Changeset 3195


Ignore:
Timestamp:
09/01/08 17:06:38 (12 years ago)
Author:
pjkersha
Message:

fixes to X509, XMLSecDoc, wsSecurity and sessionMgrClient unit tests - latter still to complete

security/python/ndg.security.test/ndg/security/test/SecurityCGItest.py: deleted as this code is no longer needed. Pylons code replaces it. The module that the unit test is based still exists.

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/README: more detailed instructions

security/python/ndg.security.test/ndg/security/test/server.py: repalce equivalent .sh bash script with python version

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClient.cfg: extra comments and use unit test dir env var to ref all files to enable running from any dir

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClient.py: part way through refactoring for changes as of the previous

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml: fix env var refs.

security/python/ndg.security.test/ndg/security/test/wsSecurity/*,
security/python/ndg.security.test/ndg/security/test/X509/*,
security/python/ndg.security.test/ndg/security/test/XMLSecDoc/*: fixed for use with env vars

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
10 added
1 deleted
15 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/X509/X509Test.py

    r3029 r3195  
    2020 
    2121from ConfigParser import SafeConfigParser 
    22 from ndg.security.common.X509 import * 
     22from ndg.security.common.X509 import X509CertRead, X509CertParse, X500DN, \ 
     23    X509Stack, X509StackError, SelfSignedCert, CertIssuerNotFound 
     24 
     25from os.path import expandvars as xpdVars 
     26from os.path import join as jnPath 
     27mkPath = lambda file: jnPath(os.environ['NDGSEC_X509_UNITTEST_DIR'], file) 
    2328 
    2429class X509TestCase(unittest.TestCase): 
     
    2631    def setUp(self): 
    2732         
     33        if 'NDGSEC_INT_DEBUG' in os.environ: 
     34            import pdb 
     35            pdb.set_trace() 
     36         
     37        if 'NDGSEC_X509_UNITTEST_DIR' not in os.environ: 
     38            os.environ['NDGSEC_X509_UNITTEST_DIR'] = \ 
     39                os.path.abspath(os.path.dirname(__file__)) 
     40         
    2841        configParser = SafeConfigParser() 
    29         configParser.read("./x509Test.cfg") 
     42        configFilePath = jnPath(os.environ['NDGSEC_X509_UNITTEST_DIR'], 
     43                                "x509Test.cfg") 
     44        configParser.read(configFilePath) 
    3045         
    3146        self.cfg = {} 
     
    3449         
    3550             
    36              
    3751    def test1X509CertRead(self): 
    3852        'test1X509CertRead: read in a cert from file' 
    3953        print self.test1X509CertRead.__doc__ 
    40         self.x509Cert=X509CertRead(self.cfg['test1X509CertRead']['certfile']) 
     54        self.x509Cert = \ 
     55            X509CertRead(xpdVars(self.cfg['test1X509CertRead']['certfile'])) 
    4156        assert(self.x509Cert) 
    4257 
     
    8297        assert(not(self.dn != self.dn)) 
    8398             
    84     def test7x509Stack(self): 
    85         '''test7x509Stack: test X509Stack functionality''' 
    86         print self.test7x509Stack.__doc__ 
     99    def test7X509Stack(self): 
     100        '''test7X509Stack: test X509Stack functionality''' 
     101        print self.test7X509Stack.__doc__ 
    87102        self.test1X509CertRead() 
    88103        stack = X509Stack() 
     
    96111        assert(len(stack)==0) 
    97112             
    98     def test8x509StackVerifyCertChain(self): 
    99         '''test8x509StackVerifyCertChain: testVerifyCertChain method''' 
    100         print self.test8x509StackVerifyCertChain.__doc__ 
     113    def test8X509StackVerifyCertChain(self): 
     114        '''test8X509StackVerifyCertChain: testVerifyCertChain method''' 
     115        print self.test8X509StackVerifyCertChain.__doc__ 
    101116        self.test1X509CertRead() 
    102         proxyCert=X509CertRead(\ 
    103                    self.cfg['test8x509StackVerifyCertChain']['proxycertfile']) 
     117        proxyCert=X509CertRead(xpdVars(\ 
     118                   self.cfg['test8X509StackVerifyCertChain']['proxycertfile'])) 
    104119 
    105120        stack1 = X509Stack() 
    106121        stack1.push(self.x509Cert) 
    107122         
    108         caCert=X509CertRead(\ 
    109                    self.cfg['test8x509StackVerifyCertChain']['cacertfile']) 
     123        caCert=X509CertRead(xpdVars(\ 
     124                   self.cfg['test8X509StackVerifyCertChain']['cacertfile'])) 
    110125        caStack = X509Stack() 
    111126        caStack.push(caCert) 
     
