source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py @ 2289

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py@2289
Revision 2289, 7.5 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py,
python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.
xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: experimented with omitting signature PKI settings.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml:
set serverCNprefix element to host/ for this MyProxy? installations server cert.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
altered for account on this machine.

python/ndg.security.common/setup.py: slight change to Python 2.5 check for
ElementTree inclusion

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2"""NDG Attribute Authority client unit tests
3
4NERC Data Grid Project
5
6@author P J Kershaw 05/05/05, major update 16/01/07
7
8@copyright (C) 2007 CCLRC & NERC
9
10@license This software may be distributed under the terms of the Q Public
11License, version 1.0 or later.
12"""
13
14__revision__ = '$Id$'
15
16import unittest
17import os, sys, getpass
18from ConfigParser import SafeConfigParser
19
20from ndg.security.common.AttAuthority import AttAuthorityClient
21from ndg.security.common.AttCert import AttCertRead
22
23
24class AttAuthorityClientTestCase(unittest.TestCase):
25    userPriKeyPwd = None
26   
27    def setUp(self):
28
29        configParser = SafeConfigParser()
30        configParser.read("./attAuthorityClientTest.cfg")
31       
32        self.cfg = {}
33        for section in configParser.sections():
34            self.cfg[section] = dict(configParser.items(section))
35
36        tracefile = sys.stderr
37
38        if self.userPriKeyPwd is None:
39            try:
40                if self.cfg['setUp'].get('userprikeypwd') is None:
41                    self.userPriKeyPwd = getpass.getpass(\
42                            prompt="\nsetUp - client private key password: ")
43                else:
44                    self.userPriKeyPwd=self.cfg['setUp'].get('clntprikeypwd')
45            except KeyboardInterrupt:
46                sys.exit(0)
47
48        # Instantiate WS proxy
49        self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'],
50               signingCertFilePath=self.cfg['setUp'].get('usercertfilepath'),
51               signingPriKeyFilePath=self.cfg['setUp'].get('userprikeyfilepath'),
52               signingPriKeyPwd=self.userPriKeyPwd,
53               tracefile=sys.stderr)
54           
55   
56    def test1GetX509Cert(self):
57        '''test1GetX509Cert: retrieve Attribute Authority's X.509 cert.'''
58        resp = self.clnt.getX509Cert()
59        print "Attribute Authority X.509 cert.:\n" + resp
60
61    def test2GetHostInfo(self):
62        """test2GetHostInfo: retrieve info for AA host"""
63        hostInfo = self.clnt.getHostInfo()
64        print "Host Info:\n %s" % hostInfo
65       
66
67    def test3GetTrustedHostInfo(self):
68        """test3GetTrustedHostInfo: retrieve trusted host info matching a
69        given role"""
70        trustedHostInfo = self.clnt.getTrustedHostInfo(\
71                                 self.cfg['test3GetTrustedHostInfo']['role'])
72        print "Trusted Host Info:\n %s" % trustedHostInfo
73
74
75    def test4GetTrustedHostInfoWithNoRole(self):
76        """test4GetTrustedHostInfoWithNoRole: retrieve trusted host info
77        irrespective of role"""
78        trustedHostInfo = self.clnt.getTrustedHostInfo()
79        print "Trusted Host Info:\n %s" % trustedHostInfo
80
81
82    def test5GetAttCert(self):       
83        """test5GetAttCert: Request attribute certificate from NDG Attribute
84        Authority Web Service."""
85   
86        # Read user Certificate into a string ready for passing via WS
87        try:
88            userCertFilePath = \
89                self.cfg['test5GetAttCert'].get('issuingusercertfilepath')
90            userCertTxt = open(userCertFilePath, 'r').read()
91       
92        except TypeError:
93            # No issuing cert set
94            userCertTxt = None
95               
96        except IOError, ioErr:
97            raise "Error reading certificate file \"%s\": %s" % \
98                                    (ioErr.filename, ioErr.strerror)
99        import pdb;pdb.set_trace()
100
101        # Make attribute certificate request
102        attCert = self.clnt.getAttCert(userCert=userCertTxt)
103       
