeQuerySOAPBinding(SubjectQuerySOAPBinding): 38 39 """SAML Attribute Query SOAP Binding 39 40 """ … … 97 98 """ Create a SAML attribute query""" 98 99 attributeQuery = super(AttributeQuerySOAPBinding, self)._createQuery( 99 AttributeQuerySOAPBinding)100 AttributeQuery) 100 101 # Add list of attributes to query 101 102 for attribute in self.queryAttributes: -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/subjectquery.py
r6567 r6570 13 13 14 14 from datetime import datetime, timedelta 15 from uuid import uuid4 15 16 16 17 from saml.common import SAMLObject 17 18 from saml.utils import SAMLDateTime 18 from saml.saml2.core import ( Attribute, AttributeQuery, StatusCode, Response,19 from saml.saml2.core import (SubjectQuery, StatusCode, Response, 19 20 Issuer, Subject, SAMLVersion, NameID) 20 21 22 from ndg.security.common.utils import str2Bool 21 23 from ndg.security.common.saml_utils.binding.soap import (SOAPBinding, 22 24 SOAPBindingInvalidResponse) … … 55 57 SUBJECT_ID_OPTNAME = 'subjectID' 56 58 ISSUER_NAME_OPTNAME = 'issuerName' 59 ISSUER_FORMAT_OPTNAME = 'issuerFormat' 60 SUBJECT_ID_FORMAT_OPTNAME = 'subjectIdFormat' 57 61 CLOCK_SKEW_OPTNAME = 'clockSkewTolerance' 58 62 VERIFY_TIME_CONDITIONS_OPTNAME = 'verifyTimeConditions' … … 60 64 CONFIG_FILE_OPTNAMES = ( 61 65 SUBJECT_ID_OPTNAME, 62 ISSUER_NAME_OPTNAME, 66 SUBJECT_ID_FORMAT_OPTNAME, 67 ISSUER_NAME_OPTNAME, 68 ISSUER_FORMAT_OPTNAME, 63 69 CLOCK_SKEW_OPTNAME, 64 70 VERIFY_TIME_CONDITIONS_OPTNAME … … 66 72 67 73 __PRIVATE_ATTR_PREFIX = "__" 68 __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i 69 for i in CONFIG_FILE_OPTNAMES]) 74 __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i for i in CONFIG_FILE_OPTNAMES]) 70 75 del i 71 76 … … 74 79 self.__issuerName = None 75 80 self.__issuerFormat = Issuer.X509_SUBJECT 76 self.__nameIdFormat = NameID.UNSPECIFIED 81 self.__subjectID = None 82 self.__subjectIdFormat = NameID.UNSPECIFIED 77 83 self.__clockSkewTolerance = timedelta(seconds=0.) 78 84 self.__verifyTimeConditions = True … … 81 87 82 88 def _getNameIdFormat(self): 83 return self.__ nameIdFormat89 return self.__subjectIdFormat 84 90 85 91 def _setNameIdFormat(self, value): 86 self.__ nameIdFormat = value87 88 nameIdFormat = property(_getNameIdFormat, _setNameIdFormat,92 self.__subjectIdFormat = value 93 94 subjectIdFormat = property(_getNameIdFormat, _setNameIdFormat, 89 95 doc="Subject Name ID format") 90 96 … … 176 182 @rtype: saml.saml2.core.SubjectQuery 177 183 """ 178 if not is instance(queryClass, SubjectQuery):184 if not issubclass(queryClass, SubjectQuery): 179 185 raise TypeError('Query class %r is not a SubjectQuery derived type' 180 186 % queryClass) … … 194 200 query.subject = Subject() 195 201 query.subject.nameID = NameID() 196 query.subject.nameID.format = self. nameIdFormat202 query.subject.nameID.format = self.subjectIdFormat 197 203 query.subject.nameID.value = self.subjectID 198 204 -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/esg/__init__.py
r6069 r6570 154 154 ATTRIBUTES[0].name = EsgSamlNamespaces.FIRSTNAME_ATTRNAME 155 155 ATTRIBUTES[0].friendlyName = EsgSamlNamespaces.FIRSTNAME_FRIENDLYNAME 156 ATTRIBUTES[0]. format = XSSTRING_NS156 ATTRIBUTES[0].nameFormat = XSSTRING_NS 157 157 158 158 ATTRIBUTES[1].name = EsgSamlNamespaces.LASTNAME_ATTRNAME 159 159 ATTRIBUTES[1].friendlyName = EsgSamlNamespaces.LASTNAME_FRIENDLYNAME 160 ATTRIBUTES[1]. format = XSSTRING_NS160 ATTRIBUTES[1].nameFormat = XSSTRING_NS 161 161 162 162 ATTRIBUTES[2].name = EsgSamlNamespaces.EMAILADDRESS_ATTRNAME 163 163 ATTRIBUTES[2].friendlyName = EsgSamlNamespaces.EMAILADDRESS_FRIENDLYNAME 164 ATTRIBUTES[2]. format = XSSTRING_NS164 ATTRIBUTES[2].nameFormat = XSSTRING_NS -
TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/utils/classfactory.py
