source: TI12-security/trunk/ndg_xacml/ndg/xacml/test/context/__init__.py @ 7665

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/ndg_xacml/ndg/xacml/test/context/__init__.py@7665
Revision 7665, 5.7 KB checked in by pjkersha, 10 years ago (diff)

Working tests refactored into policy and context sub-packages.

Line 
1#!/usr/bin/env python
2"""NDG XACML Context unit test package
3
4NERC DataGrid
5"""
6__author__ = "P J Kershaw"
7__date__ = "28/10/10"
8__copyright__ = "(C) 2010 Science and Technology Facilities Council"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__license__ = "BSD - see LICENSE file in top-level directory"
11__contact__ = "Philip.Kershaw@stfc.ac.uk"
12__revision__ = "$Id$"
13import unittest
14from os import path
15
16from ndg.xacml.core import Identifiers
17from ndg.xacml.core.attribute import Attribute
18from ndg.xacml.core.attributevalue import (AttributeValue, 
19                                           AttributeValueClassFactory)
20
21from ndg.xacml.core.context.request import Request
22from ndg.xacml.core.context.subject import Subject
23from ndg.xacml.core.context.resource import Resource
24from ndg.xacml.core.context.action import Action
25from ndg.xacml.core.context.pdp import PDP
26from ndg.xacml.core.context.handler import CtxHandlerBase
27from ndg.xacml.parsers.etree.factory import ReaderFactory
28
29from ndg.xacml.test import XACML_NDGTEST1_FILEPATH
30 
31ROLE_ATTRIBUTE_ID = "urn:ndg:security:authz:1.0:attr"
32SUBJECT_ID = 'https://my.name.somewhere.ac.uk'
33
34attributeValueFactory = AttributeValueClassFactory()
35AnyUriAttributeValue = attributeValueFactory(AttributeValue.ANY_TYPE_URI)
36StringAttributeValue = attributeValueFactory(AttributeValue.STRING_TYPE_URI)
37
38
39class TestContextHandler(CtxHandlerBase):
40    """Test implementation of Context Handler which includes an implemented PIP
41    interface"""
42   
43    def __init__(self):
44        """Add an attribute to hold a reference to a policy information point"""
45       
46        super(TestContextHandler, self).__init__()
47       
48    def handlePEPRequest(self, myRequest):
49        """Handle request from Policy Enforcement Point
50       
51        @param pepRequest: request from PEP, derived class determines its type
52        e.g. SAML AuthzDecisionQuery
53        @type myRequest: type
54        @return: PEP response - derived class determines type
55        @rtype: None
56        """
57       
58        # Convert myRequest to XACML context request - var assignment here is
59        # representative of this process rather than actually doing anything.
60        xacmlRequest = myRequest
61       
62        if self.pdp is None:
63            raise TypeError('No "pdp" attribute set')
64       
65        # Add a reference to this context so that the PDP can invoke queries
66        # back to the PIP
67        xacmlRequest.ctxHandler = self 
68               
69        xacmlResponse = self.pdp.evaluate(xacmlRequest)
70       
71        # Convert XACML context response to domain specific request
72        myResponse = xacmlResponse
73       
74        return myResponse
75   
76    def pipQuery(self, request, designator):
77        '''PIP adds admin attribute value for given attribute ID and for any
78        subject'''
79        if designator.attributeId == ROLE_ATTRIBUTE_ID:
80            attrVal = StringAttributeValue(value='admin')
81            return [attrVal]
82        else:
83            return None 
84       
85       
86class XacmlContextBaseTestCase(unittest.TestCase):
87    """Base class containing common methods for test initialisation"""
88   
89    @staticmethod
90    def _createRequestCtx(resourceId, 
91                          includeSubject=True,
92                          subjectRoles=('staff',),
93                          roleAttributeId=ROLE_ATTRIBUTE_ID,
94                          action='read'):
95        """Create an example XACML Request Context for tests"""
96        request = Request()
97       
98        if includeSubject:
99            subject = Subject()
100            openidSubjectAttribute = Attribute()
101           
102            openidSubjectAttribute.attributeId = "urn:esg:openid"
103            openidSubjectAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
104           
105            openidSubjectAttribute.attributeValues.append(
106                                                        AnyUriAttributeValue())
107            openidSubjectAttribute.attributeValues[-1].value = SUBJECT_ID
108                                       
109           
110            subject.attributes.append(openidSubjectAttribute)
111   
112            for role in subjectRoles:
113                roleAttribute = Attribute()
114               
115                roleAttribute.attributeId = roleAttributeId
116                roleAttribute.dataType = StringAttributeValue.IDENTIFIER
117               
118                roleAttribute.attributeValues.append(StringAttributeValue())
119                roleAttribute.attributeValues[-1].value = role
120           
121                subject.attributes.append(roleAttribute)
122                                     
123            request.subjects.append(subject)
124       
125        resource = Resource()
126        resourceAttribute = Attribute()
127        resource.attributes.append(resourceAttribute)
128       
129        resourceAttribute.attributeId = Identifiers.Resource.RESOURCE_ID
130                           
131        resourceAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
132        resourceAttribute.attributeValues.append(AnyUriAttributeValue())
133        resourceAttribute.attributeValues[-1].value = resourceId
134
135        request.resources.append(resource)
136       
137        request.action = Action()
138        actionAttribute = Attribute()
139        request.action.attributes.append(actionAttribute)
140       
141        actionAttribute.attributeId = Identifiers.Action.ACTION_ID
142        actionAttribute.dataType = StringAttributeValue.IDENTIFIER
143        actionAttribute.attributeValues.append(StringAttributeValue())
144        actionAttribute.attributeValues[-1].value = action
145       
146        return request
147       
148    @staticmethod
149    def _createPDPfromNdgTest1Policy():
150        """Create PDP from NDG test policy file"""
151        pdp = PDP.fromPolicySource(XACML_NDGTEST1_FILEPATH, ReaderFactory)
152        return pdp
Note: See TracBrowser for help on using the repository browser.