Ignore:
Timestamp:
08/10/08 14:05:12 (12 years ago)
Author:
pjkersha
Message:

Updated Session Manager parsing. ConfigFileParsers? can now take '.' delimited option names. '.' delimits subsections e.g. sessionManager.wssecurity.signingCertFilePath for X.509 cert used by WS-Security signature handler for Session Manager.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credwallet/credWallet.cfg

    r4293 r4304  
    1515issuingX509Cert= 
    1616 
    17 # CA certificates for Attribute Certificate signautre validation 
     17# CA certificates for Attribute Certificate signature validation 
    1818caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt 
    1919 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgr.cfg

    r4294 r4304  
    1111# 
    1212[DEFAULT] 
     13# ALL the settings from this point to the Credential Wallet settings heading 
     14# are not actually used in these unit tests because the Session Manager is not 
     15# being run as a service, it's being run as a local instance within the tests. 
     16# The settings are included to ensure that they're correctly parsed by the  
     17# config file reader 
     18 
    1319# the port number the service is to run on - for convenience only may be  
    1420# ignored by web application server container - e.g. Paste - see ini file 
     
    1824useSSL: False 
    1925 
    20 # X.509 certificate for SSL connections - ignored if useSSL is blank  
    21 #sslCertFile: $NDGSEC_SM_UNITTEST_DIR/host.crt 
     26# X.509 certificate for SSL connections - ignored if useSSL is blank - Nb. 
     27sslCertFile: $NDGSEC_SM_UNITTEST_DIR/sm.crt 
    2228 
    2329# Private key file for SSL  - ignored if useSSL is blank  
    24 #sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/host.key 
     30sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/sm.key 
    2531 
    2632# Directory containing CA cert.s to verify SSL peer cert against - ignored if  
     
    4955# Refresh an Attribute Certificate, if an existing one in the wallet has only 
    5056# this length of time left before it expires 
    51 attCertRefreshElapse=7200 
     57credentialWallet.attCertRefreshElapse=7200 
     58 
     59# Settings for Credential Repository plugin 
     60# File path to plugin module - may be left blank if module is included in the  
     61# current PYTHONPATH 
     62#credentialRepository.modFilePath: 
     63 
     64# 
     65# Module name - the default is an empty stub 
     66credentialRepository.modName: ndg.security.common.CredWallet 
     67 
     68# Name of class in module to instantiate  
     69credentialRepository.className: NullCredRepos 
     70 
     71# Optional Properties file argument to Credential Repository class.  This is  
     72# include to enable custom settings to be defined from an external  
     73# configuration file 
     74credentialRepository.propertiesFile: 
     75 
     76 
     77# Authentication service properties  
     78authNService.moduleFilePath:  
     79authNService.moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client 
     80authNService.className: SessionMgrMyProxyClient 
     81authNService.propertiesFile: 
     82 
     83# MyProxy AuthNService Plugin specific settings 
     84# Delete this element and take setting from MYPROXY_SERVER environment  
     85# variable if required 
     86#hostname: localhost 
     87 
     88#  
     89# Delete this element to take default setting 7512 or read  
     90# MYPROXY_SERVER_PORT setting 
     91authNService.port: 7512 
     92 
     93# Useful if hostname and certificate CN don't match correctly.  Globus  
     94# host DN is set to "host/<fqdn: ".  Delete this element and set from  
     95# MYPROXY_SERVER_DN environment variable if prefered 
     96authNService.serverDN: 
     97 
     98# Set "host/" prefix to host cert CN as is default with globus 
     99authNService.serverCNprefix: host/  
     100  
     101# This directory path is used to locate the OpenSSL configuration file 
     102# 
     103# The settings are used to set up the defaults for the Distinguished Name of 
     104# the new proxy cert. issued  
     105#  
     106# GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used 
     107# but the settings can be independent of any Globus installation 
     108authNService.openSSLConfFilePath: $NDGSEC_DIR/conf/openssl.conf 
     109authNService.tmpDir: /tmp 
     110 
     111# Limit on maximum lifetime (in seconds) any proxy certificate can have -  
     112# specified when a certificate is first created by store() method 
     113authNService.proxyCertMaxLifetime: 43200 
     114 
     115# Life time of a proxy certificate (seconds) when issued from the Proxy Server  
     116# with ndg.security.server.MyProxy.getDelegation() method 
     117authNService.proxyCertLifetime: 43200 
     118  
     119# CA certificate applied to verify peer certificate against in 
     120# SSL connection to MyProxy server 
     121authNService.caCertFile: $NDGSEC_DIR/conf/certs/cacert.pem 
    52122 
    53123# 
    54124# SOAP Signature Handler settings 
    55 # Leave blank for NO SOAP signature 
    56 [WS-Security] 
    57125# 
    58126# OUTBOUND MESSAGE CONFIG 
     
