source: TI12-security/trunk/python/Tests/SecurityClientTest.py @ 1176

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/SecurityClientTest.py@1176
Revision 1176, 9.3 KB checked in by pjkersha, 14 years ago (diff)

Changes to incoporate new getHostInfo Attribute Authority WS method.

Tests/AttAuthorityIOtest.py: new unit test test method

Tests/SecurityClientTest?.py: minor changes to test settings

dist/NDG-Security-0.68.tar.gz: new distribution

www/html/attAuthority.wsdl: updated WSDL contains getHostInfo method.

conf/mapConfig.xml: contains new tags for information about the service provider of the AA e.g. loginURI,
service provider name. This is used by the new getHostInfo WS method.

conf/attAuthorityProperties.xml: remove old commented out tags.

NDG/AttAuthorityIO.py: added HostInfo?* classes for handling getHostInfo WS method I/O.

NDG/attAuthority_services_server.py and NDG/attAuthority_services.py: updated inline with WSDL changes.

NDG/AttAuthority.py:

  • readMapConfig updated to include new 'thisHost' tags.
  • self.mapConfig dictionary re-ordered to include top level keys 'thisHost' and 'trustedHosts'
  • New hostInfo property

NDG/AttCert.py: trivial fixes to commenting

NDG/XMLMsg.py: simplify error message for "Invalid keywords set for update..." error

NDG/CredWallet.py:

  • Client public key is now read in at the point where the corresponding pub key file path is set - i.e. in

setClntPubKeyFilePath method. This means the equivalent code in reqAuthorisation is not needed.

  • reqAuthorisation method has a new flag refreshAttCert. If set, the wallet is checked first for an existing

AC issued by the target AA. If found this is returned, and the call to the AA is skipped.

