source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/x509/test_x509.py @ 7327

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/x509/test_x509.py@7327
Revision 7327, 7.4 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • added unit tests for XACML Context handler
  • Property svn:executable set to *
  • Property svn:keywords set to Id
Line 
1#!/usr/bin/env python
2"""NDG X509 Module unit tests
3
4NERC Data Grid Project
5"""
6__author__ = "P J Kershaw"
7__date__ = "03/01/07"
8__copyright__ = "(C) 2009 Science and Technology Facilities Council"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = '$Id:test_x509.py 4335 2008-10-14 12:44:22Z pjkersha $'
12import logging
13logging.basicConfig(level=logging.DEBUG)
14log = logging.getLogger(__name__)
15
16import unittest
17import os
18import sys
19import getpass
20from StringIO import StringIO
21
22from os.path import expandvars as xpdVars
23from os.path import join as jnPath
24mkPath = lambda file: jnPath(os.environ['NDGSEC_X509_UNITTEST_DIR'], file)
25
26from ConfigParser import SafeConfigParser
27
28from ndg.security.test.unit import BaseTestCase
29from ndg.security.common.X509 import (X509CertRead, X509CertParse, X500DN, 
30    X509Stack, X509StackEmptyError, SelfSignedCert, X509CertIssuerNotFound)
31
32
33class X509TestCase(BaseTestCase):
34    """Unit test X509 module"""
35    CA_DIR = os.path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'ca')
36       
37    def setUp(self):
38        super(X509TestCase, self).setUp()
39       
40        if 'NDGSEC_INT_DEBUG' in os.environ:
41            import pdb
42            pdb.set_trace()
43       
44        if 'NDGSEC_X509_UNITTEST_DIR' not in os.environ:
45            os.environ['NDGSEC_X509_UNITTEST_DIR'] = os.path.abspath(
46                                                    os.path.dirname(__file__))
47       
48        configParser = SafeConfigParser()
49        configFilePath = jnPath(os.environ['NDGSEC_X509_UNITTEST_DIR'],
50                                "x509Test.cfg")
51        configParser.read(configFilePath)
52       
53        self.cfg = {}
54        for section in configParser.sections():
55            self.cfg[section] = dict(configParser.items(section))
56                   
57    def test01X509CertRead(self):
58        # test01X509CertRead: read in a cert from file
59        self.x509Cert = X509CertRead(
60                            xpdVars(self.cfg['test01X509CertRead']['certfile']))
61        self.assert_(self.x509Cert)
62
63    def test02X509CertAsPEM(self):
64        # test02X509CertAsPEM: display as a PEM format string
65        self.test01X509CertRead()
66        self.pemString = self.x509Cert.asPEM()
67        print(self.pemString)
68
69
70    def test03X509CertParse(self):
71        # test03X509CertParse: parse from a PEM format string
72        self.test02X509CertAsPEM()
73        self.assert_(X509CertParse(self.pemString))
74
75
76    def test04GetDN(self):
77        # test04GetDN: extract distinguished name
78        self.test01X509CertRead()
79        self.dn = self.x509Cert.dn
80        print(self.dn)
81       
82    def test05DN(self):
83        # test05DN: test X.500 Distinguished Name attributes
84        self.test04GetDN()
85        for item in self.dn.items():
86            print("%s=%s" % item)
87       
88    def test06DNCmp(self):
89        # test06DNCmp: test X.500 Distinguished Name comparison operators
90        self.test04GetDN()
91        testDN = X500DN(dn="/O=a/OU=b/CN=c")
92
93        self.assert_(not(testDN == self.dn))
94        self.assert_(testDN != self.dn)
95        self.assert_(self.dn == self.dn)
96        self.assert_(not(self.dn != self.dn))
97           
98    def test07x509Stack(self):
99        # test07X509Stack: test X509Stack functionality
100
101        self.test01X509CertRead()
102        stack = X509Stack()
103        self.assert_(len(stack)==0)
104        self.assert_(stack.push(self.x509Cert))
105        self.assert_(len(stack)==1)
106        print("stack[0] = %s" % stack[0])
107        for i in stack:
108            print("stack iterator i = %s" % i)
109        print("stack.pop() = %s" % stack.pop())
110        self.assert_(len(stack)==0)
111           
112    def test08x509StackVerifyCertChain(self):
113        # test08X509StackVerifyCertChain: testVerifyCertChain method
114
115        self.test01X509CertRead()
116        proxyCert=X509CertRead(xpdVars(
117                   self.cfg['test08X509StackVerifyCertChain']['proxycertfile']))
118
119        stack1 = X509Stack()
120        stack1.push(self.x509Cert)
121       
122        caCert=X509CertRead(xpdVars(\
123                   self.cfg['test08X509StackVerifyCertChain']['cacertfile']))
124        caStack = X509Stack()
125        caStack.push(caCert)
126       
127        print("Verification of external cert with external CA stack...")
