1 """SAML Common XML module
2
3 Implementation of SAML 2.0 for NDG Security
4
5 NERC DataGrid Project
6
7 This implementation is adapted from the Java OpenSAML implementation. The
8 copyright and licence information are included here:
9
10 Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
11
12 Licensed under the Apache License, Version 2.0 (the "License");
13 you may not use this file except in compliance with the License.
14 You may obtain a copy of the License at
15
16 http://www.apache.org/licenses/LICENSE-2.0
17
18 Unless required by applicable law or agreed to in writing, software
19 distributed under the License is distributed on an "AS IS" BASIS,
20 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 See the License for the specific language governing permissions and
22 limitations under the License.
23 """
24 __author__ = "P J Kershaw"
25 __date__ = "23/07/09"
26 __copyright__ = "(C) 2009 Science and Technology Facilities Council"
27 __contact__ = "Philip.Kershaw@stfc.ac.uk"
28 __license__ = "http://www.apache.org/licenses/LICENSE-2.0"
29 __contact__ = "Philip.Kershaw@stfc.ac.uk"
30 __revision__ = "$Id: xml.py 8009 2012-01-30 16:19:43Z rwilkinson $"
31 from ndg.saml.xml import XMLConstants
32
33
35 '''XML related constants used in the SAML specifications.
36 @cvar POST_METHOD: HTTP Request Method - POST.
37 @type POST_METHOD: string
38 @cvar GET_METHOD: HTTP Method - GET.
39 @type GET_METHOD: string
40 @cvar SCHEMA_DIR: Directory, on the classpath, schemas are located in.
41 @type SCHEMA_DIR: string
42 @cvar XML_SCHEMA_LOCATION: XML core schema system Id.
43 @type XML_SCHEMA_LOCATION: string
44 @cvar XMLSIG_SCHEMA_LOCATION: XML Signature schema Id.
45 @type XMLSIG_SCHEMA_LOCATION: string
46 @cvar XMLENC_SCHEMA_LOCATION: XML Encryption schema Id.
47 @type XMLENC_SCHEMA_LOCATION: string
48 @cvar SOAP11ENV_SCHEMA_LOCATION: SOAP 1.1 schema Id.
49 @type SOAP11ENV_SCHEMA_LOCATION: string
50 @cvar SOAP11ENV_NS: SOAP 1.1 Envelope XML namespace.
51 @type SOAP11ENV_NS: string
52 @cvar SOAP11ENV_PREFIX: SOAP 1.1 Envelope QName prefix.
53 @type SOAP11ENV_PREFIX: string
54 @cvar PAOS_NS: Liberty PAOS XML Namespace.
55 @type PAOS_NS: string
56 @cvar PAOS_PREFIX: Liberty PAOS QName prefix.
57 @type PAOS_PREFIX: string
58 @cvar SAML10_SCHEMA_LOCATION: SAML 1.0 Assertion schema system Id.
59 @type SAML10_SCHEMA_LOCATION: string
60 @cvar SAML11_SCHEMA_LOCATION: SAML 1.1 Assertion schema system Id.
61 @type SAML11_SCHEMA_LOCATION: string
62 @cvar SAML1_NS: SAML 1.X XML namespace.
63 @type SAML1_NS: string
64 @cvar SAML10P_SCHEMA_LOCATION: SAML 1.0 Protocol schema system Id.
65 @type SAML10P_SCHEMA_LOCATION: string
66 @cvar SAML11P_SCHEMA_LOCATION: SAML 1.1 Protocol schema system Id.
67 @type SAML11P_SCHEMA_LOCATION: string
68 @cvar SAML10P_NS: SAML 1.X protocol XML namespace.
69 @type SAML10P_NS: string
70 @cvar SAML11P_NS: SupportEnumeration.
71 @type SAML11P_NS: string
72 @cvar SAML1P_PREFIX: SAML 1.X Protocol QName prefix.
73 @type SAML1P_PREFIX: string
74 @cvar SAML1_PREFIX: SAML 1.X Assertion QName prefix.
