?&j@bUdZddlmZddlZddlZddlZddlZddlZddl Zddl m Z m Z m Z mZddlmZdZdZdZd Zd d d d Zded<dZGddeZGddeZGddeZGddeZd%dZd&dZd'dZ d(dZ!d)dZ"ded d*dZ#d+d Z$d,d!Z%d-d"Z&Gd#d$Z'y).u alloggiati/client.py ==================== Low-level HTTP/SOAP client for the Alloggiati Web police portal. Responsibilities: - Build well-formed SOAP/XML request envelopes - Authenticate (CODES or DIGITAL_CERTIFICATE) - Send payloads with timeout + retry safety - Parse server responses into structured Python dicts - Raise typed exceptions — never swallow errors silently Security rules enforced here: - Credentials are accepted as in-memory strings only (never re-persisted) - No guest PII appears in exception messages or logs - Certificate/key material is written to a tempfile only for the duration of the SSL handshake, then immediately deleted Alloggiati Web SOAP endpoint (Italian Police): https://alloggiatiweb.poliziadistato.it/PortaleAlloggiati/Service.asmx NOTE: This client is intentionally decoupled from Django models. All inputs are plain Python values; no ORM objects are accepted. ) annotationsN)AnyDictListOptional) ElementTreezFhttps://alloggiatiweb.poliziadistato.it/PortaleAlloggiati/Service.asmxzFhttps://alloggiatiweb.poliziadistato.it/PortaleAlloggiati/AuthenticatezDhttps://alloggiatiweb.poliziadistato.it/PortaleAlloggiati/SendGuestsz:https://alloggiatiweb.poliziadistato.it/PortaleAlloggiati/ PASSAPORTOzCARTA IDENTITAPATENTE)passportid_carddrivers_licensezDict[str, str]_DOCUMENT_TYPE_MAPceZdZdZy)AlloggiatiClientErrorz+Base exception for all client-level errors.N__name__ __module__ __qualname____doc__/backend/alloggiati/client.pyrrDs5rrceZdZdZy)AlloggiatiAuthErrorz5Raised when authentication with Alloggiati Web fails.NrrrrrrHs?rrceZdZdZy)AlloggiatiNetworkErrorz(Raised on timeout or connection failure.NrrrrrrLs2rrceZdZdZy)AlloggiatiResponseErrorzERaised when the server returns a parseable but unsuccessful response.NrrrrrrPsOrrc| t|nd}|jddjddjddjdd jd d S) z6Escape a value for safe inclusion in XML text content.&z&z>"z"'z')strreplace)valuetexts r _xml_escaper+XsV*3u:D g  f  f  h  h  rc^tjdtd|djS)z:Wrap a SOAP body fragment in a standard SOAP 1.1 envelope.a z5 )textwrapdedent_SOAP_NSstrip)body_xmls r_soap_enveloper2es< ??  !z" J    rc8dt|dt|dS)Nzzz")r+)usernamepasswords r_build_auth_bodyr6us1 "8,-.$X./0 rcTtj|jdxsdjt|jdxsd}dt|jdddt|jdddt|jddd t|jd dd t|jd dd t|jdddt|jdddt|jdddt|jdddt|jddd|dt|jdddt|jdddS)zh Serialise a single AlloggiatiPayload dict into the Alloggiati XML element format. document_typer!z structure_idz arrival_datezdeparture_datez last_namez first_namezgenderUz date_of_birthzplace_of_birth_cityzplace_of_birth_countryz nationalityzz!document_numberz*document_issuing_countryz")rgetlowerr+)payloaddoc_codes r_build_guest_xmlrJ~s "%% _ % +224GKK06B7H  ' NB(GHIJ"7;;~r#BCDE$W[[1A2%FGHI K <=>?W[[r:;<=gkk(C89:;#GKK$DEFG%gkk2G&LMNO$W[[1I2%NOPQ$W[[%CDEF"$' 4Er(JKLM# w{{#=rB C D  rcVdjd|D}dt|d|dS)Nr!c32K|]}t|ywN)rJ).0gs r z#_build_send_body..s9&Q%a(&szzz)joinr+)tokenguestsschedes r_build_send_bodyrUs? WW9&9 9F !