Changeset 3145 for TI12-security
- Timestamp:
- 13/12/07 17:30:59 (13 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 2 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py
r3044 r3145 29 29 # no ws-addressing 30 30 31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407 737ec>31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407533cc> 32 32 def getSessionStatus(self, userDN,sessID): 33 33 … … 44 44 return isAlive 45 45 46 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407 73c4c>46 # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075382c> 47 47 def connect(self, username,passphrase,createServerSess): 48 48 … … 57 57 # no output wsaction 58 58 response = self.binding.Receive(connectOutputMsg.typecode) 59 proxyCert = response._proxyCert60 proxyPriKey = response._proxyPriKey61 59 userCert = response._userCert 60 userPriKey = response._userPriKey 61 issuingCert = response._issuingCert 62 62 sessID = response._sessID 63 return proxyCert,proxyPriKey,userCert,sessID63 return userCert,userPriKey,issuingCert,sessID 64 64 65 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407 78a8c>65 # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a66c> 66 66 def disconnect(self, userCert,sessID): 67 67 … … 77 77 return 78 78 79 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407 78c2c>79 # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a80c> 80 80 def getAttCert(self, userCert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 81 81 … … 101 101 return attCert,msg,extAttCertOut 102 102 103 # op: <ZSI.wstools.WSDLTools.Message instance at 0x407 78dac>103 # op: <ZSI.wstools.WSDLTools.Message instance at 0x4075a98c> 104 104 def getX509Cert(self): 105 105 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py
r3044 r3145 86 86 def __init__(self, **kw): 87 87 ns = ns0.connectResponse_Dec.schema 88 TClist = [ZSI.TC.String(pname=" proxyCert", aname="_proxyCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="proxyPriKey", aname="_proxyPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]88 TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 89 89 kw["pname"] = ("urn:ndg:security:sessionMgr","connectResponse") 90 90 kw["aname"] = "_connectResponse" … … 96 96 def __init__(self): 97 97 # pyclass 98 self._proxyCert = None99 self._proxyPriKey = None100 98 self._userCert = None 99 self._userPriKey = None 100 self._issuingCert = None 101 101 self._sessID = None 102 102 return -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py
r3044 r3145 124 124 @type uri: string 125 125 @param uri: URI for Session Manager WS. Setting it will set the 126 Service Proxy126 Service user 127 127 128 128 @type tracefile: file stream type … … 310 310 "Initialising Service for \"%s\": %s %s" % \ 311 311 (self.__uri, e.status, e.reason) 312 313 314 #_________________________________________________________________________315 def addUser(self,316 username,317 passphrase=None,318 passphraseFilePath=None,319 clntPriKeyPwd=None):320 """Register a new user321 322 username: the username for the new user323 passphrase: user's pass-phrase324 passphraseFilePath: a file containing the user's pass-phrase.325 Use this as an alternative to passphrase keyword326 clntPriKeyPwd: pass-phrase if any for the client's private327 key used to decrypt response from328 Session Manager329 """330 331 if passphrase is None:332 try:333 passphrase = open(passphraseFilePath).read().strip()334 335 except Exception, e:336 raise SessionMgrClientError, "Pass-phrase not defined: " + \337 str(e)338 339 340 # Make request for new user341 try:342 self.__srv.addUser(username, passphrase)343 344 except Exception, e:345 raise SessionMgrClientError, "Adding new user: " + str(e)346 312 347 313 … … 371 337 372 338 @rtype: tuple 373 @return proxy cert, proxy private key, usercert and sessID all as339 @return user cert, user private key, issuing cert and sessID all as 374 340 strings but sessID will be None if the createServerSess keyword is 375 341 False""" … … 438 404 #_________________________________________________________________________ 439 405 def getAttCert(self, 440 proxyCert=None,406 userCert=None, 441 407 sessID=None, 442 408 attAuthorityURI=None, … … 451 417 user's credential wallet held by the session manager. 