Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1858

Timestamp:

13/12/06 17:04:49 (13 years ago)

Author:

pjkersha

Message:

server/ndg/security/server/MyProxy.py: integrated from Tests/m2CryptoMyPxClnt
but tests and fixes required.
test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: cleaned up
tests.
test/ndg/security/test/MyProxy/init.py: MyProxy? unit test package
test/MyProxy/myProxyProperties.xml: test XML properties file for client class
test/MyProxy/myProxyClientTest.cfg: config file for unit test
test/MyProxy/MyProxyClientTest.py: unit test module - no tests working yet

Location:

TI12-security/trunk/python

Files:

: 5 added
: 3 edited

conf/myProxyProperties.xml (modified) (3 diffs)
ndg.security.server/ndg/security/server/MyProxy.py (modified) (28 diffs)
ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py (modified) (3 diffs)
ndg.security.test/ndg/security/test/MyProxy (added)
ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py (added)
ndg.security.test/ndg/security/test/MyProxy/__init__.py (added)
ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg (added)
ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml (added)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/python/conf/myProxyProperties.xml

-                      r964
+                      r1858
         Nb. MYPROXY_SERVER environment variable if set, overrides this setting
         -->
+        <myProxyServer>localhost</myProxyServer>
+        <hostname>localhost</hostname>
+        <port>7512</port>
         <!--
         Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting
 …
         -->
         <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
-        <credStorageDir></credStorageDir>
         <!-- Open SSL Configuration settings -->
         <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
         <tmpDir>/tmp</tmpDir>
-        <path>$GLOBUS_LOCATION/bin:$GLOBUS_LOCATION/sbin:/usr/bin:/bin</path>
         <!--
                 Limit on maximum lifetime any proxy certificate can have - specified when
                 a certificate is first created by addUser() method
                 -->
+                Limit on maximum lifetime any proxy certificate can have - specified
+            when a certificate is first created by store() method
+        -->
         <proxyCertMaxLifetime></proxyCertMaxLifetime> <!-- in hours -->
         <!--
 …
                 -->
         <proxyCertLifetime></proxyCertLifetime> <!-- in hours -->
-        <simpleCACltProp>
-            <wsdl></wsdl>
-            <xmlSigKeyFile></xmlSigKeyFile>
-            <xmlSigCertFile></xmlSigCertFile>
-            <xmlSigCertPPhrase></xmlSigCertPPhrase>
-        </simpleCACltProp>
 </myProxyProp>