    169184                    "test5DN", 
    170185                    "test6DNCmp", 
    171                     "test7x509Stack", 
    172                     "test8x509StackVerifyCertChain" 
     186                    "test7X509Stack", 
     187                    "test8X509StackVerifyCertChain" 
    173188                  )) 
    174189        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/X509/x509Test.cfg

    r3029 r3195  
    1010 
    1111[test1X509CertRead] 
    12 certfile: user-cert.pem 
     12certfile: $NDGSEC_X509_UNITTEST_DIR/user.crt 
    1313 
    14 [test8x509StackVerifyCertChain] 
    15 certfile: user-cert.pem 
    16 proxycertfile: proxy-cert.pem 
    17 cacertfile: cacert.pem 
     14[test8X509StackVerifyCertChain] 
     15certfile: $NDGSEC_X509_UNITTEST_DIRuser.crt 
     16proxycertfile: $NDGSEC_X509_UNITTEST_DIR/proxy.crt 
     17cacertfile: $NDGSEC_X509_UNITTEST_DIR/ndg-test-ca.crt 
    1818 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.cfg

    r1953 r3195  
    1212 
    1313[test2Sign] 
    14 certFile: ./cert.pem 
    15 keyFile: ./key.pem 
    16 filePath: ./ac-signed.xml 
    17 #keyPwd: 
     14certFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 
     15keyFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 
     16filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac-signed.xml 
     17keyPwd: 
    1818 
    1919[test3Write] 
    20 filePath: ./ac.xml 
     20filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac.xml 
    2121 
    2222[test4Read] 
    23 filePath: ./ac.xml 
     23filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac.xml 
    2424 
    2525[test5Verify] 
    26 certFile: ./cert.pem 
    27 filePath: ./ac-signed.xml 
     26certFilePathList: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt $NDGSEC_XMLSECDOC_UNITTEST_DIR/ndg-test-ca.crt 
     27filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac-signed.xml 
    2828 
    2929 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py

    r2909 r3195  
    2222from ndg.security.common.XMLSec import XMLSecDoc 
    2323 
     24from os.path import expandvars as xpdVars 
     25from os.path import join as jnPath 
     26mkPath = lambda file: jnPath(os.environ['NDGSEC_XMLSECDOC_UNITTEST_DIR'], file) 
     27 
    2428class XMLSecDocTestCase(unittest.TestCase): 
    2529     
    2630    def setUp(self): 
    2731         
     32        if 'NDGSEC_INT_DEBUG' in os.environ: 
     33            import pdb 
     34            pdb.set_trace() 
     35         
     36        if 'NDGSEC_XMLSECDOC_UNITTEST_DIR' not in os.environ: 
     37            os.environ['NDGSEC_XMLSECDOC_UNITTEST_DIR'] = \ 
     38                os.path.abspath(os.path.dirname(__file__)) 
     39         
    2840        configParser = SafeConfigParser() 
    29         configParser.read("./xmlSecDocTest.cfg") 
     41        configFilePath = jnPath(os.environ['NDGSEC_XMLSECDOC_UNITTEST_DIR'], 
     42                                "xmlSecDocTest.cfg") 
     43        configParser.read(configFilePath) 
    3044         
    3145        self.cfg = {} 
     
    7387        '''test2Sign: sign document''' 
    7488             
    75         self.xmlSecDoc.filePath = self.cfg['test2Sign']['filepath'] 
    76         self.xmlSecDoc.certFilePathList=self.cfg['test2Sign']['certfile'] 
    77         self.xmlSecDoc.signingKeyFilePath=self.cfg['test2Sign']['keyfile'] 
     89        self.xmlSecDoc.filePath = xpdVars(self.cfg['test2Sign']['filepath']) 
     90        self.xmlSecDoc.certFilePathList = \ 
     91                                xpdVars(self.cfg['test2Sign']['certfile']) 
     92        self.xmlSecDoc.signingKeyFilePath = \ 
     93                                xpdVars(self.cfg['test2Sign']['keyfile']) 
    7894         
    79         self.xmlSecDoc.signingKeyPwd = self.cfg['test2Sign'].get('keypwd') or\ 
    80             getpass.getpass(prompt="\ntest2Sign private key password: ") 
     95        keyPwd = self.cfg['test2Sign'].get('keypwd') 
     96        if keyPwd is None: 
     97            self.xmlSecDoc.signingKeyPwd = \ 
     98                getpass.getpass(prompt="\ntest2Sign private key password: ") 
    8199         
    82100        self.xmlSecDoc.applyEnvelopedSignature(xmlTxt=self.strXML) 
     
    88106             
    89107        self.test1Parse() 
    90         self.xmlSecDoc.filePath = self.cfg['test3Write']['filepath'] 
     108        self.xmlSecDoc.filePath = xpdVars(self.cfg['test3Write']['filepath']) 
    91109        self.xmlSecDoc.write() 
    92110 
     
    95113        '''test4Read: read document''' 
    96114             
    97         self.xmlSecDoc.filePath = self.cfg['test4Read']['filepath'] 
     115        self.xmlSecDoc.filePath = xpdVars(self.cfg['test4Read']['filepath']) 
    98116        self.xmlSecDoc.read() 
    99117 
     
