Changeset 2044


Ignore:
Timestamp:
24/01/07 16:36:03 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py,
python/www/html/attAuthority.wsdl:
Comment out HostInfo? element from getTrustedHostInfoResponse until fix is available.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • fixed check for mapped certificate.
  • return empty dict rather raise exception if self.localRole2RemoteRole is not set -

it's valid to have no trusted hosts.

python/ndg.security.test/ndg/security/test/AttAuthority/siteBUserRoles.py:
set getRoles method to return an empty list so that requests for ACs have to be via the
role mapping.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:

  • number the tests so they run in a specific order
  • test5GetAttCert - write out AC so that it can be picked up from test6GetMappedAttCert

test

  • test6GetMappedAttCert - use AttCertRead? to read in saved AC.

python/ndg.security.test/ndg/security/test/AttAuthority/siteBMapConfig.xml:
fixed role mapping to work with site A.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
changed config items in line with numbered test method names. Added items to
test6GetMappedAttCert test.

python/ndg.security.common/ndg/security/common/AttCert.py: fixed bug in AttCertRead?.

Location:
TI12-security/trunk/python
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py

    r2039 r2044  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf39ec> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf374c> 
    3232    def getAttCert(self, userCert,userAttCert): 
    3333 
     
    4444        return attCert 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf3d0c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf3a6c> 
    4747    def getHostInfo(self): 
    4848 
     
    5959        return hostname,aaURI,loginURI 
    6060 
    61     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf97cc> 
     61    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cfa48c> 
    6262    def getTrustedHostInfo(self, role): 
    6363 
     
    7070        # no output wsaction 
    7171        response = self.binding.Receive(getTrustedHostInfoOutputMsg.typecode) 
    72         trustedHosts = response._trustedHosts 
    73         return trustedHosts 
     72        return  
    7473 
    75     # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cf994c> 
     74    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb6cfa60c> 
    7675    def getX509Cert(self): 
    7776 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py

    r2039 r2044  
    4444        def __init__(self, **kw): 
    4545            ns = ns0.HostInfo_Dec.schema 
    46             TClist = [ZSI.TC.String(pname="hostname", aname="_hostname", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="aaURI", aname="_aaURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="loginURI", aname="_loginURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), GTD("http://schemas.xmlsoap.org/wsdl/","RoleList",lazy=False)(pname="roleList", aname="_roleList", minOccurs=1, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     46            TClist = [ZSI.TC.String(pname="hostname", aname="_hostname", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="aaURI", aname="_aaURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="loginURI", aname="_loginURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), GTD("urn:ndg:security","RoleList",lazy=False)(pname="roleList", aname="_roleList", minOccurs=1, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    4747            kw["pname"] = ("urn:ndg:security","HostInfo") 
    4848            kw["aname"] = "_HostInfo" 
     
    169169        def __init__(self, **kw): 
    170170            ns = ns0.getTrustedHostInfoResponse_Dec.schema 
    171             TClist = [GTD("http://schemas.xmlsoap.org/wsdl/","HostInfo",lazy=False)(pname="trustedHosts", aname="_trustedHosts", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     171            TClist = [] 
    172172            kw["pname"] = ("urn:ndg:security","getTrustedHostInfoResponse") 
    173173            kw["aname"] = "_getTrustedHostInfoResponse" 
     
    179179                def __init__(self): 
    180180                    # pyclass 
    181                     self._trustedHosts = [] 
    182181                    return 
    183182            Holder.__name__ = "getTrustedHostInfoResponse_Holder" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2017 r2044  
    294294        private key is used to sign the request, this argument is not  
    295295        needed. 
    296                  
    297         @type proxyCert: string 
    298         @param proxyCert: certificate containing Distinguished Name of user 
    299         to request an Attribute Certificate for 
    300296         
    301297        @type userAttCert: string / AttCert 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttCert.py

    r1970 r2044  
    951951    """Create a new attribute certificate read in from a file""" 
    952952     
    953     attCert = AttCert(filePath) 
     953    attCert = AttCert(filePath=filePath) 
    954954    attCert.read() 
    955955     
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py

    r2039 r2044  
    2020        <xsd:complexType> 
    2121          <xsd:sequence> 
    22                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"localRole\" type=\"xsd:string\"/> 
    23                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"remoteRole\" type=\"xsd:string\"/> 
     22            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"localRole\" type=\"xsd:string\"/> 
     23            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"remoteRole\" type=\"xsd:string\"/> 
    2424          </xsd:sequence> 
    2525        </xsd:complexType> 
     
