Changeset 1967

Timestamp:

08/01/07 14:39:00 (14 years ago)

Author:

pjkersha

Message:

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: corrected header

python/ndg.security.test/ndg/security/test/AttCert,
python/ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
python/ndg.security.test/ndg/security/test/AttCert/init.py,
python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py: AttCert? unit test

python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py: fixes to header

python/ndg.security.common/ndg/security/common/XMLSec.py: fix to str method - missed out return statement.

python/ndg.security.common/ndg/security/common/AttCert.py:

• fix to XMLSec imports
• added provenance default to init
• updates to setitem and getitem

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/AttCert.py (modified) (17 diffs)
• ndg.security.common/ndg/security/common/XMLSec.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/AttCert (added)
• ndg.security.test/ndg/security/test/AttCert/AttCertTest.py (added)
• ndg.security.test/ndg/security/test/AttCert/__init__.py (added)
• ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg (added)
• ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py (modified) (1 diff)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttCert.py

@@ -23 +23 @@
 from datetime import datetime, timedelta
 
-# XML signature module based on xmlsec and libxml2
-from XMLSec import XMLSecDoc
+# XML signature module based on M2Crypto, ZSI Canonicalization and DOM
+from XMLSec import XMLSecDoc, InvalidSignature, getParentNode
 
 from X509 import X500DN
@@ -30 +30 @@
 
 
+#_____________________________________________________________________________
 class AttCertError(Exception):  
     """Exception handling for NDG Attribute Certificate class."""
@@ -77 +78 @@
     # Provenance of certificate may be original or mapped from another
     # certificate
-    __provenance = (origProvenance, mappedProvenance)
-
-
-    #_________________________________________________________________________    
-    def __init__(self, lifeTime=28800, **xmlSecDocKw):
+    __validProvenanceSettings = ('original', 'mapped')
+
+
+    #_________________________________________________________________________    
+    def __init__(self, provenance='original', lifetime=28800, **xmlSecDocKw):
         """Initialisation - Attribute Certificate file path may be specified.
         Also, holder and issuer details and signing authority key and
         certificate.
         
-        @param lifeTime: set the lifetime for the certificate in seconds.
+        @param lifetime: set the lifetime for the certificate in seconds.
         Defaults to 8 hours.
         @param **xmlSecDocKw: see XMLSec.XMLSec class for an explanation.
@@ -118 +119 @@
 
         # Certificate life time interval in seconds
-        self.__lifeTime = lifeTime
+        self.__lifetime = lifetime
         
         self.__dtNotBefore = None
@@ -140 +141 @@
     #_________________________________________________________________________    
     def __getitem__(self, key):
-        self.__class__.__name__ + """ behaves as data dictionary of Attribute
-        Certificate properties
-
-        Nb. also possible to apply keys belonging validity and attributes
-        sub dictionaries
+        """Get an item from the __dat, __dat['validity'] or 
+        __dat['attributes'] dictionaries.  This class behaves as data 
+        dictionary of Attribute Certificate properties
+
+        @param key: name of key - key can be specified belonging to validity
+        or the attributes sub dictionaries
+        @param item: value to set dictionary item to
         """
         
         # Check input key
-        if self.__dat.has_key(key):
+        if key in self.__dat:
 
             # key recognised
             return self.__dat[key]                
 
-        elif self.__dat['validity'].has_key(key):
+        elif key in self.__dat['validity']:
 
             # Allow indexing via validity keys - a shorthand way of 
@@ -159 +162 @@
             return self.__dat['validity'][key]
 
-        elif self.__dat['attributes'].has_key(key):
+        elif key in self.__dat['attributes']:
 
             # Allow indexing via attributes keys - a shorthand way of 
@@ -173 +176 @@
     #_________________________________________________________________________    
     def __setitem__(self, key, item):        
-        self.__class__.__name__ + """ behaves as data dictionary of Attribute
-        Certificate properties
-
-        Nb. also possible to apply keys belonging validity and attributes
-        sub dictionaries
+        """Set an item from the __dat, __dat['validity'] or 
+        __dat['attributes'] dictionaries.  This class behaves as data 
+        dictionary of Attribute Certificate properties
+
+        @param key: name of key - key can be specified belonging to validity
+        or the attributes sub dictionaries
+        @param item: value to set dictionary item to
         """
 
         # Check input key
-        if self.__dat.has_key(key):
+        if key in self.__dat:
 
             # key recognised - check if setting provenance
-            if key is "provenance" and not self.isValidProvenance(item):
-                raise AttCertError, "Provenance must be set to \"" + \
-                            "\" or \"".join(AttCert.__provenance) + "\""
+            if key is "provenance":
+                self.setProvenance(item)
             
             self.__dat[key] = item
 
-        elif self.__dat['attributes'].has_key(key):
+        elif key in self.__dat['attributes']:
 
             # Allow indexing via acInfo keys - a shorthand way of referencing
@@ -196 +200 @@
             return self.__dat['attributes'][key]
 
