Changeset 6570

Timestamp:

12/02/10 17:05:04 (11 years ago)

Author:

pjkersha

Message:

• Refactored classfactory module as a more generic factory for importing any module object
• Started unit tests with refactored SAML SOAP bindings.

Location:

TI12-security/trunk/NDGSecurity/python

Files:

• .project (modified) (1 diff)
• .pydevproject (modified) (1 diff)
• ndg_security_common/ndg/security/common/__init__.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/credentialwallet.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/saml_utils/__init__.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/saml_utils/binding/soap/__init__.py (modified) (9 diffs)
• ndg_security_common/ndg/security/common/saml_utils/binding/soap/attributequery.py (modified) (4 diffs)
• ndg_security_common/ndg/security/common/saml_utils/binding/soap/subjectquery.py (modified) (8 diffs)
• ndg_security_common/ndg/security/common/saml_utils/esg/__init__.py (modified) (1 diff)
• ndg_security_common/ndg/security/common/utils/classfactory.py (modified) (2 diffs)
• ndg_security_common/ndg/security/common/utils/factory.py (added)
• ndg_security_server/ndg/security/server/myproxy/certificate_extapp/saml_attribute_assertion.py (modified) (1 diff)
• ndg_security_server/ndg/security/server/wsgi/authz/__init__.py (modified) (1 diff)
• ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/attributeauthorityclient/attAuthorityClientTest.cfg (modified) (2 diffs)
• ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_attributeauthorityclient.py (modified) (1 diff)

TI12-security/trunk/NDGSecurity/python/.project

@@ -4 +4 @@
         <comment></comment>
         <projects>
+                <project>ndg_security_saml</project>
         </projects>
         <buildSpec>

TI12-security/trunk/NDGSecurity/python/.pydevproject

@@ -5 +5 @@
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.5</pydev_property>
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
+<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
+<path>/ndg_security_python</path>
+</pydev_pathproperty>
+<pydev_pathproperty name="org.python.pydev.PROJECT_EXTERNAL_SOURCE_PATH">
+<path>/home/pjkersha/workspace/ndg_security_saml</path>
+</pydev_pathproperty>
 </pydev_project>

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/__init__.py

@@ -2 +2 @@
 server and client packages
 
-NERC Data Grid Project
+NERC DataGrid Project
 """
 __author__ = "P J Kershaw"

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/credentialwallet.py

@@ -759 +759 @@
         "This class will be deprecated in future releases.  Use "
         "SAMLCredentialWallet and "
-        "ndg.security.common.saml_utils.bindings.AttributeQuerySslSOAPbinding "
-        "client interface instead for retrieving and caching user attributes.")
+        "ndg.security.common.saml_utils.binding.soap.attributequery."
+        "AttributeQuerySslSOAPbinding client interface instead for retrieving "
+        "and caching user attributes.")
     
     def __init__(self, 

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/__init__.py

@@ -1 @@
-"""SAML 2.0 common package for NDG Security.  This contains the bindings module
-with an implementation of the SOAP Bindings for attribute queries
+"""SAML 2.0 common package for NDG Security.  This contains the bindings package
+with an implementation of the SOAP Bindings for attribute and authorisation
+decision queries
 
 NERC DataGrid Project

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/__init__.py

@@ -17 +17 @@
 from saml.common import SAMLObject
 
+from ndg.security.common.utils.factory import importModuleObject
 from ndg.security.common.utils.configfileparsers import (
                                                     CaseSensitiveConfigParser)
-from ndg.security.common.utils.etree import QName   
-from ndg.security.common.X509 import X500DN 
 from ndg.security.common.soap import SOAPEnvelopeBase
 from ndg.security.common.soap.etree import SOAPEnvelope
@@ -40 +39 @@
 class SOAPBinding(object):
     '''Client SAML SOAP Binding'''
+    REQUEST_ENVELOPE_CLASS_OPTNAME = 'requestEnvelopeClass'
+    RESPONSE_ENVELOPE_CLASS_OPTNAME = 'responseEnvelopeClass'
+    SERIALISE_OPTNAME = 'serialise'
+    DESERIALISE_OPTNAME = 'deserialise'  
+    
+    CONFIG_FILE_OPTNAMES = (
+        REQUEST_ENVELOPE_CLASS_OPTNAME,
+        RESPONSE_ENVELOPE_CLASS_OPTNAME,
+        SERIALISE_OPTNAME,
+        DESERIALISE_OPTNAME
+    )
+    
+    __PRIVATE_ATTR_PREFIX = "__"
+    __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i 
+                       for i in CONFIG_FILE_OPTNAMES + ("__client",)])
+    del i
     