    2828      <xsd:element name=\"HostInfo\"> 
    2929        <xsd:complexType> 
    30               <xsd:sequence> 
    31                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"hostname\" type=\"xsd:string\"/> 
    32                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"aaURI\" type=\"xsd:string\"/> 
    33                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"loginURI\" type=\"xsd:string\"/> 
    34                         <xsd:element maxOccurs=\"unbounded\" minOccurs=\"1\" name=\"roleList\" type=\"RoleList\"/> 
    35               </xsd:sequence> 
    36             </xsd:complexType> 
     30          <xsd:sequence> 
     31            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"hostname\" type=\"xsd:string\"/> 
     32            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"aaURI\" type=\"xsd:string\"/> 
     33            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"loginURI\" type=\"xsd:string\"/> 
     34            <xsd:element maxOccurs=\"unbounded\" minOccurs=\"1\" name=\"roleList\" type=\"tns:RoleList\"/> 
     35          </xsd:sequence> 
     36        </xsd:complexType> 
    3737      </xsd:element> 
    3838       
     
    4848      <xsd:element name=\"getAttCertResponse\"> 
    4949        <xsd:complexType> 
    50               <xsd:sequence> 
    51                 <xsd:element name=\"attCert\" type=\"xsd:string\"/> 
    52               </xsd:sequence> 
    53             </xsd:complexType> 
     50          <xsd:sequence> 
     51            <xsd:element name=\"attCert\" type=\"xsd:string\"/> 
     52          </xsd:sequence> 
     53        </xsd:complexType> 
    5454      </xsd:element> 
    5555 
     
    6060      <xsd:element name=\"getHostInfoResponse\"> 
    6161        <xsd:complexType> 
    62               <xsd:sequence> 
    63                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"hostname\" type=\"xsd:string\"/> 
    64                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"aaURI\" type=\"xsd:string\"/> 
    65                 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"loginURI\" type=\"xsd:string\"/> 
    66               </xsd:sequence> 
    67             </xsd:complexType> 
     62          <xsd:sequence> 
     63            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"hostname\" type=\"xsd:string\"/> 
     64            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"aaURI\" type=\"xsd:string\"/> 
     65            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"loginURI\" type=\"xsd:string\"/> 
     66          </xsd:sequence> 
     67        </xsd:complexType> 
    6868      </xsd:element> 
    6969 
     
    7777 
    7878      <xsd:element name=\"getTrustedHostInfoResponse\"> 
    79         <xsd:complexType> 
    80                   <xsd:sequence> 
    81             <xsd:element maxOccurs=\"unbounded\" minOccurs=\"0\" name=\"trustedHosts\" type=\"HostInfo\"/> 
    82                   </xsd:sequence> 
    83         </xsd:complexType> 
     79        <xsd:complexType/> 
     80<!--     
     81        <xsd:complexType> 
     82          <xsd:sequence> 
     83            <xsd:element name=\"trustedHosts\" type=\"tns:HostInfo\" minOccurs=\"0\" maxOccurs=\"unbounded\"/> 
     84          </xsd:sequence> 
     85        </xsd:complexType> 
     86--> 
    8487      </xsd:element> 
    8588 
     
    9093      <xsd:element name=\"getX509CertResponse\"> 
    9194        <xsd:complexType> 
    92                   <xsd:sequence> 
    93                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"x509Cert\" type=\"xsd:string\"/> 
    94                   </xsd:sequence> 
    95                 </xsd:complexType> 
     95          <xsd:sequence> 
     96            <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"x509Cert\" type=\"xsd:string\"/> 
     97          </xsd:sequence> 
     98        </xsd:complexType> 
    9699      </xsd:element> 
    97100 
     
