source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py @ 2418

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py@2418
Revision 2418, 11.1 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/Log.py: remove ref to 'Logger'

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
added M2Crypto SSL support

ndg.security.server/ndg/security/server/SessionMgr/start-container.sh:
copy from Attribute Authority version.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:
fix to test5ProxyCertDisconnect call.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
set clntprikeypwd to null so that it is not prompted for from terminal.

ndg.security.common/ndg/security/common/SessionMgr/init.py: fix to
disconnect SOAP client call so that userCert omit alone is allowed.

ndg.security.common/ndg/security/common/wsSecurity.py: delete debug call.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""Test harness for NDG Session Manager client - makes requests for
4authentication and authorisation.  An Attribute Authority and Simple CA
5services must be running for the reqAuthorisation and addUser tests
6
7NERC Data Grid Project
8
9@author P J Kershaw
10
1123/02/06
12
13Renamed from SessionClientTest.py 27/0/4/06
14Moved and renamed SessionMgrClientTest.py 23/11/06
15
16@copyright (C) 2007 CCLRC & NERC
17
18@license This software may be distributed under the terms of the Q Public
19License, version 1.0 or later.
20"""
21__revision__ = "$Id:$"
22
23import unittest
24import os, sys, getpass
25from ConfigParser import SafeConfigParser
26
27from ndg.security.common.SessionMgr import SessionMgrClient, \
28    AttributeRequestDenied
29   
30from ndg.security.common.SessionCookie import SessionCookie
31
32
33class SessionMgrClientTestCase(unittest.TestCase):
34   
35    def setUp(self):
36       
37        configParser = SafeConfigParser()
38        configParser.read("./sessionMgrClientTest.cfg")
39       
40        self.cfg = {}
41        for section in configParser.sections():
42            self.cfg[section] = dict(configParser.items(section))
43
44        tracefile = sys.stderr
45
46        try:
47            if self.cfg['setUp'].get('clntprikeypwd') is None:
48                clntPriKeyPwd = getpass.getpass(\
49                            prompt="\nsetUp - client private key password: ")
50            else:
51                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
52        except KeyboardInterrupt:
53            sys.exit(0)
54           
55        # Initialise the Session Manager client connection
56        # Omit traceFile keyword to leave out SOAP debug info
57        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'],
58                verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'],
59                signingCertFilePath=self.cfg['setUp']['clntcertfilepath'],
60                signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'],
61                signingPriKeyPwd=clntPriKeyPwd,
62                tracefile=tracefile) 
63       
64        self.sessCookie = None
65        self.proxyCert = None
66        self.proxyPriKey = None
67        self.userCert = None
68
69    def test1AddUser(self):
70        """Add a new user ID to the MyProxy repository"""
71       
72        passphrase = self.cfg['test1AddUser'].get('passphrase') or \
73            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ")
74           
75        # Note the pass-phrase is read from the file tmp.  To pass
76        # explicitly as a string use the 'passphrase' keyword instead
77        self.clnt.addUser(self.cfg['test1AddUser']['username'], 
78                          passphrase=passphrase)
79        print "Added user '%s'" % self.cfg['test1AddUser']['username']
80       
81
82    def test2CookieConnect(self):
83        """test2CookieConnect: Connect as if acting as a browser client -
84        a cookie is returned"""
85
86        passphrase = self.cfg['test2CookieConnect'].get('passphrase')
87        if passphrase is None:
88            passphrase = getpass.getpass(\
89                     prompt="\ntest2CookieConnect pass-phrase for user: ")
90
91        self.proxyCert, self.proxyPriKey, self.userCert, cookie = \
92            self.clnt.connect(self.cfg['test2CookieConnect']['username'], 
93                              passphrase=passphrase,
94                              getCookie=True)
95
96        self.sessCookie = SessionCookie(cookie)
97        print "User '%s' connected to Session Manager:\n%s" % \
98            (self.cfg['test2CookieConnect']['username'], self.sessCookie)
99           
100
101    def test3ProxyCertConnect(self):
102        """test3ProxyCertConnect: Connect as a command line client -
103        a proxyCert is returned"""
104
105        passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \
106            getpass.getpass(\
107                    prompt="\ntest3ProxyCertConnect pass-phrase for user: ")
108
109        self.proxyCert, self.proxyPriKey, self.userCert, null = \
110            self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'], 
111                              passphrase=passphrase,
112                              getCookie=False)
113        print "User '%s' connected to Session Manager:\n%s" % \
114            (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert)
115           
116
117    def test4CookieDisconnect(self):
118        """test4CookieDisconnect: disconnect as if acting as a browser client
119        """
120       
121        print "\n\t" + self.test4CookieDisconnect.__doc__
122        self.test2CookieConnect()
123       
124        # Use proxy cert / private key just obtained from connect call for
125        # signature generation
126        self.clnt.signatureHandler.signingCert = self.proxyCert
127        self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey
128       
129        self.clnt.disconnect(userCert=self.userCert,
130                             sessCookie=str(self.sessCookie))
131       
132        print "User disconnected from Session Manager:\n%s" % self.sessCookie
133           
134
135    def test5ProxyCertDisconnect(self):
136        """test5ProxyCertDisconnect: Disconnect as a command line client
137        """
138       
139        print "\n\t" + self.test5ProxyCertDisconnect.__doc__
140        self.test3ProxyCertConnect()
141       
142        # Use proxy to sign outbound SOAP message
143        self.clnt.signingCert = self.proxyCert
