Ignore:
Timestamp:
16/02/07 15:51:32 (13 years ago)
Author:
pjkersha
Message:

* Change to AttCert? format and AA WS interface and AttAuthority? class for DEWS *

  • New userId element in Attribute Certificates + getAttCert call to an AA can specify a

user ID to be set in the returned AC.

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac,
python/ndg.security.server/ndg/security/server/AttAuthority/AttAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services.py,
python/ndg.security.common/ndg/security/common/AttAuthority/AttAuthority_services_types.py,
python/www/html/attAuthority.wsdl:
added userId to WSDL interface.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • added userId to getAttCert method.
  • changed refs to proxyCert to holderCert because cert meay not be a proxy
  • changed call to AttCert?.getRoles to AttCert?.roles
  • changed refs to userDN to userId

python/ndg.security.common/ndg/security/common/XMLSec.py: "ns1" is not needed for
reference C14N unsuppressed prefixes.

python/ndg.security.common/ndg/security/common/X509.py: made 'serialize' and 'deserialize'
aliases to serialise and deserialise methods respectively.

python/ndg.security.common/ndg/security/common/AttCert.py:

  • made AttCert? namespace a configurable class variable
  • changed all get/set attribute methods to private methods used by new-style class

properties.

  • updated setitem to use appropriate set* methods.
  • fix to setIssuerSerialNumber ref to 'issuerSerialNumber' instead of 'serialNumber'

python/ndg.security.common/ndg/security/common/AttAuthority/init.py: AA WS client -
added userId as keyword to getAttCert.

python/ndg.security.common/ndg/security/common/CredWallet.py: replace AttCert?.getRoles()
calls with AttCert?.roles property

python/ndg.security.test/ndg/security/test/AttAuthority/siteAUserRoles.py,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBUserRoles.py:
swap refs to userDN with userId.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:
added new test for where an explicit userId is set.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
added userId parameter.

python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py: added tests for
property get calls.

python/ndg.security.test/ndg/security/test/MyProxy/Makefile: include call to MyProxy?
test to get proxy cert and private key.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2085 r2178  
    9595        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath'] 
    9696        attCert.write() 
     97         
     98    def test6GetAttCertWithUserIdSet(self):         
     99        """test6GetAttCertWithUserIdSet: Request attribute certificate from  
     100        NDG Attribute Authority Web Service setting a specific user Id  
     101        independent of the signer of the SOAP request.""" 
     102     
     103        # Read user Certificate into a string ready for passing via WS 
     104        try: 
     105            userCertFilePath = \ 
     106    self.cfg['test6GetAttCertWithUserIdSet'].get('issuingusercertfilepath') 
     107            userCertTxt = open(userCertFilePath, 'r').read() 
     108         
     109        except TypeError: 
     110            # No issuing cert set 
     111            userCertTxt = None 
     112                 
     113        except IOError, ioErr: 
     114            raise "Error reading certificate file \"%s\": %s" % \ 
     115                                    (ioErr.filename, ioErr.strerror) 
    97116 
     117        # Make attribute certificate request 
     118        userId = self.cfg['test6GetAttCertWithUserIdSet']['userid'] 
     119        attCert = self.clnt.getAttCert(userId=userId, 
     120                                       userCert=userCertTxt) 
     121         
     122        print "Attribute Certificate: \n\n:" + str(attCert) 
     123         
     124        attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath'] 
     125        attCert.write() 
    98126 
    99     def test6GetMappedAttCert(self):         
    100         """test6GetMappedAttCert: Request mapped attribute certificate from  
     127    def test7GetMappedAttCert(self):         
     128        """test7GetMappedAttCert: Request mapped attribute certificate from  
    101129        NDG Attribute Authority Web Service.""" 
    102130     
     
    104132        try: 
    105133            userCertFilePath = \ 
    106             self.cfg['test6GetMappedAttCert'].get('issuingusercertfilepath') 
     134            self.cfg['test7GetMappedAttCert'].get('issuingusercertfilepath') 
    107135            userCertTxt = open(userCertFilePath, 'r').read() 
    108136         
     
