Changeset 2530


Ignore:
Timestamp:
30/05/07 18:00:10 (12 years ago)
Author:
pjkersha
Message:

Working Session Manager unit tests for connect and disconmect calls and
getAttCert calls. Correct use of proxy certs with WS-Security signature
interface is also configured.

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
removed blank line

ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml:
added setting for signature handler flag and CA cert

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • fix to soap_disconnect - call SessionMgr?.deleteUserSession
  • fix to soap_getX509Cert - base64 encode DER format cert output
  • added 'useSignatureHandler' flag to enable WS-Security signature handling

to be omitted if required.

ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • ref to CredWalletInvalidUserX509Cert
  • give explicit keyword names in connect2UserSession method signature
  • raise CredWalletInvalidUserX509Cert if Credential Wallet cert is invalid
  • SessionMgr?.deleteUserSession method - added userSess keyword; fixed userDN

setting to ensure its a string

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
cosmetic changes

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • added _getCertChainFromProxyCertFile method to enable correct proxy cert

loading

  • added caCertFilePathList, reqBinSecTokValType, setSignatureHandler and

signingCertChain keyword settings to SessionMgrClient? initialisation

  • removed duplicated test6bCookieGetMappedAttCert method

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:

  • dropped serverCNprefix element setting - not needed for test certs used.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • added new params caCertFilePathList, reqBinSecTokValType,

setSignatureHandler and proxycertfilepath

ndg.security.common/ndg/security/common/SessionMgr/init.py:

SignatureHandler? to switched on/off

ndg.security.common/ndg/security/common/AttAuthority/init.py: fix to
pydoc for AttAuthorityClient?.init

ndg.security.common/ndg/security/common/CredWallet.py: major fixes for
SessionMgr? - AA calls -

  • CredWalletInvalidUserX509Cert new exception type raised if user cert is

invalid

  • separate setAAuri into a new method createAAClnt
  • getAttCert method can take an aaClnt keyword. This enables the client

object to the AA to call to be passed in. Default is the target AA,
self.aaClnt.

Location:
TI12-security/trunk/python
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2515 r2530  
    5757                                          
    5858        @keyword tracefile: set to file object such as sys.stderr to give  
    59         extra WS debug information""" 
     59        extra WS debug information 
     60                      
     61        @type setSignatureHandler: bool 
     62        @param setSignatureHandler: flag to determine whether to apply 
     63        WS-Security Signature Handler or not 
     64 
     65        @type signatureHandlerKw: dict 
     66        @param signatureHandlerKw: keywords to configure signature handler""" 
    6067 
    6168        self.__srv = None 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r2270 r2530  
    3333    aaImportError = False 
    3434     
     35    # Reference 'X509PKIPathv1' BinarySecurityToken ValueType 
     36    from wsSecurity import SignatureHandler 
    3537except ImportError: 
    3638    pass 
     
    6163class CredWalletError(Exception):     
    6264    """Exception handling for NDG CredentialWallet class.""" 
    63     pass 
     65 
     66#_____________________________________________________________________________ 
     67class CredWalletInvalidUserX509Cert(CredWalletError):     
     68    """Raise from CredWallet.isValid when user X.509 Certificate is invalid.  This is more likely 
     69    This is most likely to be triggered by the expiry of the user's proxy  
     70    certificates which has a short life time.""" 
    6471 
    6572 
     
    420427 
    421428    #_________________________________________________________________________ 
     429    def __createAAClnt(self, aaURI): 
     430        """Set up a client to an Attribute Authority with the given URI 
     431         
     432        @type aaURI: string 
     433        @param aaURI: Attribute Authority Web Service URI. 
     434 
     435        @rtype: ndg.security.common.AttAuthorityClient 
     436        @return: new Attribute Authority client instance""" 
     437 
     438        # Initialise WS-Security signature handling to pass  
     439        # BinarySecurityToken containing proxy cert and user cert that issued 
     440        # the proxy 
     441        reqBinSecTokValType=SignatureHandler.binSecTokValType["X509PKIPathv1"] 
     442        certChain = (self.__userCert, self.__proxyCert) 
     443        caCertFilePathList = (self.__caCertFilePath,) 
     444         
     445        aaClnt = AttAuthorityClient(uri=aaURI, 
     446                                    reqBinSecTokValType=reqBinSecTokValType,  
     447                                    signingCertChain=certChain, 
     448                                    signingPriKey=self.__proxyPriKey, 
     449                                    caCertFilePathList=caCertFilePathList) 
     450        return aaClnt 
     451 
     452 
     453    #_________________________________________________________________________ 
    422454    def __setAAuri(self, aaURI): 
    423455        """Set property method for Attribute Authority Web Service URI to 
     