104        print "Attribute Certificate: \n\n:" + str(attCert)
105       
106        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath']
107        attCert.write()
108       
109    def test6GetAttCertWithUserIdSet(self):       
110        """test6GetAttCertWithUserIdSet: Request attribute certificate from
111        NDG Attribute Authority Web Service setting a specific user Id
112        independent of the signer of the SOAP request."""
113   
114        # Read user Certificate into a string ready for passing via WS
115        try:
116            userCertFilePath = \
117    self.cfg['test6GetAttCertWithUserIdSet'].get('issuingusercertfilepath')
118            userCertTxt = open(userCertFilePath, 'r').read()
119       
120        except TypeError:
121            # No issuing cert set
122            userCertTxt = None
123               
124        except IOError, ioErr:
125            raise "Error reading certificate file \"%s\": %s" % \
126                                    (ioErr.filename, ioErr.strerror)
127
128        # Make attribute certificate request
129        userId = self.cfg['test6GetAttCertWithUserIdSet']['userid']
130        attCert = self.clnt.getAttCert(userId=userId,
131                                       userCert=userCertTxt)
132       
133        print "Attribute Certificate: \n\n:" + str(attCert)
134       
135        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath']
136        attCert.write()
137
138    def test7GetMappedAttCert(self):       
139        """test7GetMappedAttCert: Request mapped attribute certificate from
140        NDG Attribute Authority Web Service."""
141   
142        # Read user Certificate into a string ready for passing via WS
143        try:
144            userCertFilePath = \
145            self.cfg['test7GetMappedAttCert'].get('issuingusercertfilepath')
146            userCertTxt = open(userCertFilePath, 'r').read()
147       
148        except TypeError:
149            # No issuing cert set
150            userCertTxt = None
151               
152        except IOError, ioErr:
153            raise "Error reading certificate file \"%s\": %s" % \
154                                    (ioErr.filename, ioErr.strerror)
155   
156   
157        # Simlarly for Attribute Certificate
158        try:
159            userAttCert = AttCertRead(\
160                self.cfg['test7GetMappedAttCert']['userattcertfilepath'])
161           
162        except IOError, ioErr:
163            raise "Error reading attribute certificate file \"%s\": %s" %\
164                                    (ioErr.filename, ioErr.strerror)
165
166        try:
167            if self.cfg['test7GetMappedAttCert'].get('userprikeypwd') is None:
168                userPriKeyPwd = getpass.getpass(\
169                            prompt="\nsetUp - client private key password: ")
170            else:
171                userPriKeyPwd = \
172                        self.cfg['test7GetMappedAttCert'].get('userprikeypwd')
173        except KeyboardInterrupt:
174            sys.exit(0)
175       
176        # Make client to site B Attribute Authority
177        clnt = AttAuthorityClient(
178uri=self.cfg['test7GetMappedAttCert']['uri'], 
179signingCertFilePath=self.cfg['test7GetMappedAttCert'].get('usercertfilepath'),
180signingPriKeyFilePath=self.cfg['test7GetMappedAttCert'].get('userprikeyfilepath'),
181signingPriKeyPwd=userPriKeyPwd,
182tracefile=sys.stderr)
183   
184        # Make attribute certificate request
185        attCert = clnt.getAttCert(userCert=userCertTxt,
186                                  userAttCert=userAttCert)
187        print "Attribute Certificate: \n\n:" + str(attCert)
188 
189 
190#_____________________________________________________________________________       
191class AttAuthorityClientTestSuite(unittest.TestSuite):
192    def __init__(self):
193        map = map(AttAuthorityClientTestCase,
194                  (
195                    "test1GetX509Cert",
196                    "test2GetHostInfo",
197                    "test3GetTrustedHostInfo",
198                    "test4GetTrustedHostInfoWithNoRole",
199                    "test5GetAttCert",
200                    "test6GetAttCertWithUserIdSet",
201                    "test7GetMappedAttCert",
202                  ))
203        unittest.TestSuite.__init__(self, map)
204                                       
205if __name__ == "__main__":
206    unittest.main()
Note: See TracBrowser for help on using the repository browser.