source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py @ 2092

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py@2092
Revision 2092, 11.0 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:
uncommented disconnect call arguments

python/ndg.security.common/ndg/security/common/wsSecurity.py:
Added 'ec' into prefix list for exclusive canonicalization of the SignedInfo? section. This
fixes bug with signature for test3ProxyCertConnect test. TODO: fix test4CookieDisconnect
'block type is not 01' verify error.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""Test harness for NDG Session Manager client - makes requests for
4authentication and authorisation.  An Attribute Authority and Simple CA
5services must be running for the reqAuthorisation and addUser tests
6
7NERC Data Grid Project
8
9@author P J Kershaw
10
1123/02/06
12
13Renamed from SessionClientTest.py 27/0/4/06
14Moved and renamed SessionMgrClientTest.py 23/11/06
15
16@copyright (C) 2007 CCLRC & NERC
17
18@license This software may be distributed under the terms of the Q Public
19License, version 1.0 or later.
20"""
21reposID = "$Id:$"
22
23import unittest
24import os, sys, getpass
25from ConfigParser import SafeConfigParser
26
27from ndg.security.common.SessionMgr import SessionMgrClient, \
28    AttributeRequestDenied
29   
30from ndg.security.common.SessionCookie import SessionCookie
31
32
33class SessionMgrClientTestCase(unittest.TestCase):
34   
35    def setUp(self):
36       
37        configParser = SafeConfigParser()
38        configParser.read("./sessionMgrClientTest.cfg")
39       
40        self.cfg = {}
41        for section in configParser.sections():
42            self.cfg[section] = dict(configParser.items(section))
43
44        tracefile = sys.stderr
45
46        try:
47            if self.cfg['setUp'].get('clntprikeypwd') is None:
48                clntPriKeyPwd = getpass.getpass(\
49                            prompt="\nsetUp - client private key password: ")
50            else:
51                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
52        except KeyboardInterrupt:
53            sys.exit(0)
54           
55        # Initialise the Session Manager client connection
56        # Omit traceFile keyword to leave out SOAP debug info
57        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'],
58                verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'],
59                signingCertFilePath=self.cfg['setUp']['clntcertfilepath'],
60                signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'],
61                signingPriKeyPwd=clntPriKeyPwd,
62                tracefile=tracefile) 
63       
64        self.sessCookie = None
65        self.proxyCert = None
66        self.proxyPriKey = None
67        self.userCert = None
68
69    def test1AddUser(self):
70        """Add a new user ID to the MyProxy repository"""
71       
72        passphrase = self.cfg['test1AddUser'].get('passphrase') or \
73            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ")
74           
75        # Note the pass-phrase is read from the file tmp.  To pass
76        # explicitly as a string use the 'passphrase' keyword instead
77        self.clnt.addUser(self.cfg['test1AddUser']['username'], 
78                          passphrase=passphrase)
79        print "Added user '%s'" % self.cfg['test1AddUser']['username']
80       
81
82    def test2CookieConnect(self):
83        """test2CookieConnect: Connect as if acting as a browser client -
84        a cookie is returned"""
85
86        passphrase = self.cfg['test2CookieConnect'].get('passphrase') or \
87        getpass.getpass(prompt="\ntest2CookieConnect pass-phrase for user: ")
88
89        self.proxyCert, self.proxyPriKey, self.userCert, cookie = \
90            self.clnt.connect(self.cfg['test2CookieConnect']['username'], 
91                              passphrase=passphrase,
92                              getCookie=True)
93
94        self.sessCookie = SessionCookie(cookie)
95        print "User '%s' connected to Session Manager:\n%s" % \
96            (self.cfg['test2CookieConnect']['username'], self.sessCookie)
97           
98
99    def test3ProxyCertConnect(self):
100        """test3ProxyCertConnect: Connect as a command line client -
101        a proxyCert is returned"""
102
103        passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \
104            getpass.getpass(\
105                    prompt="\ntest3ProxyCertConnect pass-phrase for user: ")
106
107        self.proxyCert, self.proxyPriKey, self.userCert, null = \
108            self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'], 
109                              passphrase=passphrase,
110                              getCookie=False)
111        print "User '%s' connected to Session Manager:\n%s" % \
112            (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert)
113           
114
115    def test4CookieDisconnect(self):
116        """test4CookieDisconnect: disconnect as if acting as a browser client -
117        a cookie is returned"""
118       
119        print "\n\t" + self.test4CookieDisconnect.__doc__
120        self.test2CookieConnect()
121       
122        # Use proxy cert / private key just obtained from connect call for
123        # signature generation
124        self.clnt.signatureHandler.signingCert = self.proxyCert
125        self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey
126       
127        self.clnt.disconnect(userCert=self.userCert,
128                             sessCookie=str(self.sessCookie))
129       
130        print "User disconnected from Session Manager:\n%s" % self.sessCookie
131           
132
133    def test5ProxyCertDisconnect(self):
134        """test5ProxyCertDisconnect: Connect as a command line client -
135        a proxyCert is returned"""
136       
137        print "\n\t" + self.test5ProxyCertDisconnect.__doc__
138        self.test3ProxyCertConnect()
139       
140        # Use proxy to sign outbound SOAP message
141        self.clnt.signingCert = self.proxyCert
142        self.clnt.signingKey = self.proxyPriKey
143        self.clnt.signingPriKeyPwd = None
144       
145        self.clnt.disconnect(proxyCert=self.proxyCert)
