source: TI12-security/trunk/python/Tests/SecurityClientTest.py @ 1035

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/SecurityClientTest.py@1035
Revision 1035, 8.6 KB checked in by pjkersha, 13 years ago (diff)

Tests/SecurityClientTest?.py: minor change to re-test glue AA getTrustedHostInfo

Tests/security.py: WORKING VERSION -

  • fixed showLogin
  • fixed showCredsReceived

dist/NDG-Security-0.66.tar.gz: new version of distribution

NDG/SecurityCGI.py: WORKING VERSION -

  • cookie expiry for new cookie transfered from another domain can be set with cookieLifetimeHrs keyword to init

This is only applies if the 'expires' argument is not set when passed back from trusted host login URL. Only
'NDG-ID1' and 'NDG-ID2' args are needed to pass credential info back to the requestor.

  • receiveCredsResponse broken up into method createCookie() to create a new cookie from the credentials received

in the URL and showCredsReceived method to display a page on completion of the transaction and set the new cookie
in the users browser.

  • authenticate method modified so that if authentication fails, the login page is re-displayed.

NDG/Session.py:

  • UserSession? class reduced sessID length to 64 chars from 128 to keep URL lenght to a minimum when transfering

credentials between domains. ID should be as long as possible to make it difficult to guess.

  • Quoted cookie expiry: sessCookieExpiryFmt = "\"%a, %d-%b-%Y %H:%M:%S GMT\"" as official format reuqires. If not