    61129# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    62130# values should be delimited by a space 
    63 caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem   
     131wssecurity.caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem   
    64132 
    65133# Signature of an outbound message 
     
    71139 
    72140# PEM encoded cert 
    73 signingCertFilePath: $NDGSEC_DIR/conf/certs/sm-cert.pem 
     141wssecurity.signingCertFilePath: $NDGSEC_DIR/conf/certs/sm-cert.pem 
    74142 
    75143# ... or provide file path to PEM encoded private key file 
    76 signingPriKeyFilePath: $NDGSEC_DIR/conf/certs/sm-key.pem 
     144wssecurity.signingPriKeyFilePath: $NDGSEC_DIR/conf/certs/sm-key.pem 
    77145 
    78146# Password protecting private key.  Leave blank if there is no password. 
    79 signingPriKeyPwd= 
    80  
    81 # Pass a list of certificates ',' separated PEM encoded certs constituting a  
    82 # chain of trust from the certificate used to verifying the signature backward  
    83 # to the CA cert.  The CA cert need not be included.  To use this option,  
    84 # reqBinSecTokValType must be set to the X509PKIPathv1 
    85 signingCertChain= 
     147wssecurity.signingPriKeyPwd= 
    86148 
    87149# Provide a space separated list of file paths 
    88 caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem 
     150wssecurity.caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem 
    89151 
    90152# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    96158# binSecTokValType determines whether signingCert or signingCertChain  
    97159# attributes will be used. 
    98 reqBinSecTokValType: X509v3 
     160wssecurity.reqBinSecTokValType: X509v3 
    99161 
    100162# Add a timestamp element to an outbound message 
    101 addTimestamp: True 
     163wssecurity.addTimestamp: True 
    102164 
    103165# For WSSE 1.1 - service returns signature confirmation containing signature  
    104166# value sent by client 
    105 applySignatureConfirmation: True 
     167wssecurity.applySignatureConfirmation: True 
    106168 
    107169# Inclusive namespace prefixes - for Exclusive Canonicalisation only 
     
    110172# Inclusive namespace prefixes Canonicalisation of reference elements -  
    111173# space separated list e.g. refC14nInclNS=wsse ds ns1 
    112 refC14nInclNS: 
     174wssecurity.refC14nInclNS: 
    113175 
    114176# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    115177# same format as the above 
    116 signedInfoC14nInclNS: 
     178wssecurity.signedInfoC14nInclNS: 
    117179 
    118180# 
     
    125187 
    126188# ... or provide file path PEM encode cert here 
    127 verifyingCertFilePath:  
     189wssecurity.verifyingCertFilePath:  
    128190 
    129  
    130 # authentication service properties  
    131 [authNServiceProp] 
    132 moduleFilePath:  
    133 moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client 
    134 className: SessionMgrMyProxyClient 
    135 propertiesFile: 
    136 # Delete this element and take setting from MYPROXY_SERVER environment  
    137 # variable if required 
    138  
    139 # hostname: localhost 
    140 #  
    141 # Delete this element to take default setting 7512 or read  
    142 # MYPROXY_SERVER_PORT setting 
    143 port: 7512 
    144  
    145 # Useful if hostname and certificate CN don't match correctly.  Globus  
    146 # host DN is set to "host/<fqdn: ".  Delete this element and set from  
    147 # MYPROXY_SERVER_DN environment variable if prefered 
    148 serverDN: 
    149  
    150 # Set "host/" prefix to host cert CN as is default with globus 
    151 serverCNprefix: host/  
    152   
    153 # This directory path is used to locate the OpenSSL configuration file 
    154 # 
    155 # The settings are used to set up the defaults for the Distinguished Name of 
    156 # the new proxy cert. issued  
    157 #  
    158 # GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used 
    159 # but the settings can be independent of any Globus installation 
    160 openSSLConfFilePath: $NDGSEC_DIR/conf/openssl.conf 
    161 tmpDir: /tmp 
    162  
    163 # Limit on maximum lifetime any proxy certificate can have -  
    164 # specified when a certificate is first created by store() method 
    165 proxyCertMaxLifetime: 43200 # in seconds 
    166  
    167 # Life time of a proxy certificate (seconds) when issued from the Proxy Server  
    168 # with ndg.security.server.MyProxy.getDelegation() method 
    169 proxyCertLifetime: 43200 
    170   
    171 # CA certificate applied to verify peer certificate against in 
    172 # SSL connection to MyProxy server 
    173 caCertFile: $NDGSEC_DIR/conf/certs/cacert.pem 
    174  
    175  
    176 # Settings for Credential Repository plugin 
    177 [credReposProp] 
    178 # File path to plugin module - may be left blank if module is included in the  
    179 # current PYTHONPATH 
    180 #modFilePath: 
    181  
    182 # 
    183 # Module name - the default is an empty stub 
    184 modName: ndg.security.common.CredWallet 
    185  
    186 # Name of class in module to instantiate  
    187 className: NullCredRepos 
    188  
    189 # Optional Properties file argument to Credential Repository class.  This is  
    190 # include to enable custom settings to be defined from an external  
    191 # configuration file 
    192 propFile: 
    193  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg

    r4158 r4304  
    1010# $Id:$ 
    1111[setUp] 
    12 propFilePath = $NDGSEC_SM_UNITTEST_DIR/sessionMgrProperties.xml 
     12# Test with INI file - use of XML file likely to be deprecated 
     13#propFilePath = $NDGSEC_SM_UNITTEST_DIR/sessionMgrProperties.xml 
     14propFilePath = $NDGSEC_SM_UNITTEST_DIR/sessionMgr.cfg 
    1315 
    1416[test1Connect] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/test_sessionMgr.py

    r4294 r4304  
    2020import traceback 
    2121 
     22from ndg.security.common.utils.ConfigFileParsers import \ 
     23                                                    CaseSensitiveConfigParser 
    2224from ndg.security.common.X509 import X509CertParse 
    2325from ndg.security.server.SessionMgr import * 
    24 from ndg.security.server.MyProxy import MyProxyClient 
    2526 
    2627from os.path import expandvars as xpdVars 
     
    5051                os.path.abspath(os.path.dirname(__file__)) 
    5152         
    52         self.cfg = SafeConfigParser() 
     53        self.cfg = CaseSensitiveConfigParser() 
    5354        configFilePath = jnPath(os.environ['NDGSEC_SM_UNITTEST_DIR'], 
    5455                                "sessionMgrTest.cfg") 
     
