Changeset 3145


Ignore:
Timestamp:
13/12/07 17:30:59 (12 years ago)
Author:
pjkersha
Message:

python/www/html/sessionMgr.wsdl,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py:

  • remove refs to proxy certs - using MyProxy? as CA proxy certs aren't generated.
  • make issuingCert nillable as it won't be set if calling MyProxy? in Simple CA mode

python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac: removes refs to proxy cert - replace with user cert

python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml: fix MyProxy? cert times - these are in seconds NOT hours

python/ndg.security.server/ndg/security/server/MyProxy.py: remove '\0's from get and info commands

python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py: fixed for tests with new MyProxy? config as SimpleCA

python/ndg.security.test/ndg/security/test/sessionMgrClient/server.sh: get rid of --pidfile arg to twistd - not needed.

python/ndg.security.test/ndg/security/test/sessionMgrClient/sm-clnt.crt,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sm-clnt.key,

python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg: altered for tests with multiple CAs

python/ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • removed addUser method - not needed
  • switched refs to proxy cert -> user cert
Location:
TI12-security/trunk/python
Files:
2 added
15 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py

    r3044 r3145  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x407737ec> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x407533cc> 
    3232    def getSessionStatus(self, userDN,sessID): 
    3333 
     
    4444        return isAlive 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0x40773c4c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075382c> 
    4747    def connect(self, username,passphrase,createServerSess): 
    4848 
     
    5757        # no output wsaction 
    5858        response = self.binding.Receive(connectOutputMsg.typecode) 
    59         proxyCert = response._proxyCert 
    60         proxyPriKey = response._proxyPriKey 
    6159        userCert = response._userCert 
     60        userPriKey = response._userPriKey 
     61        issuingCert = response._issuingCert 
    6262        sessID = response._sessID 
    63         return proxyCert,proxyPriKey,userCert,sessID 
     63        return userCert,userPriKey,issuingCert,sessID 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0x40778a8c> 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a66c> 
    6666    def disconnect(self, userCert,sessID): 
    6767 
     
    7777        return  
    7878 
    79     # op: <ZSI.wstools.WSDLTools.Message instance at 0x40778c2c> 
     79    # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a80c> 
    8080    def getAttCert(self, userCert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8181 
     
    101101        return attCert,msg,extAttCertOut 
    102102 
    103     # op: <ZSI.wstools.WSDLTools.Message instance at 0x40778dac> 
     103    # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a98c> 
    104104    def getX509Cert(self): 
    105105 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py

    r3044 r3145  
    8686        def __init__(self, **kw): 
    8787            ns = ns0.connectResponse_Dec.schema 
    88             TClist = [ZSI.TC.String(pname="proxyCert", aname="_proxyCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="proxyPriKey", aname="_proxyPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
     88            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    8989            kw["pname"] = ("urn:ndg:security:sessionMgr","connectResponse") 
    9090            kw["aname"] = "_connectResponse" 
     
    9696                def __init__(self): 
    9797                    # pyclass 
    98                     self._proxyCert = None 
    99                     self._proxyPriKey = None 
    10098                    self._userCert = None 
     99                    self._userPriKey = None 
     100                    self._issuingCert = None 
    101101                    self._sessID = None 
    102102                    return 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r3044 r3145  
    124124        @type uri: string 
    125125        @param uri: URI for Session Manager WS.  Setting it will set the  
    126         Service Proxy 
     126        Service user 
    127127                 
    128128        @type tracefile: file stream type 
     
