source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py @ 2437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py@2437
Revision 2437, 10.4 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • soap_disconnect: added call to SessionMgr?.disconnect, added logic for retrieving ID from cert.

used with WS-Security signature.

  • add code to check for useSignatureHandler config param. If this flag is set, get user ID from

cert in WS-Security header

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
ndg.security.server/ndg/security/server/SessionMgr/init.py: added "useSignatureHandler" parameter
to properties file elements.

www/html/sessionMgr.wsdl,
ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py: removed userCert
argument. - This is not needed as cert chain can be passed in by setting #X509PKIPathv1 for
BinarySecurityToken?.

ndg.security.client/ndg/security/client/ndgSessionClient.py: started on updates from alpha version -
--req-autho flag is now --req-attr

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg: added more tests for signature
verification tests.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: removed userCert arg from
disconnect call. It's passed in the signature in the WS-Security header.

ndg.security.common/ndg/security/common/XMLSec.py: fixed bug in applyEnvelopedSignature - removed
incorrect strip call from digest calc:

calcSignedInfoDigestValue = sha(signedInfoC14n).digest()#.strip()


ndg.security.common/ndg/security/common/SessionMgr/init.py: Session Manager client code -
remove refs to "userCert" for disconnect and connect calls. It's passed in the WS-Security header
instead.

ndg.security.common/ndg/security/common/wsSecurity.py: comment - query whitespace strip in
extraction of calculated signature value from message "b64EncSignatureValue".

