Changeset 6543

Timestamp:

09/02/10 15:31:24 (11 years ago)

Author:

pjkersha

Message:

Added new types to support AuthzDecisionQuery? - the client query object for the authorisation service.

Location:

TI12-security/trunk/ndg_security_saml

Files:

• . (modified) (1 prop)
• .pydevproject (modified) (1 diff)
• ndg_security_saml.egg-info (deleted)
• saml/common/__init__.py (modified) (1 diff)
• saml/saml2/core.py (modified) (86 diffs)
• saml/test/test_saml.py (modified) (3 diffs)
• setup.cfg (modified) (1 diff)
• setup.py (modified) (1 diff)

TI12-security/trunk/ndg_security_saml/.pydevproject

@@ -5 +5 @@
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.5</pydev_property>
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
+<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
+<path>/ndg_security_saml</path>
+</pydev_pathproperty>
 </pydev_project>

TI12-security/trunk/ndg_security_saml/saml/common/__init__.py

@@ -32 +32 @@
 class SAMLObject(object):
     """Base class for all SAML types"""
+    __slots__ = ()
+    
     @classmethod
     def fromXML(cls, xmlObject):

TI12-security/trunk/ndg_security_saml/saml/saml2/core.py

@@ -30 +30 @@
 __revision__ = "$Id: $"
 from datetime import datetime
+from urlparse import urlsplit, urlunsplit
+import urllib
 
 from saml.common import SAMLObject, SAMLVersion
@@ -73 +75 @@
     BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
 
+    __slots__ = (
+        '__name',
+        '__nameFormat',
+        '__friendlyName',
+        '__attributeValues'
+    )
+    
     def __init__(self):
         """Initialise Attribute Class attributes"""
@@ -140 +149 @@
     '''SAML 2.0 Core Statement.  Abstract base class which all statement 
     types must implement.'''
+    __slots__ = ()
     
     # Element local name
@@ -160 +170 @@
 class AttributeStatement(Statement):
     '''SAML 2.0 Core AttributeStatement'''
-
+    __slots__ = ('__attributes', '__encryptedAttributes')
+    
     def __init__(self):
         self.__attributes = TypedList(Attribute)
@@ -182 +193 @@
 
     def _get_attributes(self):
-        '''@return the attributes expressed in this statement
+        '''@return: the attributes expressed in this statement
         '''
         return self.__attributes
@@ -189 +200 @@
     
     def _get_encryptedAttributes(self):
-       '''@return the encrypted attribtues expressed in this statement
+       '''@return: the encrypted attribtues expressed in this statement
        '''
        return self.__encryptedAttributes
@@ -229 +240 @@
         '''Gets the time when the authentication took place.
         
-        @return the time when the authentication took place
+        @return: the time when the authentication took place
         '''
         raise NotImplementedError()
@@ -236 +247 @@
         '''Sets the time when the authentication took place.
         
-        @param newAuthnInstant the time when the authentication took place
+        @param value: the time when the authentication took place
         '''
         raise NotImplementedError()
@@ -244 +255 @@
         authority.
         
-        @return the session index between the principal and the authenticating 
+        @return: the session index between the principal and the authenticating 
         authority
         '''
@@ -253 +264 @@
         authority.
         
-        @param newIndex the session index between the principal and the 
+        @param value: the session index between the principal and the 
         authenticating authority
         '''
@@ -262 +273 @@
         authority ends.
         
-        @return the time when the session between the principal and the SAML 
+        @return: the time when the session between the principal and the SAML 
         authority ends
         '''
@@ -271 +282 @@
         authority ends.
         
-        @param newSessionNotOnOrAfter the time when the session between the 
+        @param value: the time when the session between the 
         principal and the SAML authority ends
         '''
@@ -280 +291 @@
         was authenticated.
         
-        @return the DNS domain and IP address of the system where the principal
+        @return: the DNS domain and IP address of the system where the principal
         was authenticated
         '''
@@ -289 +300 @@
         was authenticated.
         
-        @param newLocality the DNS domain and IP address of the system where 
+        @param value: the DNS domain and IP address of the system where 
         the principal was authenticated
         '''
@@ -297 +308 @@
         '''Gets the context used to authenticate the subject.
         
-        @return the context used to authenticate the subject
+        @return: the context used to authenticate the subject
         '''
         raise NotImplementedError()
@@ -304 +315 @@
         '''Sets the context used to authenticate the subject.
         
-        @param newAuthnContext the context used to authenticate the subject
+        @param value: the context used to authenticate the subject
         '''
         raise NotImplementedError()
@@ -339 +350 @@
         Get URI of the resource to which authorization is saught.
         
-        @return URI of the resource to which authorization is saught
+        @return: URI of the resource to which authorization is saught
         '''
         raise NotImplementedError()
@@ -347 +358 @@
         Sets URI of the resource to which authorization is saught.
         
