Ignore:
Timestamp:
12/02/07 15:27:35 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/ca/server-config.tac: added file copied
from Session Manager equivalent

python/ndg.security.server/ndg/security/server/ca/SimpleCA.py:

  • added ability to generate a certificate request using M2Crypto
  • added properties for running web service over SSL + PKI settings
  • properties file path can be set vai the NDGSEC_CA_PROPFILEPATH environment variable

python/ndg.security.server/ndg/security/server/ca/start-container.sh: script to run
service with twistd.

python/ndg.security.server/ndg/security/server/ca/Makefile: calls to wsdl2dispatch to
generate server side stubs.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac: fixed typo

  • ref to Attribute Authority instead of Session Manager.

python/ndg.security.server/ndg/security/server/MyProxy.py: simplified use of OpenSSLConfig
class.

python/conf/sessionMgrProperties.xml: removed duplicate lines.

python/conf/simpleCAProperties.xml: re-added - for some reason not previously stored in
repository.

python/ndg.security.test/ndg/security/test/ca/server.sh: adapted from Session Manager
version.

python/ndg.security.test/ndg/security/test/ca/caClientTest.cfg: added settings for
issueCert unit test to configure certificate request.

python/ndg.security.test/ndg/security/test/ca/caClientTest.py: setting up
test1IssueCert unit test.

python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml: added settings for
SSL and PKI.

python/ndgSetup.sh: set up GRID_SECURITY_DIR environment variable

python/ndg.security.common/ndg/security/common/ca/init.py: Certificate Authority
web service client - updated settings for OpenSSLConfig object and issueCert method.

python/ndg.security.common/ndg/security/common/ca/CertReq.py: old code from alpha version
of NDG-Security.

python/ndg.security.common/ndg/security/common/ca/Makefile: generates client and server
side stubs for Certificate Authority web service.

python/ndg.security.common/ndg/security/common/wsSecurity.py: updated header

python/ndg.security.common/ndg/security/common/openssl.py:

  • fixed regular expression for 'req_distinguished_name' pattern match
  • parameters are parsed in call to read() rather than in getReqDN method.
  • reqDN is now a property.
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca
Files:
1 added
1 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/caClientTest.cfg

    r2139 r2145  
    11# NERC Data Grid Project 
    22# 
    3 # P J Kershaw 12/01/07 
     3# P J Kershaw 09/02/07 
    44# 
    55# Copyright (C) 2007 CCLRC & NERC 
     
    1010# $Id:$ 
    1111[setUp] 
    12 smuri = https://localhost:5700/SessionManager 
     12uri = https://localhost:5800/CertificateAuthority 
    1313 
    14  
    15 # X.509 certificate for Attribute Authority - if commented out, Session  
    16 # Manager will call AA getX509Cert WS method to retrieve it 
    17 #aacertfilepath =  
     14# May be omitted to use OU and O instead 
     15openSSLConfigFilePath = $GRID_SECURITY_DIR/globus-user-ssl.conf 
     16#O=NDG 
     17#OU=An NDG Partner 
    1818 
    1919# X.509 certificate for session manager.  If not set, it will be retrieved  
    2020# using the getX509Cert WS method 
    21 srvcertfilepath = ./sm-cert.pem 
     21#srvcertfilepath = 
    2222 
    2323# Password protecting client private key - if omitted it will be prompted for 
     