452 418 453 ac = getAttCert([sessID=i]|[ proxyCert=p][key=arg, ...])419 ac = getAttCert([sessID=i]|[userCert=p][key=arg, ...]) 454 420 455 421 @raise AttributeRequestDenied: this is raised if the request is … … 460 426 extAttCertList attribute 461 427 462 @type proxyCert: string463 @param proxyCert: proxycertificate - use as ID instead of session464 ID. This can be omitted if the message is signed with a proxy465 certificate. In this case the proxycertificate is passed in the428 @type userCert: string 429 @param userCert: user certificate - use as ID instead of session 430 ID. This can be omitted if the message is signed with a user 431 certificate. In this case the user certificate is passed in the 466 432 BinarySecurityToken of the WS-Security header 467 433 468 434 @type sessID: string 469 435 @param sessID: session ID. Input this as an alternative to 470 proxyCert in the case of a browser client.436 userCert in the case of a browser client. 471 437 472 438 @type attAuthorityURI: string … … 505 471 # Make request 506 472 try: 507 attCert, msg, extAttCertList = self.__srv.getAttCert( proxyCert,473 attCert, msg, extAttCertList = self.__srv.getAttCert(userCert, 508 474 sessID, 509 475 attAuthorityURI, -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/MyProxy.py
r3133 r3145 143 143 USERNAME=%s 144 144 PASSPHRASE=%s 145 LIFETIME=%d \0"""145 LIFETIME=%d""" 146 146 147 147 __infoCmd="""VERSION=MYPROXYv2 … … 168 168 USERNAME=%s 169 169 PASSPHRASE= 170 LIFETIME=%d \0"""170 LIFETIME=%d""" 171 171 172 172 _hostCertSubDirPath = ('etc', 'hostcert.pem') … … 864 864 server 865 865 866 @type lifetime: int 867 @param lifetime: lifetime for generated certificate 868 866 869 @rtype: tuple 867 870 @return credentials as strings in PEM format: the -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py
r3044 r3145 46 46 <xsd:complexType> 47 47 <xsd:sequence> 48 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyCert\" type=\"xsd:string\"/>49 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"proxyPriKey\" type=\"xsd:string\"/>50 48 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userCert\" type=\"xsd:string\"/> 49 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userPriKey\" type=\"xsd:string\"/> 50 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"issuingCert\" type=\"xsd:string\"/> 51 51 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 52 52 </xsd:sequence> … … 280 280 if hasattr(self,'impl'): 281 281 # Should have a tuple of 4 args 282 result._ proxyCert = parameters[0]283 result._ proxyPriKey = parameters[1]284 result._ userCert = parameters[2]282 result._userCert = parameters[0] 283 result._userPriKey = parameters[1] 284 result._issuingCert = parameters[2] 285 285 result._sessID = parameters[3] 286 286 return self.request, result -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac
r3135 r3145 40 40 41 41 from ndg.security.server.SessionMgr.SessionMgr_services_server import \ 42 SessionMgrService 42 SessionMgrService as _SessionMgrService 43 43 from ndg.security.server.SessionMgr import SessionMgr 44 44 from ndg.security.common.wsSecurity import SignatureHandler … … 50 50 51 51 52 class SessionMgrService Sub(SessionMgrService, WSResource):52 class SessionMgrService(_SessionMgrService, WSResource): 53 53 54 54 # Add WS-Security handlers … … 87 87 pdb.set_trace() 88 88 89 request, response = SessionMgrService.soap_connect(self, ps)89 request, response = _SessionMgrService.soap_connect(self, ps) 90 90 91 91 result = self.sm.connect(username=request.Username, … … 93 93 createServerSess=request.CreateServerSess) 94 94 95 response. ProxyCert, response.ProxyPriKey, response.UserCert, \95 response.UserCert, response.UserPriKey, response.issuingCert, \ 96 96 response.SessID = result 97 97 … … 110 110 pdb.set_trace() 111 111 112 request, response = SessionMgrService.soap_disconnect(self, ps)112 