r6440 r6570 1 1 """ 2 Generic parsers to use when reading in configuration data 3 - methods available to deal with both XML and INI (flat text key/val) formats 2 Class Factory 3 4 NERC DataGrid project 4 5 """ 5 6 __author__ = "C Byrom - Tessella" … … 9 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 10 11 __revision__ = '$Id: $' 11 import traceback 12 import logging, os, sys 13 log = logging.getLogger(__name__) 14 15 16 class ClassFactoryError(Exception): 17 """Exception handling for NDG classfactory module.""" 18 def __init__(self, msg): 19 log.error(msg) 20 Exception.__init__(self, msg) 21 22 23 def importClass(moduleName, className=None, objectType=None): 24 '''Import a class from a string module name and class name. 25 26 @param moduleName: Name of module containing the class 27 @type moduleName: str 28 @param className: Name of the class to import. If none is given, the 29 class name will be assumed to be the last component of modulePath 30 @type className: str 31 @rtype: class object 32 @return: imported class''' 33 34 if className is None: 35 _moduleName, className = moduleName.rsplit('.', 1) 36 else: 37 _moduleName = moduleName 38 39 log.debug("Importing class %s ..." % className) 40 41 module = __import__(_moduleName, globals(), locals(), []) 42 components = _moduleName.split('.') 43 try: 44 for component in components[1:]: 45 module = getattr(module, component) 46 except AttributeError, e: 47 raise AttributeError("Error importing class %s: %s" % 48 (className, traceback.format_exc())) 49 50 importedClass = getattr(module, className) 51 52 # Check class inherits from a base class 53 if objectType and not issubclass(importedClass, objectType): 54 raise TypeError("Specified class %s must be derived from %s; got %s" % 55 (className, objectType, importedClass)) 56 57 log.info('Imported "%s" class from module, "%s"', className, _moduleName) 58 return importedClass 59 60 61 def instantiateClass(moduleName, className=None, moduleFilePath=None, 62 objectType=None, classArgs=(), classProperties={}): 63 ''' 64 Create and return an instance of the specified class 65 @param moduleName: Name of module containing the class 66 @type moduleName: str 67 @param className: Name of the class to instantiate. May be None in 68 which case, the class name is parsed from the moduleName last element 69 @type className: str 70 @param moduleFilePath: Path to the module - if unset, assume module on 71 system path already 72 @type moduleFilePath: str 73 @param classProperties: dict of properties to use when instantiating the 74 class 75 @type classProperties: dict 76 @param objectType: expected type for the object to instantiate - to 77 enforce use of specific interfaces 78 @type objectType: object 79 @return: object - instance of the class specified 80 ''' 81 82 83 # ensure that classproperties is a dict - NB, it may be passed in as a null 84 # value which can override the default val 85 if not classProperties: 86 classProperties = {} 87 88 # variable to store original state of the system path 89 sysPathBak = None 90 try: 91 try: 92 # Module file path may be None if the new module to be loaded 93 # can be found in the existing system path 94 if moduleFilePath: 95 if not os.path.exists(moduleFilePath): 96 raise IOError("Module file path '%s' doesn't exist" % 97 moduleFilePath) 98 99 # Temporarily extend system path ready for import 100 sysPathBak = sys.path 101 102 sys.path.append(moduleFilePath) 12 from ndg.security.common.utils.factory import (importModuleObject, 13 callModuleObject) 14 15 def importClass(*arg, **kw): 16 """Backwards compatibility - use importModuleObject instead""" 17 kw['objectName'] = kw.pop('className', None) 18 return importModuleObject(*arg, **kw) 103 19 104 20 105 # Import module name specified in properties file 106 importedClass = importClass(moduleName, 107 className=className, 108 objectType=objectType) 109 finally: 110 # revert back to original sys path, if necessary 111 # NB, python requires the use of a try/finally OR a try/except 112 # block - not both combined 113 if sysPathBak: 114 sys.path = sysPathBak 115 116 except Exception, e: 117 log.error('%s module import raised %s type exception: %s' % 118 (moduleName, e.