source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py @ 2437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py@2437
Revision 2437, 11.1 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • soap_disconnect: added call to SessionMgr?.disconnect, added logic for retrieving ID from cert.

used with WS-Security signature.

  • add code to check for useSignatureHandler config param. If this flag is set, get user ID from

cert in WS-Security header

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
ndg.security.server/ndg/security/server/SessionMgr/init.py: added "useSignatureHandler" parameter
to properties file elements.

www/html/sessionMgr.wsdl,
ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py: removed userCert
argument. - This is not needed as cert chain can be passed in by setting #X509PKIPathv1 for
BinarySecurityToken?.

ndg.security.client/ndg/security/client/ndgSessionClient.py: started on updates from alpha version -
--req-autho flag is now --req-attr

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg: added more tests for signature
verification tests.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: removed userCert arg from
disconnect call. It's passed in the signature in the WS-Security header.

ndg.security.common/ndg/security/common/XMLSec.py: fixed bug in applyEnvelopedSignature - removed
incorrect strip call from digest calc:

calcSignedInfoDigestValue = sha(signedInfoC14n).digest()#.strip()


ndg.security.common/ndg/security/common/SessionMgr/init.py: Session Manager client code -
remove refs to "userCert" for disconnect and connect calls. It's passed in the WS-Security header
instead.

ndg.security.common/ndg/security/common/wsSecurity.py: comment - query whitespace strip in
extraction of calculated signature value from message "b64EncSignatureValue".