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2"""NDG XML Security unit tests
3
4NERC Data Grid Project
5
6@author P J Kershaw 03/01/07
7
8@copyright (C) 2007 CCLRC & NERC
9
10@license This software may be distributed under the terms of the Q Public
11License, version 1.0 or later.
12"""
13import unittest
14import os
15import sys
16import getpass
17import traceback
18
19from ConfigParser import SafeConfigParser
20from ndg.security.common.AttCert import AttCert
21
22class AttCertTestCase(unittest.TestCase):
23   
24    def setUp(self):
25       
26        configParser = SafeConfigParser()
27        configParser.read("./attCertTest.cfg")
28       
29        self.cfg = {}
30        for section in configParser.sections():
31            self.cfg[section] = dict(configParser.items(section))
32
33        self.attCert = AttCert()
34           
35           
36    def test1AttCert4NonZero(self):
37        'test1AttCert4NonZero: check if test yields True'
38        if not self.attCert:
39            self.fail("AttCert instance yields 0")
40
41       
42    def test2SetProvenance(self):
43        'test2SetProvenance'
44        self.attCert['provenance'] = AttCert.origProvenance
45        print "test2SetProvenance - set to: %s" % self.attCert['provenance']
46       
47       
48    def test3TryToAlterProvenance(self):
49        'test3TryToAlterProvenance'
50        try:
51            AttCert.origProvenance = 'Another provenance setting'
52        except AttributeError, e:
53            print \
54        "test3TryToAlterProvenance - PASSED - expected exception: \"%s\"" % e
55        except:
56            self.fail('Original provenance should be read-only')
57           
58           
59    def test4SetValidityTime(self):
60        'test4SetValidityTime'
61        self.attCert.setValidityTime(lifetime=60*60*8.)
62       
63        print 'test4SetValidityTime: %s' % self.attCert['validity']
64
65       
66    def test5SetDefaultValidityTime(self):
67        'test5SetDefaultValidityTime: use default settings'
68        self.attCert.setValidityTime()
69       
70        print 'test5SetDefaultValidityTime: %s' % self.attCert['validity']
71
72 
73    def test6AddRoles(self):
74        'test6AddRoles: add extra roles'
75        self.attCert.addRoles(['government', 'acsoe'])
76        self.attCert.addRoles('atsr')
77       
78        print "test6AddRoles: " + ', '.join(self.attCert.roles)
79
80 
81    def test6aSet(self):
82        'test6aSet: test __setitem__ and property methods'
83        self.attCert.version = "1.0"
84        self.attCert['issuer'] = '/O=NDG/OU=BADC/CN=Attribute Authority'
85        self.attCert['issuerName'] = 'BADC'
86        self.attCert.issuerSerialNumber = 1234
87        self.attCert['holder'] = '/O=NDG/OU=BADC/CN=server.cert.ac.uk'
88        self.attCert.userId = '/O=NDG/OU=BADC/CN=pjkershaw'
89       
90        try:
91            self.attCert['validity'] = 'invalid'
92        except KeyError, e:
93            print "test6aSet: PASSED - %s" % e
94           
95        try:
96            self.attCert['attributes'] = 'roleSet'
97        except KeyError, e:
98            print "test6aSet: PASSED - %s" % e
99           
100        try:
101            self.attCert['attributes']['roleSet'] = ['role1', 'role2']
102        except KeyError, e:
103            print "test6aSet: PASSED - %s" % e
104
105    def test6bGet(self):
106        'test6bGet: test __getitem__ and property methods'
107        print "test6bGet ..."
108        self.test2SetProvenance()
109        self.test4SetValidityTime()
110        self.test6AddRoles()
111        self.test6aSet()
112
113        print "self.attCert['version'] = %s" % self.attCert['version']
114        print "self.attCert.version = %s" % self.attCert.version
115       
116        print "self.attCert['issuer'] = %s" % self.attCert['issuer']
117        print "self.attCert.issuer = %s" % self.attCert.issuer
118        print "self.attCert.issuerDN = %s" % self.attCert.issuerDN
119
120        print "self.attCert['issuerName'] = %s" % self.attCert['issuerName']
121        print "self.attCert.issuerName = %s" % self.attCert.issuerName
122       
123        print "self.attCert['issuerSerialNumber'] = %s" % \
124                                            self.attCert['issuerSerialNumber']
125        print "self.attCert.issuerSerialNumber = %s" % \
126                                            self.attCert.issuerSerialNumber
127       
128        print "self.attCert['holder'] = %s" % self.attCert['holder']
129        print "self.attCert.holder = %s" % self.attCert.holder
130        print "self.attCert.holderDN = %s" % self.attCert.holderDN
131
132        print "self.attCert['userId'] = %s" % self.attCert['userId']
133        print "self.attCert.userId = %s" % self.attCert.userId
134       
135        print "self.attCert['validity'] = %s" % self.attCert['validity']
136        print "self.attCert.validityNotBefore = %s" % \
137                                                self.attCert.validityNotBefore
138        print "self.attCert.validityNotAfter = %s" % \
139                                                self.attCert.validityNotAfter
140                                               
141        print "self.attCert.getValidityNotBefore(asDatetime=True) = %s" % \
142                            self.attCert.getValidityNotBefore(asDatetime=True)
143        print "self.attCert.getValidityNotAfter(asDatetime=True) = %s" % \
144                            self.attCert.getValidityNotAfter(asDatetime=True)
145       
146        print "self.attCert['attributes'] = %s" % self.attCert['attributes']
147        print "self.attCert['attributes']['roleSet'] %s: " % \