    310310                "Initialising Service for \"%s\": %s %s" % \ 
    311311                (self.__uri, e.status, e.reason) 
    312  
    313                                      
    314     #_________________________________________________________________________ 
    315     def addUser(self, 
    316                 username, 
    317                 passphrase=None, 
    318                 passphraseFilePath=None, 
    319                 clntPriKeyPwd=None): 
    320         """Register a new user 
    321          
    322         username:                the username for the new user  
    323         passphrase:                 user's pass-phrase 
    324         passphraseFilePath:         a file containing the user's pass-phrase.   
    325                                  Use this as an alternative to passphrase keyword 
    326         clntPriKeyPwd:           pass-phrase if any for the client's private 
    327                                  key used to decrypt response from 
    328                                  Session Manager 
    329         """ 
    330      
    331         if passphrase is None: 
    332             try: 
    333                 passphrase = open(passphraseFilePath).read().strip() 
    334              
    335             except Exception, e: 
    336                 raise SessionMgrClientError, "Pass-phrase not defined: " + \ 
    337                                             str(e) 
    338              
    339      
    340         # Make request for new user 
    341         try:    
    342             self.__srv.addUser(username, passphrase) 
    343  
    344         except Exception, e: 
    345             raise SessionMgrClientError, "Adding new user: " + str(e) 
    346312     
    347313         
     
    371337         
    372338        @rtype: tuple 
    373         @return proxy cert, proxy private key, user cert and sessID all as 
     339        @return user cert, user private key, issuing cert and sessID all as 
    374340        strings but sessID will be None if the createServerSess keyword is  
    375341        False""" 
     
    438404    #_________________________________________________________________________  
    439405    def getAttCert(self, 
    440                    proxyCert=None, 
     406                   userCert=None, 
    441407                   sessID=None, 
    442408                   attAuthorityURI=None, 
     
    451417        user's credential wallet held by the session manager. 
    452418         
    453         ac = getAttCert([sessID=i]|[proxyCert=p][key=arg, ...]) 
     419        ac = getAttCert([sessID=i]|[userCert=p][key=arg, ...]) 
    454420          
    455421        @raise AttributeRequestDenied: this is raised if the request is  
     
    460426        extAttCertList attribute 
    461427              
    462         @type proxyCert: string 
    463         @param proxyCert: proxy certificate - use as ID instead of session  
    464         ID.  This can be omitted if the message is signed with a proxy  
    465         certificate.  In this case the proxy certificate is passed in the  
     428        @type userCert: string 
     429        @param userCert: user certificate - use as ID instead of session  
     430        ID.  This can be omitted if the message is signed with a user  
     431        certificate.  In this case the user certificate is passed in the  
    466432        BinarySecurityToken of the WS-Security header 
    467433         
    468434        @type sessID: string 
    469435        @param sessID: session ID.  Input this as an alternative to  
    470         proxyCert in the case of a browser client. 
     436        userCert in the case of a browser client. 
    471437         
    472438        @type attAuthorityURI: string 
     
    505471        # Make request 
    506472        try: 
    507             attCert, msg, extAttCertList = self.__srv.getAttCert(proxyCert, 
     473            attCert, msg, extAttCertList = self.__srv.getAttCert(userCert, 
    508474                                                       sessID,  
    509475                                                       attAuthorityURI, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/MyProxy.py

    r3133 r3145  
    143143USERNAME=%s 
    144144PASSPHRASE=%s 
    145 LIFETIME=%d\0""" 
     145LIFETIME=%d""" 
    146146  
    147147    __infoCmd="""VERSION=MYPROXYv2 
     
    168168USERNAME=%s 
    169169PASSPHRASE= 
    170 LIFETIME=%d\0""" 
     170LIFETIME=%d""" 
    171171 
    172172    _hostCertSubDirPath = ('etc', 'hostcert.pem') 
     
    864864        server 
    865865         
     866        @type lifetime: int 
     867        @param lifetime: lifetime for generated certificate 
     868         
    866869        @rtype: tuple 
    867870        @return credentials as strings in PEM format: the 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py

    r3044 r3145  
    4646        <xsd:complexType> 
    4747                  <xsd:sequence> 
    48                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyCert\" type=\"xsd:string\"/> 
    49                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyPriKey\" type=\"xsd:string\"/> 
    5048                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userCert\" type=\"xsd:string\"/> 
     49                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userPriKey\" type=\"xsd:string\"/> 
     50                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"issuingCert\" type=\"xsd:string\"/> 
    5151                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
    5252                  </xsd:sequence> 
     
