Context Navigation

← Previous Changeset
Next Changeset →

Changeset 6750

Timestamp:

18/03/10 13:57:03 (10 years ago)

Author:

pjkersha

Message:

Parsing functionality near complete for rule1.xml

Location:

TI12-security/trunk/NDG_XACML/ndg/xacml

Files:

: 1 added
: 13 edited

core/attributedesignator.py (modified) (1 diff)
core/expression.py (modified) (2 diffs)
core/match.py (modified) (1 diff)
parsers/etree/attributedesignatorreader.py (modified) (1 diff)
parsers/etree/attributeselectorreader.py (added)
parsers/etree/attributevaluereader.py (modified) (1 diff)
parsers/etree/expressionreader.py (modified) (1 diff)
parsers/etree/matchreader.py (modified) (7 diffs)
parsers/etree/policyreader.py (modified) (1 diff)
parsers/etree/reader.py (modified) (2 diffs)
parsers/etree/rulereader.py (modified) (1 diff)
parsers/etree/subjectreader.py (modified) (1 diff)
parsers/etree/targetreader.py (modified) (1 diff)
test/test_xacml.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/NDG_XACML/ndg/xacml/core/attributedesignator.py

-                      r6747
+                      r6750
 class AttributeDesignator(Expression):
+    '''XACML Attribute Designator type
     '''
+    classdocs
+    '''
+    ATTRIBUTE_ID_ATTRIB_NAME = 'AttributeId'
+    ISSUER_ATTRIB_NAME = 'Issuer'
+    MUST_BE_PRESENT_ATTRIB_NAME = 'MustBePresent'
+    __slots__ = ('__attributeId', '__issuer', '__mustBePresent')
+    def __init__(self):
+        super(AttributeDesignator, self).__init__()
+        self.__attributeId = None
+        self.__issuer = None
+        self.__mustBePresent = False
+    @property
+    def attributeId(self):
+        """Get Attribute Id"""
+        return self.__attributeId
+    def __init__(self):
+        '''
+        Constructor
+        '''
+    @attributeId.setter
+    def attributeId(self, value):
+        """Set Attribute Id"""
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting %r type for "attributeId" '
+                            'attribute; got %r' % (basestring, type(value)))
+        self.__attributeId = value
+    @property
+    def issuer(self):
+        """Get Issuer"""
+        return self.__issuer
+    @issuer.setter
+    def issuer(self, value):
+        """Set Issuer"""
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting %r type for "issuer" '
+                            'attribute; got %r' % (basestring, type(value)))
+        self.__issuer = value
+    @property
+    def mustBePresent(self):
+        """Get Must Be Present flag"""
+        return self.__mustBePresent
+    @mustBePresent.setter
+    def mustBePresent(self, value):
+        """Set Must Be Present flag"""
+        if not isinstance(value, bool):
+            raise TypeError('Expecting %r type for "mustBePresent" '
+                            'attribute; got %r' % (bool, type(value)))
+        self.__mustBePresent = value
+class SubjectAttributeDesignator(AttributeDesignator):
+    """XACML Subject Attribute Designator type"""
+    ELEMENT_LOCAL_NAME = 'SubjectAttributeDesignator'

TI12-security/trunk/NDG_XACML/ndg/xacml/core/expression.py

-                      r6747
+                      r6750
     ELEMENT_LOCAL_NAME = None
     DATA_TYPE_ATTRIB_NAME = 'DataType'
-    ATTRIB_NAMES = (DATA_TYPE_ATTRIB_NAME,)
     __slots__ = ('__dataType', )
 …
     dataType = property(_get_dataType, _set_dataType, None,
                         "expression value data type")

TI12-security/trunk/NDG_XACML/ndg/xacml/core/match.py

r6747	r6750
13	13	from ndg.xacml.core.attributedesignator import AttributeDesignator
14	14	from ndg.xacml.core.attributeselector import AttributeSelector
15		from ndg.xacml.core.attribute import AttributeValue
	15	from ndg.xacml.core.attributevalue import AttributeValue
16	16
17	17