    430462            self.__aaClnt = None 
    431463            return 
    432          
    433         self.__aaClnt = AttAuthorityClient(uri=aaURI,  
    434                                            signingCert=self.__proxyCert, 
    435                                            signingPriKey=self.__proxyPriKey) 
     464        else: 
     465            self.__aaClnt = self.__createAAClnt(aaURI) 
    436466             
    437467    aaURI = property(fset=__setAAuri, 
     
    491521        @type **x509CertKeys: dict 
    492522        @param **x509CertKeys: keywords applying to  
    493         ndg.security.common.X509.X509Cert.isValid method""" 
     523        ndg.security.common.X509.X509Cert.isValidTime method""" 
    494524        try: 
    495525            return self.__proxyCert.isValidTime(**x509CertKeys) 
    496526 
    497527        except Exception, e: 
    498             raise CredWalletError, "Credential Wallet: %s" % e 
     528            raise CredWalletInvalidUserX509Cert, "Credential Wallet: %s" % e 
    499529 
    500530     
     
    606636 
    607637    #_________________________________________________________________________                     
    608     def __getAttCert(self, extAttCert=None): 
    609          
     638    def __getAttCert(self, aaClnt=None, extAttCert=None):        
    610639        """Wrapper to Attribute Authority attribute certificate request.  See 
    611640        getAttCert for the classes' public interface. 
     
    617646        and added into the wallet 
    618647 
     648        @type aaClnt: ndg.security.common.AttAuthorityClient 
     649        @param aaClnt: client object to Attribute Authority to make a request  
     650        to.  If omitted, it is set to self.__aaClnt.  This attribute may  
     651        itself be None.   In this case, a local AA client will be expected 
     652        set from a properties file. 
     653         
    619654        @type extAttCert: ndg.security.common.AttCert.AttCert 
    620655        @keyword extAttCert: an existing Attribute Certificate which can  
    621656        be used to making a mapping should the user not be registered with the 
    622657        Attribute Authority""" 
    623            
    624         if self.__aaClnt is not None: 
     658       
     659        if aaClnt is None: 
     660            aaClnt = self.__aaClnt 
     661             
     662        if aaClnt is not None: 
    625663            try: 
    626                 attCert = self.__aaClnt.getAttCert(self.__userCert.toString(),  
    627                                                    userAttCert=extAttCert)                 
     664                attCert = aaClnt.getAttCert(userAttCert=extAttCert)                 
    628665            except AttributeRequestDenied, e: 
    629666                raise CredWalletAttributeRequestDenied, str(e) 
     
    632669                raise CredWalletError, str(e) 
    633670                             
    634         elif aaPropFilePath is not None: 
     671        elif self.aaPropFilePath is not None: 
    635672 
    636673            # Call local based Attribute Authority with settings from the  
    637674            # configuration file aaPropFilePath 
    638  
    639             if not isinstance(aaPropFilePath, basestring): 
    640                 raise CredWalletError, "Attribute Authority Configuration " +\ 
    641                                        "file path must be a valid string" 
    642  
    643675            try: 
    644676                # Request a new attribute certificate from the Attribute 
    645677                # Authority 
    646                 attCert = self.__aa.getAttCert(userCert=self.__proxyCert, 
    647                                                userAttCert=extAttCert) 
     678                attCert = self.__aa.getAttCert(userAttCert=extAttCert) 
    648679                 
    649680            except AttAuthorityAccessDenied, e: 
    650                 raise CredWalletAttributeRequestDenied, str(e)             
     681                raise CredWalletAttributeRequestDenied, str(e) 
     682                         
    651683            except Exception, e: 
    652684                raise CredWalletError,"Requesting attribute certificate: %s"%e 
    653685 
    654686        else: 
    655             raise CredWalletError, "Error requesting authorisation: " + \ 
    656                                    "a URI or Attribute Authority " + \ 
    657                                    "configuration file must be specified" 
     687            raise CredWalletError, "Error requesting attribute: " + \ 
     688                "certificate a URI or Attribute Authority configuration " + \ 
     689                "file must be specified" 
    658690         
    659691 
     
