root/trunk/rp/common/python/docs/infocardlib.html

<!doctype html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Python: module infocardlib</title>
</head><body bgcolor="#f0f0f8">

<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading">
<tr bgcolor="#7799ee">
<td valign=bottom>&nbsp;<br>
<font color="#ffffff" face="helvetica, arial">&nbsp;<br><big><big><strong>infocardlib</strong></big></big></font></td
><td align=right valign=bottom
><font color="#ffffff" face="helvetica, arial"><a href=".">index</a><br><a href="file:/home/dbuss/dev/bandit/rp/common/python/infocard/infocardlib.py">/home/dbuss/dev/bandit/rp/common/python/infocard/infocardlib.py</a></font></td></tr></table>
    <p><tt>#&nbsp;&nbsp;Copyright&nbsp;(c)&nbsp;2007,&nbsp;2008&nbsp;Novell,&nbsp;Inc.<br>
#&nbsp;&nbsp;All&nbsp;Rights&nbsp;Reserved.</tt></p>
<p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#aa55cc">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#fffff" face="helvetica, arial"><big><strong>Modules</strong></big></font></td></tr>
    
<tr><td bgcolor="#aa55cc"><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</tt></td><td>&nbsp;</td>
<td width="100%"><table width="100%" summary="list"><tr><td width="25%" valign=top><a href="cookielib.html">cookielib</a><br>
<a href="datetime.html">datetime</a><br>
<a href="event.html">event</a><br>
</td><td width="25%" valign=top><a href="hashlib.html">hashlib</a><br>
<a href="xml.dom.minidom.html">xml.dom.minidom</a><br>
<a href="re.html">re</a><br>
</td><td width="25%" valign=top><a href="sys.html">sys</a><br>
<a href="traceback.html">traceback</a><br>
<a href="urlparse.html">urlparse</a><br>
</td><td width="25%" valign=top><a href="_xmlplus.html">_xmlplus</a><br>
<a href="xmlseclibs.html">xmlseclibs</a><br>
<a href="xml.xpath.html">xml.xpath</a><br>
</td></tr></table></td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#ee77aa">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Classes</strong></big></font></td></tr>
    
<tr><td bgcolor="#ee77aa"><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</tt></td><td>&nbsp;</td>
<td width="100%"><dl>
<dt><font face="helvetica, arial"><a href="infocardlib.html#InfoCardProcessor">InfoCardProcessor</a>
</font></dt><dt><font face="helvetica, arial"><a href="infocardlib.html#SecToken">SecToken</a>
</font></dt></dl>
 <p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#ffc8d8">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#000000" face="helvetica, arial"><a name="InfoCardProcessor">class <strong>InfoCardProcessor</strong></a></font></td></tr>
    
<tr bgcolor="#ffc8d8"><td rowspan=2><tt>&nbsp;&nbsp;&nbsp;</tt></td>
<td colspan=2><tt>Base&nbsp;object&nbsp;for&nbsp;consumers&nbsp;who&nbsp;wish&nbsp;to&nbsp;build&nbsp;a&nbsp;python&nbsp;based&nbsp;RP&nbsp;for&nbsp;<br>
processing&nbsp;information&nbsp;cards&nbsp;and&nbsp;dealing&nbsp;with&nbsp;cardspace.<br>
&nbsp;<br>
This&nbsp;object&nbsp;may&nbsp;be&nbsp;created&nbsp;and&nbsp;configured&nbsp;once&nbsp;then&nbsp;used&nbsp;to&nbsp;evaluate&nbsp;many&nbsp;<br>
security&nbsp;tokens<br>&nbsp;</tt></td></tr>
<tr><td>&nbsp;</td>
<td width="100%">Methods defined here:<br>
<dl><dt><a name="InfoCardProcessor-__init__"><strong>__init__</strong></a>(self)</dt></dl>