    119147        try: 
    120148            userAttCert = AttCertRead(\ 
    121                 self.cfg['test6GetMappedAttCert']['userattcertfilepath']) 
     149                self.cfg['test7GetMappedAttCert']['userattcertfilepath']) 
    122150             
    123151        except IOError, ioErr: 
     
    127155        # Make client to site B Attribute Authority     
    128156        clnt = AttAuthorityClient( 
    129 uri=self.cfg['test6GetMappedAttCert']['uri'],  
    130 signingCertFilePath=self.cfg['test6GetMappedAttCert']['usercertfilepath'], 
    131 signingPriKeyFilePath=self.cfg['test6GetMappedAttCert']['userprikeyfilepath'], 
     157uri=self.cfg['test7GetMappedAttCert']['uri'],  
     158signingCertFilePath=self.cfg['test7GetMappedAttCert']['usercertfilepath'], 
     159signingPriKeyFilePath=self.cfg['test7GetMappedAttCert']['userprikeyfilepath'], 
    132160tracefile=sys.stderr) 
    133161     
     
    148176                    "test4GetTrustedHostInfoWithNoRole", 
    149177                    "test5GetAttCert", 
    150                     "test6GetMappedAttCert", 
     178                    "test6GetAttCertWithUserIdSet", 
     179                    "test7GetMappedAttCert", 
    151180                  )) 
    152181        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2170 r2178  
    3535attCertFilePath = ./ac.xml 
    3636 
    37 [test6GetMappedAttCert] 
     37[test6GetAttCertWithUserIdSet] 
     38userId = userWhoIsEntitledToTheRolesInThisCert 
     39 
     40[test7GetMappedAttCert] 
    3841userprikeypwd =  
    3942usercertfilepath = ./proxy-cert.pem 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAUserRoles.py

    r2051 r2178  
    2424 
    2525 
    26     def userIsRegistered(self, dn): 
     26    def userIsRegistered(self, userId): 
    2727        return True 
    2828 
    2929 
    30     def getRoles(self, dn): 
     30    def getRoles(self, userId): 
    3131        return ['staff', 'postdoc', 'undergrad']  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBUserRoles.py

    r2051 r2178  
    2424 
    2525 
    26     def userIsRegistered(self, dn): 
     26    def userIsRegistered(self, userId): 
    2727        return False 
    2828 
    2929 
    30     def getRoles(self, dn): 
     30    def getRoles(self, userId): 
    3131        # Make so that Site B never returns any roles - the only way to 
    3232        # get an Attribute Certificate is then through the role mapping 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py

