source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py @ 6044

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py@6044
Revision 6044, 3.8 KB checked in by pjkersha, 10 years ago (diff)

Made new SAML SOAP bindings specialisations for SAML Attribute Query and query over SSL.

Line 
1"""MSI (Medium Sized Initiative aka NDG3) authorisation unit test module
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "18/11/09"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id$'
11from os import path
12from ndg.security.test.unit import BaseTestCase
13from ndg.security.common.authz.msi import (Policy, PDP, PIPBase, Subject,
14                                           Request, Resource, Response,
15                                           PIPAttributeQuery,
16                                           PIPAttributeResponse)
17
18
19class MsiBaseTestCase(BaseTestCase):
20    """Base class for passing common class variables between unit test classes
21    in this module"""
22    THIS_DIR = path.dirname(__file__)
23    POLICY_1_1_FILENAME = 'policy-1.1.xml'
24    POLICY_1_1_FILEPATH = path.join(THIS_DIR, POLICY_1_1_FILENAME)
25   
26   
27class PolicyTestCase(MsiBaseTestCase):
28    """Unit tests for the MSI Policy"""
29    POLICY_1_0_FILENAME = 'policy-1.0.xml'
30    POLICY_1_0_FILEPATH = path.join(MsiBaseTestCase.THIS_DIR, 
31                                    POLICY_1_0_FILENAME)
32    ATTRIBUTE_AUTHORITY_URI = 'http://localhost:7443/AttributeAuthority'
33   
34    def test01ParseVersion1_0PolicyFile(self):
35        policy = Policy.Parse(PolicyTestCase.POLICY_1_0_FILEPATH)
36       
37        assert(policy)
38        assert(len(policy.targets) > 0)
39       
40        for target in policy.targets:
41            assert(len(target.attributes) > 0)
42           
43            for attribute in target.attributes:
44                assert(attribute.name)
45                assert(attribute.attributeAuthorityURI == \
46                       PolicyTestCase.ATTRIBUTE_AUTHORITY_URI)
47       
48    def test02ParseVersion1_1PolicyFile(self):
49        policy = Policy.Parse(PolicyTestCase.POLICY_1_1_FILEPATH)
50       
51        assert(policy)
52        assert(len(policy.targets) > 0)
53       
54        for target in policy.targets:
55            assert(len(target.attributes) > 0)
56           
57            for attribute in target.attributes:
58                assert(attribute.name)
59                assert(attribute.attributeAuthorityURI)
60
61
62class PIPPlaceholder(PIPBase):
63    """Policy Information Point for Testing the PDP"""
64    def __init__(self):
65        pass
66   
67    def attributeQuery(self, attributeQuery):
68        subject = attributeQuery[PIPAttributeQuery.SUBJECT_NS]
69        username = subject[Subject.USERID_NS]
70       
71        attributeResponse = PIPAttributeResponse()
72       
73        if username == BaseTestCase.OPENID_URI:
74            attributeResponse[Subject.ROLES_NS] = BaseTestCase.ATTRIBUTE_VALUES
75           
76        return attributeResponse
77
78   
79class PDPTestCase(MsiBaseTestCase):
80    """Unit tests for the Policy Decision Point"""
81    PERMITTED_RESOURCE_URI = '/test_securedURI'
82    DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI'
83   
84    def setUp(self):
85        pip = PIPPlaceholder()
86        policy = Policy.Parse(PDPTestCase.POLICY_1_1_FILEPATH)
87        self.pdp = PDP(policy, pip)
88       
89        # Make a request object to pass to the PDP
90        self.request = Request()
91        self.request.subject[Subject.USERID_NS] = PDPTestCase.OPENID_URI
92   
93    def test01AccessPermitted(self):
94        self.request.resource[Resource.URI_NS
95                              ] = PDPTestCase.PERMITTED_RESOURCE_URI
96        response = self.pdp.evaluate(self.request)
97       
98        self.assert_(response.status == Response.DECISION_PERMIT)
99
100    def test02AccessDenied(self):
101        self.request.resource[Resource.URI_NS] = PDPTestCase.DENIED_RESOURCE_URI     
102        response = self.pdp.evaluate(self.request)
103       
104        self.assert_(response.status == Response.DECISION_DENY)
105
106       
107if __name__ == "__main__":
108    import unittest
109    unittest.main()
Note: See TracBrowser for help on using the repository browser.