     isIterable = staticmethod(_isIterable)
-    __slots__ = (
-        "__client",
-        "__requestEnvelopeClass",
-        "__serialise",
-        "__deserialise"
-    )
     
     def __init__(self, 
@@ -54 +63 @@
                  serialise=None,
                  deserialise=None,
-                 handlers=(HTTPSHandler,)):
+                 handlers=()):
         '''Create SAML SOAP Client - Nb. serialisation functions must be set
         before send()ing the request'''
@@ -69 +78 @@
         self.client = UrlLib2SOAPClient()
         
-        # ElementTree based envelope class
+        # Configurable envelope classes
         self.requestEnvelopeClass = requestEnvelopeClass
         self.client.responseEnvelopeClass = responseEnvelopeClass
@@ -84 +93 @@
 
     def _setSerialise(self, value):
-        if not callable(value):
+        if isinstance(value, basestring):
+            self.__deserialise = importModuleObject(value)
+            
+        elif callable(value):
+            self.__deserialise = value
+        else:
             raise TypeError('Expecting callable for "serialise"; got %r' % 
                             value)
@@ -96 +110 @@
 
     def _setDeserialise(self, value):
-        if not callable(value):
+        if isinstance(value, basestring):
+            self.__deserialise = importModuleObject(value)
+            
+        elif callable(value):
+            self.__deserialise = value
+        else:
             raise TypeError('Expecting callable for "deserialise"; got %r' % 
                             value)
-        self.__deserialise = value
+        
 
     deserialise = property(_getDeserialise, 
@@ -110 +129 @@
 
     def _setRequestEnvelopeClass(self, value):
-        if not issubclass(value, SOAPEnvelopeBase):
-            raise TypeError('Expecting %r for "requestEnvelopeClass"; got %r' % 
+        if isinstance(value, basestring):
+            self.client.responseEnvelopeClass = importClass(value)
+            
+        elif issubclass(value, SOAPEnvelopeBase):
+            self.client.responseEnvelopeClass = value
+        else:
+            raise TypeError('Expecting %r derived type or string for '
+                            '"requestEnvelopeClass" attribute; got %r' % 
                             (SOAPEnvelopeBase, value))
         
@@ -173 +198 @@
             raise SOAPBindingInvalidResponse("Expecting single child element "
                                              "is SOAP body")
-            
-        if QName.getLocalPart(response.envelope.body.elem[0].tag)!='Response':
-            raise SOAPBindingInvalidResponse('Expecting "Response" element in '
-                                             'SOAP body')
             
         response = self.deserialise(response.envelope.body.elem[0])
@@ -225 +246 @@
                 # No prefix set - attempt to set all attributes   
                 setattr(self, optName, val)
-        
+                
+    def __setattr__(self, name, value):
+        """Enable setting of SOAPBinding.client.responseEnvelopeClass as if it
+        were an attribute of self
+        """
+        try:
+            super(SOAPBinding, self).__setattr__(name, value)
+            
+        except AttributeError:
+            if 'name' == SOAPBinding.RESPONSE_ENVELOPE_CLASS_OPTNAME:
+                if isinstance(value, basestring):
+                    self.client.responseEnvelopeClass = importClass(value)
+                elif issubclass(value, SOAPEnvelopeBase):
+                    self.client.responseEnvelopeClass = value
+                else:
+                    raise TypeError('Expecting string or type instance for %r; '
+                                    'got %r instead.' % (name, type(value)))
+            else:
+                raise
+                    
     def __getstate__(self):
         '''Explicit implementation needed with __slots__'''

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/attributequery.py

@@ -9 +9 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = '$Id: $'
+import re
 import logging
 log = logging.getLogger(__name__)
@@ -17 +18 @@
 
 from ndg.security.common.utils import TypedList
-from ndg.security.common.sam_utils.binding.soap.subjectquery import (
+from ndg.security.common.saml_utils.binding.soap.subjectquery import (
                                                     SubjectQuerySOAPBinding,
                                                     SubjectQueryResponseError)
@@ -35 +36 @@
     
