source: TI12-security/trunk/python/Tests/AttAuthorityIOtest.py @ 1203

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/AttAuthorityIOtest.py@1203
Revision 1203, 12.3 KB checked in by pjkersha, 13 years ago (diff)

Tests/AttAuthorityIOtest.py: added testTrustedHosts3 to test results from livglue

Tests/security.py: returnURI input to init isn't needed - it can be picked up from as a form variable.

NDG/SecurityCGI.py: returnCreds renamed to returnCredsResponse. This method now checks the domain of the input
cookie. If this matches that of the returnURI, then there is no need to return the cookie information as they
can share the cookie.

NDG/Session.py: Created a metaclass _MetaUserSession for UserSession?. This enables UserSession? to have read-
only class variables - e.g. "cookieTags"

  • Property svn:executable set to *
Line 
1#!/bin/env python
2
3import unittest
4from NDG.AttAuthorityIO import *
5
6
7class AttAuthorityIOtestCase(unittest.TestCase):
8   
9    def setUp(self):
10        pass
11   
12    def tearDown(self):
13        pass
14
15    def testAuthorisationReq1(self):
16       
17        try:
18            proxyCert = open("./proxy.pem").read().strip()
19
20            userAttCert = \
21"""<?xml version="1.0"?>
22<attributeCertificate>
23    <acInfo>
24        <version>1.0</version>
25        <holder>/CN=pjkersha/O=NDG/OU=BADC</holder>
26        <issuer>/CN=AttributeAuthority/O=NDG/OU=BADC</issuer>
27        <issuerName>BADC</issuerName>
28        <issuerSerialNumber>4</issuerSerialNumber>
29        <validity>
30            <notBefore>2006 03 14 13 02 50</notBefore>
31            <notAfter>2006 03 14 21 02 50</notAfter>
32        </validity>
33        <attributes>
34            <roleSet>
35                <role>
36                    <name>government</name>
37                </role>
38            </roleSet>
39        </attributes>
40        <provenance>original</provenance>
41    </acInfo>
42<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
43<SignedInfo>
44<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
45<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
46<Reference>
47<Transforms>
48<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
49</Transforms>
50<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
51<DigestValue>1c8njnV4ZcDjQKTnfc4Uoj7OUmg=</DigestValue>
52</Reference>
53</SignedInfo>
54<SignatureValue>cmuFVlzeJGV6hRIlJunDwcNdRApXP1aDtuXg1x0FWXjz9t2tEzCm2gqrb0p3hYEh
55pcIwcHTh+yEjpqYSrRqabOqeRivLbfamDwmOWbxPfGzLsX8IrtwL6nDt72YoPhd0
56PlpyXkz9l97Wykh8L2fPF9InTTnpUyZ0j34+lGFroPM=</SignatureValue>
57<KeyInfo>
58<X509Data>
59
60
61
62<X509Certificate>MIIB9TCCAV6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADAwMQwwCgYDVQQKEwNOREcx
63DTALBgNVBAsTBEJBREMxETAPBgNVBAMTCFNpbXBsZUNBMB4XDTA1MTEwMTE0Mjc1
64OVoXDTA2MTEwMTE0Mjc1OVowOjEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD
65MRswGQYDVQQDExJBdHRyaWJ1dGVBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQAD
66gY0AMIGJAoGBAJylt3cBDPDpFXfho8UM3WDEMm+yWDKeotwEj4oyWdP1ZeU0CQHz
67fovJO/hFcqp6LeQKPir+WcDJoZhlX3rp4QQhRGL4ldATDJg/EXacu5wPnCkVnt3W
68tlL930W97tY7JmyPO4uKNc5DAxt2XFOmU0hnHOGZon1rHpmo+HCf+aanAgMBAAGj
69FTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAELYlxWcSb
70Ifad6cVtXF2VCw+qoK7qSvqAHISPKTu5IxJoHVMlkQH7IJs73iIvXoKWuaP9zLY0
71w5PaGn7077gPLIcSZhlI7wRb0JigmnJk/WTDjQUYQgDyPdJTGQQ1UqqjE4hYRFs4
72brRl7KmdlZ4XFZqBgO2o2UTea3ZCcHSpsA==</X509Certificate>
73<X509SubjectName>CN=AttributeAuthority,OU=BADC,O=NDG</X509SubjectName>
74<X509IssuerSerial>
75<X509IssuerName>CN=SimpleCA,OU=BADC,O=NDG</X509IssuerName>
76<X509SerialNumber>4</X509SerialNumber>
