Changeset 3139 for TI12-security

Timestamp:

12/12/07 16:19:42 (13 years ago)

Author:

pjkersha

Message:

Working SessionMgr? unit tests with multiple CA support for WS-Security dsig verification and AC verification.

python/ndg.security.test/ndg/security/test/sessionMgr/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/openssl.conf,
python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg,
python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml: files added for SM unit test

python/ndg.security.test/ndg/security/test/sessionMgr/test.py: renamed refs to proxy certs -> user certs.

python/ndg.security.common/ndg/security/common/CredWallet.py: fix to AttAuthorityClient? instantiation for sslCACertFilePathList setting

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/CredWallet.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/sessionMgr/__init__.py (added)
• ndg.security.test/ndg/security/test/sessionMgr/openssl.conf (added)
• ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml (added)
• ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg (added)
• ndg.security.test/ndg/security/test/sessionMgr/test.py (modified) (11 diffs)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

@@ -514 +514 @@
         
         aaClnt = AttAuthorityClient(uri=aaURI,
-                                reqBinSecTokValType=reqBinSecTokValType, 
-                                signingCertChain=certChain,
-                                signingCert=self.__userCert,
-                                signingPriKey=self.__userPriKey,
-                                caCertFilePathList=self.__caCertFilePathList,
-                                sslCACertFilePathList=caCertFilePathList)
+                            reqBinSecTokValType=reqBinSecTokValType, 
+                            signingCertChain=certChain,
+                            signingCert=self.__userCert,
+                            signingPriKey=self.__userPriKey,
+                            caCertFilePathList=self.__caCertFilePathList,
+                            sslCACertFilePathList=self.__caCertFilePathList)
         return aaClnt
 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/test.py

@@ -62 +62 @@
                                prompt="\ntest1Connect pass-phrase for user: ")
 
-        proxyCert, self.proxyPriKey, self.userCert, self.sessID = \
+        userCert, self.userPriKey, self.issuingCert, self.sessID = \
             self.sm.connect(username=self.cfg.get('test1Connect', 'username'), 
                             passphrase=SessionMgrTestCase.test1Passphrase)
-        self.proxyCert = X509CertParse(proxyCert)
+        self.userCert = X509CertParse(userCert)
         
         print "User '%s' connected to Session Manager:\n%s" % \
@@ -89 +89 @@
         print "\n\t" + self.test3ConnectNoCreateServerSess.__doc__
         
-        if SessionMgrTestCase.test3Passphrase is None:
+        if SessionMgrTestCase.test3Passphrase is None and \
+           self.cfg.has_option('test3ConnectNoCreateServerSess', 
+                               'passphrase'):
             SessionMgrTestCase.test3Passphrase = \
                 self.cfg.get('test3ConnectNoCreateServerSess', 'passphrase')
-                
+        
         if not SessionMgrTestCase.test3Passphrase:
             SessionMgrTestCase.test3Passphrase = getpass.getpass(\
@@ -98 +100 @@
 
         username = self.cfg.get('test3ConnectNoCreateServerSess', 'username')
-        self.proxyCert, self.proxyPriKey, self.userCert, sessID = \
+        self.userCert, self.userPriKey, self.issuingCert, sessID = \
             self.sm.connect(username=username, 
                             passphrase=SessionMgrTestCase.test3Passphrase,
@@ -108 +110 @@
         print "User '%s' connected to Session Manager:\n%s" % \
                 (self.cfg.get('test3ConnectNoCreateServerSess', 'username'), 
-                 self.proxyCert)
-            
-
-    def test4DisconnectUsingSessID(self):
-        """test4DisconnectUsingSessID: disconnect as if acting as a browser client 
+                 self.userCert)
+            
+
+    def test4DisconnectWithSessID(self):
+        """test4DisconnectWithSessID: disconnect as if acting as a browser client 
         """
         
-        print "\n\t" + self.test4DisconnectUsingSessID.__doc__
+        print "\n\t" + self.test4DisconnectWithSessID.__doc__
         self.test1Connect()        
         self.sm.deleteUserSession(sessID=self.sessID)
@@ -122 +124 @@
             
 
-    def test5DisconnectUsingProxyCert(self):
-        """test5DisconnectUsingProxyCert: Disconnect as a command line client 
+    def test5DisconnectWithUserCert(self):
+        """test5DisconnectWithUserCert: Disconnect as a command line client 
         """
         
-        print "\n\t" + self.test5DisconnectUsingProxyCert.__doc__
+        print "\n\t" + self.test5DisconnectWithUserCert.__doc__
         self.test1Connect()
         
         # Proxy cert in signature determines ID of session to
         # delete
-        self.sm.deleteUserSession(proxyCert=self.proxyCert)
-        print "User disconnected from Session Manager:\n%s" % self.proxyCert
-
-
-    def test6GetAttCertUsingSessID(self):
-        """test6GetAttCertUsingSessID: make an attribute request using
+        self.sm.deleteUserSession(userCert=self.userCert)
+        print "User disconnected from Session Manager:\n%s" % self.userCert
+
+
+    def test6GetAttCertWithSessID(self):
+        """test6GetAttCertWithSessID: make an attribute request using
         a session ID as authentication credential"""
 