 
-class AttributeQuerySOAPBinding(SubjectQuery): 
+class AttributeQuerySOAPBinding(SubjectQuerySOAPBinding): 
     """SAML Attribute Query SOAP Binding
     """
@@ -97 +98 @@
         """ Create a SAML attribute query"""
         attributeQuery = super(AttributeQuerySOAPBinding, self)._createQuery(
-                                                    AttributeQuerySOAPBinding)
+                                                                AttributeQuery)
         # Add list of attributes to query                      
         for attribute in self.queryAttributes:

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/subjectquery.py

@@ -13 +13 @@
 
 from datetime import datetime, timedelta
+from uuid import uuid4
 
 from saml.common import SAMLObject
 from saml.utils import SAMLDateTime
-from saml.saml2.core import (Attribute, AttributeQuery, StatusCode, Response,
+from saml.saml2.core import (SubjectQuery, StatusCode, Response,
                              Issuer, Subject, SAMLVersion, NameID)
 
+from ndg.security.common.utils import str2Bool
 from ndg.security.common.saml_utils.binding.soap import (SOAPBinding,
     SOAPBindingInvalidResponse)
@@ -55 +57 @@
     SUBJECT_ID_OPTNAME = 'subjectID'
     ISSUER_NAME_OPTNAME = 'issuerName'
+    ISSUER_FORMAT_OPTNAME = 'issuerFormat'
+    SUBJECT_ID_FORMAT_OPTNAME = 'subjectIdFormat'
     CLOCK_SKEW_OPTNAME = 'clockSkewTolerance'
     VERIFY_TIME_CONDITIONS_OPTNAME = 'verifyTimeConditions'
@@ -60 +64 @@
     CONFIG_FILE_OPTNAMES = (
         SUBJECT_ID_OPTNAME,
-        ISSUER_NAME_OPTNAME,                 
+        SUBJECT_ID_FORMAT_OPTNAME,
+        ISSUER_NAME_OPTNAME, 
+        ISSUER_FORMAT_OPTNAME,                
         CLOCK_SKEW_OPTNAME,
         VERIFY_TIME_CONDITIONS_OPTNAME            
@@ -66 +72 @@
     
     __PRIVATE_ATTR_PREFIX = "__"
-    __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i 
-                       for i in CONFIG_FILE_OPTNAMES])
+    __slots__ = tuple([__PRIVATE_ATTR_PREFIX + i for i in CONFIG_FILE_OPTNAMES])
     del i
     
@@ -74 +79 @@
         self.__issuerName = None
         self.__issuerFormat = Issuer.X509_SUBJECT
-        self.__nameIdFormat = NameID.UNSPECIFIED
+        self.__subjectID = None
+        self.__subjectIdFormat = NameID.UNSPECIFIED
         self.__clockSkewTolerance = timedelta(seconds=0.)
         self.__verifyTimeConditions = True
@@ -81 +87 @@
 
     def _getNameIdFormat(self):
-        return self.__nameIdFormat
+        return self.__subjectIdFormat
 
     def _setNameIdFormat(self, value):
-        self.__nameIdFormat = value
-
-    nameIdFormat = property(_getNameIdFormat, _setNameIdFormat, 
+        self.__subjectIdFormat = value
+
+    subjectIdFormat = property(_getNameIdFormat, _setNameIdFormat, 
                             doc="Subject Name ID format")
 
@@ -176 +182 @@
         @rtype: saml.saml2.core.SubjectQuery
         """
-        if not isinstance(queryClass, SubjectQuery):
+        if not issubclass(queryClass, SubjectQuery):
             raise TypeError('Query class %r is not a SubjectQuery derived type'
                             % queryClass)
@@ -194 +200 @@
         query.subject = Subject()  
         query.subject.nameID = NameID()
-        query.subject.nameID.format = self.nameIdFormat
+        query.subject.nameID.format = self.subjectIdFormat
         query.subject.nameID.value = self.subjectID
             

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/esg/__init__.py

@@ -154 +154 @@
     ATTRIBUTES[0].name = EsgSamlNamespaces.FIRSTNAME_ATTRNAME 
     ATTRIBUTES[0].friendlyName = EsgSamlNamespaces.FIRSTNAME_FRIENDLYNAME
-    ATTRIBUTES[0].format = XSSTRING_NS
+    ATTRIBUTES[0].nameFormat = XSSTRING_NS
 