    264267 
    265268        result = getTrustedHostInfoOutputMsg() 
    266         # If we have an implementation object, copy the result  
    267         if hasattr(self,'impl'): 
    268             result._trustedHosts = parameters 
    269269        return self.request, result 
    270270 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

    r2039 r2044  
    460460            try: 
    461461                # Give path to CA cert to allow check 
    462                 userAttCert.isValid(raiseExcep=True, 
    463                                    certFilePathList=self.__prop['caCertFile']) 
     462                userAttCert.certFilePathList = self.__prop['caCertFile'] 
     463                userAttCert.isValid(raiseExcep=True) 
    464464                 
    465465            except Exception, e: 
     
    473473                 
    474474            except Exception, e: 
    475                 raise AttAuthorityError(\ 
    476                     "Error creating X500DN for holder: %s" + e) 
     475                raise AttAuthorityError, \ 
     476                                    "Error creating X500DN for holder: %s" + e 
    477477             
    478478            if holderDN != usrDN: 
    479                 raise AttAuthorityError(\ 
     479                raise AttAuthorityError, \ 
    480480                    "User certificate and Attribute Certificate DNs " + \ 
    481                     "don't match: " + str(usrDN) + " and " + str(holderDN)) 
     481                    "don't match: %s and %s" % (usrDN, holderDN) 
    482482             
    483483   
     
    502502 
    503503            # End set mapped certificate block 
    504              
    505504 
    506505        try: 
     
    820819        recognised""" 
    821820                                          
    822         if not self.__localRole2RemoteRole: 
    823             raise AttAuthorityError, "Roles to host look-up is not set - " + \ 
    824                                     "ensure readMapConfig() has been called." 
     821        if not self.__mapConfig or not self.__localRole2RemoteRole: 
     822            # This Attribute Authority has no trusted hosts 
     823            return {} 
    825824 
    826825 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2028 r2044  
    1818from ConfigParser import SafeConfigParser 
    1919 
    20 from ConfigParser import SafeConfigParser 
     20from ndg.security.common.AttAuthority import AttAuthorityClient 
     21from ndg.security.common.AttCert import AttCertRead 
    2122 
    22 from ndg.security.common.AttAuthority import AttAuthorityClient 
    2323 
    2424class AttAuthorityClientTestCase(unittest.TestCase): 
     
    4242    
    4343     
    44     def testGetX509Cert(self): 
     44    def test1GetX509Cert(self): 
    4545        '''testGetX509Cert: retrieve Attribute Authority's X.509 cert.''' 
    4646        #import pdb;pdb.set_trace() 
     
    4949         
    5050 
    51     def testGetTrustedHostInfo(self): 
     51    def test2GetTrustedHostInfo(self): 
    5252        """testGetTrustedHostInfo: retrieve trusted host info matching a 
    5353        given role""" 
     
    5656 
    5757 
    58     def testGetTrustedHostInfoWithNoRole(self): 
     58    def test3GetTrustedHostInfoWithNoRole(self): 
    5959        """testGetTrustedHostInfoWithNoRole: retrieve trusted host info  
    6060        irrespective of role""" 
    6161        self.clnt.getTrustedHostInfo() 
    6262 
    63     def testGetHostInfo(self): 
     63    def test4GetHostInfo(self): 
    6464        """testGetHostInfo: retrieve info for AA host""" 
    6565        self.clnt.getHostInfo() 
    6666 
    6767 
    68     def testGetAttCert(self):         
     68    def test5GetAttCert(self):         
    6969        """testGetAttCert: Request attribute certificate from NDG Attribute  
    7070        Authority Web Service.""" 
     