-        elif self.__dat['validity'].has_key(key):
+        elif key in self.__dat['validity']:
             # Prevent setting of notBefore/notAfter - restrict to method
             # setValidityTime
@@ -384 +388 @@
         if not self.isValidProvenance(provenance):
             raise AttCertError, "Provenance must be set to \"" + \
-                               "\" or \"".join(AttCert.__provenance) + "\""
+                   "\" or \"".join(AttCert.__validProvenanceSettings) + "\""
         
         self.__dat['provenance'] = provenance
@@ -413 +417 @@
             provenance = self.__dat['provenance']
 
-        return provenance in AttCert.__provenance
+        return provenance in AttCert.__validProvenanceSettings
         
 
@@ -599 +603 @@
         if not self.isValidProvenance():
             raise AttCertError, "Provenance must be set to \"" + \
-                               "\" or \"".join(AttCert.__provenance) + "\""
+                               "\" or \"".join(AttCert.__validProvenanceSettings) + "\""
 
         
         # Create string of all XML content        
-        xmlTxt = """<attributeCertificate>
+        xmlTxt = """<attributeCertificate targetNamespace="urn:ndg:security">
     <acInfo>
         <version>""" + self.__dat['version'] + """</version>
@@ -619 +623 @@
         <attributes>
             <roleSet>
-""" + "".join([\
-"""        <role>
+            """ + "".join([\
+"""    <role>
                     <name>""" + i['role']['name'] + """</name>
                 </role>
@@ -634 +638 @@
 
 
+    def applyEnvelopedSignature(self, **xmlSecDocKw):
+        '''Override super class version to ensure settings have been parsed 
+        into a DOM object ready for signature
+        
+        @param **xmlSecDocKw: keywords applying to 
+        XMLSecDoc.applyEnvelopedSignature()
+        '''       
+        self.parse(self.createXML())
+        super(AttCert, self).applyEnvelopedSignature(**xmlSecDocKw)
+
+       
     #_________________________________________________________________________    
     def setValidityTime(self,
                         dtNotBefore=None, 
                         dtNotAfter=None, 
-                        lifeTime=None,
+                        lifetime=None,
                         notBeforeOffset=None):
         """Set the notBefore and notAfter times which determine the window for
@@ -645 +660 @@
         ready for output.
 
-        Nb. use UTC time.  lifeTime and notBeforeOffset are in seconds
+        Nb. use UTC time.  lifetime and notBeforeOffset are in seconds
         
         @param dtNotBefore: not before time as datetime type.  If omitted,
@@ -690 +705 @@
                                    str(dtNotAfter)
 
-            self.__lifeTime = dtDeltaLifeTime.days*86400 + \
+            self.__lifetime = dtDeltaLifeTime.days*86400 + \
                               dtDeltaLifeTime.seconds
 
@@ -697 +712 @@
         else:
             # Check for input certificate life time interval
-            if lifeTime is not None:
-                self.__lifeTime = lifeTime
+            if lifetime is not None:
+                self.__lifetime = lifetime
                 
             try:
                 # Make a time delta object from the lifetime expressed in
                 # seconds
-                dtDeltaLifeTime = timedelta(seconds=self.__lifeTime)
+                dtDeltaLifeTime = timedelta(seconds=self.__lifetime)
             except Exception, e:
                 raise AttCertError, "Invalid Certificate lifetime set %.3f" %\
-                                   self.__lifeTime
+                                   self.__lifetime
             
             # Add certificate lifetime to calculate not after time
@@ -882 +897 @@
                 raise AttCertError, \
                     "Attribute Certificate Provenance must be set to \"" + \
-                    "\" or \"".join(AttCert.__provenance) + "\""
+                    "\" or \"".join(AttCert.__validProvenanceSettings) + "\""
             return False
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/XMLSec.py

@@ -126 +126 @@
         """String representation of doc - only applies if doc had been read
         or parsed"""
-        self.toString()
+        return self.toString()
         
 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

@@ -1 @@
-#!/usr/bin/e
+#!/usr/bin/env python
 """NDG Attribute Authority client unit tests
 
 NERC Data Grid Project
 
-P J Kershaw 05/05/05
+@author P J Kershaw 05/05/05
 
-Copyright (C) 2006 CCLRC & NERC
+@copyright (C) 2006 CCLRC & NERC
 
-This software may be distributed under the terms of the Q Public License,
-version 1.0 or later.
+@license This software may be distributed under the terms of the Q Public 
+License, version 1.0 or later.
 """
+
+reposID = '$Id$'
+
 import unittest
 import os

TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py

@@ -4 +4 @@
 NERC Data Grid Project
 
-P J Kershaw 13/12/06
+@author P J Kershaw 13/12/06
 
-Copyright (C) 2006 CCLRC & NERC
+@copyright (C) 2006 CCLRC & NERC
 
-This software may be distributed under the terms of the Q Public License,
-version 1.0 or later.
+@license This software may be distributed under the terms of the Q Public 
+License, version 1.0 or later.
 """
+
+reposID = '$Id$'
+
 import unittest
 import os