source: TI12-security/trunk/NDG_XACML/ndg/xacml/core/functions/__init__.py @ 6802

"""NDG XACML package for match functions

NERC DataGrid Project
"""
__author__ = "P J Kershaw"
__date__ = "26/03/10"
__copyright__ = "(C) 2010 Science and Technology Facilities Council"
__contact__ = "Philip.Kershaw@stfc.ac.uk"
__license__ = "BSD - see LICENSE file in top-level directory"
__contact__ = "Philip.Kershaw@stfc.ac.uk"
__revision__ = "$Id: $"
from abc import ABCMeta, abstractmethod

from ndg.xacml.utils import VettedDict
from ndg.xacml.utils.factory import callModuleObject

from datetime import datetime, timedelta


class AbstractFunction(object):
    """Base class for all XACML matching functions"""
    
    __metaclass__ = ABCMeta
    FUNCTION_NS = None
    V1_0_FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:"
    V2_0_FUNCTION_NS = "urn:oasis:names:tc:xacml:2.0:function:"
    
    def __init__(self):
        if self.__class__.FUNCTION_NS is None:
            raise TypeError('"FUNCTION_NS" class variable must be defined in '
                            'derived classes')
#    @classmethod
#    def __subclasshook__(cls, C):
#        if cls is AbstractFunction:
#            if 
#            return True
#        else:
#            return NotImplemented
            
    @abstractmethod
    def evaluate(self, *inputs):
        """Evaluate the function from the given input arguments and context
        @param inputs: input arguments need to evaluate the function
        @type inputs: tuple
        @return: True for match, False otherwise
        @rtype: bool
        """
        
