source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py @ 2085

#!/usr/bin/env python

"""Test harness for NDG Session Manager client - makes requests for 
authentication and authorisation.  An Attribute Authority and Simple CA
services must be running for the reqAuthorisation and addUser tests

NERC Data Grid Project

@author P J Kershaw 

23/02/06

Renamed from SessionClientTest.py 27/0/4/06
Moved and renamed SessionMgrClientTest.py 23/11/06

@copyright (C) 2007 CCLRC & NERC

@license This software may be distributed under the terms of the Q Public
License, version 1.0 or later.
"""
reposID = "$Id:$"

import unittest
import os, sys, getpass
from ConfigParser import SafeConfigParser

from ndg.security.common.SessionMgr import SessionMgrClient, \
    AttributeRequestDenied
    
from ndg.security.common.SessionCookie import SessionCookie


class SessionMgrClientTestCase(unittest.TestCase):
    
    def setUp(self):
        
        configParser = SafeConfigParser()
        configParser.read("./sessionMgrClientTest.cfg")
        
        self.cfg = {}
        for section in configParser.sections():
            self.cfg[section] = dict(configParser.items(section))

        tracefile = sys.stderr

        try:
            if self.cfg['setUp'].get('clntprikeypwd') is None:
                clntPriKeyPwd = getpass.getpass(\
                            prompt="\nsetUp - client private key password: ")
            else:
                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
        except KeyboardInterrupt:
            sys.exit(0)
            
        # Initialise the Session Manager client connection
        # Omit traceFile keyword to leave out SOAP debug info
        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'],
                verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'],
                signingCertFilePath=self.cfg['setUp']['clntcertfilepath'],
                signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'],
                signingPriKeyPwd=clntPriKeyPwd,
                tracefile=tracefile) 
        
        self.sessCookie = None
        self.proxyCert = None
        self.proxyPriKey = None
        self.userCert = None

    def test1AddUser(self):
        """Add a new user ID to the MyProxy repository"""
        
        passphrase = self.cfg['test1AddUser'].get('passphrase') or \
            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ")
            
        # Note the pass-phrase is read from the file tmp.  To pass
        # explicitly as a string use the 'passphrase' keyword instead
        self.clnt.addUser(self.cfg['test1AddUser']['username'], 
                          passphrase=passphrase)
        print "Added user '%s'" % self.cfg['test1AddUser']['username']
        

    def test2CookieConnect(self):
        """test2CookieConnect: Connect as if acting as a browser client - 
        a cookie is returned"""

        passphrase = self.cfg['test2CookieConnect'].get('passphrase') or \
        getpass.getpass(prompt="\ntest2CookieConnect pass-phrase for user: ")

        self.proxyCert, self.proxyPriKey, self.userCert, cookie = \
            self.clnt.connect(self.cfg['test2CookieConnect']['username'], 
                              passphrase=passphrase,
                              getCookie=True)

        self.sessCookie = SessionCookie(cookie)
        print "User '%s' connected to Session Manager:\n%s" % \
            (self.cfg['test2CookieConnect']['username'], self.sessCookie)
            

    def test3ProxyCertConnect(self):
        """test3ProxyCertConnect: Connect as a command line client - 
        a proxyCert is returned"""

        passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \
            getpass.getpass(\
                    prompt="\ntest3ProxyCertConnect pass-phrase for user: ")

        self.proxyCert, self.proxyPriKey, self.userCert, null = \
            self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'], 
                              passphrase=passphrase,
                              getCookie=False)
        print "User '%s' connected to Session Manager:\n%s" % \
            (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert)
            

    def test4CookieDisconnect(self):
        """test4CookieDisconnect: disconnect as if acting as a browser client - 
        a cookie is returned"""
        
        print "\n\t" + self.test4CookieDisconnect.__doc__
        self.test2CookieConnect()
        
        # Use proxy cert / private key just obtained from connect call for
        # signature generation
        self.clnt.signatureHandler.signingCert = self.proxyCert
        self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey
        
        self.clnt.disconnect(#userCert=self.userCert,
                             #sessCookie=str(self.sessCookie)
                             #sessID="A",
                             #encrSessionMgrURI="B"
                             )
        
        print "User disconnected from Session Manager:\n%s" % self.sessCookie
            

    def test5ProxyCertDisconnect(self):
        """test5ProxyCertDisconnect: Connect as a command line client - 
        a proxyCert is returned"""
        
        print "\n\t" + self.test5ProxyCertDisconnect.__doc__
        self.test3ProxyCertConnect()
        