    280280        if hasattr(self,'impl'): 
    281281            # Should have a tuple of 4 args 
    282             result._proxyCert = parameters[0] 
    283             result._proxyPriKey = parameters[1] 
    284             result._userCert = parameters[2] 
     282            result._userCert = parameters[0] 
     283            result._userPriKey = parameters[1] 
     284            result._issuingCert = parameters[2] 
    285285            result._sessID = parameters[3] 
    286286        return self.request, result 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac

    r3135 r3145  
    4040 
    4141from ndg.security.server.SessionMgr.SessionMgr_services_server import \ 
    42         SessionMgrService 
     42        SessionMgrService as _SessionMgrService 
    4343from ndg.security.server.SessionMgr import SessionMgr 
    4444from ndg.security.common.wsSecurity import SignatureHandler 
     
    5050 
    5151 
    52 class SessionMgrServiceSub(SessionMgrService, WSResource): 
     52class SessionMgrService(_SessionMgrService, WSResource): 
    5353 
    5454    # Add WS-Security handlers 
     
    8787                pdb.set_trace() 
    8888                 
    89         request, response = SessionMgrService.soap_connect(self, ps) 
     89        request, response = _SessionMgrService.soap_connect(self, ps) 
    9090         
    9191        result = self.sm.connect(username=request.Username, 
     
    9393                                                                 createServerSess=request.CreateServerSess) 
    9494                                         
    95         response.ProxyCert, response.ProxyPriKey, response.UserCert, \ 
     95        response.UserCert, response.UserPriKey, response.issuingCert, \ 
    9696                response.SessID = result 
    9797                          
     
    110110                pdb.set_trace() 
    111111                             
    112         request, response = SessionMgrService.soap_disconnect(self, ps) 
     112        request, response = _SessionMgrService.soap_disconnect(self, ps) 
    113113         
    114114        # Derive designated user ID differently according to whether 
     
    123123            userCert = request.UserCert 
    124124 
    125         self.sm.deleteUserSession(sessID=sessID, proxyCert=userCert) 
     125        self.sm.deleteUserSession(sessID=sessID, userCert=userCert) 
    126126        return request, response 
    127127 
     
    140140                pdb.set_trace() 
    141141                 
    142         request, response = SessionMgrService.soap_getSessionStatus(self, ps) 
     142        request, response = _SessionMgrService.soap_getSessionStatus(self, ps) 
    143143         
    144144        response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN, 
     
    160160                pdb.set_trace() 
    161161                 
    162         request, response = SessionMgrService.soap_getAttCert(self, ps) 
     162        request, response = _SessionMgrService.soap_getAttCert(self, ps) 
    163163 
    164164        # Get certificate corresponding to private key that signed the 
     
    203203                pdb.set_trace() 
    204204                 
    205         request, response = SessionMgrService.soap_getX509Cert(self, ps) 
     205        request, response = _SessionMgrService.soap_getX509Cert(self, ps) 
    206206 
    207207        x509Cert = X509CertRead(srv.sm['certFile']) 
     
    211211 
    212212# Create Service 
    213 srv = SessionMgrServiceSub() 
     213srv = SessionMgrService() 
    214214 
    215215if srv.sm['useSignatureHandler']: 
     
    221221                            signingPriKeyFilePath=srv.sm['keyFile'], 
    222222                            signingPriKeyPwd=srv.sm['keyPwd'], 
    223                             caCertFilePathList=srv.aa.get('caCertFileList')) 
     223                            caCertFilePathList=srv.sm.get('caCertFileList')) 
    224224 
    225225# Add Service to Session Manager branch 
     