class XacmlFunctionNames(object):
    """XACML standard match function names"""
    FUNCTION_NAMES = (
        'urn:oasis:names:tc:xacml:1.0:function:string-equal',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-equal',
        'urn:oasis:names:tc:xacml:1.0:function:integer-equal',
        'urn:oasis:names:tc:xacml:1.0:function:double-equal',
        'urn:oasis:names:tc:xacml:1.0:function:date-equal',
        'urn:oasis:names:tc:xacml:1.0:function:time-equal',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-equal',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-equal',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-equal',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-equal',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-equal',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-equal',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-equal',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-equal',
        'urn:oasis:names:tc:xacml:1.0:function:integer-add',
        'urn:oasis:names:tc:xacml:1.0:function:double-add',
        'urn:oasis:names:tc:xacml:1.0:function:integer-subtract',
        'urn:oasis:names:tc:xacml:1.0:function:double-subtract',
        'urn:oasis:names:tc:xacml:1.0:function:integer-multiply',
        'urn:oasis:names:tc:xacml:1.0:function:double-multiply',
        'urn:oasis:names:tc:xacml:1.0:function:integer-divide',
        'urn:oasis:names:tc:xacml:1.0:function:double-divide',
        'urn:oasis:names:tc:xacml:1.0:function:integer-mod',
        'urn:oasis:names:tc:xacml:1.0:function:integer-abs',
        'urn:oasis:names:tc:xacml:1.0:function:double-abs',
        'urn:oasis:names:tc:xacml:1.0:function:round',
        'urn:oasis:names:tc:xacml:1.0:function:floor',
        'urn:oasis:names:tc:xacml:1.0:function:string-normalize-space',
        'urn:oasis:names:tc:xacml:1.0:function:string-normalize-to-lower-case',
        'urn:oasis:names:tc:xacml:1.0:function:double-to-integer',
        'urn:oasis:names:tc:xacml:1.0:function:integer-to-double',
        'urn:oasis:names:tc:xacml:1.0:function:or',
        'urn:oasis:names:tc:xacml:1.0:function:and',
        'urn:oasis:names:tc:xacml:1.0:function:n-of',
        'urn:oasis:names:tc:xacml:1.0:function:not',
        'urn:oasis:names:tc:xacml:1.0:function:integer-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:integer-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:double-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:double-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:double-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:double-less-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-add-dayTimeDuration',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-add-yearMonthDuration',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-dayTimeDuration',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-subtract-yearMonthDuration', 
        'urn:oasis:names:tc:xacml:1.0:function:date-add-yearMonthDuration',
        'urn:oasis:names:tc:xacml:1.0:function:date-subtract-yearMonthDuration',
        'urn:oasis:names:tc:xacml:1.0:function:string-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:string-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:string-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:string-less-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:time-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:time-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal',
        'urn:oasis:names:tc:xacml:2.0:function:time-in-range',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-less-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:date-greater-than',
        'urn:oasis:names:tc:xacml:1.0:function:date-greater-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:date-less-than',
        'urn:oasis:names:tc:xacml:1.0:function:date-less-than-or-equal',
        'urn:oasis:names:tc:xacml:1.0:function:string-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:string-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:string-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:string-bag',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-bag',
        'urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:integer-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:integer-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:integer-bag',
        'urn:oasis:names:tc:xacml:1.0:function:double-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:double-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:double-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:double-bag',
        'urn:oasis:names:tc:xacml:1.0:function:time-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:time-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:time-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:time-bag',
        'urn:oasis:names:tc:xacml:1.0:function:date-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:date-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:date-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:date-bag',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-bag',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-bag',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-bag',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-bag',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-bag',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-bag',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-bag',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-one-and-only',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-bag-size',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-is-in',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-bag',
        'urn:oasis:names:tc:xacml:2.0:function:string-concatenate',
        'urn:oasis:names:tc:xacml:2.0:function:uri-string-concatenate',
        'urn:oasis:names:tc:xacml:1.0:function:any-of',
        'urn:oasis:names:tc:xacml:1.0:function:all-of',
        'urn:oasis:names:tc:xacml:1.0:function:any-of-any',
        'urn:oasis:names:tc:xacml:1.0:function:all-of-any',
        'urn:oasis:names:tc:xacml:1.0:function:any-of-all',
        'urn:oasis:names:tc:xacml:1.0:function:all-of-all',
        'urn:oasis:names:tc:xacml:1.0:function:map',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-match',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match',
        'urn:oasis:names:tc:xacml:1.0:function:string-regexp-match',
        'urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match',
        'urn:oasis:names:tc:xacml:2.0:function:ipAddress-regexp-match',
        'urn:oasis:names:tc:xacml:2.0:function:dnsName-regexp-match',
        'urn:oasis:names:tc:xacml:2.0:function:rfc822Name-regexp-match',
        'urn:oasis:names:tc:xacml:2.0:function:x500Name-regexp-match',
        'urn:oasis:names:tc:xacml:1.0:function:xpath-node-count',
        'urn:oasis:names:tc:xacml:1.0:function:xpath-node-equal',
        'urn:oasis:names:tc:xacml:1.0:function:xpath-node-match',
        'urn:oasis:names:tc:xacml:1.0:function:string-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:string-union',
        'urn:oasis:names:tc:xacml:1.0:function:string-subset',
        'urn:oasis:names:tc:xacml:1.0:function:string-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-union',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-subset',
        'urn:oasis:names:tc:xacml:1.0:function:boolean-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:integer-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:integer-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:integer-union',
        'urn:oasis:names:tc:xacml:1.0:function:integer-subset',
        'urn:oasis:names:tc:xacml:1.0:function:integer-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:double-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:double-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:double-union',
        'urn:oasis:names:tc:xacml:1.0:function:double-subset',
        'urn:oasis:names:tc:xacml:1.0:function:double-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:time-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:time-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:time-union',
        'urn:oasis:names:tc:xacml:1.0:function:time-subset',
        'urn:oasis:names:tc:xacml:1.0:function:time-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:date-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:date-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:date-union',
        'urn:oasis:names:tc:xacml:1.0:function:date-subset',
        'urn:oasis:names:tc:xacml:1.0:function:date-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-union',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-subset',
        'urn:oasis:names:tc:xacml:1.0:function:dateTime-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-union',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-subset',
        'urn:oasis:names:tc:xacml:1.0:function:anyURI-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-union',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-subset',
        'urn:oasis:names:tc:xacml:1.0:function:hexBinary-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-union',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-subset',
        'urn:oasis:names:tc:xacml:1.0:function:base64Binary-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-union',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-subset',
        'urn:oasis:names:tc:xacml:1.0:function:dayTimeDuration-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-union',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-subset',
        'urn:oasis:names:tc:xacml:1.0:function:yearMonthDuration-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-union',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-subset',
        'urn:oasis:names:tc:xacml:1.0:function:x500Name-set-equals',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-intersection',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-at-least-one-member-of',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-union',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-subset',
        'urn:oasis:names:tc:xacml:1.0:function:rfc822Name-set-equals',
    )


