Ignore:
Timestamp:
16/12/06 13:09:10 (14 years ago)
Author:
pjkersha
Message:

server/MyProxy.py:

  • added _HostCheck class - derived from M2Crypto.SSL.Checker.Checker. It

enables check of host identity but adapted to enable check of host
Distinguished Name against MYPROXY_SERVER_DN environment variable if set.

  • Moved generic connection code into _initConnection method.

conf/myProxyProperties.xml / test/MyProxy/myProxyProperties.xml: added
serverDN element - equivalent to MYPROXY_SERVER_DN environment variable setting.
test/MyProxy/myProxyClientTest.cfg / MyProxy/MyProxyClientTest?.py: various
fixes to tests.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py

    r1861 r1881  
    6565            print "proxy credentials:"  
    6666            print ''.join(creds) 
     67            open('proxy-cert.pem', 'w').write(creds[0]+''.join(creds[2:])) 
     68            open('proxy-key.pem', 'w').write(creds[1]) 
    6769        except: 
    6870            self.fail(traceback.print_exc()) 
     
    7173    def test3Info(self): 
    7274        '''test3Info: Retrieve information about a given credential''' 
     75        ownerpassphrase = self.cfg['test3Info']['ownerpassphrase'] or \ 
     76            getpass.getpass(prompt="\ntest3Info owner creds pass-phrase: ") 
     77 
     78        ownerpassphrase = (ownerpassphrase == 'None') and None 
     79         
    7380        try: 
    74             credExists, errorTxt, fields = clnt.info( 
     81            credExists, errorTxt, fields = self.clnt.info( 
    7582                                 self.cfg['test3Info']['username'], 
    7683                                 self.cfg['test3Info']['ownercertfile'], 
     
    7885                                 ownerPassphrase=ownerpassphrase) 
    7986            print "test3Info... " 
    80             print "credExists: " + credExists 
     87            print "credExists: %s" % credExists 
    8188            print "errorTxt: " + errorTxt 
    82             print "fields: " + fields 
     89            print "fields: %s" % fields 
    8390        except: 
    8491            self.fail(traceback.print_exc()) 
     
    8895        """test4ChangePassphrase: change pass-phrase protecting a given 
    8996        credential""" 
     97        passphrase = \ 
     98            self.cfg['test4ChangePassphrase']['ownerpassphrase'] or \ 
     99            getpass.getpass(prompt="\test4ChangePassphrase - pass-phrase: ") 
     100             
     101        newPassphrase = \ 
     102        self.cfg['test4ChangePassphrase']['ownerpassphrase'] or \ 
     103        getpass.getpass(prompt="\test4ChangePassphrase - new pass-phrase: ") 
     104 
     105        confirmNewPassphrase = \ 
     106        self.cfg['test4ChangePassphrase']['ownerpassphrase'] or \ 
     107            getpass.getpass(\ 
     108                prompt="\test4ChangePassphrase - confirm new pass-phrase: ") 
     109 
     110        ownerPassphrase = (ownerPassphrase == 'None') and passphrase 
    90111     
    91112        try: 
     
    96117                         self.cfg['test4ChangePassphrase']['ownercertfile'], 
    97118                         self.cfg['test4ChangePassphrase']['ownerkeyfile'], 
    98                          ownerPassphrase=ownerpassphrase) 
     119                         ownerPassphrase=ownerPassphrase) 
    99120            print "Change pass-phrase" 
    100121        except: 
     
    108129            getpass.getpass(prompt="\ntest5Destroy cred. owner pass-phrase: ") 
    109130 
     131        ownerPassphrase = (ownerPassphrase == 'None') and None 
     132 
    110133        try: 
    111134            self.clnt.destroy(self.cfg['test5Destroy']['username'],  
    112135                    ownerCertFile=self.cfg['test5Destroy']['ownercertfile'], 
    113136                    ownerKeyFile=self.cfg['test5Destroy']['ownerkeyfile'], 
    114                     ownerPassphrase=ownerpassphrase) 
    115             print "Destroy creds for user %s" % username 
     137                    ownerPassphrase=ownerPassphrase) 
     138            print "Destroy creds for user %s" % \ 
     139                                        self.cfg['test5Destroy']['username'] 
    116140        except: 
    117141            self.fail(traceback.print_exc()) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r1861 r1881  
    2424[test3Info] 
    2525username: sstljakTestUser 
    26 ownerCertFile: 
    27 ownerKeyFile: 
    28 ownerPassphrase: 
     26ownerCertFile: ./proxy-cert.pem 
     27ownerKeyFile: ./proxy-key.pem 
     28ownerPassphrase: None 
    2929 
    3030[test4ChangePassphrase] 
    3131username: sstljakTestUser 
    32 ownerCertFile: 
    33 ownerKeyFile: 
    34 ownerPassphrase: 
     32ownerCertFile: ./proxy-cert.pem 
     33ownerKeyFile: ./proxy-key.pem 
     34passphrase:  
     35newPassphrase: 
     36ownerPassphrase: None 
    3537 
    3638[test5Destroy] 
    3739username: sstljakTestUser 
    38 ownerCertFile: 
    39 ownerKeyFile: 
    40 ownerPassphrase: 
     40ownerCertFile: ./proxy-cert.pem 
     41ownerKeyFile: ./proxy-key.pem 
     42ownerPassphrase: None 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml

    r1858 r1881  
    22<myProxyProp> 
    33        <!--  
    4         Nb. MYPROXY_SERVER environment variable if set, overrides this setting 
     4        Delete this element and take setting from MYPROXY_SERVER environment  
     5        variable ifrequired 
    56        --> 
    67        <hostname>localhost</hostname> 
     8        <!--  
     9        Delete this element to take default setting 7512 or read  
     10        MYPROXY_SERVER_PORT setting 
     11        --> 
    712        <port>7512</port> 
     13        <!-- 
     14        Useful if hostname and certificate CN don't match correctly.  Globus host 
     15        DN is set to "host/<fqdn>".  Delete this element and set from  
     16        MYPROXY_SERVER_DN environment variable if prefered 
     17        --> 
     18        <serverDN>/O=NDG/OU=sstljak/CN=host/sstljak</serverDN> 
    819        <!-- 
    920        Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting 
     
    2940        <proxyCertLifetime></proxyCertLifetime> 
    3041        --> 
     42        <caCertFile>cacert.pem</caCertFile> 
    3143</myProxyProp> 
Note: See TracChangeset for help on using the changeset viewer.