source: TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_soapauthzdecisioninterface.py @ 7155

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_soapauthzdecisioninterface.py@7155
Revision 7155, 3.1 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • migrating to ndg.saml and ndg.soap imports now that SAML WSGI middleware has moved to ndg.saml egg.
  • Property svn:executable set to *
  • Property svn:keywords set to Id
Line 
1#!/usr/bin/env python
2"""Unit tests for WSGI SAML 2.0 SOAP Authorisation Decision Query Interface
3
4NERC DataGrid Project
5"""
6__author__ = "P J Kershaw"
7__date__ = "15/02/2010"
8__copyright__ = "(C) 2010 Science and Technology Facilities Council"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = '$Id$'
12import logging
13logging.basicConfig(level=logging.DEBUG)
14
15import unittest
16from os import path
17from xml.etree import ElementTree
18
19from ndg.saml.saml2.core import StatusCode, DecisionType, Action
20from ndg.saml.xml.etree import ResponseElementTree
21from ndg.security.common.utils.etree import prettyPrint
22from ndg.saml.saml2.binding.soap.client.authzdecisionquery import ( 
23                                        AuthzDecisionQuerySslSOAPBinding)
24
25class EsgAuthzServiceTestCase(unittest.TestCase):
26    THIS_DIR = path.dirname(__file__)
27    CA_DIR = path.join(THIS_DIR, 'ca')
28
29    def _readParamFile(filePath):
30        try:
31            return open(filePath).read().strip()
32        except IOError:
33            return None
34   
35    RESOURCE_URI = _readParamFile(path.join(THIS_DIR, 'resource.txt'))
36    SUBJECT = _readParamFile(path.join(THIS_DIR, 'subject.txt'))
37    ISSUER_NAME = '/O=STFC/OU=BADC/CN=TestAuthorizationClient'
38    ACTION = 'Read'
39    ACTION_NS_URI = Action.RWEDC_NEGATION_NS_URI
40    AUTHZ_SERVICE_URI = _readParamFile(path.join(THIS_DIR, 'endpoint.txt'))
41       
42    def test01ValidQuery(self):       
43        binding = AuthzDecisionQuerySslSOAPBinding()
44        binding.actions.append(Action())
45        binding.actions[0].namespace = EsgAuthzServiceTestCase.ACTION_NS_URI
46        binding.actions[0].value = EsgAuthzServiceTestCase.ACTION   
47        binding.resourceURI = EsgAuthzServiceTestCase.RESOURCE_URI
48        binding.subjectID = EsgAuthzServiceTestCase.SUBJECT
49        binding.issuerName = EsgAuthzServiceTestCase.ISSUER_NAME
50       
51        # SSL Context Proxy settings
52        binding.sslCACertDir = EsgAuthzServiceTestCase.CA_DIR
53
54        # Add tolerance of 1 second for clock skew either side of issue instant
55        # and not before / notOnOrAfter times
56        binding.clockSkewTolerance = 1
57       
58        response = binding.send(uri=EsgAuthzServiceTestCase.AUTHZ_SERVICE_URI)
59        samlResponseElem = ResponseElementTree.toXML(response)
60       
61        print("SAML Response ...")
62        print(ElementTree.tostring(samlResponseElem))
63        print("Pretty print SAML Response ...")
64        print(prettyPrint(samlResponseElem))
65
66
67        self.assert_(response.status.statusCode.value == \
68                     StatusCode.SUCCESS_URI)
69        self.assert_(response.inResponseTo == binding.query.id)
70        self.assert_(response.assertions[0])
71        self.assert_(response.assertions[0].subject.nameID.value == \
72                     binding.query.subject.nameID.value)
73        self.assert_(response.assertions[0].authzDecisionStatements[0])
74        self.assert_(response.assertions[0].authzDecisionStatements[0
75                                            ].decision == DecisionType.PERMIT)
76       
77
78 
79if __name__ == "__main__":
80    unittest.main()
Note: See TracBrowser for help on using the repository browser.