Context Navigation

← Previous Changeset
Next Changeset →

Changeset 540

Timestamp:

30/01/06 16:45:50 (15 years ago)

Author:

pjkersha

Message:

AttAuthorityIO.py: AuthorisationResp? class - format XML 'manually' rather
than using ElementTree? as it adds in ns0 namespace qualifies which then
invalidate the digital signature.

CredWallet?.py: reqAuthorisation - set attCert CA certificate for
signature check using 'attCert.certFilePathList = ...'

SessionMgrIO.py: AuthorisationResp? - replace ElementTree? formatting as in
AttAuthorityIO.AuthorisationResp?.

XMLSecDoc.py: isValidSig method - check setCertFilePathList is set
Changed property filePathList -> certFilePathList.

attAuthority_services_server.py: pass attCert as is to AuthorisationResp?
initialisation - no need to cast to str.

Location:

security/trunk/python/NDG

Files:

: 5 edited

AttAuthorityIO.py (modified) (3 diffs)
CredWallet.py (modified) (2 diffs)
SessionMgrIO.py (modified) (4 diffs)
XMLSecDoc.py (modified) (3 diffs)
attAuthority_services_server.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

security/trunk/python/NDG/AttAuthorityIO.py

-                      r539
+                      r540
             raise AuthorisationRespError(\
                                 'Expecting "credential" or "errMsg" keywords')
+    #_________________________________________________________________________
+    def update(self, credential=None, **xmlTags):
+        """Override base class implementation to include extra code
+        to allow setting of extAttCertList tag"""
+        if credential is not None:
+            if isinstance(credential, basestring):
+                attCert = AttCertParse(credential)
+            elif isinstance(credential, AttCert):
+                attCert = credential
+            else:
+                raise TypeError(\
+                    "credential keyword must contain string or AttCert type")
+        else:
+            attCert = None
+        # Call super class update with revised attribute certificate list
+        super(self.__class__, self).update(credential=attCert, **xmlTags)
     #_________________________________________________________________________
     def updateXML(self, **xmlTags):
 …
         # Create XML formatted string ready for encryption
         try:
+            rootNode = ElementTree.Element(self.__class__.__name__)
+            rootNode.tail = os.linesep
+            xmlTxt = self.xmlHdr + os.linesep + \
+                "<" + self.__class__.__name__ + ">" + os.linesep
+            for tag, val in xmlTags.items():
+                if tag == "credential":
+                    # Remove any XML header -
+                    # update() call will have converted val to AttCert type
+                    val = val.asString(stripXMLhdr=True)
+                xmlTxt += "    <%s>%s</%s>%s" % (tag, val, tag, os.linesep)
+            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep
+            self.xmlTxt = xmlTxt
+            for tag in xmlTags:
+                # ElementTree tostring doesn't like bool types
+                elem = ElementTree.SubElement(rootNode, tag)
+                elem.tail = os.linesep
+                if isinstance(self[tag], bool):
+                    elem.text = "%d" % self[tag]
+                elif tag == 'credential':
+                    # str() will convert self[tag] correctly if it is an
+                    # AttCert type
+                    attCertElem = ElementTree.XML(str(self[tag]))
+                    attCertElem.tail = os.linesep
+                    elem.append(attCertElem)
+                else:
+                    elem.text = self[tag]
+            self.xmlTxt = self.xmlHdr + os.linesep + \
+                                                ElementTree.tostring(rootNode)
+#            rootNode = ElementTree.Element(self.__class__.__name__)
+#            rootNode.tail = os.linesep
+#
+#            for tag in xmlTags:
+#                # ElementTree tostring doesn't like bool types
+#                elem = ElementTree.SubElement(rootNode, tag)
+#                elem.tail = os.linesep
+#
+#                if isinstance(self[tag], bool):
+#                    elem.text = "%d" % self[tag]
+#
+#                elif tag == 'credential':
+#
+#                    # str() will convert self[tag] correctly if it is an
+#                    # AttCert type
+#                    attCertElem = ElementTree.XML(str(self[tag]))
+#                    attCertElem.tail = os.linesep
+#                    elem.append(attCertElem)
+#                else:
+#                    elem.text = self[tag]
+#
+#            self.xmlTxt = self.xmlHdr + os.linesep + \
+#                                                ElementTree.tostring(rootNode)
         except Exception, e:
             raise XMLMsgError("Creating XML: %s" % e)
 …
             # Convert attribute certificate to AttCert instance
             try:
+                self['credential'] = AttCertParse(self['credential'])
+                attCertPat = re.compile(\
+                    '<attributeCertificate>.*</attributeCertificate>', re.S)
+                attCertTxt = attCertPat.findall(self.xmlTxt)[0]
+                self['credential'] = AttCertParse(attCertTxt)
             except Exception, e:

security/trunk/python/NDG/CredWallet.py

-                      r539
+                      r540
             raise CredWalletError("No CA certificate has been set")
         attCert.filePath = self.__caCertFilePath
+        attCert.certFilePathList = self.__caCertFilePath
 …
                                 in self.__mapFromTrustedHosts is used
         setExtAttCertList:     make a list of of certificates
+        setExtAttCertList:      make a list of certificates
                                 from other Attribute Authorities.  If
                                 mapFromTrustedHosts is set True this flag is

