source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_pip.py @ 7314

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_pip.py@7314
Revision 7314, 4.9 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • significant progress on PIP - can init from config file and added unit tests
Line 
1"""Unit tests for XACML Policy Information Point with SAML interface to
2Attribute Authority
3
4"""
5__author__ = "P J Kershaw"
6__date__ = "11/08/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id:$'
11import logging
12logging.basicConfig(level=logging.DEBUG)
13log = logging.getLogger(__name__)
14
15from os import path
16import unittest
17
18from ndg.xacml.core.attributedesignator import SubjectAttributeDesignator
19from ndg.xacml.core.attribute import Attribute
20from ndg.xacml.core.attributevalue import AttributeValueClassFactory
21from ndg.xacml.core.context.request import Request
22from ndg.xacml.core.context.subject import Subject
23
24from ndg.saml.saml2.core import Issuer as SamlIssuer
25
26from ndg.security.test.unit import BaseTestCase
27from ndg.security.server.xacml.pip.saml_pip import PIP
28
29
30class SamlPipTestCase(BaseTestCase):
31    """Test XACML Policy Information Point.  This PIP has a SAML interface to
32    query a remote attribute authority for attributes
33    """
34    THIS_DIR = path.abspath(path.dirname(__file__))
35    MAPPING_FILENAME = "pip-mapping.txt"
36    MAPPING_FILEPATH = path.join(THIS_DIR, MAPPING_FILENAME)
37    CONFIG_FILENAME = 'saml_pip.cfg'
38    CONFIG_FILEPATH = path.join(THIS_DIR, CONFIG_FILENAME)
39   
40    NDGS_ATTR_ID = 'urn:ndg:security:attributes'
41    OPENID_ATTR_ID = 'urn:esg:openid'
42    OPENID = 'https://localhost:7443/pjkershaw'
43   
44    CLNT_CERT_FILEPATH = path.join(BaseTestCase.PKI_DIR, 'localhost.crt')
45    CLNT_PRIKEY_FILEPATH = path.join(BaseTestCase.PKI_DIR, 'localhost.key')
46                                   
47    attributeValueClassFactory = AttributeValueClassFactory()
48   
49    def __init__(self, *arg, **kw):
50        BaseTestCase.__init__(self, *arg, **kw)
51        self.startSiteAAttributeAuthority(withSSL=True, 
52                    port=self.__class__.SITEA_SSL_ATTRIBUTEAUTHORITY_PORTNUM)
53       
54    def test01CreateAndCheckAttributes(self):
55        pip = PIP()
56        self.assert_(pip)
57        self.assert_(pip.mappingFilePath is None)
58        try:
59            pip.attribute2AttributeAuthorityMap = {}
60            self.fail("pip.attribute2AttributeAuthorityMap should be read-only")
61        except AttributeError:
62            pass
63
64    def test02ReadMappingFile(self):
65        pip = PIP()
66        pip.mappingFilePath = self.__class__.MAPPING_FILEPATH
67        pip.readMappingFile()
68        self.assert_(len(pip.attribute2AttributeAuthorityMap.keys()) > 0)
69        self.assert_(self.__class__.NDGS_ATTR_ID in
70                     pip.attribute2AttributeAuthorityMap)
71        print(pip.attribute2AttributeAuthorityMap)
72       
73    def _createXacmlRequestCtx(self):
74        ctx = Request()
75       
76        ctx.subjects.append(Subject())
77        openidAttr = Attribute()
78        ctx.subjects[-1].attributes.append(openidAttr)
79        openidAttr.attributeId = self.__class__.OPENID_ATTR_ID
80        openidAttr.dataType = 'http://www.w3.org/2001/XMLSchema#anyURI'
81       
82        anyUriAttrValue = self.__class__.attributeValueClassFactory(
83                                                            openidAttr.dataType)
84       
85        openidAttrVal = anyUriAttrValue(self.__class__.OPENID)
86        openidAttr.attributeValues.append(openidAttrVal) 
87       
88        return ctx
89                     
90    def test03Query(self):
91        pip = PIP()
92        pip.mappingFilePath = self.__class__.MAPPING_FILEPATH
93        pip.readMappingFile()
94        pip.subjectAttributeId = self.__class__.OPENID_ATTR_ID
95       
96        pip.attributeQueryBinding.issuerName = \
97            'O=NDG, OU=Security, CN=localhost'
98        pip.attributeQueryBinding.issuerFormat = SamlIssuer.X509_SUBJECT
99        pip.attributeQueryBinding.sslCertFilePath = \
100            self.__class__.CLNT_CERT_FILEPATH
101        pip.attributeQueryBinding.sslPriKeyFilePath = \
102            self.__class__.CLNT_PRIKEY_FILEPATH
103           
104        pip.attributeQueryBinding.sslCACertDir = self.__class__.CACERT_DIR
105           
106        # Make attribute designator - in practice this would be passed back from
107        # the PDP via the context handler
108        designator = SubjectAttributeDesignator()
109        designator.attributeId = self.__class__.NDGS_ATTR_ID
110        designator.dataType = 'http://www.w3.org/2001/XMLSchema#string'
111       
112        stringAttrValue = self.__class__.attributeValueClassFactory(
113                                    'http://www.w3.org/2001/XMLSchema#string')
114       
115        ctx = self._createXacmlRequestCtx()
116       
117        attributes = pip.attributeQuery(ctx, designator)
118        self.assert_(len(attributes) > 0)
119       
120    def test04InitFromConfigFile(self):
121        # Initialise from settings in a config file
122        pip = PIP.fromConfig(self.__class__.CONFIG_FILEPATH)
123        self.assert_(pip.mappingFilePath)
124       
125        for i in dir(PIP):
126            print("%s = %r" % (i, getattr(pip, i)))
127       
128if __name__ == "__main__":
129    unittest.main()
Note: See TracBrowser for help on using the repository browser.