Changeset 3040


Ignore:
Timestamp:
22/11/07 15:08:59 (12 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/conf/attAuthority.tac: fixed bug in soap_getTrustedHostInfo - role list was not being copied to the output for serialisation.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: added assertion statements for testing output from test4GetTrustedHostInfoWithNoRole

python/ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBMapConfig.xml: ensure every field is filled so that AA get host info calls may be correctly validated

python/ndg.security.test/ndg/security/test/sessionMgr/test.py: new Session Manager server side code unit tests - incomplete.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py: cosmetic change

python/ndg.security.common/ndg/security/common/CredWallet.py: make log message for getAttCert clearer.

Location:
TI12-security/trunk/python
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2954 r3040  
    379379        for host in hosts: 
    380380            hostname = host.Hostname 
    381              
    382381            allHostInfo[hostname] = \ 
    383382            { 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r3001 r3040  
    963963            except AttributeError: 
    964964                log.debug(\ 
    965           "No external Attribute Certificates - try request without mapping") 
     965  "No external Attribute Certificates - trying request without mapping...") 
    966966                # No List set - attempt request without 
    967967                # using mapping from trusted hosts 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.tac

    r2948 r3040  
    213213            trustedHost.LoginServerDN = hostInfo['loginServerDN'] 
    214214            trustedHost.LoginRequestServerDN=hostInfo['loginRequestServerDN'] 
     215            trustedHost.RoleList = hostInfo['role'] 
    215216                         
    216217            trustedHosts.append(trustedHost) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r3001 r3040  
    121121        trustedHostInfo = self.clnt.getTrustedHostInfo(\ 
    122122                                 self.cfg['test3GetTrustedHostInfo']['role']) 
     123        for hostname, hostInfo in trustedHostInfo.items(): 
     124            assert hostname, "Hostname not set" 
     125            for k, v in hostInfo.items(): 
     126                assert k, "hostInfo value key unset" 
     127 
    123128        print "Trusted Host Info:\n %s" % trustedHostInfo 
    124129 
     
    128133        irrespective of role""" 
    129134        trustedHostInfo = self.clnt.getTrustedHostInfo() 
     135        for hostname, hostInfo in trustedHostInfo.items(): 
     136            assert hostname, "Hostname not set" 
     137            for k, v in hostInfo.items(): 
     138                assert k, "hostInfo value key unset" 
     139                assert v, ("%s value not set" % k) 
     140                    
    130141        print "Trusted Host Info:\n %s" % trustedHostInfo 
    131142         
     
    133144    def test4aGetAllHostsInfo(self): 
    134145        """test4aGetAllHostsInfo: retrieve info for all hosts""" 
    135         hostInfo = self.clnt.getAllHostsInfo() 
    136         print "All Hosts Info:\n %s" % hostInfo 
     146        allHostInfo = self.clnt.getAllHostsInfo() 
     147        for hostname, hostInfo in allHostInfo.items(): 
     148            assert hostname, "Hostname not set" 
     149            for k, v in hostInfo.items(): 
     150                assert k, "hostInfo value key unset" 
     151                    
     152        print "All Hosts Info:\n %s" % allHostInfo 
    137153 
    138154 
     
    337353caCertFilePathList=caCertFilePathList, 
    338354tracefile=sys.stderr) 
    339         import pdb;pdb.set_trace() 
     355 
    340356        acFilePathList = \ 
    341357self.cfg['test8GetMappedAttCertStressTest']['userattcertfilepathlist'].split() 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml

    r2931 r3040  
    99    </thisHost> 
    1010    <trusted name="Site C"> 
    11         <aaURI>attAuthorityURI</aaURI> 
    12         <loginURI>http://www.sitec.blah/loginPageURI</loginURI> 
    13             <aaDN/> 
    14             <loginServerDN/> 
    15             <loginRequestServerDN/> 
     11        <aaURI>http://aa.sitec.blah</aaURI> 
     12        <loginURI>https://www.sitec.blah/login</loginURI> 
     13            <aaDN>/O=SiteC/OU=Security/CN=AttributeAuthority</aaDN> 
     14            <loginServerDN>/O=SiteD/OU=D/CN=ndg.sitec.blah</loginServerDN> 
     15            <loginRequestServerDN>/O=SiteD/OU=D/CN=ndg.sitec.blah</loginRequestServerDN> 
    1616        <role remote="StaffMember" local="staff"/> 
    1717    </trusted> 
    1818    <trusted name="Site D"> 
    19         <aaURI>attAuthorityURI</aaURI> 
    20         <loginURI>loginPageURI</loginURI> 
    21             <aaDN/> 
    22             <loginServerDN/> 
    23             <loginRequestServerDN/> 
     19        <aaURI>http://aa.sited.blah</aaURI> 
     20        <loginURI>https://www.sited.blah/login</loginURI> 
     21            <aaDN>/O=SiteD/OU=Security/CN=AttributeAuthority</aaDN> 
     22            <loginServerDN>/O=SiteD/OU=D/CN=ndg.sited.blah</loginServerDN> 
     23            <loginRequestServerDN>/O=SiteD/OU=D/CN=ndg.sited.blah</loginRequestServerDN> 
    2424        <role remote="academic" local="postgrad"/> 
    2525        <role remote="student" local="SiteDStudent"/> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBMapConfig.xml

    r2931 r3040  
    33        <thisHost name="Site B"> 
    44            <aaURI>http://localhost:5100/AttributeAuthority</aaURI> 
    5             <loginURI>thisHostLoginPageURI</loginURI> 
    6             <aaDN/> 
    7             <loginServerDN/> 
    8             <loginRequestServerDN/> 
     5        <loginURI>https://localhost/login</loginURI> 
     6            <aaDN>/O=NDG/OU=Site B/CN=AttributeAuthority</aaDN> 
     7            <loginServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginServerDN> 
     8            <loginRequestServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginRequestServerDN> 
    99        </thisHost> 
    1010    <trusted name="Site A"> 
    1111            <aaURI>http://localhost:5000/AttributeAuthority</aaURI> 
    12             <loginURI>loginPageURI</loginURI> 
    13             <aaDN/> 
    14             <loginServerDN/> 
    15             <loginRequestServerDN/> 
     12        <loginURI>https://localhost/login</loginURI> 
     13            <aaDN>/O=NDG/OU=Site A/CN=AttributeAuthority</aaDN> 
     14            <loginServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginServerDN> 
     15            <loginRequestServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginRequestServerDN> 
    1616                <role remote="postdoc" local="researcher"/> 
    1717    </trusted> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/test.py

    r3032 r3040  
    1313License, version 1.0 or later.""" 
    1414__contact__ = "P.J.Kershaw@rl.ac.uk" 
    15 __revision__ = '$Id: SessionMgrClientTest.py 2909 2007-09-28 14:22:21Z pjkersha $' 
     15__revision__ = '$Id: SessionMgrTest.py 2909 2007-09-28 14:22:21Z pjkersha $' 
    1616 
    1717import unittest 
     
    1919from ConfigParser import SafeConfigParser 
    2020 
    21 from ndg.security.common.SessionMgr import SessionMgrClient, \ 
    22     AttributeRequestDenied 
    23      
    24 from ndg.security.common.SessionCookie import SessionCookie 
    25 from ndg.security.common.X509 import X509CertParse, X509CertRead 
    26  
    27  
    28 class SessionMgrClientTestCase(unittest.TestCase): 
    29     pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----" 
    30          
     21from ndg.security.server.SessionMgr import * 
     22     
     23 
     24 
     25class SessionMgrTestCase(unittest.TestCase): 
     26    """Unit test case for ndg.security.server.SessionMgr.SessionMgr class. 
     27     
     28    This class manages server side sessions""" 
     29     
    3130    test2Passphrase = None 
    3231    test3Passphrase = None 
    33  
    34     def _getCertChainFromProxyCertFile(self, proxyCertFilePath): 
    35         '''Read proxy cert and user cert from a single PEM file and put in 
    36         a list ready for input into SignatureHandler'''                
    37         proxyCertFileTxt = open(proxyCertFilePath).read() 
    38          
    39         pemPatRE = re.compile(self.__class__.pemPat, re.S) 
    40         x509CertList = pemPatRE.findall(proxyCertFileTxt) 
    41          
    42         signingCertChain = [X509CertParse(x509Cert) for x509Cert in \ 
    43                             x509CertList] 
    44      
    45         # Expecting proxy cert first - move this to the end.  This will 
    46         # be the cert used to verify the message signature 
    47         signingCertChain.reverse() 
    48          
    49         return signingCertChain 
    50  
    5132 
    5233    def setUp(self): 
     