security/trunk/python/NDG/SessionMgrIO.py

-                      r539
+                      r540
     #_________________________________________________________________________
     def update(self, extAttCertList=None, **xmlTags):
+    def update(self, attCert=None, extAttCertList=None, **xmlTags):
         """Override base class implementation to include extra code
         to allow setting of extAttCertList tag"""
+        if extAttCertList:
+        def setAttCert(attCert=None):
+            if isinstance(attCert, basestring):
+                return AttCertParse(attCert)
+            elif isinstance(attCert, AttCert):
+                return attCert
+            elif attCert is not None:
+                raise TypeError(\
+                    "extAttCertList must contain string or AttCert types")
+        if extAttCertList is not None:
             if not isinstance(extAttCertList, list):
                 raise TypeError(\
 …
             # Join into single string and filter out XML headers as
+            # ElementTree doesn't like these nested into a doc
+            def setAttCert(attCert):
+                if isinstance(attCert, basestring):
+                    return AttCertParse(attCert)
+                elif isinstance(attCert, AttCert):
+                    return attCert
+                else:
+                    raise TypeError(\
+                        "extAttCertList must contain string or AttCert types")
+            # ElementTree doesn't like these nested into a doc
             attCertList = map(setAttCert, extAttCertList)
         else:
 …
         # Call super class update with revised attribute certificate list
+        super(self.__class__, self).update(extAttCertList=attCertList,
+        super(self.__class__, self).update(attCert=setAttCert(attCert),
+                                           extAttCertList=attCertList,
                                            **xmlTags)
 …
         # Create XML formatted string ready for encryption
         try:
             rootNode = ElementTree.Element(self.__class__.__name__)
             rootNode.tail = os.linesep
+            xmlTxt = self.xmlHdr + os.linesep + \
+                "<" + self.__class__.__name__ + ">" + os.linesep
             for tag in xmlTags:
+                # ElementTree tostring doesn't like bool types
+                elem = ElementTree.SubElement(rootNode, tag)
+                elem.tail = os.linesep
+                if isinstance(self[tag], AttCert):
+                    # Attribute Certificate received from Attribute Authority
+                    #
+                    # Remove any XML header -
+                    # update() call will have converted val to AttCert type
+                    text = self[tag].asString(stripXMLhdr=True)
+                elif isinstance(self[tag], list):
+                    # List of Attribute Certificates from other trusted hosts
+                    #
+                    # Call AttCert parse and return as Element type to append
+                    # as branches
+                    text = os.linesep.join([ac.asString(stripXMLhdr=True) \
+                                            for ac in self[tag]])
+                if isinstance(self[tag], bool):
+                    elem.text = "%d" % self[tag]
+                elif isinstance(self[tag], bool):
+                    text = "%d" % self[tag]
+                else:
+                    text = self[tag]
+                xmlTxt += "    <%s>%s</%s>%s" % (tag, text, tag, os.linesep)
+                elif isinstance(self[tag], list):
+                    # Call AttCert parse and return as Element type to append
+                    # as branches
+                    for attCert in self[tag]:
+                        attCertElem = ElementTree.XML(str(attCert))
+                        attCertElem.tail = os.linesep
+                        elem.append(attCertElem)
+                else:
+                    elem.text = self[tag]
+            self.xmlTxt = self.xmlHdr + os.linesep + \
+                                                ElementTree.tostring(rootNode)
+            xmlTxt += "</" + self.__class__.__name__ + ">" + os.linesep
+            self.xmlTxt = xmlTxt
         except Exception, e:
             raise XMLMsgError("Creating XML: %s" % e)

security/trunk/python/NDG/XMLSecDoc.py

-                      r539
+                      r540
     #_________________________________________________________________________
     def __setCertFilePathList(self, filePath):
         """Set file path for certificate(s) used to sign/encrypt document as
         list of certificates to check the signature of a document"""
+        """File path for certificate used to sign document /
+        list of certificates used to check the signature of a document"""
         if isinstance(filePath, basestring):
 …
     # Publish attribute as write only
+    filePathList = property(fset=__setCertFilePathList,
+                        doc="File Path for XML document to apply security to")
+    certFilePathList = property(fset=__setCertFilePathList,
+        doc="File Path of certificate used to sign document / " + \
+            "list of certificates used to check the signature of a doc")
 …
         # Check Certificate files for read access
+        for certFilePath in self.__certFilePathList:
+            if not os.access(certFilePath, os.R_OK):
+                raise XMLSecDocError(\
+                    "Signing certificate file path is invalid: \"%s\": %s" % \
+                                                    (certFilePath + str(e)))
+        if not self.__certFilePathList:
+            raise XMLSecDocError("No certificate files set for check")

security/trunk/python/NDG/attAuthority_services_server.py

r539	r540
87	87
88	88	authorisationResp = AuthorisationResp(\
89		credential=~~str(attCert)~~,
	89	credential=attCert,
90	90	statCode=AuthorisationResp.accessGranted)
91	91

Note: See TracChangeset for help on using the changeset viewer.