NDG/SecurityClient.py: added AttAuthorityClient?.getHostInfo WS wrapper method.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""Test harness for NDG Security client - makes requests for authentication
4and authorisation
5
6NERC Data Grid Project
7
8P J Kershaw 23/02/06
9
10(Renamed from SessionClientTest.py 27/0/4/06)
11
12Copyright (C) 2006 CCLRC & NERC
13
14This software may be distributed under the terms of the Q Public License,
15version 1.0 or later.
16"""
17import unittest
18import os
19
20from Cookie import SimpleCookie
21
22from NDG.SecurityClient import *
23
24
25class SecurityClientTestCase(unittest.TestCase):
26   
27    def setUp(self):
28        try:
29            # Session Manager WSDL
30            self.smWSDL = 'http://glue.badc.rl.ac.uk/sessionMgr.wsdl'
31   
32            # Public key of session manager used to encrypt requests
33            # If no public key is set, it will be retrieved using the
34            # getPubKey WS method
35            smPubKeyFilePath = None
36
37            self.__clntPriKeyPwd = open("./tmp2").read().strip()
38
39            clntPubKeyFilePath = "./Junk-cert.pem"
40            clntPriKeyFilePath = "./Junk-key.pem"
41            traceFile = None#sys.stderr
42           
43            # Initialise the Session Manager client connection
44            # Omit traceFile keyword to leave out SOAP debug info
45            self.sessClnt = SessionClient(smWSDL=self.smWSDL,
46                                        smPubKeyFilePath=smPubKeyFilePath,
47                                        clntPubKeyFilePath=clntPubKeyFilePath,
48                                        clntPriKeyFilePath=clntPriKeyFilePath,
49                                        traceFile=traceFile) 
50
51            # Attribute Authority client tests
52            self.aaWSDL = '/home/pjkersha/Development/security/python/Tests/attAuthority.wsdl'
53#            self.aaWSDL = 'http://glue.badc.rl.ac.uk/attAuthority.wsdl'
54            aaPubKeyFilePath = None
55           
56            self.aaClnt = AttAuthorityClient(aaWSDL=self.aaWSDL,
57                                        aaPubKeyFilePath=aaPubKeyFilePath,
58                                        clntPubKeyFilePath=clntPubKeyFilePath,
59                                        clntPriKeyFilePath=clntPriKeyFilePath,
60                                        traceFile=traceFile) 
61            self.sessCookie = None
62            self.proxyCert = None
63            self.newUserName = 'testUser'
64            self.userName = 'lawrence'
65        except Exception, e:
66            self.fail(str(e))
67           
68           
69    def tearDown(self):
70        pass
71
72
73    def testAddUser(self):
74       
75        try:
76            # Uncomment to add a new user ID to the MyProxy repository
77            # Note the pass-phrase is read from the file tmp.  To pass
78            # explicitly as a string use the 'pPhrase' keyword instead
79            self.sessClnt.addUser(self.newUserName, 
80                                  pPhraseFilePath="./tmp",
81                                  clntPriKeyPwd=self.__clntPriKeyPwd)
82            print "Added user '%s'" % self.newUserName
83           
84        except Exception, e:
85            self.fail(str(e))
86       
87
88    def testCookieConnect(self):
89       
90#        import pdb
91#        pdb.set_trace()
92        try:
93            # Connect as if acting as a browser client - a cookie is returned
94            sSessCookie = self.sessClnt.connect(self.userName, 
95                                        pPhraseFilePath="./tmp",
96                                        clntPriKeyPwd=self.__clntPriKeyPwd)
97            self.sessCookie = SimpleCookie(sSessCookie)
98            print "User '%s' connected to Session Manager:\n%s" % \
99                (self.userName, sSessCookie)
100
101        except Exception, e:
102            self.fail(str(e))
103           
104
105    def testProxyCertConnect(self):
106       
107        try:
108            # Connect as a command line client - a proxyCert is returned       
109            self.proxyCert = self.sessClnt.connect(self.userName, 
110                                          pPhraseFilePath="./tmp",
111                                          createServerSess=True,
112                                          getCookie=False,
113                                          clntPriKeyPwd=self.__clntPriKeyPwd)
114            print "User '%s' connected to Session Manager:\n%s" % \
115                (self.userName, self.proxyCert)
116
117        except Exception, e:
118            self.fail(str(e))
119
120
121    def testCookieReqAuthorisation(self):
122        try:
123            # Request an attribute certificate from an Attribute Authority
124            # using the cookie returned from connect()
125            self.testCookieConnect()
126            authResp = self.sessClnt.reqAuthorisation(\
127                        sessID=self.sessCookie['NDG-ID1'].value, 
128                        aaWSDL=self.aaWSDL,
129                        encrSessMgrWSDLuri=self.sessCookie['NDG-ID2'].value,
130                        clntPriKeyPwd=self.__clntPriKeyPwd)
131                                                                 
132            # The authorisation response is returned as an object which
133            # behaves like a python dictionary.  See
134            # NDG.SessionMgrIO.AuthorisationResp
135            if 'errMsg' in authResp:
136                print "Authorisation failed for user %s" % authResp['errMsg']           
137            else:
138                print "User authorised"
139               
140            print authResp
141
142        except Exception, e:
143            self.fail(str(e))
144
145
146    def testProxyCertReqAuthorisation(self):
147        try:
148            self.testProxyCertConnect()
149           
150            # Request an attribute certificate from an Attribute Authority
151            # using the proxyCert returned from connect()
152            authResp = self.sessClnt.reqAuthorisation(\
153                                         proxyCert=self.proxyCert,
154                                         aaWSDL=self.aaWSDL,
155                                         clntPriKeyPwd=self.__clntPriKeyPwd)
156                                                 
157            # The authorisation response is returned as an object which
158            # behaves like a python dictionary.  See
159            # NDG.SessionMgrIO.AuthorisationResp
160            if 'errMsg' in authResp:
161                print "Authorisation failed for user %s" % authResp['errMsg']           
162            else:
163                print "User authorised"
164               
165            print authResp
166
167        except Exception, e:
168            self.fail(str(e))
169
170
171    def testGetPubKey(self):
172        try:
173            # Request an attribute certificate from an Attribute Authority
174            # using the proxyCert returned from connect()
175            pubKey = self.sessClnt.getPubKey()
176                                                 
177            print "Public Key:\n" + pubKey
178
179        except Exception, e:
180            self.fail(str(e))
181           
182
183    def testAAgetHostInfo(self):
184        """Call Attribute Authority getHostInfo"""
185       
186        import pdb
187        pdb.set_trace()
188        try:
189            hostInfo = self.aaClnt.getHostInfo(
190                                           clntPriKeyPwd=self.__clntPriKeyPwd)
191            print hostInfo
192           
193        except Exception, e:
194            self.fail(str(e))
195           
196
197    def testAAgetTrustedHostInfo(self):
198        """Call Attribute Authority getTrustedHostInfo with a given role
199        to match against"""
200       
201        import pdb
202        pdb.set_trace()
203        role = 'acsoe'
204        try:
205            trustedHosts = self.aaClnt.getTrustedHostInfo(
206                                       role=role,
207                                       clntPriKeyPwd=self.__clntPriKeyPwd)
208            print trustedHosts
209           
210        except Exception, e:
211            self.fail(str(e))
212           
213
214    def testAAgetTrustedHostInfoWithNoRoleSet(self):
215        """Call Attribute Authority getTrustedHostInfo"""
216       
217        import pdb
218        pdb.set_trace()
219        try:
220            trustedHosts = self.aaClnt.getTrustedHostInfo(
221                                       clntPriKeyPwd=self.__clntPriKeyPwd)
222            print trustedHosts
223           
224        except Exception, e:
225            self.fail(str(e))
226           
227
228    def testAAReqAuthorisation(self):
229        """Call Attribute Authority authorisation request"""
230       
231        import pdb
232        pdb.set_trace()
233        try:
234            # Alternative means of getting proxy cert - from file
235            #self.proxyCert = open("./proxy.pem").read().strip()
236            self.testProxyCertConnect()
237            userAttCert = None
238           
239            ac = self.aaClnt.reqAuthorisation(
240                                       proxyCert=self.proxyCert,
241                                       userAttCert=userAttCert,
242                                       clntPriKeyPwd=self.__clntPriKeyPwd)
243            print ac
244           
245        except Exception, e:
246            self.fail(str(e))
247           
248           
249#_____________________________________________________________________________       
250class SecurityClientTestSuite(unittest.TestSuite):
251   
252    def __init__(self):
253        map = map(SecurityClientTestCase,
254                  (
255                    "testAddUser",
256                    "testConnect",
257                    "testReqAuthorisation",
258                    "testGetPubKey",
259                    "testAAgetTrustedHostInfo",
260                    "testAAReqAuthorisation",
261                  ))
262        unittest.TestSuite.__init__(self, map)
263           
264                                                   
265if __name__ == "__main__":
266    unittest.main()       
Note: See TracBrowser for help on using the repository browser.