    838870        less than attCertRefreshElapse time in seconds left before expiry then 
    839871        replace it.""" 
    840  
     872         
    841873        if aaURI: 
    842874            self.__setAAuri(aaURI) 
     
    10081040                        try: 
    10091041                            # Try request to trusted host 
    1010                             self.aaURI = info['aaURI'] 
    1011                             extAttCert=self.__getAttCert() 
     1042                            trustedAAClnt = self.__createAAClnt(info['aaURI']) 
     1043                            extAttCert=self.__getAttCert(aaClnt=trustedAAClnt) 
    10121044 
    10131045                            # Check the certificate contains at least one of 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r2437 r2530  
    4343     
    4444    #_________________________________________________________________________ 
    45     def __init__(self, uri=None, tracefile=None, **signatureHandlerKw): 
     45    def __init__(self,  
     46                 uri=None,  
     47                 tracefile=None, 
     48                 setSignatureHandler=True, 
     49                 **signatureHandlerKw): 
    4650        """ 
    4751        @type uri: string 
     
    5357        WS debug information 
    5458         
     59        @type setSignatureHandler: bool 
     60        @param setSignatureHandler: flag to determine whether to apply 
     61        WS-Security Signature Handler or not 
     62 
    5563        @type signatureHandlerKw: dict 
    5664        @param signatureHandlerKw: keywords to configure signature handler""" 
     
    6573            self.__setURI(uri) 
    6674 
    67         # WS-Security Signature handler 
    68         self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 
     75        # WS-Security Signature handler - set only if any of the keywords were 
     76        # set 
     77        if setSignatureHandler: 
     78            self.__signatureHandler = SignatureHandler(**signatureHandlerKw) 
     79        else: 
     80            self.__signatureHandler = None 
    6981         
    7082        self.__tracefile = tracefile 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac

    r2515 r2530  
    5959            # designated holder cert via the UserCert input 
    6060            holderCert = request.UserCert 
    61              
     61 
    6262        try:     
    6363                attCert = self.aa.getAttCert(userId=request.UserId, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

    r2515 r2530  
    3636# Credential Wallet 
    3737from ndg.security.common.CredWallet import CredWallet, CredRepos, \ 
    38     CredWalletError, CredWalletAttributeRequestDenied 
     38    CredWalletError, CredWalletInvalidUserX509Cert, \ 
     39    CredWalletAttributeRequestDenied 
    3940 
    4041from ndg.security.common.X509 import X509CertParse 
     
    832833 
    833834    #_________________________________________________________________________         
    834     def __connect2UserSession(self, **idKw): 
     835    def __connect2UserSession(self, userCert=None, sessID=None): 
    835836        """Connect to an existing session by providing a valid session ID or 
    836837        proxy certificate 
     
    838839        __connect2UserSession([proxyCert]|[sessID]) 
    839840         
    840         @param proxyCert: proxy certificate string corresponding to an  
     841        @type userCert: string 
     842        @keyword userCert: proxy certificate string corresponding to an  
    841843        existing session to connect to. 
    842844         
    843         @param sessID: similiarly, a web browser session ID linking to an 
     845        @type sessID: string 
     846        @keyword sessID: similiarly, a web browser session ID linking to an 
    844847        an existing session.""" 
    845848         
    846849             
    847850        # Look for a session corresponding to this ID 
    848         if 'sessID' in idKw: 
     851        if sessID: 
    849852            try: 
    850853                # Check matched session has not expired 
    851                 userSess = self.__sessDict[idKw['sessID']] 
     854                userSess = self.__sessDict[sessID] 
    852855                 
    853856            except KeyError: 
    854857                # User session not found with given ID 
    855858                raise SessionMgrError, \ 
    856                         "No user session found matching input session ID" 
    857                          
     859                        "No user session found matching input session ID"         
     860        elif userCert: 
    858861            try: 
    859                 userSess.credWallet.isValid(raiseExcep=True) 
    860                 return userSess 
    861                          
    862             except Exception, e: 
    863                 raise SessionMgrError, \ 
    864                         "Matching session ID to existing user session: %s" % e 
    865                  
    866          
    867         elif 'userCert' in idKw: 
    868             try: 
    869                 userDN = str(X509CertParse(idKw['userCert']).dn) 
     862                userDN = str(X509CertParse(userCert).dn) 
    870863                 
    871864            except Exception, e: 
     
