source: TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/authzdecisionquery.py @ 6578

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/authzdecisionquery.py@6578
Revision 6578, 4.5 KB checked in by pjkersha, 11 years ago (diff)
  • Important fix for SOAP client used with SAML SOAP binding: set text/xml content type.
  • Refactored SAML SOAP binding query clients.
Line 
1"""SAML 2.0 bindings module implements SOAP binding for Authorisation Decision
2query
3
4NERC DataGrid Project
5"""
6__author__ = "P J Kershaw"
7__date__ = "12/02/10"
8__copyright__ = "(C) 2009 Science and Technology Facilities Council"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = '$Id: $'
12import logging
13log = logging.getLogger(__name__)
14
15from M2Crypto.m2urllib2 import HTTPSHandler
16
17from saml.saml2.core import AuthzDecisionQuery
18
19from ndg.security.common.saml_utils.binding.soap.subjectquery import (
20                                                    SubjectQuerySOAPBinding,
21                                                    SubjectQueryResponseError)
22
23# Prevent whole module breaking if this is not available - it's only needed for
24# AuthzDecisionQuerySslSOAPBinding
25try:
26    from ndg.security.common.utils.m2crypto import SSLContextProxy
27    _sslContextProxySupport = True
28   
29except ImportError:
30    _sslContextProxySupport = False
31   
32
33class AuthzDecisionQueryResponseError(SubjectQueryResponseError):
34    """SAML Response error from Attribute Query"""
35   
36
37class AuthzDecisionQuerySOAPBinding(SubjectQuerySOAPBinding): 
38    """SAML Attribute Query SOAP Binding
39   
40    Nb. Assumes X.509 subject type for query issuer
41    """
42    SERIALISE_KW = 'serialise'
43    DESERIALISE_KW = 'deserialise'
44    QUERY_TYPE = AuthzDecisionQuery
45    __slots__ = ('__resourceURI', '__action', '__actionNs')
46   
47    def __init__(self, **kw):
48        '''Create SOAP Client for SAML Authorization Decision Query'''
49        cls = AuthzDecisionQuerySOAPBinding
50       
51        # Default to ElementTree based serialisation/deserialisation
52        if cls.SERIALISE_KW not in kw:
53            from saml.xml.etree import AuthzDecisionQueryElementTree
54            kw[cls.SERIALISE_KW] = AuthzDecisionQueryElementTree.toXML
55               
56        if cls.DESERIALISE_KW not in kw:
57            from saml.xml.etree import ResponseElementTree
58            kw[cls.DESERIALISE_KW] = ResponseElementTree.fromXML
59
60        super(AuthzDecisionQuerySOAPBinding, self).__init__(**kw)
61
62    def _getResourceURI(self):
63        return self.query.resource
64
65    def _setResourceURI(self, value):
66        self.query.resource = value
67       
68    resourceURI = property(_getResourceURI, _setResourceURI, 
69                           doc="Resource URI to query for access")
70   
71    @property
72    def actions(self):
73        return self.query.actions
74
75   
76class AuthzDecisionQuerySslSOAPBinding(AuthzDecisionQuerySOAPBinding):
77    """Specialisation of AuthzDecisionQuerySOAPbinding taking in the setting of
78    SSL parameters for mutual authentication
79    """
80    SSL_CONTEXT_PROXY_SUPPORT = _sslContextProxySupport
81    __slots__ = ('__sslCtxProxy',)
82   
83    def __init__(self, **kw):
84        if not AuthzDecisionQuerySslSOAPBinding.SSL_CONTEXT_PROXY_SUPPORT:
85            raise ImportError("ndg.security.common.utils.m2crypto import "
86                              "failed - missing M2Crypto package?")
87       
88        # Miss out default HTTPSHandler and set in send() instead
89        if 'handlers' in kw:
90            raise TypeError("__init__() got an unexpected keyword argument "
91                            "'handlers'")
92           
93        super(AuthzDecisionQuerySslSOAPBinding, self).__init__(handlers=(), 
94                                                               **kw)
95        self.__sslCtxProxy = SSLContextProxy()
96
97    def send(self, **kw):
98        """Override base class implementation to pass explicit SSL Context
99        """
100        httpsHandler = HTTPSHandler(ssl_context=self.sslCtxProxy.createCtx())
101        self.client.openerDirector.add_handler(httpsHandler)
102        return super(AuthzDecisionQuerySslSOAPBinding, self).send(**kw)
103       
104    @property
105    def sslCtxProxy(self):
106        """SSL Context Proxy object used for setting up an SSL Context for
107        queries
108        """
109        return self.__sslCtxProxy
110           
111    def __setattr__(self, name, value):
112        """Enable setting of SSLContextProxy attributes as if they were
113        attributes of this class.  This is intended as a convenience for
114        making settings parameters read from a config file
115        """
116        try:
117            super(AuthzDecisionQuerySslSOAPBinding, self).__setattr__(name, 
118                                                                      value)
119           
120        except AttributeError, e:
121            # Coerce into setting SSL Context Proxy attributes
122            try:
123                setattr(self.sslCtxProxy, name, value)
124            except:
125                raise e
Note: See TracBrowser for help on using the repository browser.