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""Test harness for NDG Session Manager client - makes requests for
4authentication and authorisation.  An Attribute Authority and Simple CA
5services must be running for the reqAuthorisation and addUser tests
6
7NERC Data Grid Project
8
9@author P J Kershaw
10
1123/02/06
12
13Renamed from SessionClientTest.py 27/0/4/06
14Moved and renamed SessionMgrClientTest.py 23/11/06
15
16@copyright (C) 2007 CCLRC & NERC
17
18@license This software may be distributed under the terms of the Q Public
19License, version 1.0 or later.
20"""
21__revision__ = "$Id:$"
22
23import unittest
24import os, sys, getpass
25from ConfigParser import SafeConfigParser
26
27from ndg.security.common.SessionMgr import SessionMgrClient, \
28    AttributeRequestDenied
29   
30from ndg.security.common.SessionCookie import SessionCookie
31
32
33class SessionMgrClientTestCase(unittest.TestCase):
34   
35    def setUp(self):
36       
37        configParser = SafeConfigParser()
38        configParser.read("./sessionMgrClientTest.cfg")
39       
40        self.cfg = {}
41        for section in configParser.sections():
42            self.cfg[section] = dict(configParser.items(section))
43
44        tracefile = sys.stderr
45
46        try:
47            if self.cfg['setUp'].get('clntprikeypwd') is None:
48                clntPriKeyPwd = getpass.getpass(\
49                            prompt="\nsetUp - client private key password: ")
50            else:
51                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
52        except KeyboardInterrupt:
53            sys.exit(0)
54           
55        # Initialise the Session Manager client connection
56        # Omit traceFile keyword to leave out SOAP debug info
57        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'],
58                verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'],
59                signingCertFilePath=self.cfg['setUp']['clntcertfilepath'],
60                signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'],
61                signingPriKeyPwd=clntPriKeyPwd,
62                tracefile=tracefile) 
63       
64        self.sessCookie = None
65        self.proxyCert = None
66        self.proxyPriKey = None
67        self.userCert = None
68
69    def test1AddUser(self):
70        """Add a new user ID to the MyProxy repository"""
71       
72        passphrase = self.cfg['test1AddUser'].get('passphrase') or \
73            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ")
74           
75        # Note the pass-phrase is read from the file tmp.  To pass
76        # explicitly as a string use the 'passphrase' keyword instead
77        self.clnt.addUser(self.cfg['test1AddUser']['username'], 
78                          passphrase=passphrase)
79        print "Added user '%s'" % self.cfg['test1AddUser']['username']
80       
81
82    def test2CookieConnect(self):
83        """test2CookieConnect: Connect as if acting as a browser client -
84        a cookie is returned"""
85
86        passphrase = self.cfg['test2CookieConnect'].get('passphrase')
87        if passphrase is None:
88            passphrase = getpass.getpass(\
89                     prompt="\ntest2CookieConnect pass-phrase for user: ")
90
91        self.proxyCert, self.proxyPriKey, self.userCert, cookie = \
92            self.clnt.connect(self.cfg['test2CookieConnect']['username'], 
93                              passphrase=passphrase,
94                              getCookie=True)
95
96        self.sessCookie = SessionCookie(cookie)
97        print "User '%s' connected to Session Manager:\n%s" % \
98            (self.cfg['test2CookieConnect']['username'], self.sessCookie)
99           
100
101    def test3ProxyCertConnect(self):
102        """test3ProxyCertConnect: Connect as a command line client -
103        a proxyCert is returned"""
104
105        passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \
106            getpass.getpass(\
107                    prompt="\ntest3ProxyCertConnect pass-phrase for user: ")
108
109        self.proxyCert, self.proxyPriKey, self.userCert, null = \
110            self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'], 
111                              passphrase=passphrase,
112                              getCookie=False)
113        print "User '%s' connected to Session Manager:\n%s" % \
114            (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert)
115           
116
117    def test4CookieDisconnect(self):
118        """test4CookieDisconnect: disconnect as if acting as a browser client
119        """
120       
121        print "\n\t" + self.test4CookieDisconnect.__doc__
122        self.test2CookieConnect()
123       
124        # Use proxy cert / private key just obtained from connect call for
125        # signature generation
126        self.clnt.signatureHandler.signingCert = self.proxyCert
127        self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey
128        import pdb;pdb.set_trace()
129        self.clnt.disconnect(sessCookie=str(self.sessCookie))
130       
131        print "User disconnected from Session Manager:\n%s" % self.sessCookie
132           
133
134    def test5ProxyCertDisconnect(self):
135        """test5ProxyCertDisconnect: Disconnect as a command line client
136        """
137       
138        print "\n\t" + self.test5ProxyCertDisconnect.__doc__
139        self.test3ProxyCertConnect()
140       
141        # Use proxy to sign outbound SOAP message
142        self.clnt.signingCert = self.proxyCert
143        self.clnt.signingKey = self.proxyPriKey
144        self.clnt.signingPriKeyPwd = None
145       
146        # Proxy cert in signature determines ID of session to
147        # delete
148        self.clnt.disconnect()
149        print "User disconnected from Session Manager:\n%s" % self.proxyCert
150
151
152    def test6CookieGetAttCert(self):
153        """test6CookieGetAttCert: make an attribute request using
154        a cookie as authentication credential"""
155
156        print "\n\t" + self.test6CookieGetAttCert.__doc__       
157        self.test2CookieConnect()
158       
159        attCert, extAttCertList = self.clnt.getAttCert(\
160            sessID=self.sessCookie.sessionID, 
161            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
162            attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri'])
163       
164        print "Attribute Certificate:\n%s" % attCert 
165        print "External Attribute Certificate List:\n%s" % extAttCertList
166
167
168    def test6aCookieGetAttCertRefused(self):
169        """test6aCookieGetAttCertRefused: make an attribute request using
170        a cookie as authentication credential requesting an AC from an
171        Attribute Authority where the user is NOT registered"""
172
173        print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__       
174        self.test2CookieConnect()
175       
176        aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri']
177       
178        try:
179            attCert, extAttCertList = self.clnt.getAttCert(\
180                        sessID=self.sessCookie.sessionID, 
181                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
182                        attAuthorityURI=aaURI,
183                        mapFromTrustedHosts=False)
184        except AttributeRequestDenied, e:
185            print "SUCCESS - obtained expected result: %s" % e
186            return
187       
188        self.fail("Request allowed from AA where user is NOT registered!")
189
190
191    def test6bCookieGetMappedAttCert(self):
192        """test6bCookieGetMappedAttCert: make an attribute request using
193        a cookie as authentication credential"""
194
195        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
196        self.test2CookieConnect()
197       
198        attCert, extAttCertList = self.clnt.getAttCert(\
199            sessID=self.sessCookie.sessionID, 
200            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
201            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
202       
203        print "Attribute Certificate:\n%s" % attCert 
204        print "External Attribute Certificate List:\n%s" % extAttCertList
205
206
207    def test6bCookieGetMappedAttCert(self):
208        """test6CookieGetAttCert: make an attribute request using
209        a cookie as authentication credential"""
210
211        print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__       
212        self.test2CookieConnect()
213       
214        attCert, extAttCertList = self.clnt.getAttCert(\
215            sessID=self.sessCookie.sessionID, 
216            encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
217            attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri'])
218       
219        print "Attribute Certificate:\n%s" % attCert 
220        print "External Attribute Certificate List:\n%s" % extAttCertList
221
222
223    def test6cCookieGetAttCertWithExtAttCertList(self):
224        """test6CookieGetAttCert: make an attribute request using
225        a cookie as authentication credential"""
226       
227        print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__       
228        self.test2CookieConnect()
229       
230        aaURI = \
231            self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri']
232           
233        attCert, extAttCertList = self.clnt.getAttCert(\
234                        sessID=self.sessCookie.sessionID, 
235                        encrSessionMgrURI=self.sessCookie.encrSessionMgrURI,
236                        attAuthorityURI=aaURI,
237                        extAttCertList=['AC1', 'AC2', 'AC3'])
238         
239        print "Attribute Certificate:\n%s" % attCert 
240        print "External Attribute Certificate List:\n%s" % extAttCertList
241
242
243    def test7ProxyCertGetAttCert(self):
244        """test7ProxyCertGetAttCert: make an attribute request using
245        a proxy cert as authentication credential"""
246        print "\n\t" + self.test7ProxyCertGetAttCert.__doc__
247        self.test3ProxyCertConnect()
248       
249        # Request an attribute certificate from an Attribute Authority
250        # using the proxyCert returned from connect()
251       
252        aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri']
253        attCert, extAttCertList = self.clnt.getAttCert(\
254                                                 proxyCert=self.proxyCert,
255                                                 attAuthorityURI=aaURI)
256         
257        print "Attribute Certificate:\n%s" % attCert 
258        print "External Attribute Certificate List:\n%s" % extAttCertList
259
260
261    def test8GetX509Cert(self):
262        "test8GetX509Cert: return the Session Manager's X.509 Cert."
263        cert = self.clnt.getX509Cert()
264                                             
265        print "Session Manager X.509 Certificate:\n" + cert
266           
267           
268#_____________________________________________________________________________       
269class SessionMgrClientTestSuite(unittest.TestSuite):
270   
271    def __init__(self):
272        map = map(SessionMgrClientTestCase,
273                  (
274                    "test1AddUser",
275                    "test2CookieConnect",
276                    "test3ProxyCertConnect",
277                    "test4CookieDisconnect",
278                    "test5ProxyCertDisconnect",
279                    "test6CookieGetAttCert",
280                    "test6bCookieGetMappedAttCert",
281                    "test6cCookieGetAttCertWithExtAttCertList",
282                    "test7ProxyCertGetAttCert",
283                    "test8GetX509Cert",
284                  ))
285        unittest.TestSuite.__init__(self, map)
286           
287                                                   
288if __name__ == "__main__":
289    unittest.main()       
Note: See TracBrowser for help on using the repository browser.