source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py @ 6043

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py@6043
Revision 6043, 3.8 KB checked in by pjkersha, 10 years ago (diff)

Unit tested MSI PDP with per attribute entry attribute authority addresses.

Line 
1"""MSI (Medium Sized Initiative aka NDG3) authorisation unit test module
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "18/11/09"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id$'
11from os import path
12from ndg.security.test.unit import BaseTestCase
13from ndg.security.common.authz.msi import (Policy, PDP, PIPBase, Subject,
14                                           Request, Resource, Response,
15                                           PIPAttributeQuery,
16                                           PIPAttributeResponse)
17
18class MsiBaseTestCase(BaseTestCase):
19    """Base class for passing common class variables between unit test classes
20    in this module"""
21    THIS_DIR = path.dirname(__file__)
22    POLICY_1_1_FILENAME = 'policy-1.1.xml'
23    POLICY_1_1_FILEPATH = path.join(THIS_DIR, POLICY_1_1_FILENAME)
24   
25   
26class PolicyTestCase(MsiBaseTestCase):
27    """Unit tests for the MSI Policy"""
28    POLICY_1_0_FILENAME = 'policy-1.0.xml'
29    POLICY_1_0_FILEPATH = path.join(MsiBaseTestCase.THIS_DIR, 
30                                    POLICY_1_0_FILENAME)
31    ATTRIBUTE_AUTHORITY_URI = 'http://localhost:7443/AttributeAuthority'
32   
33    def test01ParseVersion1_0PolicyFile(self):
34        policy = Policy.Parse(PolicyTestCase.POLICY_1_0_FILEPATH)
35       
36        assert(policy)
37        assert(len(policy.targets) > 0)
38       
39        for target in policy.targets:
40            assert(len(target.attributes) > 0)
41           
42            for attribute in target.attributes:
43                assert(attribute.name)
44                assert(attribute.attributeAuthorityURI == \
45                       PolicyTestCase.ATTRIBUTE_AUTHORITY_URI)
46       
47    def test02ParseVersion1_1PolicyFile(self):
48        policy = Policy.Parse(PolicyTestCase.POLICY_1_1_FILEPATH)
49       
50        assert(policy)
51        assert(len(policy.targets) > 0)
52       
53        for target in policy.targets:
54            assert(len(target.attributes) > 0)
55           
56            for attribute in target.attributes:
57                assert(attribute.name)
58                assert(attribute.attributeAuthorityURI)
59
60
61class PIPPlaceholder(PIPBase):
62    """Policy Information Point for Testing the PDP"""
63    def __init__(self):
64        pass
65   
66    def attributeQuery(self, attributeQuery):
67        subject = attributeQuery[PIPAttributeQuery.SUBJECT_NS]
68        username = subject[Subject.USERID_NS]
69       
70        attributeResponse = PIPAttributeResponse()
71       
72        if username == BaseTestCase.OPENID_URI:
73            attributeResponse[Subject.ROLES_NS] = BaseTestCase.ATTRIBUTE_VALUES
74           
75        return attributeResponse
76
77   
78class PDPTestCase(MsiBaseTestCase):
79    """Unit tests for the Policy Decision Point"""
80    PERMITTED_RESOURCE_URI = '/test_securedURI'
81    DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI'
82   
83    def setUp(self):
84        pip = PIPPlaceholder()
85        policy = Policy.Parse(PDPTestCase.POLICY_1_1_FILEPATH)
86        self.pdp = PDP(policy, pip)
87       
88        # Make a request object to pass to the PDP
89        self.request = Request()
90        self.request.subject[Subject.USERID_NS] = PDPTestCase.OPENID_URI
91   
92    def test01AccessPermitted(self):
93        self.request.resource[Resource.URI_NS
94                              ] = PDPTestCase.PERMITTED_RESOURCE_URI
95        response = self.pdp.evaluate(self.request)
96       
97        self.assert_(response.status == Response.DECISION_PERMIT)
98
99    def test02AccessDenied(self):
100        self.request.resource[Resource.URI_NS] = PDPTestCase.DENIED_RESOURCE_URI     
101        response = self.pdp.evaluate(self.request)
102       
103        self.assert_(response.status == Response.DECISION_DENY)
104
105       
106if __name__ == "__main__":
107    import unittest
108    unittest.main()
Note: See TracBrowser for help on using the repository browser.