144        self.clnt.signingKey = self.proxyPriKey
145        self.clnt.signingPriKeyPwd = None
146       
147        self.clnt.disconnect(userCert=self.proxyCert)
148        print "User disconnected from Session Manager:\n%s" % self.proxyCert
149
150
151    def test6CookieGetAttCert(self):
152        """test6CookieGetAttCert: make an attribute request using
153        a cookie as authentication credential"""
154
155        print "\n\t" + self.test6CookieGetAttCert.__doc__       
156        self.test2CookieConnect()
157       
158        attCert, extAttCertList = self.clnt.getAttCert(\
159            sessID=self.sessCookie.sessionID, 
160            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
161            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri'])
162       
163        print "Attribute Certificate:\n%s" % attCert 
164        print "External Attribute Certificate List:\n%s" % extAttCertList
165
166
167    def test6aCookieGetAttCertRefused(self):
168        """test6aCookieGetAttCertRefused: make an attribute request using
169        a cookie as authentication credential requesting an AC from an
170        Attribute Authority where the user is NOT registered"""
171
172        print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__       
173        self.test2CookieConnect()
174       
175        aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri']
176       
177        try:
178            attCert, extAttCertList = self.clnt.getAttCert(\
179                        sessID=self.sessCookie.sessionID, 
180                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
181                        attAuthorityURI=aaURI,
182                        mapFromTrustedHosts=False)
183        except AttributeRequestDenied, e:
184            print "SUCCESS - obtained expected result: %s" % e
185            return
186       
187        self.fail("Request allowed from AA where user is NOT registered!")
188
189
190    def test6bCookieGetMappedAttCert(self):
191        """test6bCookieGetMappedAttCert: make an attribute request using
192        a cookie as authentication credential"""
193
194        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
195        self.test2CookieConnect()
196       
197        attCert, extAttCertList = self.clnt.getAttCert(\
198            sessID=self.sessCookie.sessionID, 
199            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
200            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
201       
202        print "Attribute Certificate:\n%s" % attCert 
203        print "External Attribute Certificate List:\n%s" % extAttCertList
204
205
206    def test6bCookieGetMappedAttCert(self):
207        """test6CookieGetAttCert: make an attribute request using
208        a cookie as authentication credential"""
209
210        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
211        self.test2CookieConnect()
212       
213        attCert, extAttCertList = self.clnt.getAttCert(\
214            sessID=self.sessCookie.sessionID, 
215            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
216            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
217       
218        print "Attribute Certificate:\n%s" % attCert 
219        print "External Attribute Certificate List:\n%s" % extAttCertList
220
221
222    def test6cCookieGetAttCertWithExtAttCertList(self):
223        """test6CookieGetAttCert: make an attribute request using
224        a cookie as authentication credential"""
225       
226        print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__       
227        self.test2CookieConnect()
228       
229        aaURI = \
230            self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri']
231           
232        attCert, extAttCertList = self.clnt.getAttCert(\
233                        sessID=self.sessCookie.sessionID, 
234                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
235                        attAuthorityURI=aaURI,
236                        extAttCertList=['AC1', 'AC2', 'AC3'])
237         
238        print "Attribute Certificate:\n%s" % attCert 
239        print "External Attribute Certificate List:\n%s" % extAttCertList
240
241
242    def test7ProxyCertGetAttCert(self):
243        """test7ProxyCertGetAttCert: make an attribute request using
244        a proxy cert as authentication credential"""
245        print "\n\t" + self.test7ProxyCertGetAttCert.__doc__
246        self.test3ProxyCertConnect()
247       
248        # Request an attribute certificate from an Attribute Authority
249        # using the proxyCert returned from connect()
250       
251        aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri']
252        attCert, extAttCertList = self.clnt.getAttCert(\
253                                                 proxyCert=self.proxyCert,
254                                                 attAuthorityURI=aaURI)
255         
256        print "Attribute Certificate:\n%s" % attCert 
257        print "External Attribute Certificate List:\n%s" % extAttCertList
258
259
260    def test8GetX509Cert(self):
261        "test8GetX509Cert: return the Session Manager's X.509 Cert."
262        cert = self.clnt.getX509Cert()
263                                             
264        print "Session Manager X.509 Certificate:\n" + cert
265           
266           
267#_____________________________________________________________________________       
268class SessionMgrClientTestSuite(unittest.TestSuite):
269   
270    def __init__(self):
271        map = map(SessionMgrClientTestCase,
272                  (
273                    "test1AddUser",
274                    "test2CookieConnect",
275                    "test3ProxyCertConnect",
276                    "test4CookieDisconnect",
277                    "test5ProxyCertDisconnect",
278                    "test6CookieGetAttCert",
279                    "test6bCookieGetMappedAttCert",
280                    "test6cCookieGetAttCertWithExtAttCertList",
281                    "test7ProxyCertGetAttCert",
282                    "test8GetX509Cert",
283                  ))
284        unittest.TestSuite.__init__(self, map)
285           
286                                                   
287if __name__ == "__main__":
288    unittest.main()       
Note: See TracBrowser for help on using the repository browser.