    879872                raise SessionMgrError, \ 
    880873                    "No user session found matching input proxy certificate" 
    881                      
    882             try: 
    883                 # Check matched session has not expired 
    884                 userSess.credWallet.isValid(raiseExcep=True) 
    885                 return userSess 
    886                                          
    887             except Exception, e: 
    888                 raise SessionMgrError, \ 
    889                 "Matching proxy certificate to existing user session: %s" % e 
    890874        else: 
    891875            raise SessionMgrError,\ 
    892876                                '"sessID" or "proxyCert" keywords must be set' 
     877                         
     878        try: 
     879            userSess.credWallet.isValid(raiseExcep=True) 
     880            return userSess 
     881         
     882        except CredWalletInvalidUserX509Cert, e: 
     883            # ! Delete user session since it's user certificate is invalid 
     884            self.deleteUserSession(userSess=userSess) 
     885            raise SessionMgrError, "Invalid user session: " + str(e)             
     886 
     887        except Exception, e: 
     888            raise SessionMgrError, \ 
     889                    "Matching session ID to existing user session: %s" % e 
     890                 
    893891 
    894892 
    895893    #_________________________________________________________________________         
    896     def deleteUserSession(self, sessID=None, proxyCert=None): 
     894    def deleteUserSession(self, sessID=None, proxyCert=None, userSess=None): 
    897895        """Delete an existing session by providing a valid session ID or 
    898896        proxy certificate - use for user logout 
    899897 
    900         __deleteUserSession([proxyCert]|[sessID]) 
    901          
    902         @param proxyCert: proxy certificate corresponding to an existing  
     898        deleteUserSession([proxyCert]|[sessID]|[userSess]) 
     899         
     900        @type proxyCert: ndg.security.common.X509.X509Cert  
     901        @keyword proxyCert: proxy certificate corresponding to an existing  
    903902        session to connect to. 
    904         @param sessID: similiarly, a web browser session ID linking to an 
    905         an existing session.""" 
     903         
     904        @type sessID: string 
     905        @keyword sessID: similiarly, a web browser session ID linking to an 
     906        an existing session. 
     907         
     908        @type userSess: UserSession 
     909        @keyword userSess: user session object to be deleted 
     910        """ 
    906911         
    907912             
     
    916921 
    917922            # Get associated user Distinguished Name 
    918             userDN = userSess.credWallet.proxyCert.dn 
     923            userDN = str(userSess.credWallet.proxyCert.dn) 
    919924             
    920925        elif proxyCert: 
    921926            try: 
    922                 userDN = str(X509CertParse(idKw['proxyCert']).dn) 
     927                userDN = str(proxyCert.dn) 
    923928                 
    924929            except Exception, e: 
     
    933938                raise SessionMgrError, \ 
    934939                    "No user session found matching input proxy certificate" 
     940         
     941        if userSess: 
     942            userDN = str(userSess.credWallet.proxyCert.dn) 
    935943        else: 
    936944            # User session not found with given ID 
    937945            raise SessionMgrError, \ 
    938                                 '"sessID" or "proxyCert" keywords must be set' 
     946                    '"sessID", "proxyCert" or "userSess" keywords must be set' 
    939947  
    940948        # Delete associated sessions 
    941949        try: 
    942950            # Each session may have a number of session IDs allocated to 
    943             # it 
     951            # it.   
     952            # 
     953            # Use pop rather than del so that key errors are ignored 
    944954            for userSessID in userSess.sessIDlist: 
    945                 del self.__sessDict[userSessID] 
    946  
    947             del self.__dnDict[userDN] 
    948              
     955                self.__sessDict.pop(userSessID, None) 
     956 
     957            self.__dnDict.pop(userDN, None) 
     958         
    949959        except Exception, e: 
    950960            raise SessionMgrError, "Deleting user session: %s" % e         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac

    r2437 r2530  
    1414License, version 1.0 or later. 
    1515""" 
     16import base64 
     17 
    1618from ZSI.twisted.WSresource import WSResource 
    1719from twisted.application import service, internet 
     
    99101        else: 
    100102            userCert = None 
    101          
    102         self.sm.disconnect(sessID=sessID, proxyCert=userCert) 
     103 
     104        self.sm.deleteUserSession(sessID=sessID, proxyCert=userCert) 
    103105        return request, response 
    104106 
     