    250250        ctx.load_cert(srv.sm['sslCertFile'],  
    251251                          srv.sm['sslKeyFile'], 
    252                           callback=lambda *args, **kw: srv.aa['sslKeyPwd']) 
     252                          callback=lambda *args, **kw: srv.sm['sslKeyPwd']) 
    253253                           
    254254        ctx.set_allow_unknown_ca(False) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml

    r3133 r3145  
    8888                        specified when a certificate is first created by store() method 
    8989                --> 
    90                 <proxyCertMaxLifetime>12</proxyCertMaxLifetime> <!-- in hours --> 
     90                <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 
    9191                <!--  
    9292                        Life time of a proxy certificate when issued from the Proxy Server  
    9393                        with ndg.security.server.MyProxy.getDelegation() method 
    9494                --> 
    95                 <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours --> 
     95                <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 
    9696                <!--  
    9797                CA certificate applied to verify peer certificate against in 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/myProxyClientTest.cfg

    r3141 r3145  
    3131 
    3232[test2GetDelegation] 
    33 username: raphaelTest 
    34 #username: Junk 
    35 #passphrase: JunkJunk 
     33username: Junk 
     34#username: raphaelTest 
     35passphrase: JunkJunk 
    3636 
    3737[test3Info] 
    3838#username: sstljakTestUser 
    39 username: Junk 
    4039ownerCertFile: ./proxy-cert.pem 
    4140ownerKeyFile: ./proxy-key.pem 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml

    r3140 r3145  
    7070                        specified when a certificate is first created by store() method 
    7171                --> 
    72                 <proxyCertMaxLifetime>24</proxyCertMaxLifetime> <!-- in hours --> 
     72                <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 
    7373                <!--  
    7474                        Life time of a proxy certificate when issued from the Proxy Server  
    7575                        with getDelegation() method 
    7676                        --> 
    77                 <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours --> 
     77                <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 
    7878                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 
    7979        </myProxyProp> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg

    r3139 r3145  
    1414 
    1515[test1Connect]          
    16 username = pjkersha 
    17 #username = raphaelTest 
     16username = raphaelTest 
    1817#username = gabriel 
    1918#passphrase = testpassword 
     
    2221 
    2322[test3ConnectNoCreateServerSess]          
    24 username = pjkersha 
    25 #username = gabriel 
     23username = gabriel 
    2624#passphrase = testpassword 
    2725 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py

    r3044 r3145  
    3232    test3Passphrase = None 
    3333 
    34     def _getCertChainFromProxyCertFile(self, proxyCertFilePath): 
    35         '''Read proxy cert and user cert from a single PEM file and put in 
     34    def _getCertChainFromProxyCertFile(self, certChainFilePath): 
     35        '''Read user cert and user cert from a single PEM file and put in 
    3636        a list ready for input into SignatureHandler'''                
    37         proxyCertFileTxt = open(proxyCertFilePath).read() 
     37        certChainFileTxt = open(certChainFilePath).read() 
    3838         
    3939        pemPatRE = re.compile(self.__class__.pemPat, re.S) 
    40         x509CertList = pemPatRE.findall(proxyCertFileTxt) 
     40        x509CertList = pemPatRE.findall(certChainFileTxt) 
    4141         
    4242        signingCertChain = [X509CertParse(x509Cert) for x509Cert in \ 
    4343                            x509CertList] 
    4444     
    45         # Expecting proxy cert first - move this to the end.  This will 
     45        # Expecting user cert first - move this to the end.  This will 
    4646        # be the cert used to verify the message signature 
    4747        signingCertChain.reverse() 
     
    8686        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    8787 
    88         # Check certificate types proxy or standard 
    89         proxyCertFilePath = self.cfg['setUp'].get('proxycertfilepath') 
    90         if proxyCertFilePath: 
     88        # Check certificate types user or standard 
     89        userCertFilePath = self.cfg['setUp'].get('usercertfilepath') 
     90        if userCertFilePath: 
    9191            signingCertChain = \ 
    92                         self._getCertChainFromProxyCertFile(proxyCertFilePath) 
     92                        self._getCertChainFromProxyCertFile(userCertFilePath) 
    9393        else: 
    9494            signingCertChain = None 
     