146        print "User disconnected from Session Manager:\n%s" % self.proxyCert
147
148
149    def test6CookieGetAttCert(self):
150        """test6CookieGetAttCert: make an attribute request using
151        a cookie as authentication credential"""
152
153        print "\n\t" + self.test6CookieGetAttCert.__doc__       
154        self.test2CookieConnect()
155       
156        attCert, extAttCertList = self.clnt.getAttCert(\
157            sessID=self.sessCookie.sessionID, 
158            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
159            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri'])
160       
161        print "Attribute Certificate:\n%s" % attCert 
162        print "External Attribute Certificate List:\n%s" % extAttCertList
163
164
165    def test6aCookieGetAttCertRefused(self):
166        """test6aCookieGetAttCertRefused: make an attribute request using
167        a cookie as authentication credential requesting an AC from an
168        Attribute Authority where the user is NOT registered"""
169
170        print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__       
171        self.test2CookieConnect()
172       
173        aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri']
174       
175        try:
176            attCert, extAttCertList = self.clnt.getAttCert(\
177                        sessID=self.sessCookie.sessionID, 
178                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
179                        attAuthorityURI=aaURI,
180                        mapFromTrustedHosts=False)
181        except AttributeRequestDenied, e:
182            print "SUCCESS - obtained expected result: %s" % e
183            return
184       
185        self.fail("Request allowed from AA where user is NOT registered!")
186
187
188    def test6bCookieGetMappedAttCert(self):
189        """test6bCookieGetMappedAttCert: make an attribute request using
190        a cookie as authentication credential"""
191
192        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
193        self.test2CookieConnect()
194       
195        attCert, extAttCertList = self.clnt.getAttCert(\
196            sessID=self.sessCookie.sessionID, 
197            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
198            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
199       
200        print "Attribute Certificate:\n%s" % attCert 
201        print "External Attribute Certificate List:\n%s" % extAttCertList
202
203
204    def test6bCookieGetMappedAttCert(self):
205        """test6CookieGetAttCert: make an attribute request using
206        a cookie as authentication credential"""
207
208        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
209        self.test2CookieConnect()
210       
211        attCert, extAttCertList = self.clnt.getAttCert(\
212            sessID=self.sessCookie.sessionID, 
213            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
214            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
215       
216        print "Attribute Certificate:\n%s" % attCert 
217        print "External Attribute Certificate List:\n%s" % extAttCertList
218
219
220    def test6cCookieGetAttCertWithExtAttCertList(self):
221        """test6CookieGetAttCert: make an attribute request using
222        a cookie as authentication credential"""
223       
224        print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__       
225        self.test2CookieConnect()
226       
227        aaURI = \
228            self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri']
229           
230        attCert, extAttCertList = self.clnt.getAttCert(\
231                        sessID=self.sessCookie.sessionID, 
232                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
233                        attAuthorityURI=aaURI,
234                        extAttCertList=['AC1', 'AC2', 'AC3'])
235         
236        print "Attribute Certificate:\n%s" % attCert 
237        print "External Attribute Certificate List:\n%s" % extAttCertList
238
239
240    def test7ProxyCertGetAttCert(self):
241        """test7ProxyCertGetAttCert: make an attribute request using
242        a proxy cert as authentication credential"""
243        print "\n\t" + self.test7ProxyCertGetAttCert.__doc__
244        self.test3ProxyCertConnect()
245       
246        # Request an attribute certificate from an Attribute Authority
247        # using the proxyCert returned from connect()
248       
249        aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri']
250        attCert, extAttCertList = self.clnt.getAttCert(\
251                                                 proxyCert=self.proxyCert,
252                                                 attAuthorityURI=aaURI)
253         
254        print "Attribute Certificate:\n%s" % attCert 
255        print "External Attribute Certificate List:\n%s" % extAttCertList
256
257
258    def test8GetX509Cert(self):
259        "test8GetX509Cert: return the Session Manager's X.509 Cert."
260        cert = self.clnt.getX509Cert()
261                                             
262        print "Session Manager X.509 Certificate:\n" + cert
263           
264           
265#_____________________________________________________________________________       
266class SessionMgrClientTestSuite(unittest.TestSuite):
267   
268    def __init__(self):
269        map = map(SessionMgrClientTestCase,
270                  (
271                    "test1AddUser",
272                    "test2CookieConnect",
273                    "test3ProxyCertConnect",
274                    "test4CookieDisconnect",
275                    "test5ProxyCertDisconnect",
276                    "test6CookieGetAttCert",
277                    "test6bCookieGetMappedAttCert",
278                    "test6cCookieGetAttCertWithExtAttCertList",
279                    "test7ProxyCertGetAttCert",
280                    "test8GetX509Cert",
281                  ))
282        unittest.TestSuite.__init__(self, map)
283           
284                                                   
285if __name__ == "__main__":
286    unittest.main()       
Note: See TracBrowser for help on using the repository browser.