class FunctionMapError(Exception):
    """Generic Error exception class for FunctionMap"""
    
    
class FunctionMapConfigError(FunctionMapError):
    """Configuration related exception for FunctionMap"""
        
        
class FunctionMap(VettedDict):
    """Map function IDs to their implementations"""
    FUNCTION_PKG_PREFIX = 'ndg.xacml.core.functions.'
    
    V1_0_PKG_PREFIX = FUNCTION_PKG_PREFIX + 'v1.'
    V2_0_PKG_PREFIX = FUNCTION_PKG_PREFIX + 'v2.'
    
    SUPPORTED_NSS = {
        AbstractFunction.V1_0_FUNCTION_NS: V1_0_PKG_PREFIX,
        AbstractFunction.V2_0_FUNCTION_NS: V2_0_PKG_PREFIX
    }
    
    def __init__(self):
        """Force function entries to derive from AbstractFunction and IDs to
        be string type
        """        
        # Filters are defined as staticmethods but reference via self here to 
        # enable derived class to override them as standard methods without
        # needing to redefine this __init__ method            
        super(FunctionMap, self).__init__(self.keyFilter, self.valueFilter)
        
    @staticmethod
    def keyFilter(key):
        """Enforce string type keys"""
        if not isinstance(key, basestring):
            raise TypeError('Expecting %r type for key; got %r' % 
                            (basestring, type(key))) 
        return True 
    
    @staticmethod
    def valueFilter(value):
        """Enforce AbstractFunction derived types for match functions"""

        if not isinstance(value, 
                          (AbstractFunction, NotImplemented.__class__)):
            raise TypeError('Expecting %r derived type for value; got %r' % 
                            (AbstractFunction, type(value))) 
        return True 
           
    def load(self):
        """Load function map with implementations from the relevant function
        package"""
        
        for functionNs in XacmlFunctionNames.FUNCTION_NAMES:
            self._loadFunction(functionNs)
            
    @classmethod
    def withLoadedMap(cls):
        """Return a pre-loaded map"""
        functionMap = cls()
        functionMap.load()
        return functionMap
            
    def _loadFunction(self, functionNs):
        """Get package to retrieve function class from for given namespace
        """
        cls = FunctionMap
        classPath = None
        
        if functionNs == "urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of":
            pass

        for namespacePrefix, pkgNamePrefix in cls.SUPPORTED_NSS.items():
            if functionNs.startswith(namespacePrefix):
                # Namespace is recognised - translate into a path to a function
                # class in the right functions package
                functionName = functionNs.split(namespacePrefix)[-1]
                functionNameParts = functionName.split('-')
                
                if len(functionNameParts) == 1:
                    moduleName = functionNameParts[0]
                else:
                    moduleName = '_'.join(functionNameParts[1:]).lower()
                    
                className = ''.join([n[0].upper() + n[1:] 
                                     for n in functionNameParts])
                classPath = pkgNamePrefix + moduleName + '.' + className
                break

        if classPath is None:
            raise FunctionMapConfigError('Namespace for function not '
                                         'recognised: %r' % functionNs) 
                       
        # Try instantiating the function class and loading it into the 
        # map
        try:
            matchFunctionObj = callModuleObject(classPath)
            self[functionNs] = matchFunctionObj
        except ImportError:
            # No implementation exists - default to Abstract function
            self[functionNs] = NotImplemented