    r1970 r2178  
    7676        self.attCert.addRoles('atsr') 
    7777         
    78         print "test6AddRoles: " + ', '.join(self.attCert.getRoles()) 
     78        print "test6AddRoles: " + ', '.join(self.attCert.roles) 
    7979 
    8080  
    81     def test6aDictSet(self): 
    82         'test6aDictSet: test __setitem__' 
     81    def test6aSet(self): 
     82        'test6aSet: test __setitem__ and property methods' 
     83        self.attCert.version = "1.0" 
    8384        self.attCert['issuer'] = '/O=NDG/OU=BADC/CN=Attribute Authority' 
    8485        self.attCert['issuerName'] = 'BADC' 
    85         self.attCert['holder'] = '/O=NDG/OU=BADC/CN=pjkershaw' 
     86        self.attCert.issuerSerialNumber = 1234 
     87        self.attCert['holder'] = '/O=NDG/OU=BADC/CN=server.cert.ac.uk' 
     88        self.attCert.userId = '/O=NDG/OU=BADC/CN=pjkershaw' 
    8689         
    8790        try: 
    8891            self.attCert['validity'] = 'invalid' 
    8992        except KeyError, e: 
    90             print "test6aDictSet: PASSED - %s" % e 
     93            print "test6aSet: PASSED - %s" % e 
    9194             
    9295        try: 
    9396            self.attCert['attributes'] = 'roleSet' 
    9497        except KeyError, e: 
    95             print "test6aDictSet: PASSED - %s" % e 
     98            print "test6aSet: PASSED - %s" % e 
    9699             
    97100        try: 
    98101            self.attCert['attributes']['roleSet'] = ['role1', 'role2'] 
    99102        except KeyError, e: 
    100             print "test6aDictSet: PASSED - %s" % e 
    101  
    102     def test6bDictGet(self): 
    103         'test6bDictGet: test __getitem__' 
    104         print "test6bDictGet ..." 
    105         print self.test2SetProvenance() 
    106         print self.test4SetValidityTime() 
    107         print self.test6AddRoles() 
    108         print self.test6aDictSet() 
    109         print self.attCert['issuer'] 
    110         print self.attCert['holder'] 
    111         print self.attCert['validity'] 
    112         print self.attCert['attributes'] 
    113         print self.attCert['attributes']['roleSet']  
     103            print "test6aSet: PASSED - %s" % e 
     104 
     105    def test6bGet(self): 
     106        'test6bGet: test __getitem__ and property methods' 
     107        print "test6bGet ..." 
     108        self.test2SetProvenance() 
     109        self.test4SetValidityTime() 
     110        self.test6AddRoles() 
     111        self.test6aSet() 
     112 
     113        print "self.attCert['version'] = %s" % self.attCert['version'] 
     114        print "self.attCert.version = %s" % self.attCert.version 
     115         
     116        print "self.attCert['issuer'] = %s" % self.attCert['issuer'] 
     117        print "self.attCert.issuer = %s" % self.attCert.issuer 
     118        print "self.attCert.issuerDN = %s" % self.attCert.issuerDN 
     119 
     120        print "self.attCert['issuerName'] = %s" % self.attCert['issuerName'] 
     121        print "self.attCert.issuerName = %s" % self.attCert.issuerName 
     122         
     123        print "self.attCert['issuerSerialNumber'] = %s" % \ 
     124                                            self.attCert['issuerSerialNumber'] 
     125        print "self.attCert.issuerSerialNumber = %s" % \ 
     126                                            self.attCert.issuerSerialNumber 
     127         
     128        print "self.attCert['holder'] = %s" % self.attCert['holder'] 
     129        print "self.attCert.holder = %s" % self.attCert.holder 
     130        print "self.attCert.holderDN = %s" % self.attCert.holderDN 
     131 
     132        print "self.attCert['userId'] = %s" % self.attCert['userId'] 
     133        print "self.attCert.userId = %s" % self.attCert.userId 
     134         
     135        print "self.attCert['validity'] = %s" % self.attCert['validity'] 
     136        print "self.attCert.validityNotBefore = %s" % \ 
     137                                                self.attCert.validityNotBefore 
     138        print "self.attCert.validityNotAfter = %s" % \ 
     139                                                self.attCert.validityNotAfter 
     140                                                 
     141        print "self.attCert.getValidityNotBefore(asDatetime=True) = %s" % \ 
     142                            self.attCert.getValidityNotBefore(asDatetime=True) 
     143        print "self.attCert.getValidityNotAfter(asDatetime=True) = %s" % \ 
     144                            self.attCert.getValidityNotAfter(asDatetime=True) 
     145         
     146        print "self.attCert['attributes'] = %s" % self.attCert['attributes'] 
     147        print "self.attCert['attributes']['roleSet'] %s: " % \ 
     148                                        self.attCert['attributes']['roleSet']  
     149        print "self.attCert.roleSet = %s" % self.attCert.roleSet 
     150        print "self.attCert.roles = %s" % self.attCert.roles 
    114151 
    115152    def test7CreateXML(self): 
     
    131168        self.test5SetDefaultValidityTime() 
    132169        self.test6AddRoles() 
    133         self.test6aDictSet()     
     170        self.test6aSet()     
    134171         
    135172        self.attCert.filePath = self.cfg['test9Sign']['filepath'] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/Makefile

    r2085 r2178  
    1616initAttAuthorityClientUnittest: ${PROXYFILES} 
    1717        @echo Set-up AttAuthority unit test by copying proxy file output from this test... 
     18        ./MyProxyClientTest.py MyProxyClientTestCase.test2GetDelegation 
    1819        cp ${PROXYFILES} ../AttAuthority 
Note: See TracChangeset for help on using the changeset viewer.