    155157         
    156158        request, response = SessionMgrService.soap_getX509Cert(self, ps) 
    157         response.X509Cert = open(self.sm['certFile']).read().strip() 
     159 
     160        x509Cert = X509CertRead(srv.sm['certFile']) 
     161        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    158162        return request, response 
    159163 
     
    162166srv = SessionMgrServiceSub() 
    163167 
    164 # Initialise WS-Security signature handler passing Session Manager 
    165 # public and private keys 
    166 WSSecurityHandler.signatureHandler = SignatureHandler(\ 
     168if srv.sm['useSignatureHandler']: 
     169        # Initialise WS-Security signature handler passing Attribute Authority 
     170        # public and private keys 
     171        caCertFile = srv.sm.get('caCertFile') 
     172        if caCertFile: 
     173                caCertFilePathList = (caCertFile,)  
     174        else: 
     175                caCertFilePathList = None 
     176         
     177        # Initialise WS-Security signature handler passing Session Manager 
     178        # public and private keys 
     179        WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    167180                                                                verifyingCertFilePath=srv.sm['clntCertFile'], 
    168181                                    signingCertFilePath=srv.sm['certFile'], 
    169182                                    signingPriKeyFilePath=srv.sm['keyFile'], 
    170                                     signingPriKeyPwd=srv.sm['keyPwd']) 
     183                                    signingPriKeyPwd=srv.sm['keyPwd'], 
     184                                    caCertFilePathList=caCertFilePathList) 
    171185 
    172186# Add Service to Session Manager branch 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml

    r2145 r2530  
    55    <sslCertFile></sslCertFile> 
    66    <sslKeyFile></sslKeyFile> 
    7     <caCertFile></caCertFile> 
     7    <!-- 
     8    PKI settings for signature of outbound SOAP messages 
     9    --> 
     10    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    811    <certFile></certFile> 
    912    <keyFile></keyFile> 
    1013    <keyPwd></keyPwd> 
     14    <caCertFile></caCertFile> 
    1115    <!--  
    1216    Set the certificate used to verify the signature of messages from the  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2515 r2530  
    1212""" 
    1313 
    14 __revision__ = '$Id$' 
     14__revision__ = '$Id:$' 
    1515 
    1616import unittest 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2515 r2530  
    4343#clntprikeyfilepath = ./aa-key.pem 
    4444clntprikeyfilepath = ./proxy-key.pem 
    45  
    4645 
    4746# Space separated list of CA certificate files used to verify certificate used 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2437 r2530  
    2222 
    2323import unittest 
    24 import os, sys, getpass 
     24import os, sys, getpass, re 
    2525from ConfigParser import SafeConfigParser 
    2626 
     
    2929     
    3030from ndg.security.common.SessionCookie import SessionCookie 
     31from ndg.security.common.X509 import X509CertParse 
    3132 
    3233 
    3334class SessionMgrClientTestCase(unittest.TestCase): 
     35    pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----" 
     36 
     37    def _getCertChainFromProxyCertFile(self, proxyCertFilePath): 
     38        '''Read proxy cert and user cert from a single PEM file and put in 
     39        a list ready for input into SignatureHandler'''                
     40        proxyCertFileTxt = open(proxyCertFilePath).read() 
     41         
     42        pemPatRE = re.compile(self.__class__.pemPat, re.S) 
     43        x509CertList = pemPatRE.findall(proxyCertFileTxt) 
     44         
     45        signingCertChain = [X509CertParse(x509Cert) for x509Cert in \ 
     46                            x509CertList] 
    3447     
     48        # Expecting proxy cert first - move this to the end.  This will 
     49        # be the cert used to verify the message signature 
     50        signingCertChain.reverse() 
     51         
     52        return signingCertChain 
     53 
     54 
    3555    def setUp(self): 
    3656         
     
