ndg.saml.xml.etree_xacml

1 """ElementTree module for ElementTree representation of objects in XACML 2.0 2 profile for SAML 2.0 3 4 NERC DataGrid Project 5 """ 6 __author__ = "R B Wilkinson" 7 __date__ = "23/12/11" 8 __copyright__ = "(C) 2011 Science and Technology Facilities Council" 9 __license__ = "http://www.apache.org/licenses/LICENSE-2.0" 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 __revision__ = '$Id$' 12 13 import logging 14 log = logging.getLogger(__name__) 15 16 from ndg.saml import importElementTree 17 ElementTree = importElementTree() 18 19 from ndg.saml.common import SAMLVersion 20 from ndg.saml.saml2.core import Issuer 21 from ndg.saml.saml2.xacml_profile import (XACMLAuthzDecisionQuery, 22 XACMLAuthzDecisionStatement) 23 from ndg.saml.utils import SAMLDateTime 24 from ndg.saml.xml import XMLTypeParseError, UnknownAttrProfile 25 import ndg.saml.xml.etree as etree 26 from ndg.saml.xml.etree import (IssuerElementTree, QName, 27 setElementTreeImplementationForQName) 28 29 from ndg.xacml.core.context.request import Request 30 from ndg.xacml.core.context.response import Response 31 from ndg.xacml.parsers.etree.context import (RequestElementTree, 32 ResponseElementTree)

33 34 35 -class XACMLAuthzDecisionQueryElementTree(XACMLAuthzDecisionQuery):

36 """Represent a SAML Attribute Query in XML using ElementTree""" 37 38 @classmethod

39 - def toXML(cls, xacmlAuthzDecisionQuery):

40 """Create an XML representation of the input SAML Authorization 41 Decision Query object 42 43 @type xacmlAuthzDecisionQuery: saml.saml2.core.AuthzDecisionQuery 44 @param xacmlAuthzDecisionQuery: SAML Authorization Decision Query 45 @rtype: ElementTree.Element 46 @return: Attribute Query as ElementTree XML element 47 """ 48 if not isinstance(xacmlAuthzDecisionQuery, XACMLAuthzDecisionQuery): 49 raise TypeError("Expecting %r class got %r" % (XACMLAuthzDecisionQuery, 50 type(xacmlAuthzDecisionQuery))) 51 52 if not xacmlAuthzDecisionQuery.xacmlContextRequest: 53 raise AttributeError("No xacmlContextRequest has been set for the " 54 "XACMLAuthzDecisionQuery") 55 56 issueInstant = SAMLDateTime.toString(xacmlAuthzDecisionQuery.issueInstant) 57 attrib = { 58 cls.ID_ATTRIB_NAME: xacmlAuthzDecisionQuery.id, 59 cls.ISSUE_INSTANT_ATTRIB_NAME: issueInstant, 60 61 # Nb. Version is a SAMLVersion instance and requires explicit cast 62 cls.VERSION_ATTRIB_NAME: str(xacmlAuthzDecisionQuery.version), 63 } 64 65 tag = str(QName.fromGeneric(cls.DEFAULT_ELEMENT_NAME)) 66 elem = etree.makeEtreeElement(tag, cls.DEFAULT_ELEMENT_NAME.prefix, 67 cls.DEFAULT_ELEMENT_NAME.namespaceURI, 68 **attrib) 69 70 issuerElem = IssuerElementTree.toXML(xacmlAuthzDecisionQuery.issuer) 71 elem.append(issuerElem) 72 73 requestElem = RequestElementTree.toXML( 74 xacmlAuthzDecisionQuery.xacmlContextRequest) 75 elem.append(requestElem) 76 77 return elem

78 79 @classmethod

80 - def fromXML(cls, elem):

