1   
  2   
  3   
  4   
  5   
  6   
  7   
  8   
  9   
 10   
 11   
 12   
 13   
 14   
 15   
 16   
 17  """ 
 18  The I{wsse} module provides WS-Security. 
 19  """ 
 20   
 21  from logging import getLogger 
 22  from suds import * 
 23  from suds.sudsobject import Object 
 24  from suds.sax.element import Element 
 25  from suds.sax.date import UTC 
 26  from datetime import datetime, timedelta 
 27   
 28  try: 
 29      from hashlib import md5 
 30  except ImportError: 
 31       
 32      from md5 import md5 
 33   
 34   
 35  dsns = \ 
 36      ('ds', 
 37       'http://www.w3.org/2000/09/xmldsig#') 
 38  wssens = \ 
 39      ('wsse',  
 40       'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd') 
 41  wsuns = \ 
 42      ('wsu', 
 43       'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd') 
 44  wsencns = \ 
 45      ('wsenc', 
 46       'http://www.w3.org/2001/04/xmlenc#') 
 50      """ 
 51      WS-Security object. 
 52      @ivar tokens: A list of security tokens 
 53      @type tokens: [L{Token},...] 
 54      @ivar signatures: A list of signatures. 
 55      @type signatures: TBD 
 56      @ivar references: A list of references. 
 57      @type references: TBD 
 58      @ivar keys: A list of encryption keys. 
 59      @type keys: TBD 
 60      """ 
 61       
 63          """ """ 
 64          Object.__init__(self) 
 65          self.mustUnderstand = True 
 66          self.tokens = [] 
 67          self.signatures = [] 
 68          self.references = [] 
 69          self.keys = [] 
  70           
 72          """ 
 73          Get xml representation of the object. 
 74          @return: The root node. 
 75          @rtype: L{Element} 
 76          """ 
 77          root = Element('Security', ns=wssens) 
 78          root.set('mustUnderstand', str(self.mustUnderstand).lower()) 
 79          for t in self.tokens: 
 80              root.append(t.xml()) 
 81          return root 
   82   
 85      """ I{Abstract} security token. """ 
 86       
 87      @classmethod 
 90       
 91      @classmethod 
 93          return datetime.utcnow() 
  94       
 95      @classmethod 
 99       
 102   
105      """ 
106      Represents a basic I{UsernameToken} WS-Secuirty token. 
107      @ivar username: A username. 
108      @type username: str 
109      @ivar password: A password. 
110      @type password: str 
111      @ivar nonce: A set of bytes to prevent reply attacks. 
112      @type nonce: str 
113      @ivar created: The token created. 
114      @type created: L{datetime} 
115      """ 
116   
117 -    def __init__(self, username=None, password=None): 
 118          """ 
119          @param username: A username. 
120          @type username: str 
121          @param password: A password. 
122          @type password: str 
123          """ 
124          Token.__init__(self) 
125          self.username = username 
126          self.password = password 
127          self.nonce = None 
128          self.created = None 
 129           
131          """ 
132          Set I{nonce} which is arbitraty set of bytes to prevent 
133          reply attacks. 
134          @param text: The nonce text value. 
135              Generated when I{None}. 
136          @type text: str 
137          """ 
138          if text is None: 
139              s = [] 
140              s.append(self.username) 
141              s.append(self.password) 
142              s.append(Token.sysdate()) 
143              m = md5() 
144              m.update(':'.join(s)) 
145              self.nonce = m.hexdigest() 
146          else: 
147              self.nonce = text 
 148           
150          """ 
151          Set I{created}. 
152          @param dt: The created date & time. 
153              Set as datetime.utc() when I{None}. 
154          @type dt: L{datetime} 
155          """ 
156          if dt is None: 
157              self.created = Token.utc() 
158          else: 
159              self.created = dt 
 160           
161           
 184   
187      """ 
188      Represents the I{Timestamp} WS-Secuirty token. 
189      @ivar created: The token created. 
190      @type created: L{datetime} 
191      @ivar expires: The token expires. 
192      @type expires: L{datetime} 
193      """ 
194   
196          """ 
197          @param validity: The time in seconds. 
198          @type validity: int 
199          """ 
200          Token.__init__(self) 
201          self.created = Token.utc() 
202          self.expires = self.created + timedelta(seconds=validity) 
 203           
 213