-        @param newResourceURI URI of the resource to which authorization is 
+        @param value: URI of the resource to which authorization is 
         saught
         '''
@@ -356 +367 @@
         Gets the decision of the authorization request.
         
-        @return the decision of the authorization request
+        @return: the decision of the authorization request
         '''
         raise NotImplementedError()
@@ -364 +375 @@
         Sets the decision of the authorization request.
         
-        @param newDecision the decision of the authorization request
+        @param value: the decision of the authorization request
         '''
         raise NotImplementedError()
@@ -372 +383 @@
         Gets the actions authorized to be performed.
         
-        @return the actions authorized to be performed
+        @return: the actions authorized to be performed
         '''
         raise NotImplementedError()
@@ -382 +393 @@
         authorization decision.
         
-        @return the SAML assertion the authority relied on when making the 
+        @return: the SAML assertion the authority relied on when making the 
         authorization decision
         '''
@@ -392 +403 @@
         authorization decision.
         
-        @param newEvidence the SAML assertion the authority relied on when 
+        @param value: the SAML assertion the authority relied on when 
         making the authorization decision
         '''
@@ -416 +427 @@
                       TYPE_LOCAL_NAME,
                       SAMLConstants.SAML20_PREFIX)
-
+    __slots__ = (
+        '__qname',
+        '__baseID',
+        '__nameID',
+        '__encryptedID',
+        '__subjectConfirmations'
+    )
+    
     def __init__(self, 
                  namespaceURI=SAMLConstants.SAML20_NS, 
                  elementLocalName=DEFAULT_ELEMENT_LOCAL_NAME, 
                  namespacePrefix=SAMLConstants.SAML20_PREFIX):
-        '''@param namespaceURI the namespace the element is in
-        @param elementLocalName the local name of the XML element this Object 
+        '''@param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
         represents
-        @param namespacePrefix the prefix for the given namespace
+        @param namespacePrefix: the prefix for the given namespace
         '''
         self.__qname = QName(namespaceURI, 
@@ -481 +499 @@
     encryptedID = property(fget=_getEncryptedID, 
                            fset=_setEncryptedID, 
-                           doc="EncryptedID's Docstring")    
+                           doc="EncryptedID's Docstring")
+    
     def _getSubjectConfirmations(self): 
         return self.__subjectConfirmations
@@ -487 +506 @@
     subjectConfirmations = property(fget=_getSubjectConfirmations, 
                                     doc="Subject Confirmations")    
+    
     def getOrderedChildren(self): 
         children = []
@@ -544 +564 @@
     ENCRYPTED = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"
     
+    __slots__ = (
+        '__qname',
+        '__name',
+        '__nameQualifier',
+        '__spNameQualifier',
+        '__format',
+        '__spProvidedID',
+        '__value'
+    )
+    
     def __init__(self, namespaceURI, elementLocalName, namespacePrefix): 
-        '''@param namespaceURI the namespace the element is in
-        @param elementLocalName the local name of the XML element this Object 
+        '''@param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
         represents
-        @param namespacePrefix the prefix for the given namespace
+        @param namespacePrefix: the prefix for the given namespace
         '''
         self.__qname = QName(namespaceURI, elementLocalName, namespacePrefix)
@@ -684 +714 @@
                       SAMLConstants.SAML20_PREFIX)
     
+    __slots__ = ()
+    
     def __init__(self, 
                  namespaceURI=SAMLConstants.SAML20_NS, 
@@ -718 +750 @@
     NOT_ON_OR_AFTER_ATTRIB_NAME = "NotOnOrAfter"
 
+    __slots__ = (
+        '__conditions',
+        '__notBefore',
+        '__notOnOrAfter'
+    )
+    
     def __init__(self):
         
@@ -732 +770 @@
         '''Get the date/time before which the assertion is invalid.
         
-        @return the date/time before which the assertion is invalid'''
+        @return: the date/time before which the assertion is invalid'''
         return self.__notBefore
     
@@ -738 +776 @@
         '''Sets the date/time before which the assertion is invalid.
         
-        @param newNotBefore the date/time before which the assertion is invalid
+        @param value: the date/time before which the assertion is invalid
         '''
         if not isinstance(value, datetime):
@@ -748 +786 @@
         '''Gets the date/time on, or after, which the assertion is invalid.
         
-        @return the date/time on, or after, which the assertion is invalid'
+        @return: the date/time on, or after, which the assertion is invalid'
         '''
         return self.__notBefore
@@ -755 +793 @@
         '''Sets the date/time on, or after, which the assertion is invalid.
         
-        @param newNotOnOrAfter the date/time on, or after, which the assertion 
+        @param value: the date/time on, or after, which the assertion 
         is invalid
         '''
@@ -766 +804 @@
         '''Gets all the conditions on the assertion.
         
-        @return all the conditions on the assertion
+        @return: all the conditions on the assertion
         '''
         return self.__conditions
@@ -776 +814 @@
         '''Gets the audience restriction conditions for the assertion.
         