77</X509IssuerSerial>
78</X509Data>
79</KeyInfo>
80</Signature></attributeCertificate>"""
81     
82            import pdb
83            pdb.set_trace()
84            self.authorisationReq = AuthorisationReq(proxyCert=proxyCert,
85                                                     userAttCert=userAttCert)
86           
87        except Exception, e:
88            self.fail(str(e))
89           
90        print self.authorisationReq()
91        print self.authorisationReq['userAttCert']
92 
93 
94    def testAuthorisationReq2(self):
95       
96        try:
97            proxyCert = open("./proxy.pem").read().strip()
98
99            userAttCert = ""
100           
101            self.authorisationReq = AuthorisationReq(proxyCert=proxyCert,
102                                                     userAttCert=userAttCert)
103           
104        except Exception, e:
105            self.fail(str(e))
106           
107        print self.authorisationReq()
108        print self.authorisationReq['userAttCert']
109                   
110
111    def testAuthorisationReq3(self):
112        """Test parsing of XML text input"""
113       
114        xmlTxt = \
115"""<?xml version="1.0" encoding="UTF-8"?>
116<AuthorisationReq>
117    <userAttCert><attributeCertificate>
118    <acInfo>
119        <version>1.0</version>
120        <holder>/CN=pjkersha/O=NDG/OU=BADC</holder>
121        <issuer>/CN=AttributeAuthority/O=NDG/OU=BADC</issuer>
122        <issuerName>BADC</issuerName>
123        <issuerSerialNumber>4</issuerSerialNumber>
124        <validity>
125            <notBefore>2006 03 14 13 02 50</notBefore>
126            <notAfter>2006 03 14 21 02 50</notAfter>
127        </validity>
128        <attributes>
129            <roleSet>
130                <role>
131                    <name>government</name>
132                </role>
133            </roleSet>
134        </attributes>
135        <provenance>original</provenance>
136    </acInfo>
137<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
138<SignedInfo>
139<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
140<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
141<Reference>
142<Transforms>
143<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
144</Transforms>
145<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
146<DigestValue>1c8njnV4ZcDjQKTnfc4Uoj7OUmg=</DigestValue>
147</Reference>
148</SignedInfo>
149<SignatureValue>cmuFVlzeJGV6hRIlJunDwcNdRApXP1aDtuXg1x0FWXjz9t2tEzCm2gqrb0p3hYEh
150pcIwcHTh+yEjpqYSrRqabOqeRivLbfamDwmOWbxPfGzLsX8IrtwL6nDt72YoPhd0
151PlpyXkz9l97Wykh8L2fPF9InTTnpUyZ0j34+lGFroPM=</SignatureValue>
152<KeyInfo>
153<X509Data>
154
155
156
157<X509Certificate>MIIB9TCCAV6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADAwMQwwCgYDVQQKEwNOREcx
158DTALBgNVBAsTBEJBREMxETAPBgNVBAMTCFNpbXBsZUNBMB4XDTA1MTEwMTE0Mjc1
159OVoXDTA2MTEwMTE0Mjc1OVowOjEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD
160MRswGQYDVQQDExJBdHRyaWJ1dGVBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQAD
161gY0AMIGJAoGBAJylt3cBDPDpFXfho8UM3WDEMm+yWDKeotwEj4oyWdP1ZeU0CQHz
162fovJO/hFcqp6LeQKPir+WcDJoZhlX3rp4QQhRGL4ldATDJg/EXacu5wPnCkVnt3W
163tlL930W97tY7JmyPO4uKNc5DAxt2XFOmU0hnHOGZon1rHpmo+HCf+aanAgMBAAGj
164FTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQAELYlxWcSb
165Ifad6cVtXF2VCw+qoK7qSvqAHISPKTu5IxJoHVMlkQH7IJs73iIvXoKWuaP9zLY0
166w5PaGn7077gPLIcSZhlI7wRb0JigmnJk/WTDjQUYQgDyPdJTGQQ1UqqjE4hYRFs4
167brRl7KmdlZ4XFZqBgO2o2UTea3ZCcHSpsA==</X509Certificate>
168<X509SubjectName>CN=AttributeAuthority,OU=BADC,O=NDG</X509SubjectName>
169<X509IssuerSerial>
170<X509IssuerName>CN=SimpleCA,OU=BADC,O=NDG</X509IssuerName>