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/attributedesignatorreader.py

-                      r6747
+                      r6750
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id: $"
+from ndg.xacml.core.attributedesignator import AttributeDesignator
+from ndg.xacml.utils import str2Bool
+from ndg.xacml.core.attributedesignator import SubjectAttributeDesignator
 from ndg.xacml.parsers import XMLParseError
 from ndg.xacml.parsers.etree import QName
 from ndg.xacml.parsers.etree.reader import ETreeAbstractReader
+from ndg.xacml.parsers.etree.expressionreader import ExpressionReader
 class AttributeDesignatorReader(ETreeAbstractReader):
     '''ElementTree based XACML Attribute Designator type parser
+class AttributeDesignatorReaderBase(ExpressionReader):
+    '''ElementTree based XACML Attribute Designator base class type parser
     '''
+    def __call__(self, obj):
+    def _parseExtension(self, elem, attributeDesignator):
         """Parse AttributeDesignator object"""
         elem = super(AttributeDesignatorReader, self)._parse(obj)
+        cls = self.__class__.TYPE
+        cls = AttributeDesignator
+        attributeDesignator = cls()
+        localName = QName.getLocalPart(elem.tag)
+        if localName != cls.ELEMENT_LOCAL_NAME:
+            raise XMLParseError("No \"%s\" element found" %
+                                cls.ELEMENT_LOCAL_NAME)
+        dataType = elem.attrib.get(cls.DATA_TYPE_ATTRIB_NAME)
+        if dataType is None:
+            raise XMLParseError('No "%s" attribute found in "%s" element' %
+                                (cls.DATA_TYPE_ATTRIB_NAME,
+                                 cls.ELEMENT_LOCAL_NAME))
+        # Unpack additional *required* attributes from top-level element
+        attributeValues = []
+        for attributeName in (cls.ATTRIBUTE_ID_ATTRIB_NAME,):
+            attributeValue = elem.attrib.get(attributeName)
+            if attributeValue is None:
+                raise XMLParseError('No "%s" attribute found in "%s" element' %
+                                    (attributeName, cls.ELEMENT_LOCAL_NAME))
+        attributeDesignator.dataType = dataType
+            attributeValues.append(attributeValue)
+        attributeDesignator.attributeId, = attributeValues
+        # Optional attributes
+        issuer = elem.attrib.get(cls.DATA_TYPE_ATTRIB_NAME)
+        if issuer is not None:
+            attributeDesignator.issuer = issuer
+        mustBePresent = elem.attrib.get(cls.DATA_TYPE_ATTRIB_NAME)
+        if mustBePresent is not None:
+            attributeDesignator.mustBePresent = str2Bool(mustBePresent)
         return attributeDesignator
+class SubjectAttributeDesignatorReader(AttributeDesignatorReaderBase):
+    '''ElementTree based XACML Subject Attribute Designator type parser
+    '''
+    TYPE = SubjectAttributeDesignator

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/attributevaluereader.py

-                      r6748
+                      r6750
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id: $"
+from abc import abstractmethod
+from ndg.xacml.core.attribute import Expression, AttributeValue
+from ndg.xacml.core.attributevalue import Expression, AttributeValue
 from ndg.xacml.parsers import XMLParseError
+from ndg.xacml.parsers.etree import QName
+from ndg.xacml.parsers.etree.reader import ETreeAbstractReader
+class ExpressionReader(ETreeAbstractReader):
+    '''ElementTree based XACML Expression type parser
+    '''
+    TYPE = Expression
+    def __call__(self, obj):
+        """Parse AttributeValue object"""
+        elem = super(ExpressionReader, self)._parse(obj)
+        cls = self.__class__.TYPE
+        expression = cls()
+        localName = QName.getLocalPart(elem.tag)
+        if localName != cls.ELEMENT_LOCAL_NAME:
+            raise XMLParseError("No \"%s\" element found" %
+                                cls.ELEMENT_LOCAL_NAME)
+        dataType = elem.attrib.get(cls.DATA_TYPE_ATTRIB_NAME)
+        if dataType is None:
+            raise XMLParseError('No "%s" attribute found in "%s" element' %
+                                (cls.DATA_TYPE_ATTRIB_NAME,
+                                 cls.ELEMENT_LOCAL_NAME))
+        expression.dataType = dataType
+        self._parseExtension(elem, expression)
+        return expression
+    @abstractmethod
+    def _parseExtension(self, elem, expression):
+        """Derived classes should implement this method to read any remaining
+        attributes and elements specific to their type"""
+        raise NotImplementedError()
+# Set up new class as an abstract base itself
+ETreeAbstractReader.register(ExpressionReader)
+from ndg.xacml.parsers.etree.expressionreader import ExpressionReader
 class AttributeValueReader(ExpressionReader):
     '''ElementTree based XACML AttributeValue type parser
+    '''ElementTree based XACML Expression type parser
     '''
     TYPE = AttributeValue