<dl><dt><a name="InfoCardProcessor-processToken"><strong>processToken</strong></a>(self, xmlToken<font color="#909090">=None</font>)</dt><dd><tt>Parse&nbsp;the&nbsp;token&nbsp;using&nbsp;prevously&nbsp;configured&nbsp;keys,&nbsp;claims&nbsp;and&nbsp;options.<br>
&nbsp;<br>
returns&nbsp;a&nbsp;<a href="#SecToken">SecToken</a>&nbsp;objec,&nbsp;the&nbsp;returned&nbsp;secToken&nbsp;may&nbsp;or&nbsp;may&nbsp;not&nbsp;be&nbsp;valid,<br>
it&nbsp;is&nbsp;up&nbsp;to&nbsp;the&nbsp;caller&nbsp;to&nbsp;check&nbsp;secToken.isValid()</tt></dd></dl>

<dl><dt><a name="InfoCardProcessor-setClaims"><strong>setClaims</strong></a>(self, required, optional<font color="#909090">=None</font>, multivalued<font color="#909090">=None</font>)</dt><dd><tt>Helper&nbsp;function&nbsp;to&nbsp;simplify&nbsp;setting&nbsp;of&nbsp;the&nbsp;optional&nbsp;and&nbsp;required<br>
claims,&nbsp;as&nbsp;well&nbsp;as&nbsp;which&nbsp;claims&nbsp;may&nbsp;be&nbsp;multivalued.<br>
&nbsp;<br>
Failure&nbsp;to&nbsp;tell&nbsp;the&nbsp;processor&nbsp;which&nbsp;claims&nbsp;are&nbsp;expected&nbsp;may&nbsp;result&nbsp;in<br>
errors&nbsp;being&nbsp;reported.&nbsp;&nbsp;&nbsp;The&nbsp;process&nbsp;helps&nbsp;verify&nbsp;that&nbsp;all&nbsp;required&nbsp;claims<br>
were&nbsp;received&nbsp;and&nbsp;that&nbsp;no&nbsp;additional&nbsp;claims&nbsp;were&nbsp;sent.<br>
&nbsp;<br>
Todo:&nbsp;insert&nbsp;empty&nbsp;claim&nbsp;handling<br>
Todo:&nbsp;insert&nbsp;custom&nbsp;claim&nbsp;transformations<br>
&nbsp;<br>
always&nbsp;returns&nbsp;None</tt></dd></dl>

<dl><dt><a name="InfoCardProcessor-setDecode"><strong>setDecode</strong></a>(self, privateKey, passPhrase<font color="#909090">=None</font>, isFile<font color="#909090">=False</font>, isCert<font color="#909090">=True</font>)</dt><dd><tt>Setup&nbsp;the&nbsp;cert/private&nbsp;key&nbsp;used&nbsp;to&nbsp;decrypt&nbsp;tokens.&nbsp;&nbsp;In&nbsp;many&nbsp;cases&nbsp;this&nbsp;<br>
will&nbsp;be&nbsp;the&nbsp;servers&nbsp;ssl&nbsp;cert.<br>
&nbsp;<br>
always&nbsp;returns&nbsp;None</tt></dd></dl>

<dl><dt><a name="InfoCardProcessor-setOptions"><strong>setOptions</strong></a>(self, options)</dt><dd><tt>Set&nbsp;options&nbsp;for&nbsp;processing&nbsp;the&nbsp;security&nbsp;token<br>
&nbsp;<br>
The&nbsp;most&nbsp;common&nbsp;options&nbsp;relate&nbsp;to&nbsp;the&nbsp;overriding&nbsp;of&nbsp;event&nbsp;severity,&nbsp;please<br>
see&nbsp;evemt.py&nbsp;for&nbsp;details&nbsp;of&nbsp;option&nbsp;name&nbsp;and&nbsp;values.</tt></dd></dl>

</td></tr></table> <p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#ffc8d8">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#000000" face="helvetica, arial"><a name="SecToken">class <strong>SecToken</strong></a></font></td></tr>
    