    111111         
    112112        self.sessID = None 
    113         self.proxyCert = None 
    114         self.proxyPriKey = None 
    115113        self.userCert = None 
    116  
    117 # TODO: is addUser part of session manager? 
    118 #    def test1AddUser(self): 
    119 #        """Add a new user ID to the MyProxy repository""" 
    120 #         
    121 #        passphrase = self.cfg['test1AddUser'].get('passphrase') or \ 
    122 #            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ") 
    123 #             
    124 #        # Note the pass-phrase is read from the file tmp.  To pass 
    125 #        # explicitly as a string use the 'passphrase' keyword instead 
    126 #        self.clnt.addUser(self.cfg['test1AddUser']['username'],  
    127 #                          passphrase=passphrase) 
    128 #        print "Added user '%s'" % self.cfg['test1AddUser']['username'] 
     114        self.userPriKey = None 
     115        self.issuingCert = None 
    129116         
    130117 
     
    139126        if not self.__class__.test2Passphrase: 
    140127            self.__class__.test2Passphrase = getpass.getpass(\ 
    141                                prompt="\ntest2Connect pass-phrase for user: ") 
    142  
    143         self.proxyCert, self.proxyPriKey, self.userCert, self.sessID = \ 
     128                               prompt="\ntest1Connect pass-phrase for user: ") 
     129 
     130        self.userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
    144131            self.clnt.connect(self.cfg['test1Connect']['username'],  
    145132                              passphrase=self.__class__.test2Passphrase) 
     
    177164            prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user: ") 
    178165 
    179         self.proxyCert, self.proxyPriKey, self.userCert, sessID = \ 
     166        self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
    180167            self.clnt.connect(\ 
    181168                      self.cfg['test3ConnectNoCreateServerSess']['username'],  
     
    188175        print "User '%s' connected to Session Manager:\n%s" % \ 
    189176                    (self.cfg['test3ConnectNoCreateServerSess']['username'],  
    190                      self.proxyCert) 
    191              
    192  
    193     def test4DisconnectUsingSessID(self): 
    194         """test4DisconnectUsingSessID: disconnect as if acting as a browser client  
     177                     self.userCert) 
     178             
     179 
     180    def test4DisconnectWithSessID(self): 
     181        """test4DisconnectWithSessID: disconnect as if acting as a browser client  
    195182        """ 
    196183         
    197         print "\n\t" + self.test4DisconnectUsingSessID.__doc__ 
     184        print "\n\t" + self.test4DisconnectWithSessID.__doc__ 
    198185        self.test1Connect() 
    199186         
     