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/expressionreader.py

-                      r6748
+                      r6750
+'''
+Created on 18 Mar 2010
+"""NDG XACML ElementTree based reader for Expression type
+@author: pjkersha
+'''
+NERC DataGrid Project
+"""
+__author__ = "P J Kershaw"
+__date__ = "18/03/10"
+__copyright__ = "(C) 2010 Science and Technology Facilities Council"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__license__ = "BSD - see LICENSE file in top-level directory"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = "$Id: $"
+from abc import abstractmethod
+from ndg.xacml.core.expression import Expression
+from ndg.xacml.parsers import XMLParseError
+from ndg.xacml.parsers.etree import QName
+from ndg.xacml.parsers.etree.reader import ETreeAbstractReader
+class ExpressionReader(ETreeAbstractReader):
+    '''ElementTree based XACML Expression type parser
+    '''
+    TYPE = Expression
+    def __call__(self, obj):
+        """Parse AttributeValue object"""
+        elem = super(ExpressionReader, self)._parse(obj)
+        cls = self.__class__.TYPE
+        expression = cls()
+        localName = QName.getLocalPart(elem.tag)
+        if localName != cls.ELEMENT_LOCAL_NAME:
+            raise XMLParseError("No \"%s\" element found" %
+                                cls.ELEMENT_LOCAL_NAME)
+        # Unpack *required* attributes from top-level element
+        attributeValues = []
+        for attributeName in (cls.DATA_TYPE_ATTRIB_NAME,):
+            attributeValue = elem.attrib.get(attributeName)
+            if attributeValue is None:
+                raise XMLParseError('No "%s" attribute found in "%s" element' %
+                                    (attributeName, cls.ELEMENT_LOCAL_NAME))
+            attributeValues.append(attributeValue)
+        expression.dataType, = attributeValues
+        self._parseExtension(elem, expression)
+        return expression
+    @abstractmethod
+    def _parseExtension(self, elem, expression):
+        """Derived classes should implement this method to read any remaining
+        attributes and elements specific to their type"""
+        raise NotImplementedError()
+# Set up new class as an abstract base itself
+ETreeAbstractReader.register(ExpressionReader)

