source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py @ 2420

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py@2420
Revision 2420, 8.2 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • improve error messages to include 'X.509' to differentiate with AC errors
  • fixed bug with getAttCert when creating a mapped AC. It now copies over any userId setting from

the original AC input.

was put in to force authors of derived classes to implement an init but it's not necessary.
getRoles and isUserRegistered remain as virtual methods. i.e. they'll raise not NotImplementedError?
if the derived class doesn't overload them.

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml: include a default
attCertLifetime as an aid when making settings following an installation.

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: enable separate
caCertFilePath setting for test7GetMappedAttCert test. This allows one of the unit test AAs to
run without WS-Security settings and one with.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: custom settings for
DEWS tests but also important some additions:

  • include 'issuingusercertfilepath' for test6GetAttCertWithUserIdSet test otherwise it will fail

on the server side in the case when WS-Security signature settings are not made.

  • include 'cacertfilepathlist' setting for test7GetMappedAttCert test.
  • 'mappedAttCertFilePath' enables issued mapped AC to be saved to file for test7GetMappedAttCert

test.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2"""NDG Attribute Authority client unit tests
3
4NERC Data Grid Project
5
6@author P J Kershaw 05/05/05, major update 16/01/07
7
8@copyright (C) 2007 CCLRC & NERC
9
10@license This software may be distributed under the terms of the Q Public
11License, version 1.0 or later.
12"""
13
14__revision__ = '$Id$'
15
16import unittest
17import os, sys, getpass
18from ConfigParser import SafeConfigParser
19
20from ndg.security.common.AttAuthority import AttAuthorityClient
21from ndg.security.common.AttCert import AttCertRead
22
23
24class AttAuthorityClientTestCase(unittest.TestCase):
25    userPriKeyPwd = None
26   
27    def setUp(self):
28
29        configParser = SafeConfigParser()
30        configParser.read("./attAuthorityClientTest.cfg")
31       
32        self.cfg = {}
33        for section in configParser.sections():
34            self.cfg[section] = dict(configParser.items(section))
35
36        tracefile = sys.stderr
37
38        if self.userPriKeyPwd is None:
39            try:
40                if self.cfg['setUp'].get('userprikeypwd') is None:
41                    self.userPriKeyPwd = getpass.getpass(\
42                            prompt="\nsetUp - client private key password: ")
43                else:
44                    self.userPriKeyPwd=self.cfg['setUp'].get('clntprikeypwd')
45            except KeyboardInterrupt:
46                sys.exit(0)
47
48        # List of CA certificates for use in validation of certs used in
49        # signature for server reponse
50        try:
51            caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split()
52        except:
53            caCertFilePathList = []
54           
55        # Instantiate WS proxy
56        self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'],
57           signingCertFilePath=self.cfg['setUp'].get('usercertfilepath'),
58           signingPriKeyFilePath=self.cfg['setUp'].get('userprikeyfilepath'),
59           signingPriKeyPwd=self.userPriKeyPwd,
60           caCertFilePathList=caCertFilePathList,
61           tracefile=sys.stderr)
62           
63   
64    def test1GetX509Cert(self):
65        '''test1GetX509Cert: retrieve Attribute Authority's X.509 cert.'''
66        resp = self.clnt.getX509Cert()
67        print "Attribute Authority X.509 cert.:\n" + resp
68
69    def test2GetHostInfo(self):
70        """test2GetHostInfo: retrieve info for AA host"""
71        hostInfo = self.clnt.getHostInfo()
72        print "Host Info:\n %s" % hostInfo
73       
74
75    def test3GetTrustedHostInfo(self):
76        """test3GetTrustedHostInfo: retrieve trusted host info matching a
77        given role"""
78        trustedHostInfo = self.clnt.getTrustedHostInfo(\
79                                 self.cfg['test3GetTrustedHostInfo']['role'])
80        print "Trusted Host Info:\n %s" % trustedHostInfo
81
82
83    def test4GetTrustedHostInfoWithNoRole(self):
84        """test4GetTrustedHostInfoWithNoRole: retrieve trusted host info
85        irrespective of role"""
86        trustedHostInfo = self.clnt.getTrustedHostInfo()
87        print "Trusted Host Info:\n %s" % trustedHostInfo
88
89
90    def test5GetAttCert(self):       
91        """test5GetAttCert: Request attribute certificate from NDG Attribute
92        Authority Web Service."""
93   
94        # Read user Certificate into a string ready for passing via WS
95        try:
96            userCertFilePath = \
97                self.cfg['test5GetAttCert'].get('issuingusercertfilepath')
98            userCertTxt = open(userCertFilePath, 'r').read()
99       
100        except TypeError:
101            # No issuing cert set
102            userCertTxt = None
103               
104        except IOError, ioErr:
105            raise "Error reading certificate file \"%s\": %s" % \
106                                    (ioErr.filename, ioErr.strerror)
107
108        # Make attribute certificate request
109        attCert = self.clnt.getAttCert(userCert=userCertTxt)
110       
111        print "Attribute Certificate: \n\n:" + str(attCert)
112       
113        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath']
114        attCert.write()
115       
116    def test6GetAttCertWithUserIdSet(self):       
117        """test6GetAttCertWithUserIdSet: Request attribute certificate from
118        NDG Attribute Authority Web Service setting a specific user Id
119        independent of the signer of the SOAP request."""
120   
121        # Read user Certificate into a string ready for passing via WS
122        try:
123            userCertFilePath = \
124    self.cfg['test6GetAttCertWithUserIdSet'].get('issuingusercertfilepath')
125            userCertTxt = open(userCertFilePath, 'r').read()
126       
127        except TypeError:
128            # No issuing cert set
129            userCertTxt = None
130               
131        except IOError, ioErr:
132            raise "Error reading certificate file \"%s\": %s" % \
133                                    (ioErr.filename, ioErr.strerror)
134
135        # Make attribute certificate request
136        userId = self.cfg['test6GetAttCertWithUserIdSet']['userid']
137        attCert = self.clnt.getAttCert(userId=userId,
138                                       userCert=userCertTxt)
139       
140        print "Attribute Certificate: \n\n:" + str(attCert)
141       
142        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath']
143        attCert.write()
144
145    def test7GetMappedAttCert(self):       
146        """test7GetMappedAttCert: Request mapped attribute certificate from
147        NDG Attribute Authority Web Service."""
148   
149        # Read user Certificate into a string ready for passing via WS
150        try:
151            userCertFilePath = \
152            self.cfg['test7GetMappedAttCert'].get('issuingusercertfilepath')
153            userCertTxt = open(userCertFilePath, 'r').read()
154       
155        except TypeError:
156            # No issuing cert set
157            userCertTxt = None
158               
159        except IOError, ioErr:
160            raise "Error reading certificate file \"%s\": %s" % \
161                                    (ioErr.filename, ioErr.strerror)
162   
163   
164        # Simlarly for Attribute Certificate
165        try:
166            userAttCert = AttCertRead(\
167                self.cfg['test7GetMappedAttCert']['userattcertfilepath'])
168           
169        except IOError, ioErr:
170            raise "Error reading attribute certificate file \"%s\": %s" %\
171                                    (ioErr.filename, ioErr.strerror)
172
173        try:
174            if self.cfg['test7GetMappedAttCert'].get('userprikeypwd') is None:
175                userPriKeyPwd = getpass.getpass(\
176                            prompt="\nsetUp - client private key password: ")
177            else:
178                userPriKeyPwd = \
179                        self.cfg['test7GetMappedAttCert'].get('userprikeypwd')
180        except KeyboardInterrupt:
181            sys.exit(0)
182
183        # List of CA certificates for use in validation of certs used in
184        # signature for server reponse
185        try:
186            caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split()
187        except:
188            caCertFilePathList = []
189       
190        # Make client to site B Attribute Authority
191        clnt = AttAuthorityClient(\
192uri=self.cfg['test7GetMappedAttCert']['uri'], 
193signingCertFilePath=self.cfg['test7GetMappedAttCert'].get('usercertfilepath'),
194signingPriKeyFilePath=self.cfg['test7GetMappedAttCert'].get('userprikeyfilepath'),
195signingPriKeyPwd=userPriKeyPwd,
196caCertFilePathList=caCertFilePathList,
197tracefile=sys.stderr)
198   
199        # Make attribute certificate request
200        attCert = clnt.getAttCert(userCert=userCertTxt,
201                                  userAttCert=userAttCert)
202        print "Attribute Certificate: \n\n:" + str(attCert)
203       
204        attCert.filePath = \
205                    self.cfg['test7GetMappedAttCert']['mappedattcertfilepath']
206        attCert.write()
207 
208 
209#_____________________________________________________________________________       
210class AttAuthorityClientTestSuite(unittest.TestSuite):
211    def __init__(self):
212        map = map(AttAuthorityClientTestCase,
213                  (
214                    "test1GetX509Cert",
215                    "test2GetHostInfo",
216                    "test3GetTrustedHostInfo",
217                    "test4GetTrustedHostInfoWithNoRole",
218                    "test5GetAttCert",
219                    "test6GetAttCertWithUserIdSet",
220                    "test7GetMappedAttCert",
221                  ))
222        unittest.TestSuite.__init__(self, map)
223                                       
224if __name__ == "__main__":
225    unittest.main()
Note: See TracBrowser for help on using the repository browser.