75 @type SAML1_PREFIX: string
76 @cvar SAML1MD_NS: SAML 1 Metadata extension XML namespace.
77 @type SAML1MD_NS: string
78 @cvar SAML1MD_SCHEMA_LOCATION: SAML 1 Metadata extension schema system Id.
79 @type SAML1MD_SCHEMA_LOCATION: string
80 @cvar SAML1MD_PREFIX: SAML 1 Metadata extension namespace prefix.
81 @type SAML1MD_PREFIX: string
82 @cvar SAML1_ARTIFACT_BINDING_URI: URI for SAML 1 Artifact binding.
83 @type SAML1_ARTIFACT_BINDING_URI: string
84 @cvar SAML1_POST_BINDING_URI: URI for SAML 1 POST binding.
85 @type SAML1_POST_BINDING_URI: string
86 @cvar SAML1_SOAP11_BINDING_URI: URI for SAML 1 SOAP 1.1 binding.
87 @type SAML1_SOAP11_BINDING_URI: string
88 @cvar SAML20_SCHEMA_LOCATION: SAML 2.0 Assertion schema Id.
89 @type SAML20_SCHEMA_LOCATION: string
90 @cvar SAML20_NS: SAML 2.0 Assertion XML Namespace.
91 @type SAML20_NS: string
92 @cvar SAML20_PREFIX: SAML 2.0 Assertion QName prefix.
93 @type SAML20_PREFIX: string
94 @cvar SAML20P_SCHEMA_LOCATION: SAML 2.0 Protocol schema Id.
95 @type SAML20P_SCHEMA_LOCATION: string
96 @cvar SAML20P_NS: SAML 2.0 Protocol XML Namespace.
97 @type SAML20P_NS: string
98 @cvar SAML20P_PREFIX: SAML 2.0 Protocol QName prefix.
99 @type SAML20P_PREFIX: string
100 @cvar SAML20PTHRPTY_SCHEMA_LOCATION: SAML 2.0 Protocol Third-party extension schema Id.
101 @type SAML20PTHRPTY_SCHEMA_LOCATION: string
102 @cvar SAML20PTHRPTY_NS: SAML 2.0 Protocol XML Namespace.
103 @type SAML20PTHRPTY_NS: string
104 @cvar SAML20PTHRPTY_PREFIX: SAML 2.0 Protocol QName prefix.
105 @type SAML20PTHRPTY_PREFIX: string
106 @cvar SAML20MD_SCHEMA_LOCATION: SAML 2.0 Metadata schema Id.
107 @type SAML20MD_SCHEMA_LOCATION: string
108 @cvar SAML20MD_NS: SAML 2.0 Metadata XML Namespace.
109 @type SAML20MD_NS: string
110 @cvar SAML20MDQUERY_NS: SAML 2.0 Standalone Query Metadata extension XML namespace.
111 @type SAML20MDQUERY_NS: string
112 @cvar SAML20MDQUERY_SCHEMA_LOCATION: SAML 2.0 Standalone Query Metadata extension schema system Id.
113 @type SAML20MDQUERY_SCHEMA_LOCATION: string
114 @cvar SAML20MDQUERY_PREFIX: SAML 2.0 Standalone Query Metadata extension prefix.
115 @type SAML20MDQUERY_PREFIX: string
116 @cvar SAML20MD_PREFIX: SAML 2.0 Metadata QName prefix.
117 @type SAML20MD_PREFIX: string
118 @cvar SAML20AC_SCHEMA_LOCATION: SAML 2.0 Authentication Context schema Id.
119 @type SAML20AC_SCHEMA_LOCATION: string
120 @cvar SAML20AC_NS: SAML 2.0 Authentication Context XML Namespace.
121 @type SAML20AC_NS: string
122 @cvar SAML20AC_PREFIX: SAML 2.0 Authentication Context QName prefix.
123 @type SAML20AC_PREFIX: string
124 @cvar SAML20ECP_SCHEMA_LOCATION: SAML 2.0 Enhanced Client/Proxy SSO Profile schema Id.