    8787        attCert = self.clnt.getAttCert(userCert=userCertTxt) 
    8888        print "Attribute Certificate: \n\n:" + str(attCert) 
     89        attCert.filePath = self.cfg['testGetAttCert']['attcertfilepath'] 
     90        attCert.write() 
    8991 
    9092 
    91     def testGetMappedAttCert(self):         
     93    def test6GetMappedAttCert(self):         
    9294        """testGetAttCert: Request mapped attribute certificate from NDG  
    9395        Attribute Authority Web Service.""" 
     
    110112        # Simlarly for Attribute Certificate  
    111113        try: 
    112             userAttCertFileTxt = open(\ 
    113         self.cfg['testGetMappedAttCert']['userattcertfilepath'], 'r').read() 
     114            userAttCert = AttCertRead(\ 
     115                      self.cfg['testGetMappedAttCert']['userattcertfilepath']) 
    114116             
    115117        except IOError, ioErr: 
    116118            raise "Error reading attribute certificate file \"%s\": %s" %\ 
    117119                                    (ioErr.filename, ioErr.strerror) 
    118              
     120         
     121        # Make client to site B Attribute Authority     
     122        clnt = AttAuthorityClient(\ 
     123   uri=self.cfg['testGetMappedAttCert']['uri'],  
     124   clntCertFilePath=self.cfg['testGetMappedAttCert']['usercertfilepath'], 
     125   clntPriKeyFilePath=self.cfg['testGetMappedAttCert']['userprikeyfilepath'], 
     126   tracefile=sys.stderr) 
    119127     
    120128        # Make attribute certificate request 
    121         attCert = self.clnt.getAttCert(userCert=userCertTxt, 
    122                                        userAttCert=userAttCertTxt) 
    123         return attCert        
     129        attCert = clnt.getAttCert(userCert=userCertTxt, 
     130                                  userAttCert=userAttCert) 
     131        print "Attribute Certificate: \n\n:" + str(attCert) 
    124132  
    125133  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2017 r2044  
    1717# from tty 
    1818userprikeypwd =  
    19  
    2019usercertfilepath = ./proxy-cert.pem 
    2120userprikeyfilepath = ./proxy-key.pem 
    2221 
    23 [testGetTrustedHostInfo] 
     22[test2GetTrustedHostInfo] 
    2423role = postgrad 
    2524  
    26 [testGetAttCert] 
     25[test5GetAttCert] 
    2726# If usercertfilepath is a proxy set this cert as the one that issued the  
    2827# proxy.  Comment out if usercertfilepath is a standard X.509 cert. 
    2928#issuingusercertfilepath = ./user-cert.pem 
     29# Setup for use by testGetMappedAttCert test 
     30attCertFilePath = ./ac.xml 
    3031 
    31 [testGetMappedAttCert] 
     32[test6GetMappedAttCert] 
     33userprikeypwd =  
     34usercertfilepath = ./proxy-cert.pem 
     35userprikeyfilepath = ./proxy-key.pem 
     36 
     37uri = http://localhost:5100/AttributeAuthority 
    3238userAttCertFilePath = ./ac.xml 
    3339 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBMapConfig.xml

    r2039 r2044  
    88            <aaURI>attAuthorityURI</aaURI> 
    99            <loginURI>loginPageURI</loginURI> 
    10                 <role remote="postgrad" local="researcher"/> 
     10                <role remote="postdoc" local="researcher"/> 
    1111    </trusted> 
    1212</AAmap> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBUserRoles.py

    r2039 r2044  
    2929 
    3030    def getRoles(self, dn): 
    31         return ['researcher', 'government']  
     31        # Make so that Site B never returns any roles - the only way to 
     32        # get an Attribute Certificate is then through the role mapping 
     33        return []  
  • TI12-security/trunk/python/www/html/attAuthority.wsdl

    r2043 r2044  
    7373 
    7474      <xsd:element name="getTrustedHostInfoResponse"> 
     75        <xsd:complexType/> 
     76<!--     
    7577        <xsd:complexType> 
    7678          <xsd:sequence> 
     
    7880          </xsd:sequence> 
    7981        </xsd:complexType> 
     82--> 
    8083      </xsd:element> 
    8184 
Note: See TracChangeset for help on using the changeset viewer.