-        @return the audience restriction conditions for the assertion
+        @return: the audience restriction conditions for the assertion
         '''
         raise NotImplementedError()
@@ -783 +821 @@
         '''Gets the OneTimeUse condition for the assertion.
         
-        @return the OneTimeUse condition for the assertion
+        @return: the OneTimeUse condition for the assertion
         '''
         raise NotImplementedError()
@@ -790 +828 @@
         '''Gets the ProxyRestriction condition for the assertion.
         
-        @return the ProxyRestriction condition for the assertion
+        @return: the ProxyRestriction condition for the assertion
         '''
         raise NotImplementedError()
@@ -819 +857 @@
         Gets the list of all child elements attached to this advice.
         
-        @return the list of all child elements attached to this advice
+        @return: the list of all child elements attached to this advice
         '''
         raise NotImplementedError()
@@ -826 +864 @@
         '''Gets the list of AssertionID references used as advice.
         
-        @return the list of AssertionID references used as advice
+        @return: the list of AssertionID references used as advice
         '''
         raise NotImplementedError()
@@ -833 +871 @@
         '''Gets the list of AssertionURI references used as advice.
         
-        @return the list of AssertionURI references used as advice
+        @return: the list of AssertionURI references used as advice
         '''
         raise NotImplementedError()
@@ -840 +878 @@
         '''Gets the list of Assertions used as advice.
         
-        @return the list of Assertions used as advice
+        @return: the list of Assertions used as advice
         '''
         raise NotImplementedError()
@@ -847 +885 @@
         '''Gets the list of EncryptedAssertions used as advice.
         
-        @return the list of EncryptedAssertions used as advice
+        @return: the list of EncryptedAssertions used as advice
         '''
         raise NotImplementedError()
@@ -885 +923 @@
     ID_ATTRIB_NAME = "ID"
 
+    __slots__ = (
+        '__version',
+        '__issueInstant',
+        '__id',
+        '__issuer',
+        '__subject',
+        '__conditions',
+        '__advice',
+        '__statements',
+        '__authnStatements',
+        '__authzDecisionStatements',
+        '__attributeStatements'
+    )
+    
     def __init__(self):
         # Base class initialisation
@@ -905 +957 @@
         
     def _get_version(self):
-        '''@return the SAML Version of this assertion.
+        '''@return: the SAML Version of this assertion.
         '''
         return self.__version
     
     def _set_version(self, version):
-        '''@param version the SAML Version of this assertion
+        '''@param version: the SAML Version of this assertion
         '''
         if not isinstance(version, SAMLVersion):
@@ -925 +977 @@
         '''Gets the issue instance of this assertion.
         
-        @return the issue instance of this assertion'''
+        @return: the issue instance of this assertion'''
         return self.__issueInstant
     
@@ -931 +983 @@
         '''Sets the issue instance of this assertion.
         
-        @param newIssueInstance the issue instance of this assertion
+        @param issueInstant: the issue instance of this assertion
         '''
         if not isinstance(issueInstant, datetime):
@@ -946 +998 @@
         '''Sets the ID of this assertion.
         
-        @return the ID of this assertion
+        @return: the ID of this assertion
         '''
         return self.__id
@@ -953 +1005 @@
         '''Sets the ID of this assertion.
         
-        @param newID the ID of this assertion
+        @param _id: the ID of this assertion
         '''
         if not isinstance(_id, basestring):
@@ -1066 +1118 @@
                                  DEFAULT_ELEMENT_LOCAL_NAME,
                                  SAMLConstants.SAML20_PREFIX)
+    __slots__ = ()
 
 
@@ -1081 +1134 @@
     DEFAULT_FORMAT = "%s#%s" % (SAMLConstants.XSD_NS, TYPE_LOCAL_NAME)
   
+    __slots__ = ('__value',)
+    
     def __init__(self):
         self.__value = None
@@ -1115 +1170 @@
                       TYPE_LOCAL_NAME,
                       SAMLConstants.SAML20P_PREFIX)
+    
+    __slots__ = ('__unknownChildren', '__qname')
     
     def __init__(self):
@@ -1166 +1223 @@
                                  SAMLConstants.SAML20P_PREFIX)
     
+    __slots__ = ('__value', '__qname')
+    
     def __init__(self):
         # Value attribute URI.
@@ -1301 +1360 @@
                 "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding"
 
+    __slots__ = ('__value', '__childStatusCode', '__qname')
+    
     def __init__(self):
         # Value attribute URI.
@@ -1370 +1431 @@
                       SAMLConstants.SAML20P_PREFIX)
 
+    __slots__ = ('__statusCode', '__statusMessage', '__statusDetail', '__qname')
+    
     def __init__(self):
         # StatusCode element.
@@ -1400 +1463 @@
         Gets the Code of this Status.
         
