source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py @ 6069

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py@6069
Revision 6069, 3.8 KB checked in by pjkersha, 10 years ago (diff)

Re-release as rc1

Line 
1"""MSI (Medium Sized Initiative aka NDG3) authorisation unit test module
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "18/11/09"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id: $'
11from os import path
12from ndg.security.test.unit import BaseTestCase
13from ndg.security.common.authz.msi import (Policy, PDP, PIPBase, Subject,
14                                           Request, Resource, Response,
15                                           PIPAttributeQuery,
16                                           PIPAttributeResponse)
17
18
19class MsiBaseTestCase(BaseTestCase):
20    """Base class for passing common class variables between unit test classes
21    in this module"""
22    THIS_DIR = path.dirname(__file__)
23    POLICY_1_1_FILENAME = 'policy-1.1.xml'
24    POLICY_1_1_FILEPATH = path.join(THIS_DIR, POLICY_1_1_FILENAME)
25   
26   
27class PolicyTestCase(MsiBaseTestCase):
28    """Unit tests for the MSI Policy"""
29    POLICY_1_0_FILENAME = 'policy-1.0.xml'
30    POLICY_1_0_FILEPATH = path.join(MsiBaseTestCase.THIS_DIR, 
31                                    POLICY_1_0_FILENAME)
32    ATTRIBUTE_AUTHORITY_URI = 'http://localhost:7443/AttributeAuthority'
33   
34    def test01ParseVersion1_0PolicyFile(self):
35        policy = Policy.Parse(PolicyTestCase.POLICY_1_0_FILEPATH)
36       
37        assert(policy)
38        assert(len(policy.targets) > 0)
39       
40        for target in policy.targets:
41            assert(len(target.attributes) > 0)
42           
43            for attribute in target.attributes:
44                assert(attribute.name)
45                assert(attribute.attributeAuthorityURI == \
46                       PolicyTestCase.ATTRIBUTE_AUTHORITY_URI)
47       
48    def test02ParseVersion1_1PolicyFile(self):
49        policy = Policy.Parse(PolicyTestCase.POLICY_1_1_FILEPATH)
50       
51        assert(policy)
52        assert(len(policy.targets) > 0)
53       
54        for target in policy.targets:
55            assert(len(target.attributes) > 0)
56           
57            for attribute in target.attributes:
58                assert(attribute.name)
59                assert(attribute.attributeAuthorityURI)
60
61
62class PIPPlaceholder(PIPBase):
63    """Policy Information Point for Testing the PDP"""
64    def __init__(self):
65        pass
66   
67    def attributeQuery(self, attributeQuery):
68        subject = attributeQuery[PIPAttributeQuery.SUBJECT_NS]
69        username = subject[Subject.USERID_NS]
70       
71        attributeResponse = PIPAttributeResponse()
72       
73        if username == BaseTestCase.OPENID_URI:
74            attributeResponse[Subject.ROLES_NS] = BaseTestCase.ATTRIBUTE_VALUES
75           
76        return attributeResponse
77
78   
79class PDPTestCase(MsiBaseTestCase):
80    """Unit tests for the Policy Decision Point"""
81    PERMITTED_RESOURCE_URI = '/test_securedURI'
82    DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI'
83   
84    def setUp(self):
85        pip = PIPPlaceholder()
86        policy = Policy.Parse(PDPTestCase.POLICY_1_1_FILEPATH)
87        self.pdp = PDP(policy, pip)
88       
89        # Make a request object to pass to the PDP
90        self.request = Request()
91        self.request.subject[Subject.USERID_NS] = PDPTestCase.OPENID_URI
92   
93    def test01AccessPermitted(self):
94        self.request.resource[Resource.URI_NS
95                              ] = PDPTestCase.PERMITTED_RESOURCE_URI
96        response = self.pdp.evaluate(self.request)
97       
98        self.assert_(response.status == Response.DECISION_PERMIT)
99
100    def test02AccessDenied(self):
101        self.request.resource[Resource.URI_NS] = PDPTestCase.DENIED_RESOURCE_URI     
102        response = self.pdp.evaluate(self.request)
103       
104        self.assert_(response.status == Response.DECISION_DENY)
105
106       
107if __name__ == "__main__":
108    import unittest
109    unittest.main()
Note: See TracBrowser for help on using the repository browser.