TI12-security/trunk/python/ndg.security.server/ndg/security/server/MyProxy.py

-                      r1857
+                      r1858
     @cvar __getCmd: get command string
+    @cvar __infoCmd: info command string
+    @cvar __destroyCmd: destroy command string
+    @cvar __changePassphrase: command string to change cred pass-phrase
     @cvar __storeCmd: store command string
+    @cvar _certReqParamName: names of parameters needed to generate a
+    @cvar _hostCertSubDirPath: sub-directory path host certificate (as tuple)
+    @cvar _hostKeySubDirPath: sub-directory path to host key (as tuple)
+    @cvar _certReqDNdefaultsName: names of parameters needed to generate a
     certificate request e.g. CN, OU etc.
     """
 …
 LIFETIME=%d\0"""
+    _certReqParamName = ('O', 'OU')
+    _hostCertSubDirPath = ('etc', 'hostcert.pem')
+    _hostKeySubDirPath = ('etc', 'hostkey.pem')
+    _certReqDNdefaultsName = ('O', 'OU')
     # valid configuration property keywords
+    __validKeys = ['myProxyServer',
+    __validKeys = ('hostname',
+                   'port',
                    'gridSecurityDir',
-                   'credStorageDir',
                    'openSSLConfFileName',
                    'tmpDir',
-                   'path',
                    'proxyCertMaxLifetime',
+                   'proxyCertLifetime',
+                   'simpleCACltProp',
+                   'simpleCASrvProp']
+                   'proxyCertLifetime')
     # For checking whether MyProxy server name is localhost
 …
     #_________________________________________________________________________
+    def __init__(self,
+                 propFilePath=None,
+                 hostname=os.environ.get('MYPROXY_SERVER'),
+                 port=7512,
+                 **prop):
+    def __init__(self, propFilePath=None, **prop):
+        """Make an initial settings for client connections to MyProxy
+        Settings are held in a dictionary which can be set from **prop,
+        a call to setProperties() or by passing settings in an XML file
+        given by propFilePath
+        @param propFilePath:   set properties via a configuration file
+        @param **prop:         set properties via keywords - see __validKeys
+        class variable for a list of these
         """
+        @param hostname string for MyProxy server - defaults to
+        MYPROXY_SERVER environment variable
+        @param integer port number MyProxy is running on
+        propFilePath:   set properties via a configuration file
+        prop:           set properties via keywords
+        """
+        self.hostname = hostname
+        self.port = port
         # Set-up parameter names for certificate request
         self.__certReqParam = {}.fromkeys(MyProxyClient._certReqParamName)
+        self.__certReqDNdefaults = {}
         # Check for parameter names set from input
         self.certReqParam = certReqKw
+        #self.certReqDNdefaults = None
+        # settings dictionary
         self.__prop = {}
+        # Defaults
+        self.__prop['port'] = 7512
+        self.__prop['proxyCertLifetime'] = 43200
+        self.__prop['proxyCertMaxLifetime'] = 43200
         # Configuration file used to get default subject when generating a
 …
         # Grid security directory - environment variable setting overrides
         if 'GRID_SECURITY_DIR' in self.__env:
+        if 'GRID_SECURITY_DIR' in os.environ:
             self.__prop['gridSecurityDir'] = self.__env['GRID_SECURITY_DIR']
 …
         # Server host name - environment setting overrides
+        if 'MYPROXY_SERVER' in self.__env:
+            self.__prop['myProxyServer'] = self.__env['MYPROXY_SERVER']
+        if 'MYPROXY_SERVER' in os.environ:
+            self.__prop['hostname'] = os.environ['MYPROXY_SERVER']
+        # ... and port number
+        if 'MYPROXY_SERVER_PORT' in os.environ:
+            self.__prop['port'] = os.environ['MYPROXY_SERVER_PORT']
     #_________________________________________________________________________
 …
         invalidKeys = [key for key in prop if key not in self.__validKeys]
         if invalidKeys:
+            raise MyProxyClientError, "Property name \"%s\" is invalid" % key
+            raise MyProxyClientError, 'Invalid property name(s) set: "%s"' % \
+                                    '", "'.join(invalidKeys)
         self.__prop.update(prop)
         # Update openssl conf file path
+        if 'gridSecurityDir' in prop or 'openSSLConfFileName' in prop:
+        if 'gridSecurityDir' in prop or 'openSSLConfFileName' in prop:
             self.__openSSLConf.filePath = \
                             os.path.join(self.__prop['gridSecurityDir'],
 …
         propFilePath|propertiesElem
+        propFilePath: set to read from the specified file
+        propertiesElem:     set to read beginning from a cElementTree node"""
+        @param propFilePath: set to read from the specified file
+        @param propertiesElem: set to read beginning from a cElementTree node
+        @return None
+        """
         if propFilePath is not None:
             try:
                 tree = ElementTree.parse(propFilePath)
 …
             except IOError, e:
                 raise MyProxyClientError(\
+                raise MyProxyClientError, \
                                 "Error parsing properties file \"%s\": %s" % \
+                                (e.filename, e.strerror))
+                                (e.filename, e.strerror)
             except Exception, e:
                 raise MyProxyClientError("Error parsing properties file: %s" % \
                                     str(e))
+                raise MyProxyClientError, \
+                                "Error parsing properties file: %s" % str(e)
         if propElem is None:
+            raise MyProxyClientError("Root element for parsing is not defined")
+            raise MyProxyClientError, \
+                    "Root element for parsing properties file is not defined"
 …
                 elem.text = os.path.expandvars(elem.text)
+            prop[elem.tag] = elem.text
+        # Check for SimpleCA properties - should be either WS client or
+        # local server property settings
+        if 'simpleCACltProp' in prop:
+            tagElem = propElem.find('simpleCACltProp')
+            if not tagElem:
+                raise MyProxyClientError("Tag %s not found in file" % \
+                                   'simpleCACltProp')
+            try:
+                simpleCAClt = SimpleCAClient()
+                simpleCAClt.readProperties(propElem=tagElem)
+            except Exception, e:
+                raise MyProxyClientError("Setting SimpleCAClient properties: %s"%e)
+            prop['simpleCACltProp'] = simpleCAClt()
+        elif 'simpleCASrvProp' in prop:
+            tagElem = propElem.find('simpleCASrvProp')
+            if not tagElem:
+                raise MyProxyClientError("Tag %s not found in file" % \
+                                   'simpleCASrvProp')
+            try:
+                simpleCA = SimpleCA()
+                simpleCA.readProperties(propElem=tagElem)
+            except Exception, e:
+                raise MyProxyClientError("Setting SimpleCA properties: %s" % e)
+            prop['simpleCASrvProp'] = simpleCA()
+        else:
+            raise MyProxyClientError(\
+                "Neither %s or %s tags found in properties file" % \
+                ('simpleCACltProp', 'simpleCASrvProp'))
+            if elem.text.isdigit():
+                prop[elem.tag] = int(elem.text)