        # Use proxy to sign outbound SOAP message
        self.clnt.signingCert = self.proxyCert
        self.clnt.signingKey = self.proxyPriKey
        self.clnt.signingPriKeyPwd = None
        
        self.clnt.disconnect(proxyCert=self.proxyCert)
        print "User disconnected from Session Manager:\n%s" % self.proxyCert


    def test6CookieGetAttCert(self):
        """test6CookieGetAttCert: make an attribute request using
        a cookie as authentication credential"""

        print "\n\t" + self.test6CookieGetAttCert.__doc__        
        self.test2CookieConnect()
        
        attCert, extAttCertList = self.clnt.getAttCert(\
            sessID=self.sessCookie.sessionID, 
            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri'])
        
        print "Attribute Certificate:\n%s" % attCert  
        print "External Attribute Certificate List:\n%s" % extAttCertList


    def test6aCookieGetAttCertRefused(self):
        """test6aCookieGetAttCertRefused: make an attribute request using
        a cookie as authentication credential requesting an AC from an
        Attribute Authority where the user is NOT registered"""

        print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__        
        self.test2CookieConnect()
        
        aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri']
        
        try:
            attCert, extAttCertList = self.clnt.getAttCert(\
                        sessID=self.sessCookie.sessionID, 
                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
                        attAuthorityURI=aaURI,
                        mapFromTrustedHosts=False)
        except AttributeRequestDenied, e:
            print "SUCCESS - obtained expected result: %s" % e
            return
        
        self.fail("Request allowed from AA where user is NOT registered!")


    def test6bCookieGetMappedAttCert(self):
        """test6bCookieGetMappedAttCert: make an attribute request using
        a cookie as authentication credential"""

        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__        
        self.test2CookieConnect()
        
        attCert, extAttCertList = self.clnt.getAttCert(\
            sessID=self.sessCookie.sessionID, 
            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
        
        print "Attribute Certificate:\n%s" % attCert  
        print "External Attribute Certificate List:\n%s" % extAttCertList


    def test6bCookieGetMappedAttCert(self):
        """test6CookieGetAttCert: make an attribute request using
        a cookie as authentication credential"""

        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__        
        self.test2CookieConnect()
        
        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\
            sessID=self.sessCookie.sessionID, 
            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
        
        print "Attribute Certificate:\n%s" % attCert  
        print "Status: %s" % statusCode
        print "Message: %s" % msg
        print "External Attribute Certificate List:\n%s" % extAttCertList


    def test6cCookieGetAttCertWithExtAttCertList(self):
        """test6CookieGetAttCert: make an attribute request using
        a cookie as authentication credential"""
        
        print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__        
        self.test2CookieConnect()
        
        aaURI = \
            self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri']
            
        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\
                        sessID=self.sessCookie.sessionID, 
                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
                        attAuthorityURI=aaURI,
                        extAttCertList=['AC1', 'AC2', 'AC3'])
          
        print "Attribute Certificate:\n%s" % attCert  
        print "Status: %s" % statusCode
        print "Message: %s" % msg
        print "External Attribute Certificate List:\n%s" % extAttCertList


    def test7ProxyCertGetAttCert(self):
        """test7ProxyCertGetAttCert: make an attribute request using
        a proxy cert as authentication credential"""
        print "\n\t" + self.test7ProxyCertGetAttCert.__doc__
        self.test3ProxyCertConnect()
        
        # Request an attribute certificate from an Attribute Authority 
        # using the proxyCert returned from connect()
        
        aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri']
        attCert, statusCode, msg, extAttCertList = self.clnt.getAttCert(\
                                                 proxyCert=self.proxyCert,
                                                 attAuthorityURI=aaURI)
          
        print "Attribute Certificate:\n%s" % attCert  
        print "Status: %s" % statusCode
        print "Message: %s" % msg
        print "External Attribute Certificate List:\n%s" % extAttCertList


    def test8GetX509Cert(self):
        "test8GetX509Cert: return the Session Manager's X.509 Cert."
        cert = self.clnt.getX509Cert()
                                             
        print "Session Manager X.509 Certificate:\n" + cert
            
            
#_____________________________________________________________________________       
class SessionMgrClientTestSuite(unittest.TestSuite):
    
    def __init__(self):
        map = map(SessionMgrClientTestCase,
                  (
                    "test1AddUser",
                    "test2CookieConnect",
                    "test3ProxyCertConnect",
                    "test4CookieDisconnect",
                    "test5ProxyCertDisconnect",
                    "test6CookieGetAttCert",
                    "test6bCookieGetMappedAttCert",
                    "test6cCookieGetAttCertWithExtAttCertList",
                    "test7ProxyCertGetAttCert",
                    "test8GetX509Cert",
                  ))
        unittest.TestSuite.__init__(self, map)
            
                                                    
if __name__ == "__main__":
    unittest.main()