81 """Parse ElementTree element into a SAML XACMLAuthzDecisionQuery object 82 83 @type elem: ElementTree.Element 84 @param elem: XML element containing the AuthzDecisionQuery 85 @rtype: saml.saml2.core.AuthzDecisionQuery 86 @return: AuthzDecisionQuery object 87 """ 88 if not ElementTree.iselement(elem): 89 raise TypeError("Expecting %r input type for parsing; got %r" % 90 (ElementTree.Element, elem)) 91 92 if QName.getLocalPart(elem.tag) != cls.DEFAULT_ELEMENT_LOCAL_NAME: 93 raise XMLTypeParseError("No \"%s\" element found" % 94 cls.DEFAULT_ELEMENT_LOCAL_NAME) 95 96 # Unpack attributes from top-level element 97 attributeValues = [] 98 for attributeName in (cls.VERSION_ATTRIB_NAME, 99 cls.ISSUE_INSTANT_ATTRIB_NAME, 100 cls.ID_ATTRIB_NAME): 101 attributeValue = elem.attrib.get(attributeName) 102 if attributeValue is None: 103 raise XMLTypeParseError('No "%s" attribute found in "%s" ' 104 'element' % 105 (attributeName, 106 cls.DEFAULT_ELEMENT_LOCAL_NAME)) 107 108 attributeValues.append(attributeValue) 109 110 authzDecisionQuery = XACMLAuthzDecisionQuery() 111 authzDecisionQuery.version = SAMLVersion(attributeValues[0]) 112 if authzDecisionQuery.version != SAMLVersion.VERSION_20: 113 raise NotImplementedError("Parsing for %r is implemented for " 114 "SAML version %s only; version %s is " 115 "not supported" % 116 (cls, 117 SAMLVersion(SAMLVersion.VERSION_20), 118 SAMLVersion(authzDecisionQuery.version))) 119 120 authzDecisionQuery.issueInstant = SAMLDateTime.fromString( 121 attributeValues[1]) 122 authzDecisionQuery.id = attributeValues[2] 123 124 for childElem in elem: 125 localName = QName.getLocalPart(childElem.tag) 126 if localName == Issuer.DEFAULT_ELEMENT_LOCAL_NAME: 127 # Parse Issuer 128 authzDecisionQuery.issuer = IssuerElementTree.fromXML(childElem) 129 130 elif localName == Request.ELEMENT_LOCAL_NAME: 131 # Create XACML context request from Request element. 132 authzDecisionQuery.xacmlContextRequest = \ 133 RequestElementTree.fromXML(childElem) 134 135 else: 136 raise XMLTypeParseError("Unrecognised XACMLAuthzDecisionQuery child " 137 "element \"%s\"" % localName) 138 139 return authzDecisionQuery

140

141 -class XACMLAuthzDecisionStatementElementTree(XACMLAuthzDecisionStatement):

142 @classmethod

143 - def toXML(cls, xacmlAuthzDecisionStatement):

144 if not isinstance(xacmlAuthzDecisionStatement, 145 XACMLAuthzDecisionStatement): 146 raise TypeError("Expecting %r class got %r" % 147 (XACMLAuthzDecisionStatement, 148 type(xacmlAuthzDecisionStatement))) 149 150 if not xacmlAuthzDecisionStatement.xacmlContextResponse: 151 raise AttributeError("No xacmlContextResponse has been set for the " 152 "XACMLAuthzDecisionStatement") 153 154 tag = str(QName.fromGeneric(cls.DEFAULT_ELEMENT_NAME)) 155 elem = etree.makeEtreeElement(tag, cls.DEFAULT_ELEMENT_NAME.prefix, 156 cls.DEFAULT_ELEMENT_NAME.namespaceURI) 157 158 xacmlContextResponseElem = ResponseElementTree.toXML( 159 xacmlAuthzDecisionStatement.xacmlContextResponse) 160 elem.append(xacmlContextResponseElem) 161 162 if xacmlAuthzDecisionStatement.xacmlContextRequest: 163 xacmlContextRequestElem = RequestElementTree.toXML( 164 xacmlAuthzDecisionStatement.xacmlContextRequest) 165 elem.append(xacmlContextRequestElem) 166 167 return elem

168 169 @classmethod

170 - def fromXML(cls, elem):

171 if not ElementTree.iselement(elem): 172 raise TypeError("Expecting %r input type for parsing; got %r" % 173 (ElementTree.Element, elem)) 174 175 if QName.getLocalPart(elem.tag) != cls.DEFAULT_ELEMENT_LOCAL_NAME: 176 raise XMLTypeParseError("No \"%s\" element found" % 177 cls.DEFAULT_ELEMENT_LOCAL_NAME) 178 179 authzDecisionStatement = XACMLAuthzDecisionStatement() 180 181 for childElem in elem: 182 localName = QName.getLocalPart(childElem.tag) 183 if localName == Response.ELEMENT_LOCAL_NAME: 184 # Create XACML context request from Response element. 185 authzDecisionStatement.xacmlContextResponse = \ 186 ResponseElementTree.fromXML(childElem) 187 188 elif localName == Request.ELEMENT_LOCAL_NAME: 189 # Create XACML context request from Request element. 190 authzDecisionStatement.xacmlContextRequest = \ 191 RequestElementTree.fromXML(childElem) 192 193 else: 194 raise XMLTypeParseError("Unrecognised XACMLAuthzDecisionQuery child " 195 "element \"%s\"" % localName) 196 197 return authzDecisionStatement

198

199 -def setElementTreeMap():

200 """ 201 Sets a mapping of XACMLAuthzDecisionStatement element name to the 202 corresponding ElementTree class so that statements of this type 203 can be processed. 204 """ 205 setElementTreeImplementationForQName( 206 XACMLAuthzDecisionStatement.DEFAULT_ELEMENT_NAME, 207 XACMLAuthzDecisionStatementElementTree)

208

Source Code for Module ndg.saml.xml.etree_xacml_profile