source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py @ 2746

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py@2746
Revision 2746, 10.3 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml:

  • don't comment out hostname instead include by default

ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • fixed comment typo

ndg.security.server/ndg/security/server/MyProxy.py:

to prevent setting of OpenSSL config file without the required file name and
directory path.

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/AttCertTest.py:

  • fixed unit tests for AC signature verification. certFilePathList can now

be set to include CA certs. to verify the X.509 cert. used in the signature

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • fix: extAttCertList is no longer returned in getAttCert calls to SM client.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • tests with services on glue

ndg.security.common/ndg/security/common/XMLSec.py:

  • fixed verifyEnvelopedSignature so that it is now possible to verify the

X.509 cert. in the signature against it's issuing CA cert.

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • modified getAttCert call so that extAttCertList is no longer passed back in

the returned tuple but is instead included as an attribute of the
AttributeRequestDenied? exception type.

  • updated pydoc for getAttCert method

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • typo fix - doesn't affect execution

ndg.security.common/ndg/security/common/CredWallet.py:

  • updates to getAttCert call pydoc
  • and getAttCert exception handling
  • Property svn:executable set to *
RevLine 
[1967]1#!/usr/bin/env python
2"""NDG XML Security unit tests
3
4NERC Data Grid Project
5
6@author P J Kershaw 03/01/07
7
8@copyright (C) 2007 CCLRC & NERC
9
10@license This software may be distributed under the terms of the Q Public
11License, version 1.0 or later.
12"""
13import unittest
14import os
15import sys
16import getpass
17import traceback
18
19from ConfigParser import SafeConfigParser
20from ndg.security.common.AttCert import AttCert
21
22class AttCertTestCase(unittest.TestCase):
23   
24    def setUp(self):
25       
26        configParser = SafeConfigParser()
27        configParser.read("./attCertTest.cfg")
28       
29        self.cfg = {}
30        for section in configParser.sections():
31            self.cfg[section] = dict(configParser.items(section))
32
33        self.attCert = AttCert()
34           
35           
36    def test1AttCert4NonZero(self):
37        'test1AttCert4NonZero: check if test yields True'
38        if not self.attCert:
39            self.fail("AttCert instance yields 0")
40
41       
42    def test2SetProvenance(self):
43        'test2SetProvenance'
44        self.attCert['provenance'] = AttCert.origProvenance
45        print "test2SetProvenance - set to: %s" % self.attCert['provenance']
46       
47       
48    def test3TryToAlterProvenance(self):
49        'test3TryToAlterProvenance'
50        try:
51            AttCert.origProvenance = 'Another provenance setting'
52        except AttributeError, e:
53            print \
54        "test3TryToAlterProvenance - PASSED - expected exception: \"%s\"" % e
55        except:
56            self.fail('Original provenance should be read-only')
57           
58           
59    def test4SetValidityTime(self):
60        'test4SetValidityTime'
61        self.attCert.setValidityTime(lifetime=60*60*8.)
62       
63        print 'test4SetValidityTime: %s' % self.attCert['validity']
64
65       
66    def test5SetDefaultValidityTime(self):
67        'test5SetDefaultValidityTime: use default settings'
68        self.attCert.setValidityTime()
69       
70        print 'test5SetDefaultValidityTime: %s' % self.attCert['validity']
71
72 
73    def test6AddRoles(self):
74        'test6AddRoles: add extra roles'
75        self.attCert.addRoles(['government', 'acsoe'])
76        self.attCert.addRoles('atsr')
77       
[2178]78        print "test6AddRoles: " + ', '.join(self.attCert.roles)
[1967]79
[1970]80 
[2178]81    def test6aSet(self):
82        'test6aSet: test __setitem__ and property methods'
83        self.attCert.version = "1.0"
[1970]84        self.attCert['issuer'] = '/O=NDG/OU=BADC/CN=Attribute Authority'
85        self.attCert['issuerName'] = 'BADC'
[2178]86        self.attCert.issuerSerialNumber = 1234
