def toXML(cls, xacmlAuthzDecisionStatement): if not isinstance(xacmlAuthzDecisionStatement, XACMLAuthzDecisionStatement): raise TypeError("Expecting %r class got %r" % (XACMLAuthzDecisionStatement, type(xacmlAuthzDecisionStatement))) if not xacmlAuthzDecisionStatement.xacmlContextResponse: raise AttributeError("No xacmlContextResponse has been set for the " "XACMLAuthzDecisionStatement") tag = str(QName.fromGeneric(cls.DEFAULT_ELEMENT_NAME)) elem = etree.makeEtreeElement(tag, cls.DEFAULT_ELEMENT_NAME.prefix, cls.DEFAULT_ELEMENT_NAME.namespaceURI) xacmlContextResponseElem = ResponseElementTree.toXML( xacmlAuthzDecisionStatement.xacmlContextResponse) elem.append(xacmlContextResponseElem) if xacmlAuthzDecisionStatement.xacmlContextRequest: xacmlContextRequestElem = RequestElementTree.toXML( xacmlAuthzDecisionStatement.xacmlContextRequest) elem.append(xacmlContextRequestElem) return elem
def test06ExecuteConditionPermit(self): self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR3_FILEPATH, ReaderFactory) resourceContent = self._make_resource_content_element( self.__class__.RESOURCE_CONTENT_EXECUTE) request = self._createRequestCtx( self.__class__.PUBLIC_RESOURCE_ID, resourceContent=resourceContent) request.elem = RequestElementTree.toXML(request) request.attributeSelector = EtreeXPathSelector(request.elem) response = self.pdp.evaluate(request) self.failIf(response is None, "Null response") for result in response.results: self.failIf(result.decision != Decision.PERMIT, "Expecting permit decision")
def test01NotApplicable(self): self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, ReaderFactory) resourceContent = self._make_resource_content_element( self.__class__.RESOURCE_CONTENT_VERSION_100) request = self._createRequestCtx( self.__class__.NOT_APPLICABLE_RESOURCE_ID, resourceContent=resourceContent) request.elem = RequestElementTree.toXML(request) request.attributeSelector = EtreeXPathSelector(request.elem) response = self.pdp.evaluate(request) self.failIf(response is None, "Null response") for result in response.results: self.failIf(result.decision != Decision.NOT_APPLICABLE, "Expecting not applicable decision")
def test10SelectAttributeDeny(self): self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR6_FILEPATH, ReaderFactory) resourceContent = self._make_resource_content_element( self.__class__.RESOURCE_CONTENT_EXECUTE) request = self._createRequestCtx( self.__class__.PUBLIC_RESOURCE_ID, resourceContent=resourceContent) request.elem = RequestElementTree.toXML(request) request.attributeSelector = EtreeXPathSelector(request.elem) response = self.pdp.evaluate(request) self.failIf(response is None, "Null response") for result in response.results: if Config.use_lxml: self.failIf(result.decision != Decision.DENY, "Expecting deny decision") else: self.failIf(result.decision != Decision.INDETERMINATE, "Expecting indeterminate decision")
def test04Indeterminate(self): '''This should result in an indeterminate decision because the policy includes an AttributeSelector with MustBePresent="true", whereas the request context path is not found in the request XML. ''' self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, ReaderFactory) resourceContent = self._make_resource_content_element( self.__class__.RESOURCE_CONTENT_NO_VERSION) request = self._createRequestCtx( self.__class__.PUBLIC_RESOURCE_ID, resourceContent=resourceContent) request.elem = RequestElementTree.toXML(request) request.attributeSelector = EtreeXPathSelector(request.elem) response = self.pdp.evaluate(request) self.failIf(response is None, "Null response") for result in response.results: self.failIf(result.decision != Decision.INDETERMINATE, "Expecting indeterminate decision")
def test08ExecuteLxmlPermit(self): # Test with condition in XPath expression - this will only return a # permit decision when using lxml self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR4_FILEPATH, ReaderFactory) resourceContent = self._make_resource_content_element( self.__class__.RESOURCE_CONTENT_EXECUTE) request = self._createRequestCtx( self.__class__.PUBLIC_RESOURCE_ID, resourceContent=resourceContent) request.elem = RequestElementTree.toXML(request) request.attributeSelector = EtreeXPathSelector(request.elem) response = self.pdp.evaluate(request) self.failIf(response is None, "Null response") for result in response.results: if Config.use_lxml: self.failIf(result.decision != Decision.PERMIT, "Expecting permit decision") else: log.debug("Using ElementTree: dependent on the version, this " "test may result in an indeterminate decision. " "result.decision = %s" % result.decision)
def toXML(cls, xacmlAuthzDecisionQuery): """Create an XML representation of the input SAML Authorization Decision Query object @type xacmlAuthzDecisionQuery: saml.saml2.core.AuthzDecisionQuery @param xacmlAuthzDecisionQuery: SAML Authorization Decision Query @rtype: ElementTree.Element @return: Attribute Query as ElementTree XML element """ if not isinstance(xacmlAuthzDecisionQuery, XACMLAuthzDecisionQuery): raise TypeError("Expecting %r class got %r" % (XACMLAuthzDecisionQuery, type(xacmlAuthzDecisionQuery))) if not xacmlAuthzDecisionQuery.xacmlContextRequest: raise AttributeError("No xacmlContextRequest has been set for the " "XACMLAuthzDecisionQuery") issueInstant = SAMLDateTime.toString(xacmlAuthzDecisionQuery.issueInstant) attrib = { cls.ID_ATTRIB_NAME: xacmlAuthzDecisionQuery.id, cls.ISSUE_INSTANT_ATTRIB_NAME: issueInstant, # Nb. Version is a SAMLVersion instance and requires explicit cast cls.VERSION_ATTRIB_NAME: str(xacmlAuthzDecisionQuery.version), } tag = str(QName.fromGeneric(cls.DEFAULT_ELEMENT_NAME)) elem = etree.makeEtreeElement(tag, cls.DEFAULT_ELEMENT_NAME.prefix, cls.DEFAULT_ELEMENT_NAME.namespaceURI, **attrib) issuerElem = IssuerElementTree.toXML(xacmlAuthzDecisionQuery.issuer) elem.append(issuerElem) requestElem = RequestElementTree.toXML( xacmlAuthzDecisionQuery.xacmlContextRequest) elem.append(requestElem) return elem