148                                        self.attCert['attributes']['roleSet'] 
149        print "self.attCert.roleSet = %s" % self.attCert.roleSet
150        print "self.attCert.roles = %s" % self.attCert.roles
151
152    def test7CreateXML(self):
153        'test7CreateXML: check for correct formatted string'
154        self.test2SetProvenance()
155        self.test5SetDefaultValidityTime()
156        self.test6AddRoles()
157        print 'test7CreateXML:\n\n' + self.attCert.createXML()
158
159   
160    def test8Parse(self):
161        '''test8Parse: parse an XML document''' 
162        self.attCert.parse(self.attCert.createXML())
163        print 'test8Parse:\n\n' + repr(self.attCert)
164
165    def test9Sign(self): 
166        '''test9Sign: sign document'''
167        self.test2SetProvenance()
168        self.test5SetDefaultValidityTime()
169        self.test6AddRoles()
170        self.test6aSet()   
171       
172        self.attCert.filePath = self.cfg['test9Sign']['filepath']
173        self.attCert.certFilePathList=self.cfg['test9Sign']['certfile']
174        self.attCert.signingKeyFilePath=self.cfg['test9Sign']['keyfile']
175       
176        try:
177            self.attCert.signingKeyPwd=self.cfg['test9Sign'].get('keypwd') or\
178            getpass.getpass(prompt="\ntest9Sign private key password: ")
179        except KeyboardInterrupt:
180            self.fail("test9Sign: Aborting test")
181            return
182       
183        self.attCert.applyEnvelopedSignature()
184        print 'test9Sign: \n\n%s' % self.attCert
185   
186   
187    def test10Write(self):
188        '''test10Write: write document'''
189           
190        self.test9Sign()
191        self.attCert.filePath = self.cfg['test10Write']['filepath']
192        self.attCert.write()
193     
194       
195    def test11Read(self):
196        '''test11Read: read document'''
197           
198        self.attCert.filePath = self.cfg['test11Read']['filepath']
199        self.attCert.read()
200        print 'test11Read: \n\n%s' % self.attCert
201       
202
203    def test12IsValid(self):
204        '''test12IsValid: check signature of XML document'''           
205        self.test11Read()
206        self.attCert.certFilePathList=self.cfg['test12IsValid']['certfile']
207        self.attCert.isValid(raiseExcep=True)
208       
209
210    def test13IsValidStressTest(self):
211        '''test13IsValidStressTest: check signature of XML document'''           
212        self.test2SetProvenance()
213        self.test5SetDefaultValidityTime()
214        self.test6aSet()   
215       
216        self.attCert.certFilePathList = \
217                            self.cfg['test13IsValidStressTest']['certfile']
218        self.attCert.signingKeyFilePath = \
219                            self.cfg['test13IsValidStressTest']['keyfile']
220       
221        try:
222            self.attCert.signingKeyPwd = \
223                        self.cfg['test13IsValidStressTest'].get('keypwd') or \
224                        getpass.getpass(\
225                    prompt="\ntest13IsValidStressTest private key password: ")
226        except KeyboardInterrupt:
227            self.fail("test13IsValidStressTest: Aborting test")
228            return
229
230        import base64
231        for i in range(0, int(self.cfg['test13IsValidStressTest']['nruns'])):
232            # Generate a range of random role names to try to trip up the
233            # signature validation
234            roles = [base64.encodestring(os.urandom(i)).strip() \
235                     for role in range(0, i)]
236            self.attCert.addRoles(roles)
237           
238            # Write AC file names by index
239            self.attCert.filePath = "%03d.xml" % i
240           
241            self.attCert.applyEnvelopedSignature()
242            self.attCert.write()
243
244            self.attCert.certFilePathList = \
245                            self.cfg['test13IsValidStressTest']['certfile']
246
247            try:
248                self.attCert.isValid(raiseExcep=True)
249            except Exception, e:
250                msg = "Verification failed for %s: %s" % \
251                    (self.attCert.filePath, str(e))
252                print msg
253                open('%03d.msg' % i, 'w').write(msg)   
254
255    def test14IsValidSignature(self):
256        '''test14IsValidSignature: check signature of XML document'''           
257        self.attCert.filePath = self.cfg['test14IsValidSignature']['filepath']
258        self.attCert.read()
259       
260        self.attCert.certFilePathList=self.cfg['test14IsValidSignature']['certfile']
261        import pdb;pdb.set_trace()
262        self.attCert.verifyEnvelopedSignature()
263       
264        print 'test14IsValidSignature: \n\n%s' % self.attCert
265       
266class AttCertTestSuite(unittest.TestSuite):
267    def __init__(self):
268        map = map(AttCertTestCase,
269                  (
270                    "test1AttCert4NonZero",
271                    "test2SetProvenance",
272                    "test3TryToAlterProvenance",
273                    "test4SetValidityTime",
274                    "test5SetDefaultValidityTime",
275                    "test6AddRoles",
276                    "test7CreateXML",
277                    "test8Parse",
278                    "test9Sign",
279                    "test10Write",
280                    "test11Read",
281                    "test12IsValid",
282                  ))
283        unittest.TestSuite.__init__(self, map)
284 
285                                       
286if __name__ == "__main__":
287    unittest.main()
Note: See TracBrowser for help on using the repository browser.