request, response = _SessionMgrService.soap_disconnect(self, ps) 113 113 114 114 # Derive designated user ID differently according to whether … … 123 123 userCert = request.UserCert 124 124 125 self.sm.deleteUserSession(sessID=sessID, proxyCert=userCert)125 self.sm.deleteUserSession(sessID=sessID, userCert=userCert) 126 126 return request, response 127 127 … … 140 140 pdb.set_trace() 141 141 142 request, response = SessionMgrService.soap_getSessionStatus(self, ps)142 request, response = _SessionMgrService.soap_getSessionStatus(self, ps) 143 143 144 144 response.IsAlive = self.sm.getSessionStatus(userDN=request.UserDN, … … 160 160 pdb.set_trace() 161 161 162 request, response = SessionMgrService.soap_getAttCert(self, ps)162 request, response = _SessionMgrService.soap_getAttCert(self, ps) 163 163 164 164 # Get certificate corresponding to private key that signed the … … 203 203 pdb.set_trace() 204 204 205 request, response = SessionMgrService.soap_getX509Cert(self, ps)205 request, response = _SessionMgrService.soap_getX509Cert(self, ps) 206 206 207 207 x509Cert = X509CertRead(srv.sm['certFile']) … … 211 211 212 212 # Create Service 213 srv = SessionMgrService Sub()213 srv = SessionMgrService() 214 214 215 215 if srv.sm['useSignatureHandler']: … … 221 221 signingPriKeyFilePath=srv.sm['keyFile'], 222 222 signingPriKeyPwd=srv.sm['keyPwd'], 223 caCertFilePathList=srv. aa.get('caCertFileList'))223 caCertFilePathList=srv.sm.get('caCertFileList')) 224 224 225 225 # Add Service to Session Manager branch … … 250 250 ctx.load_cert(srv.sm['sslCertFile'], 251 251 srv.sm['sslKeyFile'], 252 callback=lambda *args, **kw: srv. aa['sslKeyPwd'])252 callback=lambda *args, **kw: srv.sm['sslKeyPwd']) 253 253 254 254 ctx.set_allow_unknown_ca(False) -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml
r3133 r3145 88 88 specified when a certificate is first created by store() method 89 89 --> 90 <proxyCertMaxLifetime> 12</proxyCertMaxLifetime> <!-- in hours -->90 <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 91 91 <!-- 92 92 Life time of a proxy certificate when issued from the Proxy Server 93 93 with ndg.security.server.MyProxy.getDelegation() method 94 94 --> 95 <proxyCertLifetime> 8</proxyCertLifetime> <!-- in hours -->95 <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 96 96 <!-- 97 97 CA certificate applied to verify peer certificate against in -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/myProxyClientTest.cfg
r3141 r3145 31 31 32 32 [test2GetDelegation] 33 username: raphaelTest34 #username: Junk35 #passphrase: JunkJunk33 username: Junk 34 #username: raphaelTest 35 passphrase: JunkJunk 36 36 37 37 [test3Info] 38 38 #username: sstljakTestUser 39 username: Junk40 39 ownerCertFile: ./proxy-cert.pem 41 40 ownerKeyFile: ./proxy-key.pem -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml
r3140 r3145 70 70 specified when a certificate is first created by store() method 71 71 --> 72 <proxyCertMaxLifetime> 24</proxyCertMaxLifetime> <!-- in hours -->72 <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 73 73 <!-- 74 74 Life time of a proxy certificate when issued from the Proxy Server 75 75 with getDelegation() method 76 76 --> 77 <proxyCertLifetime> 8</proxyCertLifetime> <!-- in hours -->77 <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 78 78 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 79 79 </myProxyProp> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg
r3139 r3145 14 14 15 15 [test1Connect] 16 username = pjkersha 17 #username = raphaelTest 16 username = raphaelTest 18 17 #username = gabriel 19 18 #passphrase = testpassword … … 22 21 23 22 [test3ConnectNoCreateServerSess] 24 username = pjkersha 25 #username = gabriel 23 username = gabriel 26 24 #passphrase = testpassword 27 25 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py