    203190             
    204191 
    205     def test5DisconnectUsingProxyCert(self): 
    206         """test5DisconnectUsingProxyCert: Disconnect as a command line client  
     192    def test5DisconnectWithUserCert(self): 
     193        """test5DisconnectWithUserCert: Disconnect as a command line client  
    207194        """ 
    208195         
    209         print "\n\t" + self.test5DisconnectUsingProxyCert.__doc__ 
    210         self.test1Connect() 
    211          
    212         # Use proxy cert / private key just obtained from connect call for 
    213         # signature generation          
    214         self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    215         self.clnt.signatureHandler.signingPriKey = self.proxyPriKey         
    216         self.clnt.signatureHandler.signingCertChain = (self.userCert, 
    217                                                        self.proxyCert) 
    218          
     196        print "\n\t" + self.test5DisconnectWithUserCert.__doc__ 
     197        self.test1Connect() 
     198         
     199        # Use user cert / private key just obtained from connect call for 
     200        # signature generation 
     201        if self.issuingCert: 
     202            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     203            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     204            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     205                                                           self.userCert) 
     206            self.clnt.signatureHandler.signingCert = None 
     207        else: 
     208            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     209            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     210            self.clnt.signatureHandler.signingCertChain = () 
     211            self.clnt.signatureHandler.signingCert = self.userCert 
     212             
    219213        # Proxy cert in signature determines ID of session to 
    220214        # delete 
    221215        self.clnt.disconnect() 
    222         print "User disconnected from Session Manager:\n%s" % self.proxyCert 
    223  
    224  
    225     def test6GetAttCertUsingSessID(self): 
    226         """test6GetAttCertUsingSessID: make an attribute request using 
     216        print "User disconnected from Session Manager:\n%s" % self.userCert 
     217 
     218 
     219    def test6GetAttCertWithSessID(self): 
     220        """test6GetAttCertWithSessID: make an attribute request using 
    227221        a session ID as authentication credential""" 
    228222 
    229         print "\n\t" + self.test6GetAttCertUsingSessID.__doc__         
     223        print "\n\t" + self.test6GetAttCertWithSessID.__doc__         
    230224        self.test1Connect() 
    231225         
    232226        attCert = self.clnt.getAttCert(\ 
    233227            sessID=self.sessID,  
    234             attAuthorityURI=self.cfg['test6GetAttCertUsingSessID']['aauri']) 
     228            attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aauri']) 
    235229         
    236230        print "Attribute Certificate:\n%s" % attCert  
    237231        attCert.filePath = \ 
    238             self.cfg['test6GetAttCertUsingSessID']['acoutfilepath']  
     232            self.cfg['test6GetAttCertWithSessID']['acoutfilepath']  
    239233        attCert.write() 
    240234 
    241235 
    242     def test6aGetAttCertRefusedUsingSessID(self): 
    243         """test6aGetAttCertRefusedUsingSessID: make an attribute request using 
     236    def test6aGetAttCertRefusedWithSessID(self): 
     237        """test6aGetAttCertRefusedWithSessID: make an attribute request using 
    244238        a sessID as authentication credential requesting an AC from an 
    245239        Attribute Authority where the user is NOT registered""" 
    246240 
    247         print "\n\t" + self.test6aGetAttCertRefusedUsingSessID.__doc__         
    248         self.test1Connect() 
    249          
    250         aaURI = self.cfg['test6aGetAttCertRefusedUsingSessID']['aauri'] 
     241        print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__         
     242        self.test1Connect() 
     243         
     244        aaURI = self.cfg['test6aGetAttCertRefusedWithSessID']['aauri'] 
    251245         
    252246        try: 
     
    261255 
    262256 
    263     def test6bGetMappedAttCertUsingSessID(self): 
    264         """test6bGetMappedAttCertUsingSessID: make an attribute request using 
     257    def test6bGetMappedAttCertWithSessID(self): 
     258        """test6bGetMappedAttCertWithSessID: make an attribute request using 
    265259        a session ID as authentication credential""" 
    266260 
    267         print "\n\t" + self.test6bGetMappedAttCertUsingSessID.__doc__         
    268         self.test1Connect() 
    269          
    270         aaURI = self.cfg['test6bGetMappedAttCertUsingSessID']['aauri'] 
     261        print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__         
     262        self.test1Connect() 
     263         
     264        aaURI = self.cfg['test6bGetMappedAttCertWithSessID']['aauri'] 
    271265         
    272266        attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) 
     
    275269 
    276270 
    277     def test6cGetAttCertWithExtAttCertListUsingSessID(self): 
    278         """test6cGetAttCertUsingSessID: make an attribute request using 
     271    def test6cGetAttCertWithExtAttCertListWithSessID(self): 
     272        """test6cGetAttCertWithSessID: make an attribute request using 
    279273        a session ID as authentication credential""" 
    280274         
    281275        print "\n\t" + \ 
    282             self.test6cGetAttCertWithExtAttCertListUsingSessID.__doc__         
     276            self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__         
    283277        self.test1Connect() 
    284278         
    285279        aaURI = \ 
    286             self.cfg['test6cGetAttCertWithExtAttCertListUsingSessID']['aauri'] 
    287          
    288         # Use output from test6GetAttCertUsingSessID! 
     280            self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['aauri'] 
     281         
     282        # Use output from test6GetAttCertWithSessID! 
    289283        extACFilePath = \ 
    290     self.cfg['test6cGetAttCertWithExtAttCertListUsingSessID']['extacfilepath']    
     284    self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath']    
    291285        extAttCert = open(extACFilePath).read() 
    292286         
     
