Ignore:
Timestamp:
17/01/07 16:37:37 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • changed default port to 5000
  • added signature handler

python/www/html/attAuthority.wsdl,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py:

fixes to getAttCert and getX509Cert operations in WSDL. Re-generated associated code.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
AA Server code -

  • user roles module load now in separate method loadUserRolesInterface
  • added setPropFilePath method - this allows default paths for properties file of

$NDGSEC_AA_PROPFILEPATH or $NDG_DIR/conf/attAuthorityProperties.xml

  • fixes to Epydoc strings

python/ndg.security.server/ndg/security/server/AttAuthority/README,
python/ndg.security.server/ndg/security/server/SessionMgr/README: more info about
code generation and mods for use with Twisted.

python/ndg.security.server/ndg/security/server/MyProxy.py:

  • fix to _HostCheck.call - make sure True is returned on success
  • Added cnHostPfx keyword to _HostCheck.init so that 'host/' prefix to host cert Common Name is optional. - Sys Admin may want to set up cert without the 'host/' prefix that Globus adds by default.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml and
python/conf/myProxyProperties.xml: added 'serverCNprefix' element - this is passed through
to cnHostPfx keyword explained above.

python/conf/sessionMgrProperties.xml: updated MyProxy? properties.

python/conf/attAuthorityProperties.xml: added some sensible defualts to make initial
configuration easier.

python/ndg.security.test/ndg/security/test/AttAuthority/TestUserRoles.py,
python/ndg.security.test/ndg/security/test/AttAuthority/mapConfig.xml: put a custom copies
of here specifically for AA client unit test. Fixed AttAuthority? import in
TestUserRoles? module.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:

  • updated to get settings from config file as with the other unit tests.
  • getAttCert working on client side signing outgoing message with proxy private key.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
config file for AA unit test.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg: altered
slightly to test on alternative server.

python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py: temp addition
of debug statement - now gone.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: include
SafeConfigParser? in import.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py: AA client code -

  • explict AttCert? class import
  • fixes to Epydoc statements
  • fixed signature handler certFilePath import

python/ndg.security.common/ndg/security/common/wsSecurity.py: include handling for
extracting X.509 cert from binary security token element in WSSE header. ! Make sure
base 64 encoded token is converted from unicode to standard string before parsing as an
M2Crypto.X509.X509 type.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
3 added
4 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r1999 r2017  
    44NERC Data Grid Project 
    55 
    6 @author P J Kershaw 05/05/05 
     6@author P J Kershaw 05/05/05, major update 16/01/07 
    77 
    8 @copyright (C) 2006 CCLRC & NERC 
     8@copyright (C) 2007 CCLRC & NERC 
    99 
    1010@license This software may be distributed under the terms of the Q Public  
     
    1818from ConfigParser import SafeConfigParser 
    1919 
     20from ConfigParser import SafeConfigParser 
     21 
    2022from ndg.security.common.AttAuthority import AttAuthorityClient 
    2123 
     
    2325     
    2426    def setUp(self): 
    25          
     27 
    2628        configParser = SafeConfigParser() 
    2729        configParser.read("./attAuthorityClientTest.cfg") 
     
    3133            self.cfg[section] = dict(configParser.items(section)) 
    3234 
     35        tracefile = sys.stderr 
     36 
    3337        # Instantiate WS proxy 
    34         self.clnt = AttAuthorityClient(self.cfg['setUp']['uri'],  
    35                                        tracefile=sys.stderr) 
     38        self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'],  
     39                   clntCertFilePath=self.cfg['setUp']['usercertfilepath'], 
     40                   clntPriKeyFilePath=self.cfg['setUp']['userprikeyfilepath'], 
     41                   tracefile=sys.stderr) 
    3642    
    3743     
    38     def testGetPubKey(self): 
    39         '''testGetPubKey: retrieve Attribute Authority's X.509 cert.''' 
     44    def testGetX509Cert(self): 
     45        '''testGetX509Cert: retrieve Attribute Authority's X.509 cert.''' 
    4046        #import pdb;pdb.set_trace() 
    41         resp = self.clnt.getPubKey() 
    42         print "Attribute Authority public key:\n" + resp 
     47        resp = self.clnt.getX509Cert() 
     48        print "Attribute Authority X.509 cert.:\n" + resp 
    4349         
    4450 
     
    4652        """testGetTrustedHostInfo: retrieve trusted host info matching a 
    4753        given role""" 
    48         role = 'role' 
    49         self.clnt.getTrustedHostInfo(role) 
     54        self.clnt.getTrustedHostInfo(\ 
     55                                 self.cfg['testGetTrustedHostInfo']['role']) 
    5056 
    5157 
     
    6470        Authority Web Service.""" 
    6571     
    66         # User's proxy certificate 
    67         userCertFilePath = "/tmp/x509up_u1001" 
     72        # Read user Certificate into a string ready for passing via WS 
     73        try: 
     74            userCertFilePath = \ 
     75                self.cfg['testGetAttCert'].get('issuingusercertfilepath') 
     76            userCertTxt = open(userCertFilePath, 'r').read() 
     77         
     78        except TypeError: 
     79            # No issuing cert set 
     80            userCertTxt = None 
     81                 
     82        except IOError, ioErr: 
     83            raise "Error reading certificate file \"%s\": %s" % \ 
     84                                    (ioErr.filename, ioErr.strerror) 
     85        import pdb;pdb.set_trace() 
     86        # Make attribute certificate request 
     87        attCert = self.clnt.getAttCert(userCert=userCertTxt) 
     88        return attCert 
     89 
     90 
     91    def testGetMappedAttCert(self):         
     92        """testGetAttCert: Request mapped attribute certificate from NDG  
     93        Attribute Authority Web Service.""" 
    6894     
    69         # Existing Attribute Certificate held in user's CredentialWallet.   
    70         # This is available for use with trusted data centres to make new  
    71         # mapped Attribute Certificates 
    72         userAttCertFilePath = None 
    73      
    74         # Read user Proxy Certificate into a string ready for passing via WS 
     95        # Read user Certificate into a string ready for passing via WS 
    7596        try: 
    76             userCertFileTxt = open(userCertFilePath, 'r').read() 
    77              
     97            userCertFilePath = \ 
     98            self.cfg['testGetMappedAttCert'].get('issuingusercertfilepath') 
     99            userCertTxt = open(userCertFilePath, 'r').read() 
     100         
     101        except TypeError: 
     102            # No issuing cert set 
     103            userCertTxt = None 
     104                 
    78105        except IOError, ioErr: 
    79             raise "Error reading proxy certificate file \"%s\": %s" % \ 
     106            raise "Error reading certificate file \"%s\": %s" % \ 
    80107                                    (ioErr.filename, ioErr.strerror) 
    81108     
    82109     
    83         # Simlarly for Attribute Certificate if present ... 
    84         if userAttCertFilePath is not None: 
     110        # Simlarly for Attribute Certificate  
     111        try: 
     112            userAttCertFileTxt = open(\ 
     113        self.cfg['testGetMappedAttCert']['userattcertfilepath'], 'r').read() 
    85114             
    86             try: 
    87                 userAttCertFileTxt = open(userAttCertFilePath, 'r').read() 
    88                  
    89             except IOError, ioErr: 
    90                 raise "Error reading attribute certificate file \"%s\": %s" %\ 
    91                                         (ioErr.filename, ioErr.strerror) 
    92         else: 
    93             userAttCertFileTxt = None 
     115        except IOError, ioErr: 
     116            raise "Error reading attribute certificate file \"%s\": %s" %\ 
     117                                    (ioErr.filename, ioErr.strerror) 
    94118             
    95119     
    96120        # Make attribute certificate request 
    97         resp = self.clnt.getAttCert(userCertFileTxt) 
    98         return resp 
    99          
     121        attCert = self.clnt.getAttCert(userCert=userCertTxt, 
     122                                       userAttCert=userAttCertTxt) 
     123        return attCert        
     124  
    100125  
    101126#_____________________________________________________________________________        
     
    108133                    "testGetTrustedHostInfoWithNoRole", 
    109134                    "testGetAttCert", 
    110                     "testGetPubKey", 
     135                    "testGetMappedAttCert", 
     136                    "testGetX509Cert", 
    111137                  )) 
    112138        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/TestUserRoles.py

    r1642 r2017  
    44NERC Data Grid Project 
    55                                                                                 
    6 P J Kershaw 29/07/05 
     6@author P J Kershaw 29/07/05 
    77                                                                                 
    8 Copyright (C) 2006 CCLRC & NERC 
     8@copyright (C) 2006 CCLRC & NERC 
    99                                                                                 
    10 This software may be distributed under the terms of the Q Public License, 
    11 version 1.0 or later. 
     10@licence: This software may be distributed under the terms of the Q Public  
     11License, version 1.0 or later. 
    1212""" 
    13 reposID = '$Id' 
     13reposID = '$Id:$' 
    1414 
    1515 
    16 from AttAuthority import AAUserRoles 
     16from ndg.security.server.AttAuthority import AAUserRoles 
    1717 
    1818 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/MyProxyClientTest.py

    r1967 r2017  
    6767            getpass.getpass(prompt="\ntest2GetDelegation pass-phrase: ") 
    6868          
    69         try:    
     69        try: 
    7070            creds = self.clnt.getDelegation(\ 
    7171                                  self.cfg['test2GetDelegation']['username'],  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r1945 r2017  
    1111 
    1212[test1Store] 
    13 username: sstljakTestUser 
     13username: gabriel 
    1414passphrase: 
    1515certFile: ./userCert.pem 
     
    2020 
    2121[test2GetDelegation] 
    22 username: sstljakTestUser 
     22username: gabriel 
    2323passphrase: 
    2424 
    2525[test3Info] 
    26 username: sstljakTestUser 
     26username: gabriel 
    2727ownerCertFile: ./proxy-cert.pem 
    2828ownerKeyFile: ./proxy-key.pem 
     
    3030 
    3131[test4ChangePassphrase] 
    32 username: sstljakTestUser 
     32username: gabriel 
    3333ownerCertFile: ./proxy-cert.pem 
    3434ownerKeyFile: ./proxy-key.pem 
     
    3838 
    3939[test5Destroy] 
    40 username: sstljakTestUser 
     40username: gabriel 
    4141ownerCertFile: ./proxy-cert.pem 
    4242ownerKeyFile: ./proxy-key.pem 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml

    r1881 r2017  
    33        <!--  
    44        Delete this element and take setting from MYPROXY_SERVER environment  
    5         variable ifrequired 
     5        variable if required 
     6        <hostname>localhost</hostname> 
    67        --> 
    7         <hostname>localhost</hostname> 
    88        <!--  
    99        Delete this element to take default setting 7512 or read  
     
    1313        <!-- 
    1414        Useful if hostname and certificate CN don't match correctly.  Globus host 
    15         DN is set to "host/<fqdn>".  Delete this element and set from  
     15        CN is usually set to "host/<fqdn>".  Delete this element and set from  
    1616        MYPROXY_SERVER_DN environment variable if prefered 
     17        <serverDN>/O=NDG/OU=sstljak/CN=host/sstljak</serverDN> 
    1718        --> 
    18         <serverDN>/O=NDG/OU=sstljak/CN=host/sstljak</serverDN> 
     19        <!-- 
     20        Set "host/" prefix to host cert CN as is default with globus 
     21        --> 
     22        <serverCNprefix>host/</serverCNprefix>   
    1923        <!-- 
    2024        Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting 
Note: See TracChangeset for help on using the changeset viewer.