    2828clntprikeyfilepath = ./clnt-key.pem 
    2929 
    30 [test1AddUser] 
    31 username = BugsBunny  
     30[test1IssueCert] 
     31CN = BugsBunny  
    3232# Comment out to prompt for on tty. 
    3333#passphrase = 
    3434  
    35 [test2CookieConnect]          
     35[test2RevokeCert]          
    3636username = sstljakTestUser 
    3737#username = gabriel 
    3838#passphrase =  
    3939 
    40 [test3ProxyCertConnect]          
     40[test3GetCRL]          
    4141#username = sstljakTestUser 
    4242username = gabriel 
    4343#passphrase =  
    44  
    45 [test6CookieGetAttCert] 
    46 aaURI = http://localhost:5000/AttributeAuthority 
    47  
    48 [test6aCookieGetAttCertRefused] 
    49 aaURI = http://localhost:5100/AttributeAuthority 
    50  
    51 [test6bCookieGetMappedAttCert] 
    52 aaURI = http://localhost:5100/AttributeAuthority 
    53  
    54 [test6cCookieGetAttCertWithExtAttCertList] 
    55 aaURI = http://localhost:5100/AttributeAuthority 
    56  
    57 [test7ProxyCertGetAttCert] 
    58 aaURI = http://localhost:5000/AttributeAuthority 
    59  
    60  
    61  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/caClientTest.py

    r2139 r2145  
    11#!/usr/bin/env python 
    2  
    3 """Test harness for NDG Session Manager client - makes requests for  
    4 authentication and authorisation.  An Attribute Authority and Simple CA 
    5 services must be running for the reqAuthorisation and addUser tests 
     2"""Test harness for NDG Certificate Authority client - makes requests for  
     3issue and revocation of certificates. 
    64 
    75NERC Data Grid Project 
     
    108 
    11923/02/06 
    12  
    13 Renamed from SessionClientTest.py 27/0/4/06 
    14 Moved and renamed SessionMgrClientTest.py 23/11/06 
    1510 
    1611@copyright (C) 2007 CCLRC & NERC 
     
    2520from ConfigParser import SafeConfigParser 
    2621 
    27 from ndg.security.common.SessionMgr import SessionMgrClient, \ 
    28     AttributeRequestDenied 
    29      
    30 from ndg.security.common.SessionCookie import SessionCookie 
     22from ndg.security.common.ca import CertificateAuthorityClient 
    3123 
    3224 
    33 class SessionMgrClientTestCase(unittest.TestCase): 
     25class CAClientTestCase(unittest.TestCase): 
    3426     
    3527    def setUp(self): 
    3628         
    3729        configParser = SafeConfigParser() 
    38         configParser.read("./sessionMgrClientTest.cfg") 
     30        configParser.read("./caClientTest.cfg") 
    3931         
    4032        self.cfg = {} 
     