<tr bgcolor="#ffc8d8"><td rowspan=2><tt>&nbsp;&nbsp;&nbsp;</tt></td>
<td colspan=2><tt>Class&nbsp;for&nbsp;the&nbsp;parsing&nbsp;and&nbsp;holding&nbsp;of&nbsp;security&nbsp;token&nbsp;data<br>
&nbsp;<br>
Instantiate,&nbsp;configure,&nbsp;process,&nbsp;check&nbsp;validity<br>
Typiclly&nbsp;not&nbsp;directly&nbsp;instanciated,&nbsp;instead&nbsp;<a href="#InfoCardProcessor">InfoCardProcessor</a>&nbsp;is&nbsp;used&nbsp;to&nbsp;<br>
hold&nbsp;the&nbsp;common&nbsp;configuration&nbsp;and&nbsp;as&nbsp;a&nbsp;factory&nbsp;for&nbsp;creating&nbsp;SecTokens<br>
&nbsp;<br>
Todo:&nbsp;&nbsp;currently&nbsp;only&nbsp;supports&nbsp;SAML&nbsp;1.0/1.1&nbsp;tokens,&nbsp;that&nbsp;should&nbsp;be&nbsp;abstracted&nbsp;out<br>
to&nbsp;allow&nbsp;for&nbsp;many&nbsp;token&nbsp;types.<br>&nbsp;</tt></td></tr>
<tr><td>&nbsp;</td>
<td width="100%">Methods defined here:<br>
<dl><dt><a name="SecToken-__init__"><strong>__init__</strong></a>(self, options<font color="#909090">=None</font>)</dt></dl>

<dl><dt><a name="SecToken-getAssertionValues"><strong>getAssertionValues</strong></a>(self, identifier<font color="#909090">=None</font>)</dt><dd><tt>Allows&nbsp;retrivial&nbsp;of&nbsp;any&nbsp;claim&nbsp;or&nbsp;assertion&nbsp;associated&nbsp;with&nbsp;the&nbsp;security&nbsp;token<br>
&nbsp;<br>
Todo::&nbsp;&nbsp;visit&nbsp;and&nbsp;finish&nbsp;this&nbsp;function<br>
Returns&nbsp;either&nbsp;the&nbsp;data&nbsp;or&nbsp;None</tt></dd></dl>

<dl><dt><a name="SecToken-getMetaDataValues"><strong>getMetaDataValues</strong></a>(self, identifier<font color="#909090">=None</font>)</dt><dd><tt>Allows&nbsp;retrivial&nbsp;of&nbsp;any&nbsp;meta&nbsp;data&nbsp;associated&nbsp;with&nbsp;the&nbsp;security&nbsp;token<br>
&nbsp;<br>
Note:&nbsp;currently&nbsp;all&nbsp;meta&nbsp;data&nbsp;is&nbsp;single&nbsp;valued!<br>
Pass&nbsp;a&nbsp;specific&nbsp;string&nbsp;for&nbsp;the&nbsp;identifier&nbsp;and&nbsp;receive&nbsp;either&nbsp;a&nbsp;<br>
string&nbsp;or&nbsp;None<br>
If&nbsp;the&nbsp;identifier&nbsp;is&nbsp;None&nbsp;then&nbsp;a&nbsp;dictionary&nbsp;of&nbsp;all&nbsp;meta&nbsp;data&nbsp;is&nbsp;returned</tt></dd></dl>

<dl><dt><a name="SecToken-processToken"><strong>processToken</strong></a>(self, xmlToken, options)</dt><dd><tt>Process&nbsp;the&nbsp;token,&nbsp;until&nbsp;processed&nbsp;no&nbsp;data&nbsp;is&nbsp;present<br>
&nbsp;<br>
returns&nbsp;True&nbsp;if&nbsp;valid,&nbsp;False&nbsp;if&nbsp;invalid.&nbsp;&nbsp;&nbsp;Events&nbsp;are&nbsp;logged&nbsp;to&nbsp;<br>
self.<strong>eventLog</strong>&nbsp;detialing&nbsp;failure&nbsp;reasons.</tt></dd></dl>