r3044 r3145 32 32 test3Passphrase = None 33 33 34 def _getCertChainFromProxyCertFile(self, proxyCertFilePath):35 '''Read proxycert and user cert from a single PEM file and put in34 def _getCertChainFromProxyCertFile(self, certChainFilePath): 35 '''Read user cert and user cert from a single PEM file and put in 36 36 a list ready for input into SignatureHandler''' 37 proxyCertFileTxt = open(proxyCertFilePath).read()37 certChainFileTxt = open(certChainFilePath).read() 38 38 39 39 pemPatRE = re.compile(self.__class__.pemPat, re.S) 40 x509CertList = pemPatRE.findall( proxyCertFileTxt)40 x509CertList = pemPatRE.findall(certChainFileTxt) 41 41 42 42 signingCertChain = [X509CertParse(x509Cert) for x509Cert in \ 43 43 x509CertList] 44 44 45 # Expecting proxycert first - move this to the end. This will45 # Expecting user cert first - move this to the end. This will 46 46 # be the cert used to verify the message signature 47 47 signingCertChain.reverse() … … 86 86 reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 87 87 88 # Check certificate types proxyor standard89 proxyCertFilePath = self.cfg['setUp'].get('proxycertfilepath')90 if proxyCertFilePath:88 # Check certificate types user or standard 89 userCertFilePath = self.cfg['setUp'].get('usercertfilepath') 90 if userCertFilePath: 91 91 signingCertChain = \ 92 self._getCertChainFromProxyCertFile( proxyCertFilePath)92 self._getCertChainFromProxyCertFile(userCertFilePath) 93 93 else: 94 94 signingCertChain = None … … 111 111 112 112 self.sessID = None 113 self.proxyCert = None114 self.proxyPriKey = None115 113 self.userCert = None 116 117 # TODO: is addUser part of session manager? 118 # def test1AddUser(self): 119 # """Add a new user ID to the MyProxy repository""" 120 # 121 # passphrase = self.cfg['test1AddUser'].get('passphrase') or \ 122 # getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ") 123 # 124 # # Note the pass-phrase is read from the file tmp. To pass 125 # # explicitly as a string use the 'passphrase' keyword instead 126 # self.clnt.addUser(self.cfg['test1AddUser']['username'], 127 # passphrase=passphrase) 128 # print "Added user '%s'" % self.cfg['test1AddUser']['username'] 114 self.userPriKey = None 115 self.issuingCert = None 129 116 130 117 … … 139 126 if not self.__class__.test2Passphrase: 140 127 self.__class__.test2Passphrase = getpass.getpass(\ 141 prompt="\ntest 2Connect pass-phrase for user: ")142 143 self. proxyCert, self.proxyPriKey, self.userCert, self.sessID = \128 prompt="\ntest1Connect pass-phrase for user: ") 129 130 self.userCert, self.userPriKey, self.issuingCert, self.sessID = \ 144 131 self.clnt.connect(self.cfg['test1Connect']['username'], 145 132 passphrase=self.__class__.test2Passphrase) … … 177 164 prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user: ") 178 165 179 self. proxyCert, self.proxyPriKey, self.userCert, sessID = \166 self.userCert, self.userPriKey, self.issuingCert, sessID = \ 180 167 self.clnt.connect(\ 181 168 self.cfg['test3ConnectNoCreateServerSess']['username'], … … 188 175 print "User '%s' connected to Session Manager:\n%s" % \ 189 176 (self.cfg['test3ConnectNoCreateServerSess']['username'], 190 self. proxyCert)191 192 193 def test4Disconnect UsingSessID(self):194 """test4Disconnect UsingSessID: disconnect as if acting as a browser client177 self.userCert) 178 179 180 def test4DisconnectWithSessID(self): 181 """test4DisconnectWithSessID: disconnect as if acting as a browser client 195 182 """ 196 183 197 print "\n\t" + self.test4Disconnect UsingSessID.__doc__184 print "\n\t" + self.test4DisconnectWithSessID.__doc__ 198 185 self.test1Connect() 199 186 … … 203 190 204 191 205 def test5Disconnect UsingProxyCert(self):206 """test5Disconnect UsingProxyCert: Disconnect as a command line client192 def test5DisconnectWithUserCert(self): 193 """test5DisconnectWithUserCert: Disconnect as a command line client 207 194 """ 208 195 209 print "\n\t" + self.test5DisconnectUsingProxyCert.__doc__ 210 self.test1Connect() 211 212 # Use proxy cert / private key just obtained from connect call for 213 # signature generation 214 self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 215 self.clnt.signatureHandler.signingPriKey = self.proxyPriKey 216 self.clnt.signatureHandler.signingCertChain = (self.userCert, 217 self.proxyCert) 218 196 print "\n\t" + self.test5DisconnectWithUserCert.