quoted, SimpleCookie? won't parse it correctly.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""Test harness for NDG Security client - makes requests for authentication
4and authorisation
5
6NERC Data Grid Project
7
8P J Kershaw 23/02/06
9
10(Renamed from SessionClientTest.py 27/0/4/06)
11
12Copyright (C) 2006 CCLRC & NERC
13
14This software may be distributed under the terms of the Q Public License,
15version 1.0 or later.
16"""
17import unittest
18import os
19
20from Cookie import SimpleCookie
21
22from NDG.SecurityClient import *
23
24
25class SecurityClientTestCase(unittest.TestCase):
26   
27    def setUp(self):
28        try:
29            # Session Manager WSDL
30            smWSDL = 'http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl'
31   
32            # Public key of session manager used to encrypt requests
33            # If no public key is set, it will be retrieved using the
34            # getPubKey WS method
35            smPubKeyFilePath = None
36
37            self.__clntPriKeyPwd = open("./tmp2").read().strip()
38
39            clntPubKeyFilePath = "./Junk-cert.pem"
40            clntPriKeyFilePath = "./Junk-key.pem"
41            traceFile = None#sys.stderr
42           
43            # Initialise the Session Manager client connection
44            # Omit traceFile keyword to leave out SOAP debug info
45            self.sessClnt = SessionClient(smWSDL=smWSDL,
46                                        smPubKeyFilePath=smPubKeyFilePath,
47                                        clntPubKeyFilePath=clntPubKeyFilePath,
48                                        clntPriKeyFilePath=clntPriKeyFilePath,
49                                        traceFile=traceFile) 
50
51            # Attribute Authority client tests
52            aaWSDL = 'http://glue.badc.rl.ac.uk/attAuthority.wsdl'
53            aaPubKeyFilePath = None
54           
55            self.aaClnt = AttAuthorityClient(aaWSDL=aaWSDL,
56                                        aaPubKeyFilePath=aaPubKeyFilePath,
57                                        clntPubKeyFilePath=clntPubKeyFilePath,
58                                        clntPriKeyFilePath=clntPriKeyFilePath,
59                                        traceFile=traceFile) 
60        except Exception, e:
61            self.fail(str(e))
62           
63           
64    def tearDown(self):
65        pass
66
67
68    def testAddUser(self):
69       
70        userName = 'gabriel'
71       
72        try:
73            # Uncomment to add a new user ID to the MyProxy repository
74            # Note the pass-phrase is read from the file tmp.  To pass
75            # explicitly as a string use the 'pPhrase' keyword instead
76            self.sessClnt.addUser(userName, 
77                                  pPhraseFilePath="./tmp",
78                                  clntPriKeyPwd=self.__clntPriKeyPwd)
79            print "Added user '%s'" % userName
80           
81        except Exception, e:
82            self.fail(str(e))
83       
84
85    def testCookieConnect(self):
86       
87        import pdb
88        pdb.set_trace()
89        userName = 'gabriel'
90        try:
91            # Connect as if acting as a browser client - a cookie is returned
92            sSessCookie = self.sessClnt.connect(userName, 
93                                        pPhraseFilePath="./tmp",
94                                        clntPriKeyPwd=self.__clntPriKeyPwd)
95            self.sessCookie = SimpleCookie(sSessCookie)
96            print "User '%s' connected to Session Manager:\n%s" % \
97                (userName, sSessCookie)
98
99        except Exception, e:
100            self.fail(str(e))
101           
102
103    def testProxyCertConnect(self):
104       
105        userName = 'gabriel'
106       
107        try:
108            # Connect as a command line client - a proxyCert is returned       
109            self.proxyCert = self.sessClnt.connect(userName, 
110                                          pPhraseFilePath="./tmp",
111                                          createServerSess=True,
112                                          getCookie=False,
113                                          clntPriKeyPwd=self.__clntPriKeyPwd)
114            print "User '%s' connected to Session Manager:\n%s" % \
115                (userName, self.proxyCert)
116
117        except Exception, e:
118            self.fail(str(e))
119
120
121    def testCookieReqAuthorisation(self):
122        try:
123            # Request an attribute certificate from an Attribute Authority
124            # using the cookie returned from connect()
125            authResp = self.sessClnt.reqAuthorisation(\
126                        sessID=self.sessCookie['NDG-ID1'].value, 
127                        encrSessMgrWSDLuri=self.sessCookie['NDG-ID2'].value,
128                        aaWSDL=aaWSDL,
129                        clntPriKeyPwd=self.__clntPriKeyPwd)
130                                                                 
131            # The authorisation response is returned as an object which
132            # behaves like a python dictionary.  See
133            # NDG.SessionMgrIO.AuthorisationResp
134            if 'errMsg' in authResp:
135                print "Authorisation failed for user '%s':\n" % userName           
136            else:
137                print "User '%s' authorised:\n" % userName
138               
139            print authResp
140
141        except Exception, e:
142            self.fail(str(e))
143
144
145    def testProxyCertReqAuthorisation(self):
146        try:
147            # Request an attribute certificate from an Attribute Authority
148            # using the proxyCert returned from connect()
149            authResp = self.sessClnt.reqAuthorisation(\
150                                         proxyCert=self.proxyCert,
151                                         aaWSDL=aaWSDL,
152                                         clntPriKeyPwd=self.__clntPriKeyPwd)
153                                                 
154            # The authorisation response is returned as an object which
155            # behaves like a python dictionary.  See
156            # NDG.SessionMgrIO.AuthorisationResp
157            if 'errMsg' in authResp:
158                print "Authorisation failed for user '%s':\n" % userName           
159            else:
160                print "User '%s' authorised:\n" % userName
161               
162            print authResp
163
164        except Exception, e:
165            self.fail(str(e))
166
167
168    def testGetPubKey(self):
169        try:
170            # Request an attribute certificate from an Attribute Authority
171            # using the proxyCert returned from connect()
172            pubKey = self.sessClnt.getPubKey()
173                                                 
174            print "Public Key:\n" + pubKey
175
176        except Exception, e:
177            self.fail(str(e))
178           
179
180    def testAAgetTrustedHostInfo(self):
181        """Call Attribute Authority GetTrustedHostInfo"""
182       
183        import pdb
184        pdb.set_trace()
185        role = 'acsoe'
186        try:
187            trustedHosts = self.aaClnt.getTrustedHostInfo(
188                                       role=role,
189                                       clntPriKeyPwd=self.__clntPriKeyPwd)
190            print trustedHosts
191           
192        except Exception, e:
193            self.fail(str(e))
194           
195
196    def testAAgetTrustedHostInfoWithNoRoleSet(self):
197        """Call Attribute Authority GetTrustedHostInfo"""
198       
199        import pdb
200        pdb.set_trace()
201        try:
202            trustedHosts = self.aaClnt.getTrustedHostInfo(
203                                       clntPriKeyPwd=self.__clntPriKeyPwd)
204            print trustedHosts
205           
206        except Exception, e:
207            self.fail(str(e))
208           
209
210    def testAAReqAuthorisation(self):
211        """Call Attribute Authority authorisation request"""
212       
213        import pdb
214        pdb.set_trace()
215        try:
216            # Alternative means of getting proxy cert - from file
217            #self.proxyCert = open("./proxy.pem").read().strip()
218            self.proxyCertConnectTest()
219            userAttCert = None
220           
221            ac = self.aaClnt.reqAuthorisation(
222                                       proxyCert=self.proxyCert,
223                                       userAttCert=userAttCert,
224                                       clntPriKeyPwd=self.__clntPriKeyPwd)
225            print ac
226           
227        except Exception, e:
228            self.fail(str(e))
229           
230           
231#_____________________________________________________________________________       
232class SecurityClientTestSuite(unittest.TestSuite):
233   
234    def __init__(self):
235        map = map(SecurityClientTestCase,
236                  (
237                    "testAddUser",
238                    "testConnect",
239                    "testReqAuthorisation",
240                    "testGetPubKey",
241                    "testAAgetTrustedHostInfo",
242                    "testAAReqAuthorisation",
243                  ))
244        unittest.TestSuite.__init__(self, map)
245           
246                                                   
247if __name__ == "__main__":
248    unittest.main()       
Note: See TracBrowser for help on using the repository browser.