125 @type SAML20ECP_SCHEMA_LOCATION: string
126 @cvar SAML20ECP_NS: SAML 2.0 Enhanced Client/Proxy SSO Profile XML Namespace.
127 @type SAML20ECP_NS: string
128 @cvar SAML20ECP_PREFIX: SAML 2.0 Enhanced Client/Proxy SSO Profile QName prefix.
129 @type SAML20ECP_PREFIX: string
130 @cvar SAML20DCE_SCHEMA_LOCATION: SAML 2.0 DCE PAC Attribute Profile schema Id.
131 @type SAML20DCE_SCHEMA_LOCATION: string
132 @cvar SAML20DCE_NS: SAML 2.0 DCE PAC Attribute Profile XML Namespace.
133 @type SAML20DCE_NS: string
134 @cvar SAML20DCE_PREFIX: SAML 2.0 DCE PAC Attribute Profile QName prefix.
135 @type SAML20DCE_PREFIX: string
136 @cvar SAML20X500_SCHEMA_LOCATION: SAML 2.0 X.500 Attribute Profile schema Id.
137 @type SAML20X500_SCHEMA_LOCATION: string
138 @cvar SAML20X500_NS: SAML 2.0 X.500 Attribute Profile XML Namespace.
139 @type SAML20X500_NS: string
140 @cvar SAML20X500_PREFIX: SAML 2.0 X.500 Attribute Profile QName prefix.
141 @type SAML20X500_PREFIX: string
142 @cvar SAML20XACML_SCHEMA_LOCATION: SAML 2.0 XACML Attribute Profile schema Id.
143 @type SAML20XACML_SCHEMA_LOCATION: string
144 @cvar SAML20XACML_NS: SAML 2.0 XACML Attribute Profile XML Namespace.
145 @type SAML20XACML_NS: string
146 @cvar SAML20XACML_PREFIX: SAML 2.0 XACML Attribute Profile QName prefix.
147 @type SAML20XACML_PREFIX: string
148 @cvar SAML2_ARTIFACT_BINDING_URI: URI for SAML 2 Artifact binding.
149 @type SAML2_ARTIFACT_BINDING_URI: string
150 @cvar SAML2_POST_BINDING_URI: URI for SAML 2 POST binding.
151 @type SAML2_POST_BINDING_URI: string
152 @cvar SAML2_POST_SIMPLE_SIGN_BINDING_URI: URI for SAML 2 POST-SimpleSign binding.
153 @type SAML2_POST_SIMPLE_SIGN_BINDING_URI: string
154 @cvar SAML2_REDIRECT_BINDING_URI: URI for SAML 2 HTTP redirect binding.
155 @type SAML2_REDIRECT_BINDING_URI: string
156 @cvar SAML2_SOAP11_BINDING_URI: URI for SAML 2 SOAP binding.
