Changeset 3199 for TI12-security


Ignore:
Timestamp:
11/01/08 10:29:10 (12 years ago)
Author:
pjkersha
Message:

Fixes to unit tests ready for OMII-UK first software drop.

security/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
security/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml: include comment about addition of CA certs from other trusted NDG sites.

security/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg: fix file paths - ref by $NDGSEC_ATTCERT_UNITTEST_DIR env var

security/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py: some file paths not having $NDGSEC_ATTCERT_UNITTEST_DIR expanded correctly

security/python/ndg.security.test/ndg/security/test/sessionMgr/README,
security/python/ndg.security.test/ndg/security/test/sessionMgrClient/README: fix instructions for including CA cert from MyProxy? CA.

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py:

  • fix for some file paths - env var not expanded
  • fix test1Connect writing of user.creds - ensure new lines between concatenated certs. and private key content

security/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml: add instructions for adding MyProxy? CA cert into caCertFileList elem.

security/python/ndg.security.test/ndg/security/test/XMLSecDoc/README: missed out before

security/python/ndg.security.test/setup.py: fixes for missing package data for various tests.

Location:
TI12-security/trunk/python
Files:
1 added
10 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml

    r3135 r3199  
    2525    <keyFile>$NDGSEC_DIR/conf/certs/aa-key.pem</keyFile> 
    2626    <keyPwd></keyPwd> 
     27    <!--  
     28    CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     29    and Attribute Certificates. 
     30     
     31    The CA certificates of other NDG trusted sites should go here. 
     32    --> 
    2733    <caCertFileList> 
    2834        <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml

    r3145 r3199  
    2828    <!--  
    2929    CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    30     SSL connections and Attribute Certificates 
     30    and Attribute Certificates. 
     31     
     32    The CA certificates of other NDG trusted sites should go here. 
    3133    --> 
    3234    <caCertFileList> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py

    r3178 r3199  
    226226        '''test12IsValid: check signature of XML document'''             
    227227        self.test11Read() 
    228         self.attCert.certFilePathList = \ 
    229                     self.cfg['test12IsValid']['certfilepathlist'].split() 
     228        self.attCert.certFilePathList = [xpdVars(file) for file in \ 
     229                    self.cfg['test12IsValid']['certfilepathlist'].split()] 
    230230        self.attCert.isValid(raiseExcep=True) 
    231231        print 'test12IsValid: passed' 
     
    238238        self.test6aSet()     
    239239         
    240         self.attCert.certFilePathList = \ 
    241             self.cfg['test13IsValidStressTest']['certfilepathlist'].split() 
     240        self.attCert.certFilePathList = [xpdVars(file) for file in \ 
     241            self.cfg['test13IsValidStressTest']['certfilepathlist'].split()] 
    242242        self.attCert.signingKeyFilePath = \ 
    243243                        xpdVars(self.cfg['test13IsValidStressTest']['keyfile']) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/ac.xml

    r3178 r3199  
    99        <userId>/O=NDG/OU=BADC/CN=pjkershaw</userId> 
    1010        <validity> 
    11             <notBefore>2008 01 04 15 45 58</notBefore>  
    12             <notAfter>2008 01 04 23 45 58</notAfter>  
     11            <notBefore>2008 01 10 15 26 32</notBefore>  
     12            <notAfter>2008 01 10 23 26 32</notAfter>  
    1313        </validity> 
    1414        <attributes> 
     
    2727        <provenance>original</provenance>  
    2828    </acInfo> 
    29 <ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>b9+0xXj/zAUBcFXtai4zryJ2ZZ4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lxaiZbOMjsGwmIPkY2kO6YArGkhWUInJDy/QXRSMTXTioUfSNWqcfmsIME3ZatR5gYAOfjo4rEt+ 
    30 sV5YwE9T6Q2T+j7WkTRMez+gLu8kDQwPSZMWHcNAzyf50H2xBTbnOXrf1mS6No25JNMtPrvX7+2+ 
    31 hYe+c3o62HyDUwu2rNWGudwTfCaYydBrdv/64jhQYQDInM5cOnJl6Azb8XkH0YwOVn1QQSt+xDVN 
    32 1u2Pws0Bo1piK91hDmqizpmy/fFnSFCT71zrvpB7D6EV6a9SMSogVhcXq/rRMQl2j/lyMZcnoWHC 
    33 2aFcQ0u+0Rg5X9j6nFkmzIom+Gd5S1HAbM0f4g==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     29<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>srClFxmtD9f6gOox0fewjJ+5VBg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Djy+IKg94DRZSmzbYD1CIudKzoiOKOVMxOQOF6un5+N1jgormdEUbS0FwiHBgCl2QgF59MuBPNHM 
     30YtCOyuJX29+mIHlXATcMDZb7i62uXYKsIzBHDkN6wWlVaYlJvGFCmtWpJcSFpKlHigLfeO8GXEEg 
     31A8iHfaoj9G/YMvxwL9WrxmrFOOq//kBeCPUyRBhwlmFf6ZRAEP/O/wh9BfBQZ0J99G8WETwpEznI 
     32Ui20MJG7jjHmUD4GnK/h7MsajvrH9m48HHp/f9uVaAjGWJHTnDpVWBH4ueBGnsIsiyZHSgUz37pa 
     330FFB01OjNTeuS+OZ/4V/IScIWQrBFcDA6tOVkw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    3434MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
    3535N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg

    r3175 r3199  
    1010 
    1111[test9Sign] 
    12 certFile: ./test.crt 
    13 keyFile: ./test.key 
    14 filePath: ./ac-signed.xml 
     12certFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 
     13keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
     14filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac-signed.xml 
    1515keyPwd: 
    1616 
    1717[test10Write] 
    18 filePath: ./ac.xml 
     18filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac.xml 
    1919 
    2020[test11Read] 
    21 filePath: ./ac.xml 
     21filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac.xml 
    2222 
    2323[test12IsValid] 
    24 certFilePathList: ./ndg-test-ca.crt 
     24certFilePathList: $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 
    2525 
    2626[test13IsValidStressTest] 
    2727# First cert is added to the signature, both certs are used in the  
    2828# verification 
    29 certFilepathlist: ./test.crt ./ndg-test-ca.crt 
    30 keyFile: ./test.key 
     29certFilepathlist: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 
     30keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
    3131keyPwd: 
    3232nruns: 10 
    3333 
    3434[test14IsValidSignature] 
    35 certFilePathList: ./ndg-test-ca.crt 
    36 filePath: ./ac.xml 
     35certFilePathList: $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 
     36filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac.xml 
    3737 
    3838 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/README

    r3192 r3199  
    4141CA certificate in the list of trusted CA files in the respective Attribute  
    4242Authority configuration files: 
     43 i) Copy the CA certificate from your MyProxy host computer to the ca/ sub- 
     44 directory under THIS directory. 
     45  
     46 The file will be located on the MyProxy server as e.g. 
     47  
     48 /etc/grid-security/certificates/abcdef01.0 
     49  
     50 The exact name of the CA certificate file will be unique to your installation. 
     51 In the above, it is "abcdef01.0".    
     52  
    4353 i) edit 'caCertFileList' element in  
    4454 ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the  
     
    4858    <caCertFileList> 
    4959        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    50 -->     <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     60-->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    5161    </caCertFileList> 
    5262 -8<--------------------------------------------------------------------------- 
    5363 The exact name of the CA certificate file will be unique to your installation. 
    5464 In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit  
    55  ../attAuthority/siteAAttAuthorityProperties.xml and in the same way add a new  
     65 ../attAuthority/siteBAttAuthorityProperties.xml and in the same way add a new  
    5666 entry for the MyProxy CA certificate. 
    5767  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/README

    r3196 r3199  
    4747directory is ../attAuthority.   
    4848 
    49 The Attribute Authorities accept requests from this Session Manager  
    50 authenticated based on the MyProxy user credentials used in the unit test 
    51 test1Connect.  In order to accept these, the Attribute Authorities must be  
    52 configured to trust the MyProxy CA.  This can be done by including the MyProxy 
    53 CA certificate in the list of trusted CA files in the respective Attribute  
     49The Attribute Authorities and Session Manager accept client requests 
     50authenticated based on the MyProxy user credentials obtained in the unit test 
     51test1Connect.  In order to accept these, these services must be configured to  
     52trust the MyProxy CA.  This can be done by including the MyProxy CA certificate 
     53in the list of trusted CA files in the respective Session Manager and Attribute 
    5454Authority configuration files: 
    55  i) edit 'caCertFileList' element in  
    56  ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the  
    57  MyProxy CA: 
     55 i) Copy the CA certificate from your MyProxy host computer to the ca/ sub- 
     56 directory under THIS directory. 
     57  
     58 The file will be located on the MyProxy server as e.g. 
     59  
     60 /etc/grid-security/certificates/abcdef01.0 
     61  
     62 The exact name of the CA certificate file will be unique to your installation. 
     63 In the above, it is "abcdef01.0".    
     64  
     65 ii) edit 'caCertFileList' element in sessionManagerProperties.xml and add a  
     66 new entry for the MyProxy CA: 
    5867 
    5968 -8<--------------------------------------------------------------------------- 
    6069    <caCertFileList> 
    6170        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    62 -->     <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     71-->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    6372    </caCertFileList> 
    6473 -8<--------------------------------------------------------------------------- 
    65  The exact name of the CA certificate file will be unique to your installation. 
    66  In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit  
    67  ../attAuthority/siteAAttAuthorityProperties.xml and in the same way add a new  
     74Ammend to the correct setting.  Edit  
     75 ../attAuthority/siteAAttAuthorityProperties.xml and  
     76 ../attAuthority/siteBAttAuthorityProperties.xml in the same way add a new  
    6877 entry for the MyProxy CA certificate. 
    6978  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/SessionMgrClientTest.py

    r3196 r3199  
    154154                                                        (username, self.sessID) 
    155155             
    156         creds = self.issuingCert or '' + self.userCert + self.userPriKey 
     156        creds = '\n'.join(self.issuingCert or '',self.userCert,self.userPriKey) 
    157157        open(mkPath("user.creds"), "w").write(creds) 
    158158             
     
    253253        print "Attribute Certificate:\n%s" % attCert  
    254254        attCert.filePath = \ 
    255             self.cfg['test6GetAttCertWithSessID']['acoutfilepath']  
     255            xpdVars(self.cfg['test6GetAttCertWithSessID']['acoutfilepath'])  
    256256        attCert.write() 
    257257 
     
    304304         
    305305        # Use output from test6GetAttCertWithSessID! 
    306         extACFilePath = \ 
    307     self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath']    
     306        extACFilePath = xpdVars(\ 
     307    self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath']) 
    308308        extAttCert = open(extACFilePath).read() 
    309309         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

    r3196 r3199  
    2424    <caCertFileList> 
    2525        <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     26        <!--  
     27        To also trust certificates issued from your MyProxy CA, replace  
     28        "abcdef01.0" with the unique name for your CA certificate and uncomment 
     29        the following line: 
     30        <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
     31        --> 
    2632    </caCertFileList> 
    2733    <certFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</certFile> 
  • TI12-security/trunk/python/ndg.security.test/setup.py

    r3196 r3199  
    3131                                       'siteA-aa.key', 
    3232                                       'siteB-aa.crt', 
    33                                        'siteB-aa.key' 
     33                                       'siteB-aa.key', 
    3434                                       'README'], 
    3535    'ndg.security.test.attAuthority.ca': ['*.crt'], 
     
    4040                                  'ndg-test-ca.crt', 
    4141                                  'README'], 
    42     'ndg.security.test.ca': ['*.xml', '*.cfg'], 
     42    'ndg.security.test.ca': ['*.xml', '*.cfg', 'README'], 
     43    'ndg.security.test.gatekeeper': ['README'], 
     44    'ndg.security.test.Log': ['README'], 
    4345    'ndg.security.test.myProxy': ['*.xml',  
    4446                                  '*.cfg', 
    4547                                  'user.crt', 
    4648                                  'user.key', 
    47                                   'ndg-test-ca.crt',                                  'openssl.conf',  
     49                                  'ndg-test-ca.crt', 
     50                                  'openssl.conf',  
    4851                                  'Makefile', 
    4952                                  'README'], 
     
    5760                                     'sm.key', 
    5861                                     'user.crt', 
    59                                      'user.key'], 
     62                                     'user.key', 
     63                                     'README'], 
    6064    'ndg.security.test.sessionMgr.ca': ['*.crt'], 
    6165    'ndg.security.test.sessionMgrClient': ['*.xml',  
Note: See TracChangeset for help on using the changeset viewer.