Ignore:
Timestamp:
30/04/07 10:01:04 (13 years ago)
Author:
pjkersha
Message:

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • soap_disconnect: added call to SessionMgr?.disconnect, added logic for retrieving ID from cert.

used with WS-Security signature.

  • add code to check for useSignatureHandler config param. If this flag is set, get user ID from

cert in WS-Security header

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
ndg.security.server/ndg/security/server/SessionMgr/init.py: added "useSignatureHandler" parameter
to properties file elements.

www/html/sessionMgr.wsdl,
ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py: removed userCert
argument. - This is not needed as cert chain can be passed in by setting #X509PKIPathv1 for
BinarySecurityToken?.

ndg.security.client/ndg/security/client/ndgSessionClient.py: started on updates from alpha version -
--req-autho flag is now --req-attr

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg: added more tests for signature
verification tests.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: removed userCert arg from
disconnect call. It's passed in the signature in the WS-Security header.

ndg.security.common/ndg/security/common/XMLSec.py: fixed bug in applyEnvelopedSignature - removed
incorrect strip call from digest calc:

calcSignedInfoDigestValue = sha(signedInfoC14n).digest()#.strip()


ndg.security.common/ndg/security/common/SessionMgr/init.py: Session Manager client code -
remove refs to "userCert" for disconnect and connect calls. It's passed in the WS-Security header
instead.

ndg.security.common/ndg/security/common/wsSecurity.py: comment - query whitespace strip in
extraction of calculated signature value from message "b64EncSignatureValue".

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/AttCertTest.py

    r2178 r2437  
    202202 
    203203    def test12IsValid(self): 
    204         '''test5Verify: check signature of XML document'''             
     204        '''test12IsValid: check signature of XML document'''             
    205205        self.test11Read() 
    206206        self.attCert.certFilePathList=self.cfg['test12IsValid']['certfile'] 
     
    208208         
    209209 
     210    def test13IsValidStressTest(self): 
     211        '''test13IsValidStressTest: check signature of XML document'''             
     212        self.test2SetProvenance() 
     213        self.test5SetDefaultValidityTime() 
     214        self.test6aSet()     
     215         
     216        self.attCert.certFilePathList = \ 
     217                            self.cfg['test13IsValidStressTest']['certfile'] 
     218        self.attCert.signingKeyFilePath = \ 
     219                            self.cfg['test13IsValidStressTest']['keyfile'] 
     220         
     221        try: 
     222            self.attCert.signingKeyPwd = \ 
     223                        self.cfg['test13IsValidStressTest'].get('keypwd') or \ 
     224                        getpass.getpass(\ 
     225                    prompt="\ntest13IsValidStressTest private key password: ") 
     226        except KeyboardInterrupt: 
     227            self.fail("test13IsValidStressTest: Aborting test") 
     228            return 
     229 
     230        import base64 
     231        for i in range(0, int(self.cfg['test13IsValidStressTest']['nruns'])): 
     232            # Generate a range of random role names to try to trip up the 
     233            # signature validation 
     234            roles = [base64.encodestring(os.urandom(i)).strip() \ 
     235                     for role in range(0, i)] 
     236            self.attCert.addRoles(roles) 
     237             
     238            # Write AC file names by index 
     239            self.attCert.filePath = "%03d.xml" % i 
     240             
     241            self.attCert.applyEnvelopedSignature() 
     242            self.attCert.write() 
     243 
     244            self.attCert.certFilePathList = \ 
     245                            self.cfg['test13IsValidStressTest']['certfile'] 
     246 
     247            try: 
     248                self.attCert.isValid(raiseExcep=True) 
     249            except Exception, e: 
     250                msg = "Verification failed for %s: %s" % \ 
     251                    (self.attCert.filePath, str(e)) 
     252                print msg 
     253                open('%03d.msg' % i, 'w').write(msg)     
     254 
     255    def test14IsValidSignature(self): 
     256        '''test14IsValidSignature: check signature of XML document'''             
     257        self.attCert.filePath = self.cfg['test14IsValidSignature']['filepath'] 
     258        self.attCert.read() 
     259         
     260        self.attCert.certFilePathList=self.cfg['test14IsValidSignature']['certfile'] 
     261        import pdb;pdb.set_trace() 
     262        self.attCert.verifyEnvelopedSignature() 
     263         
     264        print 'test14IsValidSignature: \n\n%s' % self.attCert 
     265         
    210266class AttCertTestSuite(unittest.TestSuite): 
    211267    def __init__(self): 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg

    r1967 r2437  
    1818filePath: ./ac.xml 
    1919 
    20 [test11Read] 
     20[test11Read]]]] 
    2121filePath: ./ac.xml 
    2222 
     
    2424certFile: ./cert.pem 
    2525 
     26[test13IsValidStressTest] 
     27certFile: ./cert.pem 
     28keyFile: ./key.pem 
     29#keyPwd: 
     30nruns: 100 
     31 
     32[test14IsValidSignature] 
     33certFile: ./cert.pem 
     34filePath: ./badSignature.xml 
    2635 
    2736 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2418 r2437  
    126126        self.clnt.signatureHandler.signingCert = self.proxyCert 
    127127        self.clnt.signatureHandler.signingCertPriKey = self.proxyPriKey 
    128          
    129         self.clnt.disconnect(userCert=self.userCert, 
    130                              sessCookie=str(self.sessCookie)) 
     128        import pdb;pdb.set_trace() 
     129        self.clnt.disconnect(sessCookie=str(self.sessCookie)) 
    131130         
    132131        print "User disconnected from Session Manager:\n%s" % self.sessCookie 
     
    145144        self.clnt.signingPriKeyPwd = None 
    146145         
    147         self.clnt.disconnect(userCert=self.proxyCert) 
     146        # Proxy cert in signature determines ID of session to  
     147        # delete 
     148        self.clnt.disconnect() 
    148149        print "User disconnected from Session Manager:\n%s" % self.proxyCert 
    149150 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml

    r2136 r2437  
    55    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile> 
    66    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile> 
     7    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    78    <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 
    89    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</certFile> 
Note: See TracChangeset for help on using the changeset viewer.