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/matchreader.py

-                      r6747
+                      r6750
 __revision__ = "$Id: $"
 from ndg.xacml.core.match import SubjectMatch
-from ndg.xacml.core.attributedesignator import AttributeDesignator
 from ndg.xacml.core.attributeselector import AttributeSelector
 from ndg.xacml.parsers import XMLParseError
 from ndg.xacml.parsers.etree import QName
 from ndg.xacml.parsers.etree.reader import ETreeAbstractReader
+from ndg.xacml.parsers.etree.attributereader import AttributeValueReader
+from ndg.xacml.parsers.etree.attributevaluereader import AttributeValueReader
+from ndg.xacml.parsers.etree.attributedesignatorreader import (
+    SubjectAttributeDesignatorReader)
+from ndg.xacml.parsers.etree.attributeselectorreader import \
+    AttributeSelectorReader
 …
     action and environment match types
     '''
     MATCH_TYPE = None
+    ATTRIBUTE_DESIGNATOR_READER_TYPE = None
     def __init__(self):
+        if None in (self.__class__.MATCH_TYPE,):
+            raise NotImplementedError('Extend this class setting the "'
+                                      '"MATCH_TYPE" class variable')
+        if self.__class__.ATTRIBUTE_DESIGNATOR_READER_TYPE is None:
+            raise NotImplementedError('Extend this class setting the '
+                                      '"ATTRIBUTE_DESIGNATOR_READER_TYPE" '
+                                      'class variable')
         super(MatchReaderBase, self).__init__()
 …
         elem = super(MatchReaderBase, self)._parse(obj)
         match = self.__class__.MATCH_TYPE()
         cls = self.__class__.MATCH_TYPE
+        cls = self.__class__.TYPE
+        match = cls()
         localName = QName.getLocalPart(elem.tag)
 …
         match.matchId, = attributeValues
+        # Assign specific attribute designator type from derived class
+        attributeDesignatorReaderType = \
+                                self.__class__.ATTRIBUTE_DESIGNATOR_READER_TYPE
+        attributeDesignatorType = attributeDesignatorReaderType.TYPE
         # Parse match elements
         for childElem in elem:
 …
                 match.attributeValue = AttributeValueReader.parse(childElem)
             elif localName == cls.ATTRIBUTE_DESIGNATOR_ELEMENT_LOCAL_NAME:
+            elif localName == attributeDesignatorType.ELEMENT_LOCAL_NAME:
                 if match.attributeSelector is not None:
                     raise XMLParseError("XACML %r child element may only be "
                                         "either a %r or %r element NOT both" %
                             (cls.ELEMENT_LOCAL_NAME,
                              cls.ATTRIBUTE_DESIGNATOR_ELEMENT_LOCAL_NAME,
+                             attributeDesignatorType.ELEMENT_LOCAL_NAME,
                              AttributeSelector.ELEMENT_LOCAL_NAME))
                 match.attributeDesignator = AttributeDesignatorReader.parse(
+                match.attributeDesignator = attributeDesignatorReaderType.parse(
                                                                     childElem)
 …
                                         "either a %r or %r element NOT both" %
                             (cls.ELEMENT_LOCAL_NAME,
                              cls.ATTRIBUTE_DESIGNATOR_ELEMENT_LOCAL_NAME,
+                             attributeDesignatorType.ELEMENT_LOCAL_NAME,
                              AttributeSelector.ELEMENT_LOCAL_NAME))
 …
 class SubjectMatchReader(MatchReaderBase):
+    MATCH_TYPE = SubjectMatch
+    """ElementTree based parser for XACML SubjectMatch"""
+    TYPE = SubjectMatch
+    ATTRIBUTE_DESIGNATOR_READER_TYPE = SubjectAttributeDesignatorReader

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/policyreader.py

-                      r6746
+                      r6750
 class PolicyReader(ETreeAbstractReader):
     """Parse a Policy Document using ElementTree
+    """
+    @cvar TYPE: XACML type to instantiate from parsed object
+    @type string: type"""
+    TYPE = Policy
     def __call__(self, obj):
         """Parse policy object"""
         elem = super(PolicyReader, self)._parse(obj)
+        policy = Policy()
+        cls = Policy
+        # XACML type to instantiate
+        cls = PolicyReader.TYPE
+        policy = cls()
         localName = QName.getLocalPart(elem.tag)

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/reader.py

-                      r6746
+                      r6750
 class ETreeAbstractReader(AbstractReader):
+    """Base class for ElementTree implementation of XACML reader"""
+    """Base class for ElementTree implementation of XACML reader
+    @cvar TYPE: XACML type to instantiate from parsed object
+    @type string: type"""
+    TYPE = None
     def __init__(self):
+        if self.__class__.TYPE is None:
+            raise NotImplementedError('No "TYPE" class variable set to specify '
+                                      'the XACML type to instantiate')
         self.__namespace_map_backup = ElementTree._namespace_map.copy()
         ElementTree._namespace_map[''] = PolicyComponent.XACML_2_0_XMLNS
 …
 AbstractReader.register(ETreeAbstractReader)
-class VariableDefinitionReader(object):
-    def __call__(self, obj):
-        pass