    102120        '''test5Verify: check signature of XML document''' 
    103121             
    104         self.xmlSecDoc.filePath = self.cfg['test5Verify']['filepath'] 
    105         self.xmlSecDoc.certFilePathList=self.cfg['test5Verify']['certfile'] 
     122        self.xmlSecDoc.filePath = xpdVars(self.cfg['test5Verify']['filepath']) 
     123        self.xmlSecDoc.certFilePathList = [xpdVars(file) for file in \ 
     124                        self.cfg['test5Verify']['certfilepathlist'].split()] 
    106125        self.xmlSecDoc.read() 
    107126        self.xmlSecDoc.verifyEnvelopedSignature() 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/proxy.crt

    r3192 r3195  
    22MIICijCCAXKgAwIBAgICAPkwDQYJKoZIhvcNAQEEBQAwQjEMMAoGA1UEChMDTkRH 
    33MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQLEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0 
    4 dXNlcjAeFw0wODAxMDQxNTMwNTdaFw0wODAxMDUwMzM1NTdaMFIxDDAKBgNVBAoT 
     4dXNlcjAeFw0wODAxMDkxNTE3MjlaFw0wODAxMTAwMzIyMjlaMFIxDDAKBgNVBAoT 
    55A05ERzENMAsGA1UECxMEQkFEQzEQMA4GA1UECxMHR2FicmllbDERMA8GA1UEAxMI 
    66dGVzdHVzZXIxDjAMBgNVBAMTBXByb3h5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB 
    7 iQKBgQCuAnhHngHz2WZyncnTv18d9ToIc430TlLSyFp3WQ1lZeSt2DtHr32MOkjN 
    8 urcTJ6OjLo31lykg4RKkyMiLTiEXpN92nsFNIBcDG0b/yIFN3uGW0c4MOc+vpCk/ 
    9 eSwuZTzCjDzYwjZuy8wxRaU3olSVp+3RbKAfBv7wyb4MnGIwGQIDAQABMA0GCSqG 
    10 SIb3DQEBBAUAA4IBAQBo8ts3GPAsD4jkrbsKESXoXo5wVcKKs4Tu+KkW12cBHQTj 
    11 Qzvfa6mwDDS9YOh4S+sxeEwuO5JTBt5RYoVboG8Mpy07Ur0Bmj0E+QiLJNCUWAY3 
    12 1xzDA2tw/lpG1BvKAMuHk+A9hulVYyGJkgpcQWNJyGiGoU5+K7wA4I4YmtrgylnW 
    13 xIle3fZQSr/JRTxFHduJoGCLuE0dyIEtIhRVROQP+xpkQrxjEja+U6C5rqipgOsD 
    14 x0RKDE/SrbNCd/DGcOB1Cmn7PfWhzSDErH3Rgc1a8L2Wnx6ymdfmBJP3f9QH8T9R 
    15 7mVVpN95DT9YCouBapFhX7nsa4QKUVQn4hCnc7l4 
     7iQKBgQDhqWIYfha26oLBEWDOXWuctn6toafGev7V1yFW+6k9TnpOSEeeHbppeV7E 
     8ksWhZdlyEwza4plaiqS2JtF+TMZSx0h4IPUuVZ55zphxat6K85OyHlm2yNv6KCBu 
     9lA9f4jgXbDaFui1VJd7O63Oc8uFuk/PZxj8lRlI550NNlMi6MwIDAQABMA0GCSqG 
     10SIb3DQEBBAUAA4IBAQDFbCjIoZ+LPwFegOxVZgoe0hj/M63IUyNJKC9GSjRBgOt8 
     11vmU4CJtrZYjG2kOcw2sY3ugvY1MVWltNze2NB0vZ6tCIWA7PNlU+1Q5SubAGhulQ 
     121td+6sogwNKgSW+5jNqZE3QDUoPkzycP7koULi6Z/DT1fyU0eemMkbhsSbErKvM2 
     13MKixaHMdRKOhceZvAXxNGjuCmP/GK5v6hIMWPWjYnD0AgsxjH3BN2v8b/plDQUTW 
     14XiSXt/mJZNjYlbBFNwd4clkjBF4DzRrZRHzg2MRHINEzT1fu6Bi/pC3FJSe3LLI7 
     15icsekrP4ADnN4IC+scNu2/4iw7OpHwuNEIkPk4oA 
    1616-----END CERTIFICATE----- 
    1717-----BEGIN CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/proxy.key

    r3192 r3195  
    11-----BEGIN RSA PRIVATE KEY----- 
    2 MIICXQIBAAKBgQCuAnhHngHz2WZyncnTv18d9ToIc430TlLSyFp3WQ1lZeSt2DtH 
    3 r32MOkjNurcTJ6OjLo31lykg4RKkyMiLTiEXpN92nsFNIBcDG0b/yIFN3uGW0c4M 
    4 Oc+vpCk/eSwuZTzCjDzYwjZuy8wxRaU3olSVp+3RbKAfBv7wyb4MnGIwGQIDAQAB 
    5 AoGALstLPTcon0LfYgM8u0zDb3L64Dry+bf2XeizK1UvXQ1Bqd50UprG0Gb8HRcR 
    6 FH2ca82hL2IvFUBxmw7Dn3KrQxbJFH5IpFaX3U456E85FUHJvvwepdp4P+9HF7BF 
    7 dZlkyuvJc1lLoWUEvKYyohZAr9s9VB6iot2aNvJs+Yhv9+ECQQDfQ8rPuZRjmoG/ 
    8 RXCA3dHCBeCHqcJgKGtsX8aM6N7wZmG3bt88VUEuioq1zFARdGbREQt3CYEjiwWk 
    9 sWiqnDKPAkEAx4XkpGyqdEMLFxucZQSu+AkjFrJ+tROI5uwd08j6La9jB98RxRwr 
    10 3J2LcYc1S1hAGMqnknvAZeCe2MMGaGWm1wJBAKGzze5JMMo7G4HW3zbWcZee/hID 
    11 x74xSCyD6aAhAWcIH/nlGVXvQXhd6zzkr5EUx2rgd3dNsPR3Oi0gOPhojM0CQEbi 
    12 9xzDzruHpkULdkEdrNxKwsCpogLLcfQ5J0+7M8dPbKu7QSD6pUq4XnZzRygBrqQg 
    13 O/D7LpwDdewlPf2RP/kCQQCyQtZvpLbgxs858EWtsjcRpaADzJUqkY8lHOvLGMQs 
    14 puF45jpBP2qY8AL+4ZDpIsfXxOMcwzkBu3TMzYNvhv5E 
     2MIICXAIBAAKBgQDhqWIYfha26oLBEWDOXWuctn6toafGev7V1yFW+6k9TnpOSEee 
     3HbppeV7EksWhZdlyEwza4plaiqS2JtF+TMZSx0h4IPUuVZ55zphxat6K85OyHlm2 
     4yNv6KCBulA9f4jgXbDaFui1VJd7O63Oc8uFuk/PZxj8lRlI550NNlMi6MwIDAQAB 
     5AoGASwdkZDxYFQ032DWM+FA7XWmYCOb8v5NZc4QJw7/87zNOmwSRO1MrDbKa/cTH 
     6DPiuKa2H0qcQ0ffS9/VEJjgkn/U7D1CPMF2WgcHiAJ1ryxUjKUgz63xuEBtauShf 
     7agCuFaCnEEsXgYJoSvWwsTZHZ5HA9FAGCzj27kB9nQhcQCECQQD8Kux2HP9ku9yi 
     8dRWdWQLa8X7ytF/6S9CNDuKnkHukjTt3EuNpmP/ideUDGjzS0gE3OMPZ8q5RrLhu 
     9bEUfcUGZAkEA5RdWATCpig1Q03aURd5YLMSGK1+OfZ8HosoQCN+Tzzr8fgZSeFa3 
     10gV+v0rxnogPYTppaf9UPyrndBfDurrTRqwJBANmH0bpGY46rfLZsWHwHKC5lO4T1 
     11UwJhWoQEvkOcoPyflRewJJuYj8z0tN1LSgL3hHL1tgYSkowEeolPPwXTtqkCQEVu 
     124DM2I3xi8sdUnjXa4NCYs617pb0vMOpG4bs+wBbD4vjzQ5WTesSsUqbFUYeKMMoK 
     13ADnUQpgH4xRE5KJwzUcCQH3ippjxJEuDvgRT+T4hIH/htIPLjzxsL4eLhOotw6jF 
     14/naYrvRH2iAjukBVD30WxHvHda2a0i6p4v6zOkgsRGQ= 
    1515-----END RSA PRIVATE KEY----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/README

    r3028 r3195  
    11Unit tests for Session Manager Web Service Client 
    2 _________________________________________________ 
     2================================================= 
     3This is the most complicated unit test suite and requires a number of services 
     4to be running: 
     5 * Test Session Manager web service run from this directory 
     6 * MyProxy server 
     7 * Two test Attribute Authorities run from the Attribute Authority unit test 
     8 directory ../attAuthority 
     9  
     10It is worthwhile trying out the Attribute Authority (../attAuthority) and  
     11Session Manager (../sessionMgr) unit tests first.  These tests differ from 
     12the Session Manager unit tests in that they test a SOAP *client* to a  
     13Session Manager web service whereas the Session Manager tests just the server 
     14side code.  
    315 
    4 Before running the tests start the Session Manager web service: 
     16MyProxy is installed as part of the NDG Security installation.  See the  
     17installation guide for details: 
    518 
    6 $ ./server.sh 
     19http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw 
    720 
    8 ... and the Attribute Authority test services in ../AttAuthority: 
     211) Ensure MyProxy is running on it's host machine.  Depending on how you have 
     22configured it it may be running as SysV init script or with xinetd or inetd. 
     23Check with the Installation guide.  To start myproxy-server manually as root  
     24run, 
    925 
    10 $ ./siteAServer.sh 
     26$ myproxy-server 
    1127 
    12 and in a separate terminal: 
     282) Edit sessionMgrProperties.xml in this directory and set the hostname element 
     29to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively  
     30set the environment variable MYPROXY_SERVER to the FQDN e.g. 
    1331 
    14 $ ./siteBServer.sh 
     32export MYPROXY_SERVER=myproxyhost.somewhere.uk 
    1533 
    16 Run the unit test script SessionMgrClientTest.py from a separate terminal. 
     343) Edit sessionMgrClientTest.cfg and set the username for the MyProxy account  
     35you wish to test: NDG Security uses MyProxy with a PAM plugin to enable 
     36authentication against an external source such as a user database or a UNIX 
     37system account.  The passphrase field can also be filled, or alternatively if 
     38omitted from the file or commented out it will be prompted for from the 
     39command line.  Both test1Connect and test3ConnectNoCreateServerSess fields 
     40should be set. 
     41  
     423) Two test Attribute Authority services are required.  These can be run from  
     43the Attribute Authority unit test directory.  It's path relative to this  
     44directory is ../attAuthority.   
     45 
     46The Attribute Authorities accept requests from this Session Manager  
     47authenticated based on the MyProxy user credentials used in the unit test 
     48test1Connect.  In order to accept these, the Attribute Authorities must be  
     49configured to trust the MyProxy CA.  This can be done by including the MyProxy 
     50CA certificate in the list of trusted CA files in the respective Attribute  
     51Authority configuration files: 
     52 i) edit 'caCertFileList' element in  
     53 ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the  
     54 MyProxy CA: 
     55 
     56 -8<--------------------------------------------------------------------------- 
     57    <caCertFileList> 
     58        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     59-->     <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     60    </caCertFileList> 
     61 -8<--------------------------------------------------------------------------- 
     62 The exact name of the CA certificate file will be unique to your installation. 
     63 In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit  
     64 ../attAuthority/siteAAttAuthorityProperties.xml and in the same way add a new  
     65 entry for the MyProxy CA certificate. 
     66  
     67 Nb. You can check the MyProxy certificate file independently with OpenSSL: 
     68  
     69 $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text 
     70 
     714) Start the Session Manager test service in this directory but from a separate 
     72terminal: 
     73 
     74$ python ./server.py 
     75 
     765) Run the tests with the command: 
     77 
     78$ python ./SessionMgrClientTest.py 
     79 
     806) To run individual tests give the test method name: 
     81 
     82$ python ./SessionMgrClientTest.py SessionMgrClientTestCase.test1Connect 
     83 
     84Finally, 
     85 * See sessionMgrClientTest.cfg configuration file to change test parameters. 
     86 * See the installation guide for MyProxy trouble shooting information. 
     87 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py

    r3153 r3195  
    2323     
    2424from ndg.security.common.X509 import X509CertParse, X509CertRead 
     25from ndg.security.common.wsSecurity import SignatureHandler as SigHdlr 
     26 
     27from os.path import expandvars as xpdVars 
     28from os.path import join as jnPath 
     29mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 
    2530 
    2631 
     
    5156    def setUp(self): 
    5257         
    53         configParser = SafeConfigParser() 
    54         configParser.read("./sessionMgrClientTest.cfg") 
     58        if 'NDGSEC_INT_DEBUG' in os.environ: 
     59            import pdb 
     60            pdb.set_trace() 
     61         
     62        if 'NDGSEC_SMCLNT_UNITTEST_DIR' not in os.environ: 
     63            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 
     64                os.path.abspath(os.path.dirname(__file__)) 
     65         
     66        self.cfg = SafeConfigParser() 
     67        configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
     68                                "sessionMgrClientTest.cfg") 
     69        self.cfg.read(configFilePath) 
    5570         
    5671        self.cfg = {} 
    5772        for section in configParser.sections(): 
    5873            self.cfg[section] = dict(configParser.items(section)) 
    59  
    60         tracefile = sys.stderr 
    6174 
    6275        try: 
     
    7285        # signature for server reponse 
    7386        try: 
    74             caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split() 
     87            caCertFilePathList = [xpdVars(file) for file in \ 
     88                            self.cfg['setUp']['cacertfilepathlist'].split()] 
    7589        except: 
    7690            caCertFilePathList = [] 
    7791           
    7892        try: 
    79             sslCACertList = [X509CertRead(file) for file in \ 
     93            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
    8094                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
    8195        except KeyError: 
    8296            sslCACertList = [] 
    8397           
    84            
     98        clntCertFilePath = self.cfg['setUp']['clntcertfilepath'] 
     99        clntPriKeyFilePath = self.cfg['setUp']['clntprikeyfilepath'] 
     100         
    85101        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    86102 
    87         # Check certificate types user or standard 
    88         userCertFilePath = self.cfg['setUp'].get('usercertfilepath') 
    89         if userCertFilePath: 
     103        # Set format for certificate(s) to be included in client SOAP messages 
     104        # to enable the Session Manager server to verify messages. 
     105        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    90106            signingCertChain = \ 
    91                         self._getCertChainFromProxyCertFile(userCertFilePath) 
     107                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     108            signingCertFilePath = None 
    92109        else: 
    93110            signingCertChain = None 
     111            signingCertFilePath = clntCertFilePath 
    94112                 
    95113        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
     
    98116        # Omit traceFile keyword to leave out SOAP debug info 
    99117        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'], 
    100                 sslCACertList=sslCACertList, 
    101                 sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
    102                 setSignatureHandler=setSignatureHandler, 
    103                 reqBinSecTokValType=reqBinSecTokValType, 
    104                 signingCertFilePath=self.cfg['setUp'].get('clntcertfilepath'), 
    105                 signingCertChain=signingCertChain, 
    106                 signingPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'], 
    107                 signingPriKeyPwd=clntPriKeyPwd, 
    108                 caCertFilePathList=caCertFilePathList, 
    109                 tracefile=tracefile)  
     118                        sslCACertList=sslCACertList, 
     119                        sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
     120                        setSignatureHandler=setSignatureHandler, 
     121                        reqBinSecTokValType=reqBinSecTokValType, 
     122                        signingCertFilePath=clntCertFilePath, 
     123                        signingCertChain=signingCertChain, 
     124                        signingPriKeyFilePath=clntPriKeyFilePath, 
     125                        signingPriKeyPwd=clntPriKeyPwd, 
     126                        caCertFilePathList=caCertFilePathList, 
     127                        tracefile=sys.stderr)  
    110128         
    111129        self.sessID = None 
     
    119137        a session ID is returned""" 
    120138         
     139        username = self.cfg['test1Connect']['username'] 
     140         
    121141        if self.__class__.test2Passphrase is None: 
    122142            self.__class__.test2Passphrase = \ 
     
    125145        if not self.__class__.test2Passphrase: 
    126146            self.__class__.test2Passphrase = getpass.getpass(\ 
    127                                prompt="\ntest1Connect pass-phrase for user: ") 
     147                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    128148 
    129149        self.userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
     
    132152 
    133153        print "User '%s' connected to Session Manager:\n%s" % \ 
    134             (self.cfg['test1Connect']['username'], self.sessID) 
     154                                                        (username, self.sessID) 
     155             
     156        creds = self.issuingCert or '' + userCert + self.userPriKey 
     157        open(mkPath("user.creds"), "w").write(creds) 
    135158             
    136159             
     
    155178        sessID should be None""" 
    156179 
     180        username = self.cfg['test3ConnectNoCreateServerSess']['username'] 
     181         
    157182        if self.__class__.test3Passphrase is None: 
    158183            self.__class__.test3Passphrase = \ 
     
    160185                 
    161186        if not self.__class__.test3Passphrase: 
     187            prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: " 
    162188            self.__class__.test3Passphrase = getpass.getpass(\ 
    163             prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user: ") 
    164  
     189                                                    prompt=prompt % username) 
     190             
    165191        self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
    166             self.clnt.connect(\ 
    167                       self.cfg['test3ConnectNoCreateServerSess']['username'],  
    168                       passphrase=self.__class__.test3Passphrase, 
    169                       createServerSess=False) 
     192            self.clnt.connect(username,  
     193                              passphrase=self.__class__.test3Passphrase, 
     194                              createServerSess=False) 
    170195         
    171196        # Expect null session ID 
    172197        assert(not sessID) 
    173198           
    174         print "User '%s' connected to Session Manager:\n%s" % \ 
    175                     (self.cfg['test3ConnectNoCreateServerSess']['username'],  
    176                      self.userCert) 
     199        print "User '%s' retrieved creds. from Session Manager:\n%s" % \ 
     200                                                    (username, self.userCert) 
    177201             
    178202 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg

    r3145 r3195  
    1010# $Id:$ 
    1111[setUp] 
    12 #smuri = https://localhost/SessionManager 
    1312smuri = https://localhost:5700/SessionManager 
    1413 
     
    1615# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    1716# same as peer hostname.  
    18 #sslpeercertcn = webSphereTest 
    19 sslcacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 
     17#sslpeercertcn = junk 
     18 
     19# For https only - List of CA certificates to enable this client to verify  
     20# the server's SSL X.509 certificate 
     21sslcacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    2022 
    2123# Set to False to test service without WS-Security signature 
    2224setsignaturehandler = True 
    2325 
    24 # ValueType for BinarySecurityToken element of WSSE header.  Specify 
    25 # 'X509PKIPathv1' for use with user certificates 
     26# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
     27# one which applies or leave as default settings (recommended unless you really 
     28# know what you're doing!) 
     29 
     30# Specifies token is an X.509 certificate 
     31#reqbinsectokvaltype = X509 
     32 
     33# Stipulate X.509 version 3 format 
    2634reqbinsectokvaltype = X509v3 
    27 #reqbinsectokvaltype = X509 
     35 
     36# Specify multiple certificates in a chain of trust.  Use this setting for  
     37# proxy certificates where a certificate chain consisting of user certificate 
     38# and proxy certificate is required to secure trust back to the 
     39# CA: <- User Certificate <- Proxy Certificate 
    2840#reqbinsectokvaltype = X509PKIPathv1 
    2941 
    30 # Test with chain of certificates (as with a proxy cert.) or with standard  
    31 # certs.  Comment out as appropriate 
    32 #certchainfilepath = ./user-cert.pem 
     42# Client certificate - used for unit tests where a user certificate is not  
     43# available.  This applies for initial calls to Session Manager connect and to  
     44# calls where the user is identified by a session id. 
     45# 
     46# if "reqbinsectokvaltype = X509PKIPathv1" above then this certificate is  
     47# expected to contain a certificate chain of consisting of a proxy certificate  
     48# and user certificate that issued it.  The default is  
     49# test.crt, a standard certificate.   
     50# 
     51# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
     52# AttAuthorityClientTest.py to default to the same directory as the script 
     53clntcertfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.crt 
    3354 
    34 # Test without cert. chain 
    35 clntcertfilepath = ./sm-clnt.crt 
    36 clntprikeyfilepath = ./sm-clnt.key 
     55# Client private key 
     56clntprikeyfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.key 
    3757 
    38 # Password protecting client private key - if omitted it will be prompted for 
    39 # from tty 
     58# Set password for private key - leave blank if no password is set or comment  
     59# out to be prompted for it from the command line 
    4060clntprikeypwd =  
    4161 
    4262# Space separated list of CA certificate files used to verify certificate used 
    4363# in message signature 
    44 cacertfilepathlist = ./ca/ndg-test-ca.crt ./ca/cacert.pem 
     64cacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    4565 
    4666[test1Connect]          
    47 username = raphaelTest 
    48 #username = gabriel 
     67username = testuser 
    4968#passphrase = testpassword 
    5069 
    5170[test3ConnectNoCreateServerSess]          
    52 username = raphaelTest 
    53 #username = gabriel 
     71username = testuser 
    5472#passphrase = testpassword 
    5573 
    5674[test6GetAttCertWithSessID] 
    5775aaURI = http://localhost:5000/AttributeAuthority 
    58 acOutFilePath = ac-out.xml 
     76acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 
    5977 
    6078[test6aGetAttCertRefusedWithSessID] 
     