    5345            sys.exit(0) 
    5446             
    55         # Initialise the Session Manager client connection 
     47        # Initialise the Certificate Authority client connection 
    5648        # Omit traceFile keyword to leave out SOAP debug info 
    57         self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'], 
    58                 verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'], 
    59                 signingCertFilePath=self.cfg['setUp']['clntcertfilepath'], 
    60                 signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'], 
    61                 signingPriKeyPwd=clntPriKeyPwd, 
    62                 tracefile=tracefile)  
    63          
    64         self.sessCookie = None 
    65         self.proxyCert = None 
    66         self.proxyPriKey = None 
    67         self.userCert = None 
     49        self.clnt = CertificateAuthorityClient(uri=self.cfg['setUp']['uri'], 
     50            verifyingCertFilePath=self.cfg['setUp'].get('srvcertfilepath'), 
     51            signingCertFilePath=self.cfg['setUp']['clntcertfilepath'], 
     52            signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'], 
     53            signingPriKeyPwd=clntPriKeyPwd, 
     54            tracefile=tracefile)  
    6855 
    69     def test1AddUser(self): 
    70         """Add a new user ID to the MyProxy repository""" 
    71          
    72         passphrase = self.cfg['test1AddUser'].get('passphrase') or \ 
    73             getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ") 
    74              
    75         # Note the pass-phrase is read from the file tmp.  To pass 
    76         # explicitly as a string use the 'passphrase' keyword instead 
    77         self.clnt.addUser(self.cfg['test1AddUser']['username'],  
    78                           passphrase=passphrase) 
    79         print "Added user '%s'" % self.cfg['test1AddUser']['username'] 
     56        self.clnt.openSSLConfig.filePath = \ 
     57            os.path.expandvars(self.cfg['setUp'].get('opensslconfigfilepath')) 
     58                 
     59        if self.clnt.openSSLConfig.filePath: 
     60            self.clnt.openSSLConfig.read() 
     61        else: 
     62            self.clnt.openSSLConfig.reqDN = {'O': self.cfg['setUp']['o'], 
     63                                             'OU': self.cfg['setUp']['ou']} 
     64 
     65 
     66    def test1IssueCert(self): 
     67        """Issue a new certificate""" 
     68        import pdb;pdb.set_trace() 
     69        cert,priKey = self.clnt.issueCert(CN=self.cfg['test1IssueCert']['cn']) 
     70        print "Issuing new cert '%s'" % self.cfg['test1IssueCert']['cn'] 
    8071         
    8172 
    82     def test2CookieConnect(self): 
    83         """test2CookieConnect: Connect as if acting as a browser client -  
    84         a cookie is returned""" 
     73    def test2RevokeCert(self): 
     74        """test2RevokeCert: revoke a certificate""" 
    8575 
    86         passphrase = self.cfg['test2CookieConnect'].get('passphrase') or \ 
    87         getpass.getpass(prompt="\ntest2CookieConnect pass-phrase for user: ") 
    88  
    89         self.proxyCert, self.proxyPriKey, self.userCert, cookie = \ 
    90             self.clnt.connect(self.cfg['test2CookieConnect']['username'],  
    91                               passphrase=passphrase, 
    92                               getCookie=True) 
     76        self.clnt.revokeCert(self.cfg['test2RevokeCert']['revokeCert']) 
    9377 
    9478        self.sessCookie = SessionCookie(cookie) 
    95         print "User '%s' connected to Session Manager:\n%s" % \ 
    96             (self.cfg['test2CookieConnect']['username'], self.sessCookie) 
     79        print "User '%s' connected to Certificate Authority:\n%s" % \ 
     80            (self.cfg['test2RevokeCert']['username'], self.sessCookie) 
    9781             
    9882 
    99     def test3ProxyCertConnect(self): 
    100         """test3ProxyCertConnect: Connect as a command line client -  
    101         a proxyCert is returned""" 
     83    def test3GetCRL(self): 
     84        """test3GetCRL: get Certificate Revocation List""" 
    10285 
    103         passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \ 
     86        passphrase = self.cfg['test3GetCRL'].get('passphrase') or \ 
    10487            getpass.getpass(\ 
    105                     prompt="\ntest3ProxyCertConnect pass-phrase for user: ") 
     88                    prompt="\ntest3GetCRL pass-phrase for user: ") 
    10689 
    107         self.proxyCert, self.proxyPriKey, self.userCert, null = \ 
    108             self.clnt.connect(self.cfg['test3ProxyCertConnect']['username'],  
    109                               passphrase=passphrase, 
    110                               getCookie=False) 
    111         print "User '%s' connected to Session Manager:\n%s" % \ 
    112             (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert) 