-        print "\n\t" + self.test6GetAttCertUsingSessID.__doc__        
+        print "\n\t" + self.test6GetAttCertWithSessID.__doc__        
         self.test1Connect()
         
         attCert, errMsg, extAttCertList = self.sm.getAttCert(\
             sessID=self.sessID, 
-            aaURI=self.cfg.get('test6GetAttCertUsingSessID', 'aauri'))
+            aaURI=self.cfg.get('test6GetAttCertWithSessID', 'aauri'))
         if errMsg:
             self.fail(errMsg)
@@ -150 +152 @@
         print "Attribute Certificate:\n%s" % attCert 
         attCert.filePath = \
-            self.cfg.get('test6GetAttCertUsingSessID', 'acoutfilepath') 
+            self.cfg.get('test6GetAttCertWithSessID', 'acoutfilepath') 
         attCert.write()
         
@@ -156 +158 @@
 
 
-    def test6aGetAttCertRefusedUsingSessID(self):
-        """test6aGetAttCertRefusedUsingSessID: make an attribute request using
+    def test6aGetAttCertRefusedWithSessID(self):
+        """test6aGetAttCertRefusedWithSessID: make an attribute request using
         a sessID as authentication credential requesting an AC from an
         Attribute Authority where the user is NOT registered"""
 
-        print "\n\t" + self.test6aGetAttCertRefusedUsingSessID.__doc__        
-        self.test1Connect()
-        
-        aaURI = self.cfg.get('test6aGetAttCertRefusedUsingSessID', 'aauri')
+        print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__        
+        self.test1Connect()
+        
+        aaURI = self.cfg.get('test6aGetAttCertRefusedWithSessID', 'aauri')
         
         attCert, errMsg, extAttCertList = self.sm.getAttCert(sessID=self.sessID, 
@@ -176 +178 @@
 
 
-    def test6bGetMappedAttCertUsingSessID(self):
-        """test6bGetMappedAttCertUsingSessID: make an attribute request using
+    def test6bGetMappedAttCertWithSessID(self):
+        """test6bGetMappedAttCertWithSessID: make an attribute request using
         a session ID as authentication credential"""
 
-        print "\n\t" + self.test6bGetMappedAttCertUsingSessID.__doc__        
+        print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__        
         self.test1Connect()
         
         # Attribute Certificate cached in test 6 can be used to get a mapped
         # AC for this test ...
-        self.sm = self.test6GetAttCertUsingSessID()
-
-        aaURI = self.cfg.get('test6bGetMappedAttCertUsingSessID', 'aauri')
+        self.sm = self.test6GetAttCertWithSessID()
+
+        aaURI = self.cfg.get('test6bGetMappedAttCertWithSessID', 'aauri')
         
         attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,
@@ -198 +200 @@
 
 
-    def test6cGetAttCertWithExtAttCertListUsingSessID(self):
-        """test6cGetAttCertUsingSessID: make an attribute request using
+    def test6cGetAttCertWithExtAttCertListWithSessID(self):
+        """test6cGetAttCertWithSessID: make an attribute request using
         a session ID as authentication credential"""
         
         print "\n\t" + \
-            self.test6cGetAttCertWithExtAttCertListUsingSessID.__doc__        
+            self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__        
         self.test1Connect()
         
         aaURI = \
-            self.cfg.get('test6cGetAttCertWithExtAttCertListUsingSessID', 'aauri')
-        
-        # Use output from test6GetAttCertUsingSessID!
+            self.cfg.get('test6cGetAttCertWithExtAttCertListWithSessID', 'aauri')
+        
+        # Use output from test6GetAttCertWithSessID!
         extACFilePath = \
-    self.cfg.get('test6cGetAttCertWithExtAttCertListUsingSessID', 'extacfilepath')   
+    self.cfg.get('test6cGetAttCertWithExtAttCertListWithSessID', 'extacfilepath')   
         extAttCert = open(extACFilePath).read()
         
@@ -223 +225 @@
 
 
-    def test7GetAttCertUsingProxyCert(self):
-        """test7GetAttCertUsingProxyCert: make an attribute request using
-        a proxy cert as authentication credential"""
-        print "\n\t" + self.test7GetAttCertUsingProxyCert.__doc__
+    def test7GetAttCertWithUserCert(self):
+        """test7GetAttCertWithUserCert: make an attribute request using
+        a user cert as authentication credential"""
+        print "\n\t" + self.test7GetAttCertWithUserCert.__doc__
         self.test1Connect()
 
         # Request an attribute certificate from an Attribute Authority 
-        # using the proxyCert returned from connect()
-        
-        aaURI = self.cfg.get('test7GetAttCertUsingProxyCert', 'aauri')
+        # using the userCert returned from connect()
+        
+        aaURI = self.cfg.get('test7GetAttCertWithUserCert', 'aauri')
         attCert, errMsg, extAttCertList = self.sm.getAttCert(\
-                                     userCert=self.proxyCert, aaURI=aaURI)
+                                     userCert=self.userCert, aaURI=aaURI)
         if errMsg:
             self.fail(errMsg)
@@ -250 +252 @@
                     "test2GetSessionStatus",
                     "test3ConnectNoCreateServerSess",
-                    "test4DisconnectUsingSessID",
-                    "test5DisconnectUsingProxyCert",
-                    "test6GetAttCertUsingSessID",
-                    "test6bGetMappedAttCertUsingSessID",
-                    "test6cGetAttCertWithExtAttCertListUsingSessID",
-                    "test7GetAttCertUsingProxyCert",
+                    "test4DisconnectWithSessID",
+                    "test5DisconnectWithUserCert",
+                    "test6GetAttCertWithSessID",
+                    "test6bGetMappedAttCertWithSessID",
+                    "test6cGetAttCertWithExtAttCertListWithSessID",
+                    "test7GetAttCertWithUserCert",
                   ))
         unittest.TestSuite.__init__(self, map)