    5940        # Omit traceFile keyword to leave out SOAP debug info 
    6041        self.sm = SessionMgr(propFilePath=self.cfg.get('setUp',  
    61                                                        'propFilepPath')  
    62  
    63 # TODO: is addUser part of session manager? 
    64 #    def test1AddUser(self): 
    65 #        """Add a new user ID to the MyProxy repository""" 
    66 #         
    67 #        passphrase = self.cfg['test1AddUser'].get('passphrase') or \ 
    68 #            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ") 
    69 #             
    70 #        # Note the pass-phrase is read from the file tmp.  To pass 
    71 #        # explicitly as a string use the 'passphrase' keyword instead 
    72 #        self.clnt.addUser(self.cfg['test1AddUser']['username'],  
    73 #                          passphrase=passphrase) 
    74 #        print "Added user '%s'" % self.cfg['test1AddUser']['username'] 
    75          
    76  
    77     def test2Connect(self): 
    78         """test2Connect: Connect as if acting as a browser client -  
    79         a session ID is returned""" 
     42                                                       'propFilePath')) 
     43         
     44    def test1Connect(self): 
     45        """test1Connect: make a new session""" 
    8046         
    8147        if self.__class__.test2Passphrase is None: 
    8248            self.__class__.test2Passphrase = \ 
    83                                     self.cfg['test2Connect'].get('passphrase') 
     49                                    self.cfg.get('test1Connect', 'passphrase') 
    8450         
    8551        if not self.__class__.test2Passphrase: 
    8652            self.__class__.test2Passphrase = getpass.getpass(\ 
    87                                prompt="\ntest2Connect pass-phrase for user: ") 
     53                               prompt="\ntest1Connect pass-phrase for user: ") 
    8854 
    8955        self.proxyCert, self.proxyPriKey, self.userCert, self.sessID = \ 
    90             self.clnt.connect(self.cfg['test2Connect']['username'],  
     56            self.clnt.connect(self.cfg.get('test1Connect', 'username'),  
    9157                              passphrase=self.__class__.test2Passphrase) 
    9258 
    9359        print "User '%s' connected to Session Manager:\n%s" % \ 
    94             (self.cfg['test2Connect']['username'], self.sessID) 
    95              
    96  
     60            (self.cfg.get('test1Connect', 'username'), self.sessID) 
     61             
     62    def test2GetSessionStatus(self): 
     63        """test2GetSessionStatus: check a session is alive""" 
     64         
    9765    def test3ConnectNoCreateServerSess(self): 
    9866        """test3ConnectNoCreateServerSess: Connect as a non browser client -  
     
    10169        if self.__class__.test3Passphrase is None: 
    10270            self.__class__.test3Passphrase = \ 
    103                 self.cfg['test3ConnectNoCreateServerSess'].get('passphrase') 
     71                self.cfg.get('test3ConnectNoCreateServerSess', 'passphrase') 
    10472                 
    10573        if not self.__class__.test3Passphrase: 
     
    10977        self.proxyCert, self.proxyPriKey, self.userCert, sessID = \ 
    11078            self.clnt.connect(\ 
    111                       self.cfg['test3ConnectNoCreateServerSess']['username'],  
    112                       passphrase=self.__class__.test3Passphrase, 
    113                       createServerSess=False) 
     79                  self.cfg.get('test3ConnectNoCreateServerSess', 'username'),  
     80                  passphrase=self.__class__.test3Passphrase, 
     81                  createServerSess=False) 
    11482         
    11583        # Expect null session ID 
     
    11785           
    11886        print "User '%s' connected to Session Manager:\n%s" % \ 
    119                     (self.cfg['test3ConnectNoCreateServerSess']['username'],  
    120                      self.proxyCert) 
     87                (self.cfg.get('test3ConnectNoCreateServerSess', 'username'),  
     88                 self.proxyCert) 
    12189             
    12290 
     
    12694         
    12795        print "\n\t" + self.test4DisconnectUsingSessID.__doc__ 
    128         self.test2Connect() 
     96        self.test1Connect() 
    12997         
    13098        self.clnt.disconnect(sessID=self.sessID) 
     
    138106         
    139107        print "\n\t" + self.test5DisconnectUsingProxyCert.__doc__ 
    140         self.test2Connect() 
     108        self.test1Connect() 
    141109         
    142110        # Use proxy cert / private key just obtained from connect call for 
     