-        @return Status StatusCode
+        @return: Status StatusCode
         '''
         return self.__statusCode
@@ -1408 +1471 @@
         Sets the Code of this Status.
         
-        @param newStatusCode the Code of this Status
+        @param value:         the Code of this Status
         '''
         if not isinstance(value, StatusCode):
@@ -1424 +1487 @@
         Gets the Message of this Status.
         
-        @return Status StatusMessage
+        @return: Status StatusMessage
         '''
         return self.__statusMessage
@@ -1432 +1495 @@
         Sets the Message of this Status.
         
-        @param newStatusMessage the Message of this Status
+        @param value: the Message of this Status
         '''
         if not isinstance(value, StatusMessage):
@@ -1448 +1511 @@
         Gets the Detail of this Status.
         
-        @return Status StatusDetail
+        @return: Status StatusDetail
         '''
         return self.__statusDetail
@@ -1456 +1519 @@
         Sets the Detail of this Status.
         
-        @param newStatusDetail the Detail of this Status
+        @param value: the Detail of this Status
         '''
         self.__statusDetail = value
@@ -1464 +1527 @@
                             doc="status message")
 
+
+class Action(SAMLObject): 
+    '''SAML 2.0 Core Action'''
+    
+    # Element local name. 
+    DEFAULT_ELEMENT_LOCAL_NAME = "Action"
+
+    # Default element name. 
+    DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, 
+                                 DEFAULT_ELEMENT_LOCAL_NAME,
+                                 SAMLConstants.SAML20_PREFIX)
+
+    # Local name of the XSI type. 
+    TYPE_LOCAL_NAME = "ActionType"
+
+    # QName of the XSI type 
+    TYPE_NAME = QName(SAMLConstants.SAML20_NS, 
+                      TYPE_LOCAL_NAME,
+                      SAMLConstants.SAML20_PREFIX)
+
+    # Name of the Namespace attribute. 
+    NAMEPSACE_ATTRIB_NAME = "Namespace"
+
+    # Read/Write/Execute/Delete/Control action namespace. 
+    RWEDC_NS_URI = "urn:oasis:names:tc:SAML:1.0:action:rwedc"
+
+    # Read/Write/Execute/Delete/Control negation action namespace. 
+    RWEDC_NEGATION_NS_URI = "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"
+
+    # Get/Head/Put/Post action namespace. 
+    GHPP_NS_URI = "urn:oasis:names:tc:SAML:1.0:action:ghpp"
+
+    # UNIX file permission action namespace. 
+    UNIX_NS_URI = "urn:oasis:names:tc:SAML:1.0:action:unix"
+
+    # Read action. 
+    READ_ACTION = "Read"
+
+    # Write action. 
+    WRITE_ACTION = "Write"
+
+    # Execute action. 
+    EXECUTE_ACTION = "Execute"
+
+    # Delete action. 
+    DELETE_ACTION = "Delete"
+
+    # Control action. 
+    CONTROL_ACTION = "Control"
+
+    # Negated Read action. 
+    NEG_READ_ACTION = "~Read"
+
+    # Negated Write action. 
+    NEG_WRITE_ACTION = "~Write"
+
+    # Negated Execute action. 
+    NEG_EXECUTE_ACTION = "~Execute"
+
+    # Negated Delete action. 
+    NEG_DELETE_ACTION = "~Delete"
+
+    # Negated Control action. 
+    NEG_CONTROL_ACTION = "~Control"
+
+    # HTTP GET action. 
+    HTTP_GET_ACTION = "GET"
+
+    # HTTP HEAD action. 
+    HTTP_HEAD_ACTION = "HEAD"
+
+    # HTTP PUT action. 
+    HTTP_PUT_ACTION = "PUT"
+
+    # HTTP POST action. 
+    HTTP_POST_ACTION = "POST"
+    
+    def __init__(self, namespaceURI, elementLocalName, namespacePrefix):
+        '''
+        @param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this object 
+        represents
+        @param namespacePrefix: the prefix for the given namespace'''
+        super(Action, self).__init__(namespaceURI, 
+                                     elementLocalName, 
+                                     namespacePrefix)
+        
+        # URI of the Namespace of this Action
+        self.__namespace = None
+
+        # Action value
+        self.__action = None
+    
+    def _getNamespace(self):
+        '''
+        gets the namespace scope of the specified action.
+        
+        @return: the namespace scope of the specified action
+        '''
+        self.__namespace
+
+    def _setNamespace(self, value):
+        '''
+        Sets the namespace scope of the specified action.
+        
+        @param value: the namespace scope of the specified action
+        '''
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "namespace" '
+                            'attribute; got %r' % type(value))
+        self.__namespace = value
+
+    namespace = property(_getNamespace, _setNamespace, 
+                         doc="Action Namespace")
+
+    def _getAction(self):
+        '''
+        gets the URI of the action to be performed.
+        
+        @return: the URI of the action to be performed
+        '''
+        return self.__action
+
+    def _setAction(self, value):
+        '''
+        Sets the URI of the action to be performed.
+        
+        @param value: the URI of the action to be performed
+        '''
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "action" '
+                            'attribute; got %r' % type(value))
+        self.__action = value
+
+    action = property(_getAction, _setAction, 
+                      doc="Action string")
+        
 