     90        crl = self.clnt.getCRL() 
     91        print "CRL:\n%s" % crl 
    11392             
    114  
    115     def test4CookieDisconnect(self): 
    116         """test4CookieDisconnect: disconnect as if acting as a browser client -  
    117         a cookie is returned""" 
    118          
    119         print "\n\t" + self.test4CookieDisconnect.__doc__ 
    120         self.test2CookieConnect() 
    121          
    122         # Use proxy cert / private key just obtained from connect call for 
    123         # signature generation 
    124         self.clnt.signatureHandler.signingCert = self.proxyCert 
    125         self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey 
    126          
    127         self.clnt.disconnect(userCert=self.userCert, 
    128                              sessCookie=str(self.sessCookie)) 
    129          
    130         print "User disconnected from Session Manager:\n%s" % self.sessCookie 
    131              
    132  
    133     def test5ProxyCertDisconnect(self): 
    134         """test5ProxyCertDisconnect: Connect as a command line client -  
    135         a proxyCert is returned""" 
    136          
    137         print "\n\t" + self.test5ProxyCertDisconnect.__doc__ 
    138         self.test3ProxyCertConnect() 
    139          
    140         # Use proxy to sign outbound SOAP message 
    141         self.clnt.signingCert = self.proxyCert 
    142         self.clnt.signingKey = self.proxyPriKey 
    143         self.clnt.signingPriKeyPwd = None 
    144          
    145         self.clnt.disconnect(proxyCert=self.proxyCert) 
    146         print "User disconnected from Session Manager:\n%s" % self.proxyCert 
    147  
    148  
    149     def test6CookieGetAttCert(self): 
    150         """test6CookieGetAttCert: make an attribute request using 
    151         a cookie as authentication credential""" 
    152  
    153         print "\n\t" + self.test6CookieGetAttCert.__doc__         
    154         self.test2CookieConnect() 
    155          
    156         attCert, extAttCertList = self.clnt.getAttCert(\ 
    157             sessID=self.sessCookie.sessionID,  
    158             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    159             attAuthorityURI=self.cfg['test6CookieGetAttCert']['aauri']) 
    160          
    161         print "Attribute Certificate:\n%s" % attCert   
    162         print "External Attribute Certificate List:\n%s" % extAttCertList 
    163  
    164  
    165     def test6aCookieGetAttCertRefused(self): 
    166         """test6aCookieGetAttCertRefused: make an attribute request using 
    167         a cookie as authentication credential requesting an AC from an 
    168         Attribute Authority where the user is NOT registered""" 
    169  
    170         print "\n\t" + self.test6aCookieGetAttCertRefused.__doc__         
    171         self.test2CookieConnect() 
    172          
    173         aaURI = self.cfg['test6aCookieGetAttCertRefused']['aauri'] 
    174          
    175         try: 
    176             attCert, extAttCertList = self.clnt.getAttCert(\ 
    177                         sessID=self.sessCookie.sessionID,  
    178                         encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    179                         attAuthorityURI=aaURI, 
    180                         mapFromTrustedHosts=False) 
    181         except AttributeRequestDenied, e: 
    182             print "SUCCESS - obtained expected result: %s" % e 
    183             return 
    184          
    185         self.fail("Request allowed from AA where user is NOT registered!") 
    186  
    187  
    188     def test6bCookieGetMappedAttCert(self): 
    189         """test6bCookieGetMappedAttCert: make an attribute request using 
    190         a cookie as authentication credential""" 
    191  
    192         print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__         
    193         self.test2CookieConnect() 
    194          
    195         attCert, extAttCertList = self.clnt.getAttCert(\ 
    196             sessID=self.sessCookie.sessionID,  
    197             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    198             attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri']) 
    199          
    200         print "Attribute Certificate:\n%s" % attCert   
    201         print "External Attribute Certificate List:\n%s" % extAttCertList 
    202  
    203  
    204     def test6bCookieGetMappedAttCert(self): 
    205         """test6CookieGetAttCert: make an attribute request using 
    206         a cookie as authentication credential""" 
    207  
    208         print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__         
    209         self.test2CookieConnect() 
    210          
    211         attCert, extAttCertList = self.clnt.getAttCert(\ 
    212             sessID=self.sessCookie.sessionID,  