%()*h r) ssl_contexttimeoutcN|jd}tjjt|d}|j dd|j dd|d|j dt t| tjj||| 5}|jjdcd d d S#1swYy xYw#tjj$r}td |jd |d }~wtjj$rY}t |j }d |j#vsd|j#vr t%d|t%d||d }~wt&$r}t%d|d }~wwxYw)z Send a SOAP envelope via HTTP POST and return the raw response body. Raises: AlloggiatiNetworkError: On timeout or connection failure. AlloggiatiResponseError: On non-200 HTTP status. zutf-8POST)datamethodz Content-Typeztext/xml; charset=utf-8 SOAPActionr%zContent-Length)contextrWNzAlloggiati Web returned HTTP .z timed outrWz'Connection to Alloggiati Web timed out.z)Network error contacting Alloggiati Web: )encodeurllibrequestRequest_SOAP_ENDPOINT add_headerr'lenurlopenreaddecodeerror HTTPErrorrcodeURLErrorreasonrGr TimeoutError) envelope soap_actionrVrW body_bytesreqrespexcrms r _post_soaprusp)J .. j PCNN>#<=NN<1[M!34NN#SZ%9: ^^ # #Cg # NRV99;%%g.O N N << ! !%+CHH:Q 7   << SZZ &,,. (I,G(9 %7x @   $ 5  sO"C'C CCCCF$9D F$3AF F$ FF$c tj|}|j d}||j xsdj s td|j j }|jjdr td|S#tj$r}td|d}~wwxYw)z Extract the session token from an Authenticate SOAP response. Raises: AlloggiatiAuthError: If the response indicates failure or is malformed. z)Malformed XML in authentication response.Nz.//{*}AuthenticateResultr!z;Authentication failed: no token returned by Alloggiati Web.ERRORz*Authentication rejected by Alloggiati Web.) ET fromstring ParseErrorrfindr*r0upper startswith)xml_bodyrootrt result_elrRs r_parse_auth_responsers}}X&  45I!52 < < >! I   NN "E {{}(! 8   L! ==! 7  sBB=, B88B=cF tj|}|j d}||j xsdj nd}g}|jdD]o}|j d}|j d}|j|t|j nd||j xsdj nd d q|j d } |j d } | !| j rt| j nd } | !| j rt| j n t|} |jjd xrt|d k(} | | | ||dS#tj$r}td|d}~wwxYw)az Parse a SendGuests SOAP response into a structured result dict. Returns: { "success": bool, "accepted": int, "rejected": int, "rejected_details": [{"index": int, "reason": str}, ...], "raw_message": str, } Raises: AlloggiatiResponseError: If the response XML is unparseable. z%Malformed XML in SendGuests response.Nz.//{*}SendGuestsResultr!z.//{*}GuestErrorz{*}Indexz {*}Messageunknown)indexrmz.//{*}AcceptedCountz.//{*}RejectedCountrrwsuccessacceptedrejectedrejected_details raw_message) rxryrzrr{r*r0findallappendintrer|r})r~rrtrrrerr_elidx_elmsg_el accepted_el rejected_elrrrs r_parse_send_responsers }}X&  23I4=4I9>>'R..0rK-/,,12Z(\*-3-?V[[)R9?9K6;;,"335QZ  3))12K))12K(3(?KDTDTs;##$Z[H  "{'7'7 K   ! "      * *7 33 '  !Q & ,"  C ==% 3  sE<<F  FF ctjtj}d|_tj|_t jd\}}t jd\}} tj|d5}|j|dddtj|d5}|j|ddd |j|| ||fD]} tj| |S#1swYoxYw#1swYKxYw#tj$r}td|d}~wwxYw#t$rYgwxYw#||fD]'} tj| #t$rY%wxYwwxYw)u Build an SSL context for mTLS using in-memory PEM strings. PEM data is written to a tempfile only for context creation, then immediately deleted — even on exception. Raises: AlloggiatiAuthError: If the certificate/key material is invalid. Tz.pem)suffixwN)certfilekeyfilez;Invalid certificate or private key for Alloggiati Web mTLS.)ssl SSLContextPROTOCOL_TLS_CLIENTcheck_hostname CERT_REQUIRED verify_modetempfilemkstemposfdopenwriteload_cert_chainSSLErrorrunlinkOSError) certificate_pemprivate_key_pemctxcert_fd