171<X509SerialNumber>4</X509SerialNumber>
172</X509IssuerSerial>
173</X509Data>
174</KeyInfo>
175</Signature></attributeCertificate>
176</userAttCert>
177    <proxyCert>-----BEGIN CERTIFICATE-----
178MIIBzTCCATagAwIBAgIES2vj2zANBgkqhkiG9w0BAQQFADAwMQwwCgYDVQQKEwNO
179REcxDTALBgNVBAsTBEJBREMxETAPBgNVBAMTCHBqa2Vyc2hhMB4XDTA2MDMxNDE1
180MTkwMFoXDTA2MDMxNDIzMjQwMFowRTEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRC
181QURDMREwDwYDVQQDEwhwamtlcnNoYTETMBEGA1UEAxMKMTI2NTM2MTg4MzBcMA0G
182CSqGSIb3DQEBAQUAA0sAMEgCQQDc0W/KBEjfzFH0ALnR68AM+u1ILbCVDBJ1p0BL
183A/ibj0Qxu4xolPk3QApAgESNCH+HbIGx7yzcAm5duKyPa8zVAgMBAAGjIzAhMB8G
184CisGAQQBm1ABgV4BAf8EDjAMMAoGCCsGAQUFBxUBMA0GCSqGSIb3DQEBBAUAA4GB
185ABkpixdwOo+Uk9D5nRPAJnB3hmgt7rCP/C08167rgOl0X2rDZouLLbsBVEl+l9F9
1869+CJ8kT0WpCXCXoezU+enowFkRUwBhtYh/0N680reB/P27CBTEyFwoI7VOVsFfEl
187NeTl1weNqAR6kmQCZOGGjYXpZXhMx02aNglGw9ESsNih
188-----END CERTIFICATE-----
189-----BEGIN RSA PRIVATE KEY-----
190MIIBOgIBAAJBANzRb8oESN/MUfQAudHrwAz67UgtsJUMEnWnQEsD+JuPRDG7jGiU
191+TdACkCARI0If4dsgbHvLNwCbl24rI9rzNUCAwEAAQJAGy/6KJBQfKWGbZltR4hU
192NATtFBb0B9Xdq/i0tMe/Yz+Mwc8Lt8ZEEL/dML/EqFQBKOPJmwHeZSo1ntcWlIaB
193YQIhAP6Q/IAWNaD5a1byJQurLxKuxne1XGgs/aXv1TiC7eBNAiEA3g/Ld9kdZALy
1948ALJE+LgEn4yywxLZyc+DkoD5WM6oqkCIHs24BB7L3/32Z2e3JF2TPWFBOkiLlT6
195Gdd8az7MGKktAiEArW+EqPxoGh67g32JcwC1pXvvS+s0UUKzExH37QcNWtECIAkS
1961oASKxQY2JppPCTa7JZDS2/oFDxILlTlRNhruB4m
197-----END RSA PRIVATE KEY-----
198-----BEGIN CERTIFICATE-----
199MIIB6zCCAVSgAwIBAgIBDDANBgkqhkiG9w0BAQQFADAwMQwwCgYDVQQKEwNOREcx
200DTALBgNVBAsTBEJBREMxETAPBgNVBAMTCFNpbXBsZUNBMB4XDTA2MDEwNjE0MjYw
201NloXDTA4MDEwNjE0MTE0NlowMDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD
202MREwDwYDVQQDEwhwamtlcnNoYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
203yEj8Qz+yEHYKTLrQIOlayqWK9AVJu4k8ohfTrmORcNj8eoWJgJGe81Rr5zsimiqc
20449neTwn0GDG3HWeNqQqFUsyrDttQOAc5aNtrFigvotj7yKAcnrpwDU1YISTNzJyi
2053P3sLOYpDnkaurfEhKHjtEVavMHVp6jdzXZAE+sX510CAwEAAaMVMBMwEQYJYIZI
206AYb4QgEBBAQDAgTwMA0GCSqGSIb3DQEBBAUAA4GBALNiZpIZQUOz25nBJeiOxCNi
207dGGHZdDkHN7Bqq4XTjsaTRLFrkX0EqJHR/LtskUlRqeuJByYlt75XV3lesi/Xjcb
208USAWTEl+NLY1JXp3Olrhk+Ialp8aIaM1hhG51wmRZFgmGN93RxiFhHIX3hlsRSdV
209tbb57rWa5U6tlsforWg5
210-----END CERTIFICATE-----
211</proxyCert>
212</AuthorisationReq>"""
213
214        import pdb
215        pdb.set_trace()
216        try:
217            self.authorisationReq = AuthorisationReq(xmlTxt=xmlTxt)
218           
219        except Exception, e:
220            self.fail(str(e))
221           
222        print self.authorisationReq()
223        print self.authorisationReq['userAttCert']
224
225
226    def testSetHostInfoResponse(self):
227       
228        hi = {\
229              'Gabriel': \
230              {
231              'wsdl': 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl', 
232              'loginURI': 'https://gabriel.bnsc.rl.ac.uk/cgi-bin/security.py'
233              }
234          }
235       
236        import pdb
237        pdb.set_trace()
238        try:       
239            self.hostInfoResp = HostInfoResp(thisHost=hi)
240        except Exception, e:
241            self.fail(str(e))
242           
243        print self.hostInfoResp()
244        print self.hostInfoResp['thisHost']
245
246       
247    def testTrustedHosts1(self):
248       
249        th = {'BADC': {'wsdl': 'http://glue.badc.rl.ac.uk/attAuthority.wsdl',
250              'role': ['government']}}       
251        try:       
252            self.trustedHostResp = TrustedHostInfoResp(trustedHosts=th)
253        except Exception, e:
254            self.fail(str(e))
255           