    298292 
    299293 
    300     def test7GetAttCertUsingProxyCert(self): 
    301         """test7GetAttCertUsingProxyCert: make an attribute request using 
    302         a proxy cert as authentication credential""" 
    303         print "\n\t" + self.test7GetAttCertUsingProxyCert.__doc__ 
    304         self.test1Connect() 
    305  
    306         self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    307         self.clnt.signatureHandler.signingPriKey = self.proxyPriKey         
    308         self.clnt.signatureHandler.signingCertChain = (self.userCert, 
    309                                                        self.proxyCert) 
     294    def test7GetAttCertWithUserCert(self): 
     295        """test7GetAttCertWithUserCert: make an attribute request using 
     296        a user cert as authentication credential""" 
     297        print "\n\t" + self.test7GetAttCertWithUserCert.__doc__ 
     298        self.test1Connect() 
     299 
     300        if self.issuingCert: 
     301            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     302            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     303            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     304                                                           self.userCert) 
     305            self.clnt.signatureHandler.signingCert = None 
     306        else: 
     307            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     308            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     309            self.clnt.signatureHandler.signingCertChain = () 
     310            self.clnt.signatureHandler.signingCert = self.userCert 
    310311         
    311312        # Request an attribute certificate from an Attribute Authority  
    312         # using the proxyCert returned from connect() 
    313          
    314         aaURI = self.cfg['test7GetAttCertUsingProxyCert']['aauri'] 
     313        # using the userCert returned from connect() 
     314         
     315        aaURI = self.cfg['test7GetAttCertWithUserCert']['aauri'] 
    315316        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    316317           
     
    334335                    "test2GetSessionStatus", 
    335336                    "test3ConnectNoCreateServerSess", 
    336                     "test4DisconnectUsingSessID", 
    337                     "test5DisconnectUsingProxyCert", 
    338                     "test6GetAttCertUsingSessID", 
    339                     "test6bGetMappedAttCertUsingSessID", 
    340                     "test6cGetAttCertWithExtAttCertListUsingSessID", 
    341                     "test7GetAttCertUsingProxyCert", 
     337                    "test4DisconnectWithSessID", 
     338                    "test5DisconnectWithUserCert", 
     339                    "test6GetAttCertWithSessID", 
     340                    "test6bGetMappedAttCertWithSessID", 
     341                    "test6cGetAttCertWithExtAttCertListWithSessID", 
     342                    "test7GetAttCertWithUserCert", 
    342343                    "test8GetX509Cert", 
    343344                  )) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/server.sh

    r2866 r3145  
    1717 
    1818EXEC=twistd  
    19 OPTIONS="--pidfile=twistd-$$.pid -noy" 
     19OPTIONS="-noy" 
    2020TACFILE=sessionMgr.tac 
    2121 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg

    r3044 r3145  
    1212#smuri = https://localhost/SessionManager 
    1313smuri = https://localhost:5700/SessionManager 
    14 #smuri = https://glue.badc.rl.ac.uk:50000/SessionManager 
    1514 
    1615# For https connections only.  !Omit ssl* settings if using http! 
     
    1817# same as peer hostname.  
    1918#sslpeercertcn = webSphereTest 
    20 sslcacertfilepathlist = cacert.pem 
     19sslcacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 
    2120 
    2221# Set to False to test service without WS-Security signature 
     
    2423 
    2524# ValueType for BinarySecurityToken element of WSSE header.  Specify 
    26 # 'X509PKIPathv1' for use with proxy certificates 
     25# 'X509PKIPathv1' for use with user certificates 
    2726reqbinsectokvaltype = X509v3 
    2827#reqbinsectokvaltype = X509 
    2928#reqbinsectokvaltype = X509PKIPathv1 
    3029 
    31 # Test with proxy certificates or with standard certs.  Comment out as  
    32 # appropriate 
    33 #proxycertfilepath = ./proxy-cert.pem 
     30# Test with chain of certificates (as with a proxy cert.) or with standard  
     31# certs.  Comment out as appropriate 
     32#certchainfilepath = ./user-cert.pem 
    3433 
    35 # Test without proxy certificates - uses AA server side cert/private key for 
    36 # client side too (!) 
    37 clntcertfilepath = ./clnt-cert.pem 
    38  
    39 clntprikeyfilepath = ./clnt-key.pem 
    40 #clntprikeyfilepath = ./proxy-key.pem 
     34# Test without cert. chain 
     35clntcertfilepath = ./sm-clnt.crt 
     36clntprikeyfilepath = ./sm-clnt.key 
    4137 
    4238# Password protecting client private key - if omitted it will be prompted for 
     