    5272        except KeyboardInterrupt: 
    5373            sys.exit(0) 
     74 
     75        # List of CA certificates for use in validation of certs used in 
     76        # signature for server reponse 
     77        try: 
     78            caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split() 
     79        except: 
     80            caCertFilePathList = [] 
     81           
     82           
     83        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
     84 
     85        # Check certificate types proxy or standard 
     86        proxyCertFilePath = self.cfg['setUp'].get('proxycertfilepath') 
     87        if proxyCertFilePath: 
     88            signingCertChain = \ 
     89                        self._getCertChainFromProxyCertFile(proxyCertFilePath) 
     90             
     91        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
    5492             
    5593        # Initialise the Session Manager client connection 
    5694        # Omit traceFile keyword to leave out SOAP debug info 
    5795        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'], 
    58                 verifyingCertFilePath=self.cfg['setUp']['srvcertfilepath'], 
    59                 signingCertFilePath=self.cfg['setUp']['clntcertfilepath'], 
     96                setSignatureHandler=setSignatureHandler, 
     97                reqBinSecTokValType=reqBinSecTokValType, 
     98                signingCertFilePath=self.cfg['setUp'].get('clntcertfilepath'), 
     99                signingCertChain=signingCertChain, 
    60100                signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'], 
    61101                signingPriKeyPwd=clntPriKeyPwd, 
     102                caCertFilePathList=caCertFilePathList, 
    62103                tracefile=tracefile)  
    63104         
     
    191232    def test6bCookieGetMappedAttCert(self): 
    192233        """test6bCookieGetMappedAttCert: make an attribute request using 
    193         a cookie as authentication credential""" 
    194  
    195         print "\n\t" + self.test6bCookieGetMappedAttCert.__doc__         
    196         self.test2CookieConnect() 
    197          
    198         attCert, extAttCertList = self.clnt.getAttCert(\ 
    199             sessID=self.sessCookie.sessionID,  
    200             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI, 
    201             attAuthorityURI=self.cfg['test6bCookieGetMappedAttCert']['aauri']) 
    202          
    203         print "Attribute Certificate:\n%s" % attCert   
    204         print "External Attribute Certificate List:\n%s" % extAttCertList 
    205  
    206  
    207     def test6bCookieGetMappedAttCert(self): 
    208         """test6CookieGetAttCert: make an attribute request using 
    209234        a cookie as authentication credential""" 
    210235 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

    r2418 r2530  
    1212smuri = https://localhost:5700/SessionManager 
    1313 
     14# Set to False to test service without WS-Security signature 
     15setsignaturehandler = True 
    1416 
    15 # X.509 certificate for Attribute Authority - if commented out, Session  
    16 # Manager will call AA getX509Cert WS method to retrieve it 
    17 #aacertfilepath =  
     17# ValueType for BinarySecurityToken element of WSSE header.  Specify 
     18# 'X509PKIPathv1' for use with proxy certificates 
     19#reqbinsectokvaltype = X509v3 
     20#reqbinsectokvaltype = X509 
     21reqbinsectokvaltype = X509PKIPathv1 
    1822 
    19 # X.509 certificate for session manager.  If not set, it will be retrieved  
    20 # using the getX509Cert WS method 
    21 srvcertfilepath = ./sm-cert.pem 
     23# Test with proxy certificates or with standard certs.  Comment out as  
     24# appropriate 
     25proxycertfilepath = ./proxy-cert.pem 
     26 
     27# Test without proxy certificates - uses AA server side cert/private key for 
     28# client side too (!) 
     29#clntcertfilepath = ./clnt-cert.pem 
     30 
     31#clntprikeyfilepath = ./clnt-key.pem 
     32clntprikeyfilepath = ./proxy-key.pem 
    2233 
    2334# Password protecting client private key - if omitted it will be prompted for 
     
    2536clntprikeypwd =  
    2637 
    27 clntcertfilepath = ./clnt-cert.pem 
    28 clntprikeyfilepath = ./clnt-key.pem 
     38# Space separated list of CA certificate files used to verify certificate used 
     39# in message signature 
     40cacertfilepathlist = ./cacert.pem 
    2941 
    3042[test1AddUser] 
     
    3446  
    3547[test2CookieConnect]          
    36 username = sstljakTestUser 
     48username = raphaelTest 
    3749#username = gabriel 
    3850#passphrase =  
    3951 
    4052[test3ProxyCertConnect]          
    41 username = sstljakTestUser 
     53username = raphaelTest 
    4254#username = gabriel 
    4355#passphrase =  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml

    r2437 r2530  
    55    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile> 
    66    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile> 
     7    <!-- 
     8    PKI settings for signature of outbound SOAP messages 
     9    --> 
    710    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    811    <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 
     
    3942                Set "host/" prefix to host cert CN as is default with globus 
    4043                --> 
    41                 <serverCNprefix>host/</serverCNprefix>   
    4244                <!-- 
    4345                Nb. GRID_SECURITY_DIR environment variable if set, overrides this  
Note: See TracChangeset for help on using the changeset viewer.