__class__, e)) 119 raise 21 def instantiateClass(*arg, **kw): 22 """Wrapper to callModuleObject""" 23 kw['objectName'] = kw.pop('className', None) 24 kw['objectArgs'] = kw.pop('classargs', None) 25 kw['objectProperties'] = kw.pop('classProperties', None) 120 26 121 # Instantiate class 122 log.debug('Instantiating class "%s"' % importedClass.__name__) 123 try: 124 if classArgs: 125 object = importedClass(*classArgs, **classProperties) 126 else: 127 object = importedClass(**classProperties) 128 129 return object 130 131 except Exception, e: 132 log.error("Instantiating class, %s: %s" % (importedClass.__name__, 133 traceback.format_exc())) 134 raise 135 136 27 return callModuleObject(*arg, **kw) -
TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/myproxy/certificate_extapp/saml_attribute_assertion.py
r6068 r6570 39 39 from saml.xml.etree import AssertionElementTree, ResponseElementTree 40 40 41 from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding 41 from ndg.security.common.saml_utils.binding.soap.attributequery import \ 42 AttributeQuerySslSOAPBinding 42 43 from ndg.security.common.saml_utils.esg import (EsgSamlNamespaces, 43 44 EsgDefaultQueryAttributes) -
TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/__init__.py
r6512 r6570 23 23 from ndg.security.common.utils.classfactory import importClass 24 24 from ndg.security.common.X509 import X509Cert 25 from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding 25 from ndg.security.common.saml_utils.binding.soap.attributequery import \ 26 AttributeQuerySslSOAPBinding 26 27 27 28 from ndg.security.common.credentialwallet import (NDGCredentialWallet, -
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini
r6271 r6570 97 97 # If omitted, DN of SSL Cert is used 98 98 pip.attributeQuery.issuerName = 99 pip.attributeQuery.clockSkew = 0. 99 pip.attributeQuery.subjectIdFormat = urn:esg:openid 100 pip.attributeQuery.clockSkewTolerance = 0. 100 101 pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 101 102 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca -
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/attAuthorityClientTest.cfg
r6062 r6570 77 77 uri = http://localhost:5000/AttributeAuthority/saml 78 78 subject = https://openid.localhost/philip.kershaw 79 attributeQuery.clockSkew = 0. 79 80 attributeQuery.subjectIdFormat = urn:esg:openid 81 attributeQuery.clockSkewTolerance = 0. 80 82 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 81 83 attributeQuery.queryAttributes.0 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string … … 86 88 subject = https://openid.localhost/philip.kershaw 87 89 88 attributeQuery.clockSkew = 0. 90 attributeQuery.subjectIdFormat = urn:esg:openid 91 attributeQuery.clockSkewTolerance = 0. 89 92 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 90 93 attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string -
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_attributeauthorityclient.py
r6052 r6570 40 40 from saml.xml.etree import ResponseElementTree 41 41 42 from ndg.security.common.saml_utils.binding simport SOAPBinding as \42 from ndg.security.common.saml_utils.binding.soap import SOAPBinding as \ 43 43 SamlSoapBinding 44 from ndg.security.common.saml_utils.bindings import AttributeQuerySOAPBinding 45 from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding 44 from ndg.security.common.saml_utils.binding.soap.attributequery import ( 45 AttributeQuerySslSOAPBinding, 46 AttributeQuerySOAPBinding) 46 47 from ndg.security.common.saml_utils.esg import (EsgSamlNamespaces, 47 48 XSGroupRoleAttributeValue,
Note: See TracChangeset
for help on using the changeset viewer.