    4642# Space separated list of CA certificate files used to verify certificate used 
    4743# in message signature 
    48 cacertfilepathlist = ./cacert.pem 
     44cacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 
    4945 
    5046[test1Connect]          
    51 #username = lawrence 
    5247username = raphaelTest 
    5348#username = gabriel 
    54 passphrase = testpassword 
     49#passphrase = testpassword 
    5550 
    5651[test3ConnectNoCreateServerSess]          
    5752username = raphaelTest 
    5853#username = gabriel 
    59 passphrase = testpassword 
     54#passphrase = testpassword 
    6055 
    61 [test6GetAttCertUsingSessID] 
     56[test6GetAttCertWithSessID] 
    6257aaURI = http://localhost:5000/AttributeAuthority 
    6358acOutFilePath = ac-out.xml 
    6459 
    65 [test6aGetAttCertRefusedUsingSessID] 
     60[test6aGetAttCertRefusedWithSessID] 
    6661aaURI = http://localhost:5100/AttributeAuthority 
    6762 
    68 [test6bGetMappedAttCertUsingSessID] 
     63[test6bGetMappedAttCertWithSessID] 
    6964aaURI = http://localhost:5100/AttributeAuthority 
    7065 
    71 [test6cGetAttCertWithExtAttCertListUsingSessID] 
     66[test6cGetAttCertWithExtAttCertListWithSessID] 
    7267aaURI = http://localhost:5100/AttributeAuthority 
    73 # Use output from test6GetAttCertUsingSessID! 
     68# Use output from test6GetAttCertWithSessID! 
    7469extACFilePath = ac-out.xml 
    7570 
    76 [test7GetAttCertUsingProxyCert] 
     71[test7GetAttCertWithUserCert] 
    7772aaURI = http://localhost:5000/AttributeAuthority 
    78 #aaURI = http://glue.badc.rl.ac.uk/services/ndg/security/AttributeAuthority 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

    r3135 r3145  
    44    <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
    55    <!--<useSSL>Yes</useSSL>  leave blank to use http --> 
    6     <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile> 
    7     <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile> 
     6    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</sslCertFile> 
     7    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</sslKeyFile> 
    88    <!--  
    99    Directory containing CA cert.s to verify SSL peer cert against  
     
    2323    --> 
    2424    <caCertFileList> 
    25         <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 
     25        <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     26        <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    2627    </caCertFileList> 
    27     <certFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</certFile> 
    28     <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</keyFile> 
     28    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 
     29    <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 
    2930    <keyPwd/> 
    3031    <!--  
     
    7273                        specified when a certificate is first created by store() method 
    7374                --> 
    74                 <proxyCertMaxLifetime>24</proxyCertMaxLifetime> <!-- in hours --> 
     75                <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 
    7576                <!--  
    7677                        Life time of a proxy certificate when issued from the Proxy Server  
    7778                        with getDelegation() method 
    78                         --> 
    79                 <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours --> 
    80                 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 
     79                --> 
     80                <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 
     81                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    8182        </myProxyProp> 
    8283        <simpleCACltProp> 
  • TI12-security/trunk/python/www/html/sessionMgr.wsdl

    r3044 r3145  
    4242        <xsd:complexType> 
    4343                  <xsd:sequence> 
    44                     <xsd:element name="proxyCert" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
    45                     <xsd:element name="proxyPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
    4644                    <xsd:element name="userCert" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
     45                    <xsd:element name="userPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
     46                    <xsd:element name="issuingCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    4747                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    4848                  </xsd:sequence> 
Note: See TracChangeset for help on using the changeset viewer.