    213             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    214             attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri']) 
    215          
    216         print "Attribute Certificate:\n%s" % attCert   
    217         print "External Attribute Certificate List:\n%s" % extAttCertList 
    218  
    219  
    220     def test6cCookieGetAttCertWithExtAttCertList(self): 
    221         """test6CookieGetAttCert: make an attribute request using 
    222         a cookie as authentication credential""" 
    223          
    224         print "\n\t" + self.test6cCookieGetAttCertWithExtAttCertList.__doc__         
    225         self.test2CookieConnect() 
    226          
    227         aaURI = \ 
    228             self.cfg['test6cCookieGetAttCertWithExtAttCertList']['aauri'] 
    229              
    230         attCert, extAttCertList = self.clnt.getAttCert(\ 
    231                         sessID=self.sessCookie.sessionID,  
    232                         encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    233                         attAuthorityURI=aaURI, 
    234                         extAttCertList=['AC1', 'AC2', 'AC3']) 
    235            
    236         print "Attribute Certificate:\n%s" % attCert   
    237         print "External Attribute Certificate List:\n%s" % extAttCertList 
    238  
    239  
    240     def test7ProxyCertGetAttCert(self): 
    241         """test7ProxyCertGetAttCert: make an attribute request using 
    242         a proxy cert as authentication credential""" 
    243         print "\n\t" + self.test7ProxyCertGetAttCert.__doc__ 
    244         self.test3ProxyCertConnect() 
    245          
    246         # Request an attribute certificate from an Attribute Authority  
    247         # using the proxyCert returned from connect() 
    248          
    249         aaURI = self.cfg['test7ProxyCertGetAttCert']['aauri'] 
    250         attCert, extAttCertList = self.clnt.getAttCert(\ 
    251                                                  proxyCert=self.proxyCert, 
    252                                                  attAuthorityURI=aaURI) 
    253            
    254         print "Attribute Certificate:\n%s" % attCert   
    255         print "External Attribute Certificate List:\n%s" % extAttCertList 
    256  
    257  
    258     def test8GetX509Cert(self): 
    259         "test8GetX509Cert: return the Session Manager's X.509 Cert." 
    260         cert = self.clnt.getX509Cert() 
    261                                               
    262         print "Session Manager X.509 Certificate:\n" + cert 
    26393             
    26494             
    26595#_____________________________________________________________________________        
    266 class SessionMgrClientTestSuite(unittest.TestSuite): 
     96class CAClientTestSuite(unittest.TestSuite): 
    26797     
    26898    def __init__(self): 
    269         map = map(SessionMgrClientTestCase, 
     99        map = map(CAClientTestCase, 
    270100                  ( 
    271                     "test1AddUser", 
    272                     "test2CookieConnect", 
    273                     "test3ProxyCertConnect", 
    274                     "test4CookieDisconnect", 
    275                     "test5ProxyCertDisconnect", 
    276                     "test6CookieGetAttCert", 
    277                     "test6bCookieGetMappedAttCert", 
    278                     "test6cCookieGetAttCertWithExtAttCertList", 
    279                     "test7ProxyCertGetAttCert", 
    280                     "test8GetX509Cert", 
     101                    "test1IssueCert", 
     102                    "test2RevokeCert", 
     103                    "test3GetCRL", 
    281104                  )) 
    282105        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/server.sh

    r2139 r2145  
    33# NERC Data Grid Project 
    44#                                                                                 
    5 # Session Manager client unit test - start server 
     5# Certificate Authority client unit test - start server 
    66# 
    7 #@author P J Kershaw 25/01/07 
     7#@author P J Kershaw 09/02/07 
    88#                                                                                 
    99#@copyright (C) 2007 CCLRC & NERC 
     
    1111#@licence: This software may be distributed under the terms of the Q Public  
    1212# License, version 1.0 or later. 
    13 export NDGSEC_SM_PROPFILEPATH=${PWD}/sessionMgrProperties.xml 
    14 export NDGSEC_SM_UNITTEST_DIR=${PWD} 
     13export NDGSEC_CA_PROPFILEPATH=${PWD}/simpleCAProperties.xml 
     14export NDGSEC_CA_UNITTEST_DIR=${PWD} 
    1515 
    16 srvDir1=../../server/SessionMgr 
    17 srvDir2=../../../../../ndg.security.server/ndg/security/server/SessionMgr 
     16srvDir1=../../server/ca 
     17srvDir2=../../../../../ndg.security.server/ndg/security/server/ca 
    1818 
    1919if [ -d $srvDir1 ]; then 
Note: See TracChangeset for help on using the changeset viewer.