     ATTRIBUTES[1].name = EsgSamlNamespaces.LASTNAME_ATTRNAME 
     ATTRIBUTES[1].friendlyName = EsgSamlNamespaces.LASTNAME_FRIENDLYNAME
-    ATTRIBUTES[1].format = XSSTRING_NS
+    ATTRIBUTES[1].nameFormat = XSSTRING_NS
     
     ATTRIBUTES[2].name = EsgSamlNamespaces.EMAILADDRESS_ATTRNAME
     ATTRIBUTES[2].friendlyName = EsgSamlNamespaces.EMAILADDRESS_FRIENDLYNAME
-    ATTRIBUTES[2].format =  XSSTRING_NS
+    ATTRIBUTES[2].nameFormat =  XSSTRING_NS

TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/utils/classfactory.py

@@ -1 +1 @@
 """
-Generic parsers to use when reading in configuration data
-- methods available to deal with both XML and INI (flat text key/val) formats
+Class Factory
+
+NERC DataGrid project
 """
 __author__ = "C Byrom - Tessella"
@@ -9 +10 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = '$Id: $'
-import traceback
-import logging, os, sys
-log = logging.getLogger(__name__)
-
-
-class ClassFactoryError(Exception):
-    """Exception handling for NDG classfactory module."""
-    def __init__(self, msg):
-        log.error(msg)
-        Exception.__init__(self, msg)
-
-
-def importClass(moduleName, className=None, objectType=None):
-    '''Import a class from a string module name and class name.
-    
-    @param moduleName: Name of module containing the class
-    @type moduleName: str 
-    @param className: Name of the class to import.  If none is given, the 
-    class name will be assumed to be the last component of modulePath
-    @type className: str
-    @rtype: class object
-    @return: imported class'''
-    
-    if className is None:
-        _moduleName, className = moduleName.rsplit('.', 1)
-    else:
-        _moduleName = moduleName
-    
-    log.debug("Importing class %s ..." % className) 
-      
-    module = __import__(_moduleName, globals(), locals(), [])
-    components = _moduleName.split('.')
-    try:
-        for component in components[1:]:
-            module = getattr(module, component)
-    except AttributeError, e:
-        raise AttributeError("Error importing class %s: %s" %
-                             (className, traceback.format_exc()))
-
-    importedClass = getattr(module, className)
-
-    # Check class inherits from a base class
-    if objectType and not issubclass(importedClass, objectType):
-        raise TypeError("Specified class %s must be derived from %s; got %s" %
-                        (className, objectType, importedClass))
-    
-    log.info('Imported "%s" class from module, "%s"', className, _moduleName)
-    return importedClass
-    
-
-def instantiateClass(moduleName, className=None, moduleFilePath=None, 
-                     objectType=None, classArgs=(), classProperties={}):
-    '''
-    Create and return an instance of the specified class
-    @param moduleName: Name of module containing the class
-    @type moduleName: str 
-    @param className: Name of the class to instantiate.  May be None in 
-    which case, the class name is parsed from the moduleName last element
-    @type className: str
-    @param moduleFilePath: Path to the module - if unset, assume module on 
-    system path already
-    @type moduleFilePath: str
-    @param classProperties: dict of properties to use when instantiating the 
-    class
-    @type classProperties: dict
-    @param objectType: expected type for the object to instantiate - to 
-    enforce use of specific interfaces 
-    @type objectType: object
-    @return: object - instance of the class specified 
-    '''
-
-    
-    # ensure that classproperties is a dict - NB, it may be passed in as a null
-    # value which can override the default val
-    if not classProperties:
-        classProperties = {}
-
-    # variable to store original state of the system path
-    sysPathBak = None
-    try:
-        try:
-            # Module file path may be None if the new module to be loaded
-            # can be found in the existing system path            
-            if moduleFilePath:
-                if not os.path.exists(moduleFilePath):
-                    raise IOError("Module file path '%s' doesn't exist" % 
-                                  moduleFilePath)
-                          
-                # Temporarily extend system path ready for import
-                sysPathBak = sys.path
-                          
-                sys.path.append(moduleFilePath)
+from ndg.security.common.utils.factory import (importModuleObject,
+                                               callModuleObject)
+ 
+def importClass(*arg, **kw):
+    """Backwards compatibility - use importModuleObject instead"""
+    kw['objectName'] = kw.pop('className', None)
+    return importModuleObject(*arg, **kw)
 