 class RequestAbstractType(SAMLObject): 
@@ -1510 +1710 @@
 
     # Inapplicable consent URI.
-    INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable" 
-
+    INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable"
+     
+    __slots__ = (
+        '__version',
+        '__id',
+        '__issueInstant',
+        '__destination',
+        '__consent',
+        '__issuer',
+        '__extensions'
+    )
+    
     def __init__(self):
         # SAML Version of the request. 
@@ -1535 +1745 @@
         
     def _get_version(self):
-        '''@return the SAML Version of this assertion.
+        '''@return: the SAML Version of this assertion.
         '''
         return self.__version
     
     def _set_version(self, version):
-        '''@param version the SAML Version of this assertion
+        '''@param version: the SAML Version of this assertion
         '''
         if not isinstance(version, SAMLVersion):
@@ -1555 +1765 @@
         '''Gets the date/time the request was issued
         
-        @return the issue instance of this request'''
+        @return: the issue instance of this request'''
         return self.__issueInstant
     
@@ -1561 +1771 @@
         '''Sets the date/time the request was issued
         
-        @param value the issue instance of this request
+        @param value: the issue instance of this request
         '''
         if not isinstance(value, datetime):
@@ -1576 +1786 @@
         '''Sets the unique identifier for this request.
         
-        @return the ID of this request
+        @return: the ID of this request
         '''
         return self.__id
@@ -1583 +1793 @@
         '''Sets the unique identifier for this request
         
-        @param newID the ID of this assertion
+        @param value: the ID of this assertion
         '''
         if not isinstance(value, basestring):
@@ -1595 +1805 @@
         '''Gets the URI of the destination of the request.
         
-        @return the URI of the destination of the request
+        @return: the URI of the destination of the request
         '''
         return self.__destination
@@ -1602 +1812 @@
         '''Sets the URI of the destination of the request.
         
-        @param newDestination the URI of the destination of the request'''
+        @param value: the URI of the destination of the request'''
         if not isinstance(value, basestring):
             raise TypeError('Expecting basestring derived type for '
@@ -1674 +1884 @@
 class SubjectQuery(RequestAbstractType):
     """SAML 2.0 Core Subject Query type"""
+    __slots__ = ('__subject', )
     
     def __init__(self):
@@ -1681 +1892 @@
         '''Gets the Subject of this request.
         
-        @return the Subject of this request'''   
+        @return: the Subject of this request'''   
         return self.__subject
     
@@ -1687 +1898 @@
         '''Sets the Subject of this request.
         
-        @param newSubject the Subject of this request'''
+        @param value: the Subject of this request'''
         if not isinstance(value, Subject):
             raise TypeError('Setting "subject", got %r, expecting %r' %
@@ -1716 +1927 @@
                       SAMLConstants.SAML20P_PREFIX)
 
+    __slots__ = ('__attributes',)
+    
     def __init__(self):
         self.__attributes = TypedList(Attribute)
@@ -1722 +1935 @@
         '''Gets the Attributes of this query.
         
-        @return the list of Attributes of this query'''
+        @return: the list of Attributes of this query'''
         return self.__attributes
 