87        self.attCert['holder'] = '/O=NDG/OU=BADC/CN=server.cert.ac.uk'
88        self.attCert.userId = '/O=NDG/OU=BADC/CN=pjkershaw'
[1970]89       
90        try:
91            self.attCert['validity'] = 'invalid'
92        except KeyError, e:
[2178]93            print "test6aSet: PASSED - %s" % e
[1970]94           
95        try:
96            self.attCert['attributes'] = 'roleSet'
97        except KeyError, e:
[2178]98            print "test6aSet: PASSED - %s" % e
[1970]99           
100        try:
101            self.attCert['attributes']['roleSet'] = ['role1', 'role2']
102        except KeyError, e:
[2178]103            print "test6aSet: PASSED - %s" % e
[1970]104
[2178]105    def test6bGet(self):
106        'test6bGet: test __getitem__ and property methods'
107        print "test6bGet ..."
108        self.test2SetProvenance()
109        self.test4SetValidityTime()
110        self.test6AddRoles()
111        self.test6aSet()
[1970]112
[2178]113        print "self.attCert['version'] = %s" % self.attCert['version']
114        print "self.attCert.version = %s" % self.attCert.version
115       
116        print "self.attCert['issuer'] = %s" % self.attCert['issuer']
117        print "self.attCert.issuer = %s" % self.attCert.issuer
118        print "self.attCert.issuerDN = %s" % self.attCert.issuerDN
119
120        print "self.attCert['issuerName'] = %s" % self.attCert['issuerName']
121        print "self.attCert.issuerName = %s" % self.attCert.issuerName
122       
123        print "self.attCert['issuerSerialNumber'] = %s" % \
124                                            self.attCert['issuerSerialNumber']
125        print "self.attCert.issuerSerialNumber = %s" % \
126                                            self.attCert.issuerSerialNumber
127       
128        print "self.attCert['holder'] = %s" % self.attCert['holder']
129        print "self.attCert.holder = %s" % self.attCert.holder
130        print "self.attCert.holderDN = %s" % self.attCert.holderDN
131
132        print "self.attCert['userId'] = %s" % self.attCert['userId']
133        print "self.attCert.userId = %s" % self.attCert.userId
134       
135        print "self.attCert['validity'] = %s" % self.attCert['validity']
136        print "self.attCert.validityNotBefore = %s" % \
137                                                self.attCert.validityNotBefore
138        print "self.attCert.validityNotAfter = %s" % \
139                                                self.attCert.validityNotAfter
140                                               
141        print "self.attCert.getValidityNotBefore(asDatetime=True) = %s" % \
142                            self.attCert.getValidityNotBefore(asDatetime=True)
143        print "self.attCert.getValidityNotAfter(asDatetime=True) = %s" % \
144                            self.attCert.getValidityNotAfter(asDatetime=True)
145       
146        print "self.attCert['attributes'] = %s" % self.attCert['attributes']
147        print "self.attCert['attributes']['roleSet'] %s: " % \
148                                        self.attCert['attributes']['roleSet'] 
149        print "self.attCert.roleSet = %s" % self.attCert.roleSet
150        print "self.attCert.roles = %s" % self.attCert.roles
151
[1967]152    def test7CreateXML(self):
153        'test7CreateXML: check for correct formatted string'
154        self.test2SetProvenance()
155        self.test5SetDefaultValidityTime()
156        self.test6AddRoles()
157        print 'test7CreateXML:\n\n' + self.attCert.createXML()
158
159   
160    def test8Parse(self):
[1970]161        '''test8Parse: parse an XML document''' 
[1967]162        self.attCert.parse(self.attCert.createXML())
[1970]163        print 'test8Parse:\n\n' + repr(self.attCert)
[1967]164
165    def test9Sign(self): 
166        '''test9Sign: sign document'''
167        self.test2SetProvenance()
168        self.test5SetDefaultValidityTime()
169        self.test6AddRoles()
[2178]170        self.test6aSet()   
[1970]171       
[1967]172        self.attCert.filePath = self.cfg['test9Sign']['filepath']
173        self.attCert.certFilePathList=self.cfg['test9Sign']['certfile']
174        self.attCert.signingKeyFilePath=self.cfg['test9Sign']['keyfile']
175       
[1970]176        try:
177            self.attCert.signingKeyPwd=self.cfg['test9Sign'].get('keypwd') or\
[1967]178            getpass.getpass(prompt="\ntest9Sign private key password: ")
[1970]179        except KeyboardInterrupt:
180            self.fail("test9Sign: Aborting test")
181            return
[1967]182       
183        self.attCert.applyEnvelopedSignature()
184        print 'test9Sign: \n\n%s' % self.attCert
185   
186   
187    def test10Write(self):
188        '''test10Write: write document'''
189           
190        self.test9Sign()
191        self.attCert.filePath = self.cfg['test10Write']['filepath']
192        self.attCert.write()
193     
194       
195    def test11Read(self):
196        '''test11Read: read document'''
197           
198        self.attCert.filePath = self.cfg['test11Read']['filepath']
199        self.attCert.read()
200        print 'test11Read: \n\n%s' % self.attCert
201       
202
203    def test12IsValid(self):
[2437]204        '''test12IsValid: check signature of XML document'''           
[1967]205        self.test11Read()
[2746]206        self.attCert.certFilePathList = \
207                    self.cfg['test12IsValid']['certfilepathlist'].split()
[1967]208        self.attCert.isValid(raiseExcep=True)
[2746]209        print 'test12IsValid: passed'
[1967]210       
211
[2437]212    def test13IsValidStressTest(self):
213        '''test13IsValidStressTest: check signature of XML document'''           
214        self.test2SetProvenance()
215        self.test5SetDefaultValidityTime()
216        self.test6aSet()   
217       
218        self.attCert.certFilePathList = \
[2746]219            self.cfg['test13IsValidStressTest']['certfilepathlist'].split()
[2437]220        self.attCert.signingKeyFilePath = \
221                            self.cfg['test13IsValidStressTest']['keyfile']
222       
223        try:
224            self.attCert.signingKeyPwd = \
225                        self.cfg['test13IsValidStressTest'].get('keypwd') or \
226                        getpass.getpass(\
227                    prompt="\ntest13IsValidStressTest private key password: ")
228        except KeyboardInterrupt:
229            self.fail("test13IsValidStressTest: Aborting test")
230            return
231
232        import base64
233        for i in range(0, int(self.cfg['test13IsValidStressTest']['nruns'])):
234            # Generate a range of random role names to try to trip up the
235            # signature validation
236            roles = [base64.encodestring(os.urandom(i)).strip() \
237                     for role in range(0, i)]
238            self.attCert.addRoles(roles)
239           
240            # Write AC file names by index
[2746]241            self.attCert.filePath = "stress-test-ac-%03d.xml" % i
[2437]242           
243            self.attCert.applyEnvelopedSignature()
244            self.attCert.write()
245
246            try:
247                self.attCert.isValid(raiseExcep=True)
248            except Exception, e:
249                msg = "Verification failed for %s: %s" % \
250                    (self.attCert.filePath, str(e))
251                print msg
252                open('%03d.msg' % i, 'w').write(msg)   
253
254    def test14IsValidSignature(self):
255        '''test14IsValidSignature: check signature of XML document'''           
256        self.attCert.filePath = self.cfg['test14IsValidSignature']['filepath']
257        self.attCert.read()
258       
[2746]259        self.attCert.certFilePathList = \
260                self.cfg['test14IsValidSignature']['certfilepathlist'].split()
[2437]261        self.attCert.verifyEnvelopedSignature()
262       
263        print 'test14IsValidSignature: \n\n%s' % self.attCert
264       
[1967]265class AttCertTestSuite(unittest.TestSuite):
266    def __init__(self):
267        map = map(AttCertTestCase,
268                  (
269                    "test1AttCert4NonZero",
270                    "test2SetProvenance",
271                    "test3TryToAlterProvenance",
272                    "test4SetValidityTime",
273                    "test5SetDefaultValidityTime",
274                    "test6AddRoles",
275                    "test7CreateXML",
276                    "test8Parse",
277                    "test9Sign",
278                    "test10Write",
279                    "test11Read",
280                    "test12IsValid",
281                  ))
282        unittest.TestSuite.__init__(self, map)
283 
284                                       
285if __name__ == "__main__":
286    unittest.main()
Note: See TracBrowser for help on using the repository browser.