128        stack1.verifyCertChain(x509Cert2Verify=proxyCert, 
129                               caX509Stack=caStack)
130       
131        print("Verification of stack content using CA stack...")
132        stack1.push(proxyCert)
133        stack1.verifyCertChain(caX509Stack=caStack)
134       
135        print("Verification of stack alone...")
136        stack1.push(caCert)
137        stack1.verifyCertChain()
138       
139        print("Reject self-signed cert. ...")
140        stack2 = X509Stack()
141        try:
142            stack2.verifyCertChain()
143            self.fail("Empty stack error expected")
144        except X509StackEmptyError:
145            pass
146
147        stack2.push(caCert)
148        try:
149            stack2.verifyCertChain()
150            self.fail("Reject of self-signed cert. expected")
151        except SelfSignedCert:
152            pass
153       
154        print("Accept self-signed cert. ...")
155        stack2.verifyCertChain(rejectSelfSignedCert=False)
156       
157        self.assert_(stack2.pop())
158        print("Test no cert. issuer found ...")
159        stack2.push(proxyCert)
160        try:
161            stack2.verifyCertChain()
162            self.fail("No cert. issuer error expected")
163        except X509CertIssuerNotFound:
164            pass
165       
166        print("Test no cert. issuer found again with incomplete chain ...")
167        stack2.push(self.x509Cert)
168        try:
169            stack2.verifyCertChain()
170            self.fail("No cert. issuer error expected")
171        except X509CertIssuerNotFound:
172            pass
173
174    def test09ExpiryTime(self):
175        self.test01X509CertRead()
176       
177        warningMsg = None
178       
179        # Capture stderr
180        try:
181            warningOutput = StringIO()
182            _stderr = sys.stderr
183            sys.stderr = warningOutput
184           
185            # Set ridiculous bounds for expiry warning to ensure a warning
186            # message is output
187            validStatus = self.x509Cert.isValidTime(
188                                                nDaysBeforeExpiryLimit=36500)
189            self.assert_(validStatus, "Certificate has expired")
190        finally:
191            sys.stderr = _stderr
192            warningMsg = warningOutput.getvalue()
193           
194        self.assert_("UserWarning" in str(warningMsg), 
195                     "No warning message was set")
196       
197        print("PASSED - Got warning message from X509Cert.isValidTime: %s" % 
198              warningMsg)
199
200       
201class X500DNTestCase(BaseTestCase):
202    def test01VerifyParsingForFieldsContainingSlash(self):
203        # Slash is the delimiter but fields can contain a slash too - ensure
204        # correct parsing based on a regular expression which handles this
205        # scenario
206        dnStr = ("/C=UK/O=eScience/OU=CLRC/L=RAL/CN=host/localhost/"
207                 "emailAddress=somebody@somewhere.ac.uk")
208        dn = X500DN.fromString(dnStr)
209        self.assert_(str(dn))
210        print(dn)
211       
212    def test02VerifyCommaSeparatedDnParsing(self):
213        # Test parsing for ',' delimited fields
214        dnStr = 'O=NDG, OU=Security, CN=localhost'
215        dn = X500DN.fromString(dnStr)
216        self.assert_(str(dn))
217        print(dn)
218       
219                                     
220if __name__ == "__main__":
221    unittest.main()
Note: See TracBrowser for help on using the repository browser.