             
-            # Import module name specified in properties file
-            importedClass = importClass(moduleName, 
-                                        className=className,
-                                        objectType=objectType)
-        finally:
-            # revert back to original sys path, if necessary
-            # NB, python requires the use of a try/finally OR a try/except 
-            # block - not both combined
-            if sysPathBak:
-                sys.path = sysPathBak
-                            
-    except Exception, e:
-        log.error('%s module import raised %s type exception: %s' % 
-                  (moduleName, e.__class__, e))
-        raise 
+def instantiateClass(*arg, **kw):
+    """Wrapper to callModuleObject"""
+    kw['objectName'] = kw.pop('className', None)
+    kw['objectArgs'] = kw.pop('classargs', None)
+    kw['objectProperties'] = kw.pop('classProperties', None)
 
-    # Instantiate class
-    log.debug('Instantiating class "%s"' % importedClass.__name__)
-    try:
-        if classArgs:
-            object = importedClass(*classArgs, **classProperties)
-        else:
-            object = importedClass(**classProperties)
-            
-        return object
-
-    except Exception, e:
-        log.error("Instantiating class, %s: %s" % (importedClass.__name__, 
-                                                   traceback.format_exc()))
-        raise
-            
-                 
+    return callModuleObject(*arg, **kw)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/myproxy/certificate_extapp/saml_attribute_assertion.py

@@ -39 +39 @@
 from saml.xml.etree import AssertionElementTree, ResponseElementTree
    
-from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding
+from ndg.security.common.saml_utils.binding.soap.attributequery import \
+                                                AttributeQuerySslSOAPBinding
 from ndg.security.common.saml_utils.esg import (EsgSamlNamespaces,
                                                 EsgDefaultQueryAttributes)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/__init__.py

@@ -23 +23 @@
 from ndg.security.common.utils.classfactory import importClass
 from ndg.security.common.X509 import X509Cert
-from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding
+from ndg.security.common.saml_utils.binding.soap.attributequery import \
+                                                AttributeQuerySslSOAPBinding
 
 from ndg.security.common.credentialwallet import (NDGCredentialWallet,

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini

@@ -97 +97 @@
 # If omitted, DN of SSL Cert is used
 pip.attributeQuery.issuerName = 
-pip.attributeQuery.clockSkew = 0.
+pip.attributeQuery.subjectIdFormat = urn:esg:openid
+pip.attributeQuery.clockSkewTolerance = 0.
 pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/attAuthorityClientTest.cfg

@@ -77 +77 @@
 uri = http://localhost:5000/AttributeAuthority/saml
 subject = https://openid.localhost/philip.kershaw
-attributeQuery.clockSkew = 0.
+
+attributeQuery.subjectIdFormat = urn:esg:openid
+attributeQuery.clockSkewTolerance = 0.
 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service
 attributeQuery.queryAttributes.0 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string
@@ -86 +88 @@
 subject = https://openid.localhost/philip.kershaw
 
-attributeQuery.clockSkew = 0.
+attributeQuery.subjectIdFormat = urn:esg:openid
+attributeQuery.clockSkewTolerance = 0.
 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service
 attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_attributeauthorityclient.py

@@ -40 +40 @@
 from saml.xml.etree import ResponseElementTree
 
-from ndg.security.common.saml_utils.bindings import SOAPBinding as \
+from ndg.security.common.saml_utils.binding.soap import SOAPBinding as \
                                                             SamlSoapBinding
-from ndg.security.common.saml_utils.bindings import AttributeQuerySOAPBinding
-from ndg.security.common.saml_utils.bindings import AttributeQuerySslSOAPBinding
+from ndg.security.common.saml_utils.binding.soap.attributequery import (
+                                                AttributeQuerySslSOAPBinding,
+                                                AttributeQuerySOAPBinding)
 from ndg.security.common.saml_utils.esg import (EsgSamlNamespaces, 
                                                 XSGroupRoleAttributeValue,