cert_pathkey_fdkey_pathfrtpaths r_build_mtls_contextr4s] ..00 1CC''CO!))8GY''v6FH YYw $ GGO $% YYvs #q GGO $$    H  E )D  $* J#% $ # #|| %M    )D  $  *s3E D E9D ED!0E DEDE!E4 EEE EEF E65F6 F ?FF FceZdZdZddded d dZeed d dZeed d dZdd Z dd Z y)AlloggiatiClienta Stateless client for the Alloggiati Web SOAP API. Instantiate with decrypted credential values (plain strings). The client does not interact with the database. Usage (CODES mode): client = AlloggiatiClient.from_codes(username="...", password="...") result = client.send_guests(guests=[...]) Usage (DIGITAL_CERTIFICATE mode): client = AlloggiatiClient.from_certificate( certificate_pem="...", private_key_pem="..." ) result = client.send_guests(guests=[...]) r!N)r4r5rVrWcJ||_||_||_||_||_yrM)_mode _username _password _ssl_context_timeout)selfmoder4r5rVrWs r__init__zAlloggiatiClient.__init__os( !!' r)rWc|d|||S)z=Create a client for CODES (username/password) authentication.CODES)rr4r5rWr)clsr4r5rWs r from_codeszAlloggiatiClient.from_codes~s(XwWWrc0t||}|d||S)z>Create a client for DIGITAL_CERTIFICATE (mTLS) authentication.DIGITAL_CERTIFICATE)rrVrW)r)rrrrWrVs rfrom_certificatez!AlloggiatiClient.from_certificates!*/?K -;PWXXrc|jdk(rytt|j|j}t |t |j}t|S)a  Obtain a session token from Alloggiati Web. For CODES mode: performs a SOAP Authenticate call. For DIGITAL_CERTIFICATE mode: the mTLS handshake acts as auth; returns a synthetic token placeholder (the portal may return one automatically on the first SendGuests call). Returns: Session token string. Raises: AlloggiatiAuthError: On credential rejection or missing token. AlloggiatiNetworkError: On connection failure. r__MTLS_SESSION__)rorprW) rr2r6rrru_SOAP_ACTION_AUTHrr)rror~s r authenticatezAlloggiatiClient.authenticatesV ::. .&""24>>4>>"RS)MM  $H--rc|sdddgddS|j}|jdk(r |jnd}tt ||}t |t ||j}t|S)u Authenticate and send a list of guest payloads to Alloggiati Web. Args: guests: List of AlloggiatiPayload dicts (from transformer). Returns: Parsed response dict: { "success": bool, "accepted": int, "rejected": int, "rejected_details": [...], "raw_message": str, } Raises: AlloggiatiAuthError: If authentication fails — caller must stop sync. AlloggiatiNetworkError: On timeout or connection failure. AlloggiatiResponseError: On malformed server response. TrzNo guests to send.rrN)rorprVrW) rrrr2rUru_SOAP_ACTION_SENDrr)rrSrRssl_ctxror~s r send_guestszAlloggiatiClient.send_guestss,$&3  !!#'+zz5J'J$##PT!"25&"AB)MM   $H--r) rr'r4r'r5r'rVOptional[ssl.SSLContext]rWrreturnNone)r4r'r5r'rWrr'AlloggiatiClient')rr'rr'rWrrr)rr')rSList[Dict[str, Any]]rDict[str, Any]) rrrr_DEFAULT_TIMEOUTr classmethodrrrrrrrrr]s*04'        .        ( XX X  X  XX ( Y Y Y  Y  Y Y.F).rr)r)rrr')r1r'rr')r4r'r5r'rr')rHrrr')rRr'rSrrr') ror'rpr'rVrrWrrr')r~r'rr')r~r'rr)rr'rr'rzssl.SSLContext)(r __future__rrrrr-urllib.requestr` urllib.errortypingrrrr xml.etreerrxrcrrr/r__annotations__r Exceptionrrrrr+r2r6rJrUrurrrrrrrrs2# ,,'& MK H &N 6I6@/@323P3P   <$-1# '''* '  '  '\89@"RH.H.r