__doc__ 197 self.test1Connect() 198 199 # Use user cert / private key just obtained from connect call for 200 # signature generation 201 if self.issuingCert: 202 self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 203 self.clnt.signatureHandler.signingPriKey = self.userPriKey 204 self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 205 self.userCert) 206 self.clnt.signatureHandler.signingCert = None 207 else: 208 self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 209 self.clnt.signatureHandler.signingPriKey = self.userPriKey 210 self.clnt.signatureHandler.signingCertChain = () 211 self.clnt.signatureHandler.signingCert = self.userCert 212 219 213 # Proxy cert in signature determines ID of session to 220 214 # delete 221 215 self.clnt.disconnect() 222 print "User disconnected from Session Manager:\n%s" % self. proxyCert223 224 225 def test6GetAttCert UsingSessID(self):226 """test6GetAttCert UsingSessID: make an attribute request using216 print "User disconnected from Session Manager:\n%s" % self.userCert 217 218 219 def test6GetAttCertWithSessID(self): 220 """test6GetAttCertWithSessID: make an attribute request using 227 221 a session ID as authentication credential""" 228 222 229 print "\n\t" + self.test6GetAttCert UsingSessID.__doc__223 print "\n\t" + self.test6GetAttCertWithSessID.__doc__ 230 224 self.test1Connect() 231 225 232 226 attCert = self.clnt.getAttCert(\ 233 227 sessID=self.sessID, 234 attAuthorityURI=self.cfg['test6GetAttCert UsingSessID']['aauri'])228 attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aauri']) 235 229 236 230 print "Attribute Certificate:\n%s" % attCert 237 231 attCert.filePath = \ 238 self.cfg['test6GetAttCert UsingSessID']['acoutfilepath']232 self.cfg['test6GetAttCertWithSessID']['acoutfilepath'] 239 233 attCert.write() 240 234 241 235 242 def test6aGetAttCertRefused UsingSessID(self):243 """test6aGetAttCertRefused UsingSessID: make an attribute request using236 def test6aGetAttCertRefusedWithSessID(self): 237 """test6aGetAttCertRefusedWithSessID: make an attribute request using 244 238 a sessID as authentication credential requesting an AC from an 245 239 Attribute Authority where the user is NOT registered""" 246 240 247 print "\n\t" + self.test6aGetAttCertRefused UsingSessID.__doc__248 self.test1Connect() 249 250 aaURI = self.cfg['test6aGetAttCertRefused UsingSessID']['aauri']241 print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__ 242 self.test1Connect() 243 244 aaURI = self.cfg['test6aGetAttCertRefusedWithSessID']['aauri'] 251 245 252 246 try: … … 261 255 262 256 263 def test6bGetMappedAttCert UsingSessID(self):264 """test6bGetMappedAttCert UsingSessID: make an attribute request using257 def test6bGetMappedAttCertWithSessID(self): 258 """test6bGetMappedAttCertWithSessID: make an attribute request using 265 259 a session ID as authentication credential""" 266 260 267 print "\n\t" + self.test6bGetMappedAttCert UsingSessID.__doc__268 self.test1Connect() 269 270 aaURI = self.cfg['test6bGetMappedAttCert UsingSessID']['aauri']261 print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__ 262 self.test1Connect() 263 264 aaURI = self.cfg['test6bGetMappedAttCertWithSessID']['aauri'] 271 265 272 266 attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) … … 275 269 276 270 277 def test6cGetAttCertWithExtAttCertList UsingSessID(self):278 """test6cGetAttCert UsingSessID: make an attribute request using271 def test6cGetAttCertWithExtAttCertListWithSessID(self): 272 """test6cGetAttCertWithSessID: make an attribute request using 279 273 a session ID as authentication credential""" 280 274 281 275 print "\n\t" + \ 282 self.test6cGetAttCertWithExtAttCertList UsingSessID.__doc__276 self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__ 283 277 self.test1Connect() 284 278 285 279 aaURI = \ 286 self.cfg['test6cGetAttCertWithExtAttCertList UsingSessID']['aauri']287 288 # Use output from test6GetAttCert UsingSessID!280 self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['aauri'] 281 282 # Use output from test6GetAttCertWithSessID! 