</td></tr></table></td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#eeaa77">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Functions</strong></big></font></td></tr>
    
<tr><td bgcolor="#eeaa77"><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</tt></td><td>&nbsp;</td>
<td width="100%"><dl><dt><a name="-checkDateConditions"><strong>checkDateConditions</strong></a>(start<font color="#909090">=None</font>, end<font color="#909090">=None</font>, difference<font color="#909090">=300</font>)</dt><dd><tt>Validate&nbsp;a&nbsp;datetime&nbsp;is&nbsp;in&nbsp;range.&nbsp;&nbsp;&nbsp;<br>
&nbsp;<br>
difference&nbsp;in&nbsp;seconds&nbsp;allows&nbsp;for&nbsp;clock&nbsp;skew.<br>
&nbsp;<br>
Todo::&nbsp;need&nbsp;work&nbsp;on&nbsp;ISO&nbsp;date&nbsp;checking&nbsp;-&nbsp;skip&nbsp;for&nbsp;now<br>
&nbsp;<br>
returns&nbsp;True&nbsp;if&nbsp;time&nbsp;is&nbsp;in&nbsp;range&nbsp;False&nbsp;if&nbsp;not&nbsp;in&nbsp;range</tt></dd></dl>
</td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#55aa55">
<td colspan=3 valign=bottom>&nbsp;<br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Data</strong></big></font></td></tr>
    
<tr><td bgcolor="#55aa55"><tt>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</tt></td><td>&nbsp;</td>
<td width="100%"><strong>BEARER_TOKEN</strong> = 'urn:oasis:names:tc:SAML:1.0:cm:bearer'<br>
<strong>HOLDER_OF_KEY_TOKEN</strong> = 'urn:oasis:names:tc:SAML:1.0:cm:holder-of-key'<br>
<strong>META_AssertionID</strong> = 'AssertionID'<br>
<strong>META_Audience</strong> = 'Audience'<br>
<strong>META_CardKeyHash</strong> = 'CardKeyHash'<br>
<strong>META_IssueInstant</strong> = 'IssueInstant'<br>
<strong>META_Issuer</strong> = 'Issuer'<br>
<strong>META_MajorVersion</strong> = 'MajorVersion'<br>
<strong>META_MinorVersion</strong> = 'MinorVersion'<br>
<strong>META_NotBefore</strong> = 'NotBefore'<br>
<strong>META_NotOnOrAfter</strong> = 'NotOnOrAfter'<br>
<strong>META_SubjectConfirmation</strong> = 'SubjectConfirmationNethod'<br>
<strong>OPTION_CryptoKey</strong> = 'cryptoKey'<br>
<strong>OPTION_CryptoKeyIsCert</strong> = 'cryptoKeyIsCert'<br>
<strong>OPTION_CryptoKeyIsFile</strong> = 'cryptoKeyIsFile'<br>
<strong>OPTION_CryptoKeyPass</strong> = 'cryptoKeyPass'<br>
<strong>OPTION_multivalued_claims</strong> = 'multivalued_claims'<br>
<strong>OPTION_optional_claims</strong> = 'optional_claims'<br>
<strong>OPTION_required_claims</strong> = 'required_claims'<br>
<strong>SAML_1_0_ASSERT_NS</strong> = 'urn:oasis:names:tc:SAML:1.0:assertion'<br>
<strong>SAML_1_1_ASSERT_NS</strong> = 'http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1'<br>
<strong>SAML_2_0_ASSERT_NS</strong> = 'urn:oasis:names:tc:SAML:2.0:assertion'<br>
<strong>SENDER_VOUCHES_TOKEN</strong> = 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'</td></tr></table>
</body></html>