+            else:
+                prop[elem.tag] = elem.text
         self.setProperties(**prop)
 …
         local machine myproxy-admin-* commands won't work.  This affects
         addUser and userIsRegistered commands"""
         return self.__prop['myProxyServer'] in self.__class__.__localHostnames
+        return self.__prop['hostname'] in self.__class__.__localHostnames
     #_________________________________________________________________________
     def __setCertReqParam(self, dict):
         '''certReqParam property set method - forces setting of certificate
+        '''certReqDNdefaults property set method - forces setting of certificate
         request parameter names to valid values
 …
         invalidKw = [k for k in dict \
                      if k not in MyProxyClient._certReqParamName]
+                     if k not in MyProxyClient._certReqDNdefaultsName]
         if invalidKw:
             raise MyProxyClientError, \
     "Invalid certificate request keyword(s): %s.  Valid keywords are: %s" % \
     (', '.join(invalidKw), ', '.join(MyProxyClient._certReqParamName))
         self.__certReqParam.update(dict)
+    (', '.join(invalidKw), ', '.join(MyProxyClient._certReqDNdefaultsName))
+        self.__certReqDNdefaults.update(dict)
     #_________________________________________________________________________
     def __getCertReqParam(self):
         """certReqParam property set method - for Certificate request
+        """certReqDNdefaults property set method - for Certificate request
         parameters dict"""
         return self.__certReqParam
     certReqParam = property(fset=__setCertReqParam,
+        return self.__certReqDNdefaults
+    certReqDNdefaults = property(fset=__setCertReqParam,
                             fget=__getCertReqParam,
                             doc="Dictionary of parameters for cert. request")
 …
         req.set_pubkey(pubKey)
+        if self.__certReqDNdefaults:
+            certReqDNdefaults = self.__certReqDNdefaults
+        else:
+            defaultReqDN = self.__openSSLConf.getReqDN()
+            certReqDNdefaults['O'] = defaultReqDN['0.organizationName']
+            certReqDNdefaults['OU'] = defaultReqDN['0.organizationUnitName']
+        import pdb;pdb.set_trace()
         # Set DN
         x509Name = X509.X509_Name()
         x509Name.CN = CN
         x509Name.OU = self.__certReqParam['OU']
         x509Name.O = self.__certReqParam['O']
+        x509Name.OU = certReqDNdefaults['OU']
+        x509Name.O = certReqDNdefaults['O']
         req.set_subject_name(x509Name)
 …
         given username
         Exceptions:  GetError, StoreCredError
+        Exceptions:  GetError, RetrieveError
         @param username: username selected for credential
 …
         if not ownerCertFile or not ownerKeyFile:
             if globusLoc:
+                ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem')
+                ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem')
+                ownerCertFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostCertSubDirPath)
+                ownerKeyFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
 …
         # host/<hostname> one
         conn.clientPostConnectionCheck = None
         conn.connect((self.hostname, self.port))
+        conn.connect((self.__prop['hostname'], self.__prop['port']))
         # send globus compatibility stuff
 …
         """change pass-phrase protecting the credentials for a given username
         Exceptions:  GetError, StoreCredError
+        Exceptions:  GetError, RetrieveError
         @param username: username of credential
 …
         if not ownerCertFile or not ownerKeyFile:
             if globusLoc:
+                ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem')
+                ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem')
+                ownerCertFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostCertSubDirPath)
+                ownerKeyFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
             "No client authentication cert. and private key file were given"
-        import pdb;pdb.set_trace()
         context = Context(protocol='sslv3')
         context.load_cert(ownerCertFile,
 …
         # host/<hostname> one
         conn.clientPostConnectionCheck = None
         conn.connect((self.hostname, self.port))
+        conn.connect((self.__prop['hostname'], self.__prop['port']))
         # send globus compatibility stuff
 …
         """destroy credentials from the server for a given username
         Exceptions:  GetError, StoreCredError
+        Exceptions:  GetError, RetrieveError
         @param username: username selected for credential
 …
         if not ownerCertFile or not ownerKeyFile:
             if globusLoc:
+                ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem')
+                ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem')
+                ownerCertFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostCertSubDirPath)
+                ownerKeyFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
 …
         # host/<hostname> one
         conn.clientPostConnectionCheck = None
         conn.connect((self.hostname, self.port))
+        conn.connect((self.__prop['hostname'], self.__prop['port']))
         # send globus compatibility stuff
 …
               ownerKeyFile=None,
               ownerPassphrase=None,
               lifetime=43200):
+              lifetime=None):
         """Upload credentials to the server
         Exceptions:  GetError, StoreCredError
+        Exceptions:  GetError, RetrieveError
         @param username: username selected for credential
 …
         @return none
         """
+        lifetime = lifetime or self.__prop['proxyCertMaxLifetime']
         globusLoc = os.environ.get('GLOBUS_LOCATION')
         if not ownerCertFile or not ownerKeyFile:
             if globusLoc:
+                ownerCertFile = os.path.join(globusLoc, 'etc', 'hostcert.pem')
+                ownerKeyFile = os.path.join(globusLoc, 'etc', 'hostkey.pem')
+                ownerCertFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostCertSubDirPath)
+                ownerKeyFile = os.path.join(globusLoc,
+                                         *MyProxyClient._hostKeySubDirPath)
             else:
                 ownerCertFile = certFile
 …
         # host/<hostname> one
         conn.clientPostConnectionCheck = None
         conn.connect((self.hostname, self.port))
+        conn.connect((self.__prop['hostname'], self.__prop['port']))
         # send globus compatibility stuff
 …
     #_________________________________________________________________________
     def logon(self, username, passphrase, lifetime=43200):
+    def logon(self, username, passphrase, lifetime=None):
         """Retrieve a proxy credential from a MyProxy server
 …
         proxy certificate, it's private key and the signing certificate.
         """
+        lifetime = lifetime or self.__prop['proxyCertLifetime']
         context = Context(protocol='sslv3')
 …
         # host/<hostname> one
         conn.clientPostConnectionCheck = None
         conn.connect((self.hostname, self.port))
+        conn.connect((self.__prop['hostname'], self.__prop['port']))
         # send globus compatibility stuff
 …
         # send get command
         cmd = MyProxyClient.__getCmd % (username,passphrase,lifetime)
+        cmd = MyProxyClient.__getCmd % (username, passphrase, lifetime)
         conn.write(cmd)