256        print self.trustedHostResp()
257        print self.trustedHostResp['trustedHosts']
258
259
260    def testTrustedHosts2(self):
261       
262        th = {'BADC': {'wsdl': 'http://glue.badc.rl.ac.uk/attAuthority.wsdl',
263              'role': ['government']},
264              'BODC': {'wsdl': 'http://livglue.bodc.ac.uk/attAuthority.wsdl',
265              'role': ['staff', 'bodcUser']}}       
266        try:       
267            self.trustedHostResp = TrustedHostInfoResp(errMsg='', 
268                                                       trustedHosts=th)
269        except Exception, e:
270            self.fail(str(e))
271 
272        print self.trustedHostResp()
273        print self.trustedHostResp['trustedHosts']
274
275
276    def testTrustedHosts3(self):
277       
278        xmlTxt = \
279"""<?xml version="1.0" encoding="UTF-8"?>
280<TrustedHostInfoResp>
281    <trustedHosts>
282        <trusted name="BADC">
283            <wsdl>http://glue.badc.rl.ac.uk/attAuthority.wsdl</wsdl>
284            <roleSet>
285                <role>government</role>
286            </roleSet>
287        </trusted>
288        <trusted name="BODC">
289            <wsdl>http://livglue.bodc.ac.uk/attAuthority.wsdl</wsdl>
290            <roleSet>
291                <role>staff</role>
292                <role>bodcUser</role>
293            </roleSet>
294        </trusted>
295    </trustedHosts>
296</TrustedHostInfoResp>"""
297
298        try:       
299            self.trustedHostResp = TrustedHostInfoResp(xmlTxt=xmlTxt)
300        except Exception, e:
301            self.fail(str(e))
302 
303        print self.trustedHostResp()
304        print self.trustedHostResp['trustedHosts']
305
306       
307    def testTrustedHosts3(self):
308       
309        xmlTxt = \
310"""<?xml version="1.0" encoding="UTF-8"?>
311<TrustedHostInfoResp>
312    <trustedHosts>
313        <trusted name="BADC">
314            <wsdl>http://glue.badc.rl.ac.uk/attAuthority.wsdl</wsdl>
315            <loginURI>https://glue.badc.rl.ac.uk/cgi-bin/security.py</loginURI>
316            <roleSet>
317                <role>school</role>
318                <role>rapid</role>
319                <role>government</role>
320                <role>badcUser</role>
321                <role>nercFunded</role>
322                <role>bodcUser</role>
323                <role>commercial</role>
324                <role>metOfficeForm</role>
325                <role>other</role>
326                <role>acsoe</role>
327                <role>university</role>
328                <role>nercInst</role>
329            </roleSet>
330        </trusted>
331    </trustedHosts>
332</TrustedHostInfoResp>"""
333
334        try:       
335            self.trustedHostResp = TrustedHostInfoResp(xmlTxt=xmlTxt)
336        except Exception, e:
337            self.fail(str(e))
338 
339        print self.trustedHostResp()
340        print self.trustedHostResp['trustedHosts']
341       
342       
343class AttAuthorityIOtestSuite(unittest.TestSuite):
344    def __init__(self):
345        map = map(AttAuthorityIOtestCase,
346                  (
347#                    "testAuthorisationReq1",
348#                    "testAuthorisationReq2",
349                    "testAuthorisationReq3",
350#                    "testTrustedHosts1",
351#                    "testTrustedHosts2",
352#                    "testTrustedHosts3"
353                  ))
354        unittest.TestSuite.__init__(self, map)
355                                       
356if __name__ == "__main__":
357    unittest.main()
Note: See TracBrowser for help on using the repository browser.