157 @type SAML2_SOAP11_BINDING_URI: string
158 '''
159
160
161
162
163 POST_METHOD = "POST"
164
165
166 GET_METHOD = "GET"
167
168
169
170
171 SCHEMA_DIR = "/schema/"
172
173
174
175
176 XML_SCHEMA_LOCATION = SCHEMA_DIR + "xml.xsd"
177
178
179 XMLSIG_SCHEMA_LOCATION = SCHEMA_DIR + "xmldsig-core-schema.xsd"
180
181
182 XMLENC_SCHEMA_LOCATION = SCHEMA_DIR + "xenc-schema.xsd"
183
184
185
186
187
188 SOAP11ENV_SCHEMA_LOCATION = SCHEMA_DIR + SCHEMA_DIR + "soap-envelope.xsd"
189
190
191 SOAP11ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"
192
193
194 SOAP11ENV_PREFIX = "SOAP-ENV"
195
196
197 PAOS_NS = "urn:liberty:paos:2003-08"
198
199
200 PAOS_PREFIX = "paos"
201
202
203
204
205 SAML10_SCHEMA_LOCATION = SCHEMA_DIR + "cs-sstc-schema-assertion-01.xsd"
206
207
208 SAML11_SCHEMA_LOCATION = SCHEMA_DIR + "cs-sstc-schema-assertion-1.1.xsd"
209
210
211 SAML1_NS = "urn:oasis:names:tc:SAML:1.0:assertion"
212
213
214 SAML10P_SCHEMA_LOCATION = SCHEMA_DIR + "cs-sstc-schema-protocol-01.xsd"
215
216
217 SAML11P_SCHEMA_LOCATION = SCHEMA_DIR + "cs-sstc-schema-protocol-1.1.xsd"
218
219
220 SAML10P_NS = "urn:oasis:names:tc:SAML:1.0:protocol"
221
222
223
224 SAML11P_NS = "urn:oasis:names:tc:SAML:1.1:protocol"
225
226
227 SAML1P_PREFIX = "samlp"
228
229
230 SAML1_PREFIX = "saml"
231
232
233 SAML1MD_NS = "urn:oasis:names:tc:SAML:profiles:v1metadata"
234
235
236 SAML1MD_SCHEMA_LOCATION = SCHEMA_DIR + "sstc-saml1x-metadata.xsd"
237
238
239 SAML1MD_PREFIX = "saml1md"
240
241
242 SAML1_ARTIFACT_BINDING_URI = \
243 "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
244
245
246 SAML1_POST_BINDING_URI = \
247 "urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
248
249
250 SAML1_SOAP11_BINDING_URI = \
251 "urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
252
253
254
255
256 SAML20_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-assertion-2.0.xsd"
257
258
259 SAML20_NS = "urn:oasis:names:tc:SAML:2.0:assertion"
260
261
262 SAML20_PREFIX ="saml"
263
264
265 SAML20P_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-protocol-2.0.xsd"
266
267
268 SAML20P_NS = "urn:oasis:names:tc:SAML:2.0:protocol"
269
270
271 SAML20P_PREFIX ="samlp"
272
273
274 SAML20PTHRPTY_SCHEMA_LOCATION = SCHEMA_DIR + \
275 "sstc-saml-protocol-ext-thirdparty.xsd"
276
277
278 SAML20PTHRPTY_NS = "urn:oasis:names:tc:SAML:protocol:ext:third-party"
279
280
281 SAML20PTHRPTY_PREFIX ="thrpty"
282
283
284 SAML20MD_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-metadata-2.0.xsd"
285
286
287 SAML20MD_NS ="urn:oasis:names:tc:SAML:2.0:metadata"
288
289
290 SAML20MDQUERY_NS = "urn:oasis:names:tc:SAML:metadata:ext:query"
291
292
293 SAML20MDQUERY_SCHEMA_LOCATION = SCHEMA_DIR + \
294 "sstc-saml-metadata-ext-query.xsd"
295
296
297 SAML20MDQUERY_PREFIX = "query"
298
299
300 SAML20MD_PREFIX = "md"
301
302
303 SAML20AC_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-authn-context-2.0.xsd"
304
305
306 SAML20AC_NS ="urn:oasis:names:tc:SAML:2.0:ac"
307
308
309 SAML20AC_PREFIX = "ac"
310
311
312 SAML20ECP_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-ecp-2.0.xsd"
313
314
315 SAML20ECP_NS = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
316
317
318 SAML20ECP_PREFIX = "ecp"
319
320
321 SAML20DCE_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-dce-2.0.xsd"
322
323
324 SAML20DCE_NS = "urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
325
326
327 SAML20DCE_PREFIX = "DCE"
328
329
330 SAML20X500_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-x500-2.0.xsd"
331
332
333 SAML20X500_NS = "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
334
335
336 SAML20X500_PREFIX = "x500"
337
338
339 SAML20XACML_SCHEMA_LOCATION = SCHEMA_DIR + "saml-schema-xacml-2.0.xsd"
340
341
342 SAML20XACML_NS = "urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