@@ -1733 +1946 @@
 
 
-class StatusResponseType(SAMLObject):
-    '''SAML 2.0 Core Status Response Type
-    '''
-
+class Evidentiary(SAMLObject):
+    """Base class for types set in an evidence object"""
+    __slots__ = ()
+
+
+class AssertionURIRef(Evidentiary):
+    __slots__ = ('__assertionURI',)
+    
+    def __init__(self, namespaceURI, elementLocalName, namespacePrefix):
+        '''
+        @param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
+        represents
+        @param namespacePrefix: the prefix for the given namespace'''
+        super(AssertionURIRef, self).__init__(namespaceURI, 
+                                              elementLocalName, 
+                                              namespacePrefix)
+        
+        # URI of the Assertion
+        self.__assertionURI = None   
+
+    def _getAssertionURI(self):
+        return self.__assertionURI
+
+    def _setAssertionURI(self, value):
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "assertionID" '
+                            'attribute; got %r' % type(value))
+        self.__assertionURI = value
+
+    def getOrderedChildren(self):
+        return None
+
+    assertionURI = property(_getAssertionURI, _setAssertionURI, 
+                            doc="Assertion URI")
+    
+    
+class AssertionIDRef(Evidentiary):
+    '''SAML 2.0 Core AssertionIDRef.'''
+
+    # Element local name.
+    DEFAULT_ELEMENT_LOCAL_NAME = "AssertionIDRef"
+
+    # Default element name.
+    DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, 
+                                 DEFAULT_ELEMENT_LOCAL_NAME,
+                                 SAMLConstants.SAML20_PREFIX)
+    
+    __slots__ = ("_AssertionID",)
+    
+    def __init__(self, namespaceURI, elementLocalName, namespacePrefix):
+        '''
+        @param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
+        represents
+        @param namespacePrefix: the prefix for the given namespace
+        '''
+        super(AssertionIDRef, self).__init__(namespaceURI, 
+                                             elementLocalName, 
+                                             namespacePrefix)
+        self.__assertionID = None
+    
+    def _getAssertionID(self):
+        '''Gets the ID of the assertion this references.
+        
+        @return: the ID of the assertion this references'''
+        return self.__assertionID
+        
+    def _setAssertionID(self, value):
+        '''Sets the ID of the assertion this references.
+        
+        @param value: the ID of the assertion this references'''
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "assertionID" '
+                            'attribute; got %r' % type(value))
+        self.__assertionID = value
+
+    def getOrderedChildren(self):
+        return None
+
+    assertionID = property(_getAssertionID, _setAssertionID, 
+                           doc="Assertion ID")
+        
+    
+class EncryptedElementType(SAMLObject):
+    '''SAML 2.0 Core EncryptedElementType'''
+    
     # Local name of the XSI type.
-    TYPE_LOCAL_NAME = "StatusResponseType"
+    TYPE_LOCAL_NAME = "EncryptedElementType"
+        
+    # QName of the XSI type.
+    TYPE_NAME = QName(SAMLConstants.SAML20_NS, 
+                      TYPE_LOCAL_NAME, 
+                      SAMLConstants.SAML20_PREFIX)
+    
+    __slots__ = ()
+    
+    def _getEncryptedData(self):
+        '''Get the EncryptedData child element.
+        
+        @return the EncryptedData child element'''
+        raise NotImplementedError()
+    
+    def _setEncryptedData(self, value):
+        '''Set the EncryptedData child element.
+        
+        @param newEncryptedData the new EncryptedData child element'''
+        raise NotImplementedError()
+    
+    def _getEncryptedKeys(self):
+        '''A list of EncryptedKey child elements.
+        
+        @return a list of EncryptedKey child elements'''
+        raise NotImplementedError()
+    
+    
+class EncryptedAssertion(EncryptedElementType, Evidentiary):
+    '''SAML 2.0 Core EncryptedAssertion.'''
+    
+    # Element local name. 
+    DEFAULT_ELEMENT_LOCAL_NAME = "EncryptedAssertion"
+
+    # Default element name. 
+    DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, 
+                                 DEFAULT_ELEMENT_LOCAL_NAME,
+                                 SAMLConstants.SAML20_PREFIX) 
+    __slots__ = ()
+      
+    
+class Evidence(SAMLObject):
+    '''SAML 2.0 Core Evidence.'''
+    
+    # Element local name.
+    DEFAULT_ELEMENT_LOCAL_NAME = "Evidence"
+    
+    # Default element name.
+    DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20_NS, 
+                                 DEFAULT_ELEMENT_LOCAL_NAME, 
+                                 SAMLConstants.SAML20_PREFIX)
+    
+    # Local name of the XSI type.
+    TYPE_LOCAL_NAME = "EvidenceType" 
+        
+    # QName of the XSI type.
+    TYPE_NAME = QName(SAMLConstants.SAML20_NS, 
+                      TYPE_LOCAL_NAME, 
+                      SAMLConstants.SAML20_PREFIX)
+
+    __slots__ = ('__evidence',)
+    
+    def __init__(self, namespaceURI, elementLocalName, namespacePrefix):
+        '''
+        @param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
+        represents
+        @param namespacePrefix: the prefix for the given namespace'''
+        super(Evidence, self).__init__(namespaceURI, 
+                                       elementLocalName, 
+                                       namespacePrefix)
+        # Assertion of the Evidence. 
+        self.__evidence = TypedList(Evidentiary)
+        
+    def _getAssertionIDReferences(self):
+        '''Gets the list of AssertionID references used as evidence.
+    
+        @return: the list of AssertionID references used as evidence'''
+        return [i for i in self.__evidence 
+                if (getattr(i, "DEFAULT_ELEMENT_NAME") == 
+                    AssertionIDRef.DEFAULT_ELEMENT_NAME)]
+    
+    def _getAssertionURIReferences(self):
+        '''Gets the list of AssertionURI references used as evidence.
+       
+        @return: the list of AssertionURI references used as evidence'''
+        return [i for i in self.__evidence 
+                if (getattr(i, "DEFAULT_ELEMENT_NAME") == 
+                    AssertionURIRef.DEFAULT_ELEMENT_NAME)]
+    
+    def _getAssertions(self):
+        '''Gets the list of Assertions used as evidence.
+       
+        @return: the list of Assertions used as evidence'''
+        return [i for i in self.__evidence 
+                if (getattr(i, "DEFAULT_ELEMENT_NAME") == 
+                    Assertion.DEFAULT_ELEMENT_NAME)]
+    
+    def _getEncryptedAssertions(self):
+        '''Gets the list of EncryptedAssertions used as evidence.
+       
+        @return: the list of EncryptedAssertions used as evidence'''
+        return [i for i in self.__evidence 
+                if (getattr(i, "DEFAULT_ELEMENT_NAME") == 
+                    EncryptedAssertion.DEFAULT_ELEMENT_NAME)]
+
+    def _getEvidence(self):
+        '''Gets the list of all elements used as evidence.
+       
+        @return: the list of Evidentiary objects used as evidence'''
+        return self.__evidence
+    
+    def getOrderedChildren(self):
+        children = []
+
+        if len(self.evidence) == 0:
+            return None
+
+        children.extend(self.evidence)
+
+        return tuple(children)
+    
+
+class AuthzDecisionQuery(SubjectQuery):
+    '''SAML 2.0 AuthzDecisionQuery.'''
+
+    # Element local name.
+    DEFAULT_ELEMENT_LOCAL_NAME = "AuthzDecisionQuery"
+
+    # Default element name.
+    DEFAULT_ELEMENT_NAME = QName(SAMLConstants.SAML20P_NS, 
+                                 DEFAULT_ELEMENT_LOCAL_NAME,
+                                 SAMLConstants.SAML20P_PREFIX)
+
+    # Local name of the XSI type.
+    TYPE_LOCAL_NAME = "AuthzDecisionQueryType"
 
