Python XSStringAttributeValue.XSStringAttributeValue示例

示例#1

 def xsstringAttributeValueParser(self, attrVal):
     """Convert string attribute value retrieved from database query into
     the respective SAML Attribute Value type
     """
     xsstringAttrVal = XSStringAttributeValue()
     xsstringAttrVal.value = attrVal
     return xsstringAttrVal

示例#2

文件： sitea_attributeinterface.py 项目： agstephens/ndg_security_server

class TestUserRoles(AttributeInterface):
    """Test User Roles class dynamic import for Attribute Authority"""
    ATTRIBUTE_NAMES = ()
    ATTRIBUTE_VALUES = ()

    SAML_ATTRIBUTE_NAMES = ATTRIBUTE_NAMES + (
        ESGFSamlNamespaces.EMAILADDRESS_ATTRNAME,
        ESGFSamlNamespaces.FIRSTNAME_ATTRNAME,
        ESGFSamlNamespaces.LASTNAME_ATTRNAME, 'urn:esg:sitea:grouprole')

    SAML_ATTRIBUTE_VALUES = (ATTRIBUTE_VALUES, ('*****@*****.**', ),
                             ('Philip', ), ('Kershaw', ), (('siteagroup',
                                                            'default'), ))

    SAML_ATTRIBUTE_FRIENDLY_NAMES = ('', ) * len(ATTRIBUTE_NAMES) + (
        "EmailAddress", "FirstName", "LastName", "groupRole")
    SAML_ATTRIBUTE_FORMATS = (
        SAMLConstants.XSD_NS+"#"+XSStringAttributeValue.TYPE_LOCAL_NAME,) * (
        len(SAML_ATTRIBUTE_NAMES)-1) + \
        (ESGFGroupRoleAttributeValue.TYPE_LOCAL_NAME, )

    SAML_ATTRIBUTES = []

    name, val, vals, format, friendlyName = (None, None, None, None, None)
    for name, vals, format, friendlyName in zip(SAML_ATTRIBUTE_NAMES,
                                                SAML_ATTRIBUTE_VALUES,
                                                SAML_ATTRIBUTE_FORMATS,
                                                SAML_ATTRIBUTE_FRIENDLY_NAMES):
        SAML_ATTRIBUTES.append(Attribute())
        SAML_ATTRIBUTES[-1].name = name
        SAML_ATTRIBUTES[-1].nameFormat = format
        SAML_ATTRIBUTES[-1].friendlyName = friendlyName
        for val in vals:
            if isinstance(val, tuple):
                SAML_ATTRIBUTES[-1].attributeValues.append(
                    ESGFGroupRoleAttributeValue())
                SAML_ATTRIBUTES[-1].attributeValues[-1].value = val
            else:
                SAML_ATTRIBUTES[-1].attributeValues.append(
                    XSStringAttributeValue())
                SAML_ATTRIBUTES[-1].attributeValues[-1].value = val

    del name, val, vals, format, friendlyName

    # 8 hours validity for issued assertions
    SAML_ASSERTION_LIFETIME = 8 * 60 * 60

    VALID_USER_IDS = ("https://openid.localhost/philip.kershaw",
                      TestUserDatabase.OPENID_URI)
    VALID_REQUESTOR_IDS = BaseTestCase.VALID_REQUESTOR_IDS

    INSUFFICIENT_PRIVILEGES_REQUESTOR_ID = X500DN.from_string(
        "/O=Site B/CN=Authorisation Service")

    def __init__(self, propertiesFilePath=None):
        pass

    def getRoles(self, userId):
        return TestUserRoles.ATTRIBUTE_VALUES

    def getAttributes(self, attributeQuery, response):
        '''Test Attribute Authority SAML Attribute Query interface'''

        userId = attributeQuery.subject.nameID.value
        requestedAttributeNames = [
            attribute.name for attribute in attributeQuery.attributes
        ]
        if attributeQuery.issuer.format != Issuer.X509_SUBJECT:
            raise InvalidRequestorId(
                'Requestor issuer format "%s" is invalid' %
                attributeQuery.issuerFormat.value)

        requestorId = X500DN.fromString(attributeQuery.issuer.value)

        if userId not in TestUserRoles.VALID_USER_IDS:
            raise UserIdNotKnown('Subject Id "%s" is not known to this '
                                 'authority' % userId)

        if requestorId not in TestUserRoles.VALID_REQUESTOR_IDS:
            raise InvalidRequestorId('Requestor identity "%s" is invalid' %
                                     requestorId)

        unknownAttrNames = [
            attrName for attrName in requestedAttributeNames
            if attrName not in TestUserRoles.SAML_ATTRIBUTE_NAMES
        ]

        if len(unknownAttrNames) > 0:
            raise AttributeNotKnownError("Unknown attributes requested: %r" %
                                         unknownAttrNames)

        if requestorId == TestUserRoles.INSUFFICIENT_PRIVILEGES_REQUESTOR_ID:
            raise AttributeReleaseDenied("Attribute release denied for the "
                                         'requestor "%s"' % requestorId)

        # Create a new assertion to hold the attributes to be returned
        assertion = Assertion()

        assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
        assertion.id = str(uuid4())
        assertion.issueInstant = response.issueInstant

        assertion.issuer = Issuer()
        assertion.issuer.value = response.issuer.value
        assertion.issuer.format = Issuer.X509_SUBJECT

        assertion.conditions = Conditions()
        assertion.conditions.notBefore = assertion.issueInstant
        assertion.conditions.notOnOrAfter = assertion.conditions.notBefore + \
            timedelta(seconds=TestUserRoles.SAML_ASSERTION_LIFETIME)

        assertion.subject = Subject()
        assertion.subject.nameID = NameID()
        assertion.subject.nameID.format = attributeQuery.subject.nameID.format
        assertion.subject.nameID.value = attributeQuery.subject.nameID.value

        attributeStatement = AttributeStatement()

        # Add test set of attributes
        for name in requestedAttributeNames:
            attributeFound = False
            for attribute in TestUserRoles.SAML_ATTRIBUTES:
                if attribute.name == name:
                    attributeFound = True
                    break

            if attributeFound:
                attributeStatement.attributes.append(attribute)
            else:
                raise AttributeNotKnownError(
                    "Unknown attribute requested: %s" % name)

        assertion.attributeStatements.append(attributeStatement)
        response.assertions.append(assertion)