343
344
345 SAML20XACML_PREFIX = "xacmlprof"
346
347
348 SAML2_ARTIFACT_BINDING_URI = \
349 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
350
351
352 SAML2_POST_BINDING_URI = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
353
354
355 SAML2_POST_SIMPLE_SIGN_BINDING_URI = \
356 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
357
358
359 SAML2_REDIRECT_BINDING_URI = \
360 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
361
362
363 SAML2_SOAP11_BINDING_URI = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
364
365
366
367
368
369 SAML2_XACML_ASSERTION_NS = "urn:oasis:xacml:2.0:saml:assertion:schema:os"
370
371
372 SAML2_XACML_ASSERTION_PREFIX = "xacml-saml"
373
374
375 SAML2_XACML_PROTOCOL_NS = "urn:oasis:xacml:2.0:saml:protocol:schema:os"
376
377
378 SAML2_XACML_PROTOCOL_PREFIX = "xacml-samlp"
379
381 """XML Qualified Name
382 @ivar __namespaceURI: the namespace the element is in
383 @type __namespaceURI: basestring
384 @ivar __localPart: the local name of the XML element
385 @type __localPart: basestring
386 @ivar __prefix: the prefix for the given namespace
387 @type __prefix: basestring
388 """
389
390 - def __init__(self, namespaceURI, localPart, prefix):
391 '''
392 @param namespaceURI: the namespace the element is in
393 @type namespaceURI: basestring
394 @param localPart: the local name of the XML element
395 @type localPart: basestring
396 @param prefix: the prefix for the given namespace
397 @type prefix: basestring
398 '''
399 self.namespaceURI = namespaceURI
400 self.localPart = localPart
401 self.prefix = prefix
402
404 """Get prefix
405 @return: prefix
406 @rtype: string
407 """
408 return self.__prefix
409
411 """Set prefix
412 @param value: prefix
413 @type value: string
414 @raise TypeError: invalid input value type
415 """
416 if not isinstance(value, basestring):
417 raise TypeError('Expected string type for "prefix"; got %r' %
418 type(value))
419 self.__prefix = value
420
421 prefix = property(_getPrefix, _setPrefix, None, "Namespace Prefix")
422
424 """Get local part
425 @return: local part
426 @rtype: string
427 """
428 return self.__localPart
429
431 """Set local part
432 @param value: local part
433 @type value: string
434 @raise TypeError: invalid input value type
435 """
436 if not isinstance(value, basestring):
437 raise TypeError('Expected string type for "localPart"; got %r' %
438 type(value))
439 self.__localPart = value
440
441 localPart = property(_getLocalPart, _setLocalPart, None, "LocalPart")
442
444 """Get namespace URI
445 @return: namespace URI
446 @rtype: string
447 """
448 return self.__namespaceURI
449
451 """Set namespace URI
452 @param value: namespace URI
453 @type value: string
454 @raise TypeError: invalid input value type
455 """
456 if not isinstance(value, basestring):
457 raise TypeError('Expected string type for "namespaceURI"; got %r' %
458 type(value))
459 self.__namespaceURI = value
460
461 namespaceURI = property(_getNamespaceURI, _setNamespaceURI, None,
462 "Namespace URI")
463
465 """Enable equality check for QName
466 @type qname: saml.common.xml.QName
467 @param qname: Qualified Name to compare with self
468 @return: True if input and this object match
469 @rtype: bool
470 @return: True if input and this object match
471 @rtype: bool
472 """
473 if not isinstance(qname, QName):
474 raise TypeError('Expecting %r; got %r' % (QName, type(qname)))
475
476 return (self.prefix, self.namespaceURI, self.localPart) == \
477 (qname.prefix, qname.namespaceURI, qname.localPart)
478
480 """Enable equality check for QName
481 @type qname: saml.common.xml.QName
482 @param qname: Qualified Name to compare with self
483 @return: True if input and this object don't match
484 @rtype: bool
485 """
486 return not self.__eq__(qname)
487