289 283 extACFilePath = \ 290 self.cfg['test6cGetAttCertWithExtAttCertList UsingSessID']['extacfilepath']284 self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath'] 291 285 extAttCert = open(extACFilePath).read() 292 286 … … 298 292 299 293 300 def test7GetAttCertUsingProxyCert(self): 301 """test7GetAttCertUsingProxyCert: make an attribute request using 302 a proxy cert as authentication credential""" 303 print "\n\t" + self.test7GetAttCertUsingProxyCert.__doc__ 304 self.test1Connect() 305 306 self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 307 self.clnt.signatureHandler.signingPriKey = self.proxyPriKey 308 self.clnt.signatureHandler.signingCertChain = (self.userCert, 309 self.proxyCert) 294 def test7GetAttCertWithUserCert(self): 295 """test7GetAttCertWithUserCert: make an attribute request using 296 a user cert as authentication credential""" 297 print "\n\t" + self.test7GetAttCertWithUserCert.__doc__ 298 self.test1Connect() 299 300 if self.issuingCert: 301 self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 302 self.clnt.signatureHandler.signingPriKey = self.userPriKey 303 self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 304 self.userCert) 305 self.clnt.signatureHandler.signingCert = None 306 else: 307 self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 308 self.clnt.signatureHandler.signingPriKey = self.userPriKey 309 self.clnt.signatureHandler.signingCertChain = () 310 self.clnt.signatureHandler.signingCert = self.userCert 310 311 311 312 # Request an attribute certificate from an Attribute Authority 312 # using the proxyCert returned from connect()313 314 aaURI = self.cfg['test7GetAttCert UsingProxyCert']['aauri']313 # using the userCert returned from connect() 314 315 aaURI = self.cfg['test7GetAttCertWithUserCert']['aauri'] 315 316 attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 316 317 … … 334 335 "test2GetSessionStatus", 335 336 "test3ConnectNoCreateServerSess", 336 "test4Disconnect UsingSessID",337 "test5Disconnect UsingProxyCert",338 "test6GetAttCert UsingSessID",339 "test6bGetMappedAttCert UsingSessID",340 "test6cGetAttCertWithExtAttCertList UsingSessID",341 "test7GetAttCert UsingProxyCert",337 "test4DisconnectWithSessID", 338 "test5DisconnectWithUserCert", 339 "test6GetAttCertWithSessID", 340 "test6bGetMappedAttCertWithSessID", 341 "test6cGetAttCertWithExtAttCertListWithSessID", 342 "test7GetAttCertWithUserCert", 342 343 "test8GetX509Cert", 343 344 )) -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/server.sh
r2866 r3145 17 17 18 18 EXEC=twistd 19 OPTIONS="- -pidfile=twistd-$$.pid -noy"19 OPTIONS="-noy" 20 20 TACFILE=sessionMgr.tac 21 21 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg
r3044 r3145 12 12 #smuri = https://localhost/SessionManager 13 13 smuri = https://localhost:5700/SessionManager 14 #smuri = https://glue.badc.rl.ac.uk:50000/SessionManager15 14 16 15 # For https connections only. !Omit ssl* settings if using http! … … 18 17 # same as peer hostname. 19 18 #sslpeercertcn = webSphereTest 20 sslcacertfilepathlist = cacert.pem19 sslcacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 21 20 22 21 # Set to False to test service without WS-Security signature … … 24 23 25 24 # ValueType for BinarySecurityToken element of WSSE header. Specify 26 # 'X509PKIPathv1' for use with proxycertificates25 # 'X509PKIPathv1' for use with user certificates 27 26 reqbinsectokvaltype = X509v3 28 27 #reqbinsectokvaltype = X509 29 28 #reqbinsectokvaltype = X509PKIPathv1 30 29 31 # Test with proxy certificates or with standard certs. Comment out as32 # appropriate33 # proxycertfilepath = ./proxy-cert.pem30 # Test with chain of certificates (as with a proxy cert.) or with standard 31 # certs. Comment out as appropriate 32 #certchainfilepath = ./user-cert.pem 34 33 35 # Test without proxy certificates - uses AA server side cert/private key for 36 # client side too (!) 