     # QName of the XSI type.
@@ -1745 +2176 @@
                       SAMLConstants.SAML20P_PREFIX)
 
+    # Resource attribute name.
+    RESOURCE_ATTRIB_NAME = "Resource"
+    
+    __slots__ = (
+       '__resource',
+       '__evidence',
+       '__actions'
+    )
+    
+    def __init__(self, namespaceURI, elementLocalName, namespacePrefix):
+        '''@param namespaceURI: the namespace the element is in
+        @param elementLocalName: the local name of the XML element this Object 
+        represents
+        @param namespacePrefix: the prefix for the given namespace
+        '''
+        super(AuthzDecisionQuery, self).__init__(namespaceURI, 
+                                                 elementLocalName, 
+                                                 namespacePrefix)
+
+        # Resource attribute value. 
+        self.__resource = None
+    
+        # Evidence child element.
+        self.__evidence = None
+    
+        # Action child elements.
+        self.__actions = TypedList(Action)
+        
+    def _getResource(self):
+        '''Gets the Resource attrib value of this query.
+
+        @return: the Resource attrib value of this query'''
+        return self.__resource
+    
+    def _setResource(self, value):
+        '''Sets the Resource attrib value of this query normalizing the path
+        component, removing spurious port numbers (80 for HTTP and 443 for 
+        HTTPS) and converting the host component to lower case.
+        
+        @param value: the new Resource attrib value of this query'''
+        if not isinstance(value, basestring):
+            raise TypeError('Expecting string type for "resource" attribute; '
+                            'got %r instead' % type(value))
+        
+        # Normalise the path, set the host name to lower case and remove 
+        # port redundant numbers 80 and 443
+        splitResult = urlsplit(value)
+        uriComponents = list(splitResult)
+        
+        # hostname attribute is lowercase
+        uriComponents[1] = splitResult.hostname
+        
+        isHttpWithStdPort = (splitResult.port == '80' and 
+                             splitResult.scheme == 'http')
+        
+        isHttpsWithStdPort = (splitResult.port == '443' and
+                              splitResult.scheme == 'https')
+        
+        if not isHttpWithStdPort and not isHttpsWithStdPort:
+            uriComponents[1] += ":" + splitResult.port
+        
+        uriComponents[2] = urllib.quote(splitResult.path)
+        
+        self.__resource = urlunsplit(uriComponents)
+    
+    resource = property(fget=_getResource, fset=_setResource,
+                        doc="Resource for which authorisation is requested")
+    
+    def _getActions(self):
+        '''Gets the Actions of this query.
+        
+        @return: the Actions of this query'''
+        return self.__actions
+    
+    actions = property(fget=_getActions, 
+                       doc="The actions for which authorisation is requested")
+   
+    def _getEvidence(self):
+        '''Gets the Evidence of this query.
+
+        @return: the Evidence of this query'''
+        return self.__evidence
+
+    def _setEvidence(self, value):
+        '''Sets the Evidence of this query.
+        @param newEvidence: the new Evidence of this query'''  
+        if not isinstance(value, Evidence):
+            raise TypeError('Expecting Evidence type for "evidence" '
+                            'attribute; got %r' % type(value))
+
+        self.__evidence = value  
+
+    evidence = property(fget=_getEvidence, fset=_setEvidence, 
+                        doc="A set of assertions which the Authority may use "
+                            "to base its authorisation decision on")
+    
+    def getOrderedChildren(self):
+        children = []
+
+        superChildren = super(AuthzDecisionQuery, self).getOrderedChildren()
+        if superChildren:
+            children.extend(superChildren)
+
+        children.extend(self.actions)
+        
+        if evidence is not None:
+            children.extend(evidence)
+
+        if len(children) == 0:
+            return None
+
+        return tuple(children)
+
+
+class StatusResponseType(SAMLObject):
+    '''SAML 2.0 Core Status Response Type
+    '''
+
+    # Local name of the XSI type.
+    TYPE_LOCAL_NAME = "StatusResponseType"
+
+    # QName of the XSI type.
+    TYPE_NAME = QName(SAMLConstants.SAML20P_NS, 
+                      TYPE_LOCAL_NAME,
+                      SAMLConstants.SAML20P_PREFIX)
+
     # ID attribute name
     ID_ATTRIB_NAME = "ID"
@@ -1784 +2341 @@
     INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable"
 