    6785aaURI = http://localhost:5100/AttributeAuthority 
    6886# Use output from test6GetAttCertWithSessID! 
    69 extACFilePath = ac-out.xml 
     87extACFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 
    7088 
    7189[test7GetAttCertWithUserCert] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

    r3145 r3195  
    44    <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
    55    <!--<useSSL>Yes</useSSL>  leave blank to use http --> 
    6     <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</sslCertFile> 
    7     <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</sslKeyFile> 
     6    <sslCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</sslCertFile> 
     7    <sslKeyFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</sslKeyFile> 
    88    <!--  
    99    Directory containing CA cert.s to verify SSL peer cert against  
    1010     - ignored if useSSL is blank  
    1111    --> 
    12     <sslCACertDir>$NDGSEC_SM_UNITTEST_DIR/ca</sslCACertDir> 
     12    <sslCACertDir>$NDGSEC_SMCLNT_UNITTEST_DIR/ca</sslCACertDir> 
    1313    <!-- 
    1414    PKI settings for WS-Security signature of outbound SOAP messages 
     
    2323    --> 
    2424    <caCertFileList> 
    25         <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    26         <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     25        <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    2726    </caCertFileList> 
    28     <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 
    29     <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 
     27    <certFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</certFile> 
     28    <keyFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</keyFile> 
    3029    <keyPwd/> 
    3130    <!--  
     
    6766                but the settings can be independent of any Globus installation 
    6867                --> 
    69                 <openSSLConfFilePath>$NDGSEC_SM_UNITTEST_DIR/openssl.conf</openSSLConfFilePath> 
     68                <openSSLConfFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/openssl.conf</openSSLConfFilePath> 
    7069                <tmpDir>/tmp</tmpDir> 
    7170                <!--  
     
    7978                --> 
    8079                <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds --> 
    81                 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     80                <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    8281        </myProxyProp> 
    8382        <simpleCACltProp> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/README

    r3126 r3195  
     1WS-Security Module Unit tests 
     2============================= 
    13This is adapted from the ZSI Echo service sample code.  To run: 
    24 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/client/echoClientTest.cfg

    r3165 r3195  
    99[setUp] 
    1010uri = http://localhost:7000/Echo 
    11 signingPriKeyFilePath = ./clnt.key 
     11signingPriKeyFilePath = $NDGSEC_WSSECLNT_UNITTEST_DIR/clnt.key 
    1212signingPriKeyPwd =  
    13 signingCertFilePath = ./clnt.crt 
    14 caCertFilePathList = ./ndg-test-ca.crt 
     13signingCertFilePath = $NDGSEC_WSSECLNT_UNITTEST_DIR/clnt.crt 
     14caCertFilePathList = $NDGSEC_WSSECLNT_UNITTEST_DIR/ndg-test-ca.crt 
    1515 
    1616[test1Echo] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/client/echoClientTest.py

    r3124 r3195  
    1515from ndg.security.common import wsSecurity 
    1616 
     17from os.path import expandvars as xpdVars 
     18from os.path import join as jnPath 
     19mkPath = lambda file: jnPath(os.environ['NDGSEC_WSSECLNT_UNITTEST_DIR'], file) 
     20 
    1721class EchoClientTestCase(unittest.TestCase): 
    1822     
    1923    def setUp(self): 
     24        if 'NDGSEC_INT_DEBUG' in os.environ: 
     25            import pdb 
     26            pdb.set_trace() 
    2027         
     28        if 'NDGSEC_WSSECLNT_UNITTEST_DIR' not in os.environ: 
     29            os.environ['NDGSEC_WSSECLNT_UNITTEST_DIR'] = \ 
     30                os.path.abspath(os.path.dirname(__file__)) 
     31         
     32        configFilePath = jnPath(os.environ['NDGSEC_WSSECLNT_UNITTEST_DIR'], 
     33                                "echoClientTest.cfg") 
    2134        self.cfg = SafeConfigParser() 
    22         self.cfg.read("./echoClientTest.cfg") 
     35        self.cfg.read(configFilePath) 
    2336        uri = self.cfg.get('setUp', 'uri') 
    24         signingPriKeyFilePath = self.cfg.get('setUp', 'signingPriKeyFilePath') 
     37        signingPriKeyFilePath = \ 
     38                        xpdVars(self.cfg.get('setUp', 'signingPriKeyFilePath')) 
    2539        signingPriKeyPwd = self.cfg.get('setUp', 'signingPriKeyPwd') 
    26         signingCertFilePath = self.cfg.get('setUp', 'signingCertFilePath') 
    27         caCertFilePathList = self.cfg.get('setUp',  
    28                                           'caCertFilePathList').split() 
     40        signingCertFilePath = \ 
     41                        xpdVars(self.cfg.get('setUp', 'signingCertFilePath')) 
     42        caCertFilePathList = [xpdVars(file) for file in \ 
     43                              self.cfg.get('setUp',  
     44                                          'caCertFilePathList').split()] 
    2945         
    3046        # Signature handler object is passed to binding 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/echoServer.cfg

    r3165 r3195  
    1111port = 7000 
    1212path = /Echo 
    13 signingPriKeyFilePath = ./server.key 
     13signingPriKeyFilePath = $NDGSEC_WSSESRV_UNITTEST_DIR/server.key 
    1414signingPriKeyPwd =  
    15 signingCertFilePath = ./server.crt 
    16 caCertFilePathList = ./ndg-test-ca.crt 
     15signingCertFilePath = $NDGSEC_WSSESRV_UNITTEST_DIR/server.crt 
     16caCertFilePathList = $NDGSEC_WSSESRV_UNITTEST_DIR/ndg-test-ca.crt 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/echoServer.py

    r3165 r3195  
    1717from ndg.security.common import wsSecurity 
    1818 
    19 priKeyPwd = 'JunkJunk' 
    20 certFilePath = './Junk-cert.pem' 
    21 priKeyFilePath = './Junk-key.pem' 
    22 caCertFilePath = './cacert.pem' 
     19from os.path import expandvars as xpdVars 
     20from os.path import join as jnPath 
     21mkPath = lambda file: jnPath(os.environ['NDGSEC_WSSESRV_UNITTEST_DIR'], file) 
     22 
    2323 
    2424class EchoService(_EchoService): 
     
    6565if __name__ == "__main__": 
    6666    # Here we set up the server 
     67         
     68    if 'NDGSEC_WSSESRV_UNITTEST_DIR' not in os.environ: 
     69        os.environ['NDGSEC_WSSESRV_UNITTEST_DIR'] = \ 
     70            os.path.abspath(os.path.dirname(__file__)) 
     71     
     72    configFilePath = jnPath(os.environ['NDGSEC_WSSESRV_UNITTEST_DIR'], 
     73                            "echoServer.cfg") 
    6774    cfg = SafeConfigParser() 
    68     cfg.read("./echoServer.cfg") 
     75    cfg.read(configFilePath) 
    6976     
    7077    hostname = cfg.get('setUp', 'hostname') 
     
    7279    path = cfg.get('setUp', 'path') 
    7380     
    74     signingPriKeyFilePath = cfg.get('setUp', 'signingPriKeyFilePath') 
    75     signingPriKeyPwd = cfg.get('setUp', 'signingPriKeyPwd') 
    76     signingCertFilePath = cfg.get('setUp', 'signingCertFilePath') 
    77     caCertFilePathList = cfg.get('setUp', 'caCertFilePathList').split() 
     81    signingPriKeyFilePath = xpdVars(cfg.get('setUp', 'signingPriKeyFilePath')) 
     82    signingPriKeyPwd = xpdVars(cfg.get('setUp', 'signingPriKeyPwd')) 
     83    signingCertFilePath = xpdVars(cfg.get('setUp', 'signingCertFilePath')) 
     84    caCertFilePathList = [xpdVars(file) for file in \ 
     85                          cfg.get('setUp', 'caCertFilePathList').split()] 
    7886 
    7987    serviceContainer = ServiceContainer((hostname, port))    
     
    8290    echo = EchoService(tracefile=sys.stdout) 
    8391    echo.signatureHandler = wsSecurity.SignatureHandler(\ 
    84                                     signingCertFilePath=signingCertFilePath, 
    85                                     signingPriKeyFilePath=signingPriKeyFilePath, 
    86                                     signingPriKeyPwd=signingPriKeyPwd, 
    87                                     caCertFilePathList=caCertFilePathList) 
     92                                signingCertFilePath=signingCertFilePath, 
     93                                signingPriKeyFilePath=signingPriKeyFilePath, 
     94                                signingPriKeyPwd=signingPriKeyPwd, 
     95                                caCertFilePathList=caCertFilePathList) 
    8896 
    8997    serviceContainer.setNode(echo, url=path) 
Note: See TracChangeset for help on using the changeset viewer.