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/rulereader.py

-                      r6747
+                      r6750
 class RuleReader(ETreeAbstractReader):
     '''ElementTree based XACML Rule parser
+    @cvar TYPE: XACML type to instantiate from parsed object
+    @type string: type
     '''
+    TYPE = Rule
     def __call__(self, obj):
         """Parse rule object"""
         elem = super(RuleReader, self)._parse(obj)
         rule = Rule()
         cls = Rule
+        cls = RuleReader.TYPE
+        rule = cls()
         localName = QName.getLocalPart(elem.tag)

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/subjectreader.py

-                      r6747
+                      r6750
 class SubjectReader(ETreeAbstractReader):
     '''ElementTree based XACML Rule parser
+    @cvar TYPE: XACML type to instantiate from parsed object
+    @type string: type
     '''
+    TYPE = Subject
     def __call__(self, obj):
         """Parse subject object"""
         elem = super(SubjectReader, self)._parse(obj)
         subject = Subject()
         cls = Subject
+        cls = SubjectReader.TYPE
+        subject = cls()
         localName = QName.getLocalPart(elem.tag)

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/targetreader.py

-                      r6747
+                      r6750
 class TargetReader(ETreeAbstractReader):
+    """ElementTree based parser for XACML Target elements"""
+    """ElementTree based parser for XACML Target elements
+    @cvar TYPE: XACML type to instantiate from parsed object
+    @type string: type"""
+    TYPE = Target
     def __call__(self, obj):
         elem = super(TargetReader, self)._parse(obj)
         target = Target()
         cls = Target
+        cls = TargetReader.TYPE
+        target = cls()
         localName = QName.getLocalPart(elem.tag)

TI12-security/trunk/NDG_XACML/ndg/xacml/test/test_xacml.py

-                      r6744
+                      r6750
     XACML_FILEPATH = path.join(THIS_DIR, XACML_FILENAME)
     def test01ETreeParsePolicy(self):
+    def test01ETreeParseRule1Policy(self):
         policy = PolicyReader.parse(XACMLTestCase.XACML_FILEPATH)
         self.assert_(policy)
+        self.assert_(
+            policy.policyId == "urn:oasis:names:tc:example:SimplePolicy1")
+        self.assert_(policy.ruleCombiningAlgId == \
+        "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides")
+        self.assert_(
+            "Med Example Corp access control policy" in policy.description)
+        self.assert_(len(policy.target.subjects) == 0)
+        self.assert_(policy.rules[0].id == \
+                     "urn:oasis:names:tc:xacml:2.0:example:SimpleRule1")
+        self.assert_(policy.rules[0].effect == 'Permit')
+        self.assert_(
+            'Any subject with an e-mail name in the med.example.com domain' in \
+            policy.rules[0].description)
+        self.assert_(len(policy.rules[0].subjects) == 1)
+        self.assert_(len(policy.rules[0].actions) == 0)
+        self.assert_(len(policy.rules[0].resources) == 0)
+        self.assert_(len(policy.rules[0].environments) == 0)
+        self.assert_(len(policy.rules[0].subjects[0].subjectMatches) == 1)
+        self.assert_(policy.rules[0].subjects[0].subjectMatches[0].id == \
+                     "urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match")
+        self.assert_(policy.rules[0].subjects[0].subjectMatches[0
+            ].attributeValue.dataType == \
+            "urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name")
+        self.assert_(policy.rules[0].subjects[0].subjectMatches[0
+            ].attributeDesignator.dataType == \
+            "urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name")
+        # Attribute ID
+        self.assert_(policy.rules[0].subjects[0].subjectMatches[0
+            ].attributeDesignator.attributeId == \
+            "urn:oasis:names:tc:xacml:1.0:subject:subject-id")

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: