source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_pip.py @ 7327

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_pip.py@7327
Revision 7327, 4.9 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • added unit tests for XACML Context handler
Line 
1"""Unit tests for XACML Policy Information Point with SAML interface to
2Attribute Authority
3
4"""
5__author__ = "P J Kershaw"
6__date__ = "11/08/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id:$'
11import logging
12logging.basicConfig(level=logging.DEBUG)
13log = logging.getLogger(__name__)
14
15from os import path
16import unittest
17
18from ndg.xacml.core.attributedesignator import SubjectAttributeDesignator
19from ndg.xacml.core.attribute import Attribute
20from ndg.xacml.core.attributevalue import AttributeValueClassFactory
21from ndg.xacml.core.context.request import Request
22from ndg.xacml.core.context.subject import Subject
23
24from ndg.saml.saml2.core import Issuer as SamlIssuer
25
26from ndg.security.test.unit import BaseTestCase
27from ndg.security.server.xacml.pip.saml_pip import PIP
28
29
30class SamlPipTestCase(BaseTestCase):
31    """Test XACML Policy Information Point.  This PIP has a SAML interface to
32    query a remote attribute authority for attributes
33    """
34    THIS_DIR = path.abspath(path.dirname(__file__))
35    MAPPING_FILENAME = "pip-mapping.txt"
36    MAPPING_FILEPATH = path.join(THIS_DIR, MAPPING_FILENAME)
37    CONFIG_FILENAME = 'saml_pip.cfg'
38    CONFIG_FILEPATH = path.join(THIS_DIR, CONFIG_FILENAME)
39   
40    NDGS_ATTR_ID = BaseTestCase.ATTRIBUTE_NAMES[0]
41    OPENID_ATTR_ID = 'urn:esg:openid'
42   
43    CLNT_CERT_FILEPATH = path.join(BaseTestCase.PKI_DIR, 'localhost.crt')
44    CLNT_PRIKEY_FILEPATH = path.join(BaseTestCase.PKI_DIR, 'localhost.key')
45                                   
46    attributeValueClassFactory = AttributeValueClassFactory()
47   
48    def __init__(self, *arg, **kw):
49        BaseTestCase.__init__(self, *arg, **kw)
50        self.startSiteAAttributeAuthority(withSSL=True, 
51                    port=self.__class__.SITEA_SSL_ATTRIBUTEAUTHORITY_PORTNUM)
52       
53    def test01CreateAndCheckAttributes(self):
54        pip = PIP()
55        self.assert_(pip)
56        self.assert_(pip.mappingFilePath is None)
57        try:
58            pip.attribute2AttributeAuthorityMap = {}
59            self.fail("pip.attribute2AttributeAuthorityMap should be read-only")
60        except AttributeError:
61            pass
62
63    def test02ReadMappingFile(self):
64        pip = PIP()
65        pip.mappingFilePath = self.__class__.MAPPING_FILEPATH
66        pip.readMappingFile()
67        self.assert_(len(pip.attribute2AttributeAuthorityMap.keys()) > 0)
68        self.assert_(self.__class__.NDGS_ATTR_ID in
69                     pip.attribute2AttributeAuthorityMap)
70        print(pip.attribute2AttributeAuthorityMap)
71       
72    def _createXacmlRequestCtx(self):
73        ctx = Request()
74       
75        ctx.subjects.append(Subject())
76        openidAttr = Attribute()
77        ctx.subjects[-1].attributes.append(openidAttr)
78        openidAttr.attributeId = self.__class__.OPENID_ATTR_ID
79        openidAttr.dataType = 'http://www.w3.org/2001/XMLSchema#anyURI'
80       
81        anyUriAttrValue = self.__class__.attributeValueClassFactory(
82                                                            openidAttr.dataType)
83       
84        openidAttrVal = anyUriAttrValue(self.__class__.OPENID_URI)
85        openidAttr.attributeValues.append(openidAttrVal) 
86       
87        return ctx
88                     
89    def test03Query(self):
90        pip = PIP()
91        pip.mappingFilePath = self.__class__.MAPPING_FILEPATH
92        pip.readMappingFile()
93        pip.subjectAttributeId = self.__class__.OPENID_ATTR_ID
94       
95        pip.attributeQueryBinding.issuerName = \
96            'O=NDG, OU=Security, CN=localhost'
97        pip.attributeQueryBinding.issuerFormat = SamlIssuer.X509_SUBJECT
98        pip.attributeQueryBinding.sslCertFilePath = \
99            self.__class__.CLNT_CERT_FILEPATH
100        pip.attributeQueryBinding.sslPriKeyFilePath = \
101            self.__class__.CLNT_PRIKEY_FILEPATH
102           
103        pip.attributeQueryBinding.sslCACertDir = self.__class__.CACERT_DIR
104           
105        # Make attribute designator - in practice this would be passed back from
106        # the PDP via the context handler
107        designator = SubjectAttributeDesignator()
108        designator.attributeId = self.__class__.NDGS_ATTR_ID
109        designator.dataType = 'http://www.w3.org/2001/XMLSchema#string'
110       
111        stringAttrValue = self.__class__.attributeValueClassFactory(
112                                    'http://www.w3.org/2001/XMLSchema#string')
113       
114        ctx = self._createXacmlRequestCtx()
115       
116        attributeValues = pip.attributeQuery(ctx, designator)
117        self.assert_(len(attributeValues) > 0)
118        print("PIP retrieved attribute values %r" % attributeValues)
119       
120    def test04InitFromConfigFile(self):
121        # Initialise from settings in a config file
122        pip = PIP.fromConfig(self.__class__.CONFIG_FILEPATH)
123        self.assert_(pip.mappingFilePath)
124
125       
126if __name__ == "__main__":
127    unittest.main()
Note: See TracBrowser for help on using the repository browser.