+    __slots__ = (
+        '__qname',        
+        '__version',
+        '__id',
+        '__inResponseTo',
+        '__issueInstant',
+        '__destination',
+        '__consent',
+        '__issuer',
+        '__status',
+        '__extensions'                
+    )
+    
     def __init__(self):
         self.__qname = None
@@ -1810 +2380 @@
 
     def _get_version(self):
-        '''@return the SAML Version of this response.
+        '''@return: the SAML Version of this response.
         '''
         return self.__version
     
     def _set_version(self, version):
-        '''@param version the SAML Version of this response
+        '''@param version: the SAML Version of this response
         '''
         if not isinstance(version, SAMLVersion):
@@ -1830 +2400 @@
         '''Sets the ID of this response.
         
-        @return the ID of this response
+        @return: the ID of this response
         '''
         return self.__id
@@ -1849 +2419 @@
         '''Get the unique request identifier for which this is a response
         
-        @return value: the unique identifier of the originating 
+        @return: the unique identifier of the originating 
         request
         '''
@@ -1873 +2443 @@
         '''Gets the issue instance of this response.
         
-        @return the issue instance of this response'''
+        @return: the issue instance of this response'''
         return self.__issueInstant
     
@@ -1879 +2449 @@
         '''Sets the issue instance of this response.
         
-        @param newIssueInstance the issue instance of this response
+        @param newIssueInstance: the issue instance of this response
         '''
         if not isinstance(issueInstant, datetime):
@@ -1894 +2464 @@
         '''Gets the URI of the destination of the response.
         
-        @return the URI of the destination of the response
+        @return: the URI of the destination of the response
         '''
         return self.__destination
@@ -1954 +2524 @@
         '''Gets the Status of this response.
         
-        @return the Status of this response
+        @return: the Status of this response
         '''
         return self.__status
@@ -1961 +2531 @@
         '''Sets the Status of this response.
         
-        @param newStatus the Status of this response
+        @param newStatus: the Status of this response
         '''
         if not isinstance(value, Status):
@@ -2011 +2581 @@
                       SAMLConstants.SAML20P_PREFIX)
     
+    __slots__ = ()
+    
     def __init__(self):
         '''''' 

TI12-security/trunk/ndg_security_saml/saml/test/test_saml.py

@@ -25 +25 @@
                              Subject, NameID, StatusCode, 
                              StatusMessage, Status, Conditions, 
-                             XSStringAttributeValue)
+                             XSStringAttributeValue,
+                             AuthzDecisionQuery)
 
 from saml.common.xml import SAMLConstants
@@ -309 +310 @@
         assertion.conditions = Conditions()
         assertion.conditions.notBefore = datetime.utcnow()
-        assertion.conditions.notOnOrAfter = assertion.conditions.notBefore + \
-            timedelta(seconds=60*60*8)
+        assertion.conditions.notOnOrAfter = (assertion.conditions.notBefore + 
+                                             timedelta(seconds=60*60*8))
         
         assertion.subject = Subject()  
@@ -336 +337 @@
         print(xmlOutput)
         print("_"*80)
+        
+    def test06CreateAuthzDecisionQuery(self):
+        authzDecisionQuery = AuthzDecisionQuery()
+        self.assert_(authzDecisionQuery)
     
 if __name__ == "__main__":

TI12-security/trunk/ndg_security_saml/setup.cfg

@@ -9 +9 @@
 # BSD - See LICENCE file for details
 [egg_info]
-#tag_build = rc1
+##tag_build = rc1
 #tag_svn_revision = true
 

TI12-security/trunk/ndg_security_saml/setup.py

@@ -20 +20 @@
 setup(
     name =                      'ndg_security_saml',
-    version =                   '0.2',
+    version =                   '0.3',
     description =               'NERC DataGrid SAML Implementation',
     long_description =          ('SAML 2.0 implementation for use with NDG '