    158126 
    159127        print "\n\t" + self.test6GetAttCertUsingSessID.__doc__         
    160         self.test2Connect() 
     128        self.test1Connect() 
    161129         
    162130        attCert = self.clnt.getAttCert(\ 
    163131            sessID=self.sessID,  
    164             attAuthorityURI=self.cfg['test6GetAttCertUsingSessID']['aauri']) 
     132            attAuthorityURI=self.cfg.get('test6GetAttCertUsingSessID', 'aauri')) 
    165133         
    166134        print "Attribute Certificate:\n%s" % attCert  
    167135        attCert.filePath = \ 
    168             self.cfg['test6GetAttCertUsingSessID']['acoutfilepath']  
     136            self.cfg.get('test6GetAttCertUsingSessID', 'acoutfilepath')  
    169137        attCert.write() 
    170138 
     
    176144 
    177145        print "\n\t" + self.test6aGetAttCertRefusedUsingSessID.__doc__         
    178         self.test2Connect() 
    179          
    180         aaURI = self.cfg['test6aGetAttCertRefusedUsingSessID']['aauri'] 
     146        self.test1Connect() 
     147         
     148        aaURI = self.cfg.get('test6aGetAttCertRefusedUsingSessID', 'aauri') 
    181149         
    182150        try: 
     
    196164 
    197165        print "\n\t" + self.test6bGetMappedAttCertUsingSessID.__doc__         
    198         self.test2Connect() 
    199          
    200         aaURI = self.cfg['test6bGetMappedAttCertUsingSessID']['aauri'] 
     166        self.test1Connect() 
     167         
     168        aaURI = self.cfg.get('test6bGetMappedAttCertUsingSessID', 'aauri') 
    201169         
    202170        attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) 
     
    211179        print "\n\t" + \ 
    212180            self.test6cGetAttCertWithExtAttCertListUsingSessID.__doc__         
    213         self.test2Connect() 
     181        self.test1Connect() 
    214182         
    215183        aaURI = \ 
    216             self.cfg['test6cGetAttCertWithExtAttCertListUsingSessID']['aauri'] 
     184            self.cfg.get('test6cGetAttCertWithExtAttCertListUsingSessID', 'aauri') 
    217185         
    218186        # Use output from test6GetAttCertUsingSessID! 
    219187        extACFilePath = \ 
    220     self.cfg['test6cGetAttCertWithExtAttCertListUsingSessID']['extacfilepath']    
     188    self.cfg.get('test6cGetAttCertWithExtAttCertListUsingSessID', 'extacfilepath')    
    221189        extAttCert = open(extACFilePath).read() 
    222190         
     
    232200        a proxy cert as authentication credential""" 
    233201        print "\n\t" + self.test7GetAttCertUsingProxyCert.__doc__ 
    234         self.test2Connect() 
     202        self.test1Connect() 
    235203 
    236204        self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     
    242210        # using the proxyCert returned from connect() 
    243211         
    244         aaURI = self.cfg['test7GetAttCertUsingProxyCert']['aauri'] 
     212        aaURI = self.cfg.get('test7GetAttCertUsingProxyCert', 'aauri') 
    245213        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    246214           
     
    248216 
    249217 
    250     def test8GetX509Cert(self): 
    251         "test8GetX509Cert: return the Session Manager's X.509 Cert." 
    252         cert = self.clnt.getX509Cert() 
    253                                               
    254         print "Session Manager X.509 Certificate:\n" + cert 
    255              
    256              
    257218#_____________________________________________________________________________        
    258 class SessionMgrClientTestSuite(unittest.TestSuite): 
     219class SessionMgrTestSuite(unittest.TestSuite): 
    259220     
    260221    def __init__(self): 
    261         map = map(SessionMgrClientTestCase, 
     222        map = map(SessionMgrTestCase, 
    262223                  ( 
    263                     "test1AddUser", 
    264                     "test2Connect", 
     224                    "test1Connect", 
    265225                    "test3ConnectNoCreateServerSess", 
    266226                    "test4DisconnectUsingSessID", 
     
    270230                    "test6cGetAttCertWithExtAttCertListUsingSessID", 
    271231                    "test7GetAttCertUsingProxyCert", 
    272                     "test8GetX509Cert", 
    273232                  )) 
    274233        unittest.TestSuite.__init__(self, map) 
Note: See TracChangeset for help on using the changeset viewer.