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

-                      r1824
+                      r1858
 #!/usr/bin/e
 """NDG Attribute Authority client
+"""NDG Attribute Authority client unit tests
 NERC Data Grid Project
 …
     def setUp(self):
+        try:
+            # Session Manager WSDL
+            self.uri = 'http://127.0.0.1:5700/AttributeAuthority'
+            # Instantiate WS proxy
+            self.clnt = AttAuthorityClient(self.uri,
+                                           tracefile=sys.stderr)
+        except Exception, e:
+            self.fail(str(e))
+    def tearDown(self):
+        pass
+        # Session Manager WSDL
+        self.uri = 'http://127.0.0.1:5700/AttributeAuthority'
+        # Instantiate WS proxy
+        self.clnt = AttAuthorityClient(self.uri, tracefile=sys.stderr)
     def testGetPubKey(self):
 …
     def testGetTrustedHostInfo(self):
+        try:
+            role = 'role'
+            self.clnt.getTrustedHostInfo(role)
+        except Exception, e:
+            self.fail(str(e))
+        """testGetTrustedHostInfo: retrieve trusted host info matching a
+        given role"""
+        role = 'role'
+        self.clnt.getTrustedHostInfo(role)
     def testGetTrustedHostInfoWithNoRole(self):
+        try:
+            self.clnt.getTrustedHostInfo()
+        except Exception, e:
+            self.fail(str(e))
+        """testGetTrustedHostInfoWithNoRole: retrieve trusted host info
+        irrespective of role"""
+        self.clnt.getTrustedHostInfo()
     def testGetHostInfo(self):
+        try:
+            self.clnt.getHostInfo()
+        except Exception, e:
+            self.fail(str(e))
+        """testGetHostInfo: retrieve info for AA host"""
+        self.clnt.getHostInfo()

Note: See TracChangeset for help on using the changeset viewer.