37 clntcertfilepath = ./clnt-cert.pem 38 39 clntprikeyfilepath = ./clnt-key.pem 40 #clntprikeyfilepath = ./proxy-key.pem 34 # Test without cert. chain 35 clntcertfilepath = ./sm-clnt.crt 36 clntprikeyfilepath = ./sm-clnt.key 41 37 42 38 # Password protecting client private key - if omitted it will be prompted for … … 46 42 # Space separated list of CA certificate files used to verify certificate used 47 43 # in message signature 48 cacertfilepathlist = ./ca cert.pem44 cacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 49 45 50 46 [test1Connect] 51 #username = lawrence52 47 username = raphaelTest 53 48 #username = gabriel 54 passphrase = testpassword49 #passphrase = testpassword 55 50 56 51 [test3ConnectNoCreateServerSess] 57 52 username = raphaelTest 58 53 #username = gabriel 59 passphrase = testpassword54 #passphrase = testpassword 60 55 61 [test6GetAttCert UsingSessID]56 [test6GetAttCertWithSessID] 62 57 aaURI = http://localhost:5000/AttributeAuthority 63 58 acOutFilePath = ac-out.xml 64 59 65 [test6aGetAttCertRefused UsingSessID]60 [test6aGetAttCertRefusedWithSessID] 66 61 aaURI = http://localhost:5100/AttributeAuthority 67 62 68 [test6bGetMappedAttCert UsingSessID]63 [test6bGetMappedAttCertWithSessID] 69 64 aaURI = http://localhost:5100/AttributeAuthority 70 65 71 [test6cGetAttCertWithExtAttCertList UsingSessID]66 [test6cGetAttCertWithExtAttCertListWithSessID] 72 67 aaURI = http://localhost:5100/AttributeAuthority 73 # Use output from test6GetAttCert UsingSessID!68 # Use output from test6GetAttCertWithSessID! 74 69 extACFilePath = ac-out.xml 75 70 76 [test7GetAttCert UsingProxyCert]71 [test7GetAttCertWithUserCert] 77 72 aaURI = http://localhost:5000/AttributeAuthority 78 #aaURI = http://glue.badc.rl.ac.uk/services/ndg/security/AttributeAuthority -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml
r3135 r3145 4 4 <useSSL>Yes</useSSL> <!-- leave blank to use http --> 5 5 <!--<useSSL>Yes</useSSL> leave blank to use http --> 6 <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm -cert.pem</sslCertFile>7 <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm -key.pem</sslKeyFile>6 <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</sslCertFile> 7 <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</sslKeyFile> 8 8 <!-- 9 9 Directory containing CA cert.s to verify SSL peer cert against … … 23 23 --> 24 24 <caCertFileList> 25 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile> 25 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 26 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 26 27 </caCertFileList> 27 <certFile>$NDGSEC_SM_UNITTEST_DIR/sm -cert.pem</certFile>28 <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm -key.pem</keyFile>28 <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 29 <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 29 30 <keyPwd/> 30 31 <!-- … … 72 73 specified when a certificate is first created by store() method 73 74 --> 74 <proxyCertMaxLifetime> 24</proxyCertMaxLifetime> <!-- in hours -->75 <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds --> 75 76 <!-- 76 77 Life time of a proxy certificate when issued from the Proxy Server 77 78 with getDelegation() method 78 79 <proxyCertLifetime> 8</proxyCertLifetime> <!-- in hours -->80 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca cert.pem</caCertFile>79 --> 80 <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 81 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 81 82 </myProxyProp> 82 83 <simpleCACltProp> -
TI12-security/trunk/python/www/html/sessionMgr.wsdl
r3044 r3145 42 42 <xsd:complexType> 43 43 <xsd:sequence> 44 <xsd:element name="proxyCert" type="xsd:string" minOccurs="1" maxOccurs="1"/>45 <xsd:element name="proxyPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/>46 44 <xsd:element name="userCert" type="xsd:string" minOccurs="1" maxOccurs="1"/> 45 <xsd:element name="userPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/> 46 <xsd:element name="issuingCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 47 47 <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 48 48 </xsd:sequence>
Note: See TracChangeset
for help on using the changeset viewer.