    5758        # Initialise the Session Manager client connection 
    5859        # Omit traceFile keyword to leave out SOAP debug info 
    59         propFilePath = xpdVars(self.cfg.get('setUp', 'propFilePath')) 
    60         self.sm = SessionMgr(propFilePath=propFilePath) 
    61  
    62     def sessionMgrConnect(self): 
     60        self.propFilePath = xpdVars(self.cfg.get('setUp', 'propFilePath')) 
     61#        self.sm = SessionMgr(propFilePath=propFilePath) 
     62 
     63    def test0Init(self): 
     64        sm = SessionMgr(propFilePath=self.propFilePath) 
     65         
     66    def _sessionMgrConnect(self): 
     67        '''Helper method to set up connections''' 
    6368        print "Connecting to session manager..." 
    6469        username = self.cfg.get('test1Connect', 'username') 
    6570        if SessionMgrTestCase.test1Passphrase is None and \ 
    6671           self.cfg.has_option('test1Connect', 'passphrase'): 
    67             SessionMgrTestCase.test1Passphrase = \ 
    68                                     self.cfg.get('test1Connect', 'passphrase') 
     72            SessionMgrTestCase.test1Passphrase = self.cfg.get('test1Connect',  
     73                                                              'passphrase') 
    6974         
    7075        if not SessionMgrTestCase.test1Passphrase: 
    7176            SessionMgrTestCase.test1Passphrase = getpass.getpass(\ 
     77                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
     78 
     79        print "Connecting to session manager as user: %s..." % username 
     80        userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
     81            self.sm.connect(username=username,  
     82                            passphrase=SessionMgrTestCase.test1Passphrase) 
     83        self.userCert = X509CertParse(userCert) 
     84         
     85        print "User '%s' connected to Session Manager:\n%s" % (username,  
     86                                                               self.sessID) 
     87        creds='\n'.join((self.issuingCert or '', 
     88                         self.userCert.asPEM().strip(), 
     89                         self.userPriKey)) 
     90        open(mkPath("user.creds"), "w").write(creds) 
     91        print "Finished setting up connection" 
     92         
     93                                   
     94    def test1Connect(self): 
     95        """test1Connect: make a new session""" 
     96         
     97        username = self.cfg.get('test1Connect', 'username') 
     98        if SessionMgrTestCase.test1Passphrase is None and \ 
     99           self.cfg.has_option('test1Connect', 'passphrase'): 
     100            SessionMgrTestCase.test1Passphrase = self.cfg.get('test1Connect',  
     101                                                              'passphrase') 
     102         
     103        if not SessionMgrTestCase.test1Passphrase: 
     104            SessionMgrTestCase.test1Passphrase = getpass.getpass( 
    72105                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    73106 
     
    84117                         self.userPriKey)) 
    85118        open(mkPath("user.creds"), "w").write(creds) 
    86         print "Finished setting up connection" 
    87          
    88                                    
    89     def test1Connect(self): 
    90         """test1Connect: make a new session""" 
    91          
    92         username = self.cfg.get('test1Connect', 'username') 
    93         if SessionMgrTestCase.test1Passphrase is None and \ 
    94            self.cfg.has_option('test1Connect', 'passphrase'): 
    95             SessionMgrTestCase.test1Passphrase = \ 
    96                                     self.cfg.get('test1Connect', 'passphrase') 
    97          
    98         if not SessionMgrTestCase.test1Passphrase: 
    99             SessionMgrTestCase.test1Passphrase = getpass.getpass(\ 
    100                 prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    101  
    102         print "Connecting to session manager as user: %s..." %username 
    103         userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
    104             self.sm.connect(username=username,  
    105                             passphrase=SessionMgrTestCase.test1Passphrase) 
    106         self.userCert = X509CertParse(userCert) 
    107          
    108         print "User '%s' connected to Session Manager:\n%s" % \ 
    109                                                         (username, self.sessID) 
    110         creds='\n'.join((self.issuingCert or '', 
    111                          self.userCert.asPEM().strip(), 
    112                          self.userPriKey)) 
    113         open(mkPath("user.creds"), "w").write(creds) 
    114119     
    115120             
     
    117122        """test2GetSessionStatus: check a session is alive""" 
    118123         
    119         self.sessionMgrConnect() 
     124        self._sessionMgrConnect() 
    120125        assert self.sm.getSessionStatus(sessID=self.sessID), "Session is dead" 
    121126        print "User connected to Session Manager with sessID=%s" % self.sessID 
     
    129134        """test3ConnectNoCreateServerSess: Connect as a non browser client -  
    130135        sessID should be None""" 
    131  
    132         username = self.cfg.get('test3ConnectNoCreateServerSess', 'username') 
     136        section = 'test3ConnectNoCreateServerSess' 
     137        username = self.cfg.get(section, 'username') 
    133138 
    134139        if SessionMgrTestCase.test3Passphrase is None and \ 
    135            self.cfg.has_option('test3ConnectNoCreateServerSess',  
    136                                'passphrase'): 
    137             SessionMgrTestCase.test3Passphrase = \ 
    138                 self.cfg.get('test3ConnectNoCreateServerSess', 'passphrase') 
     140           self.cfg.has_option(section, passphrase): 
     141            SessionMgrTestCase.test3Passphrase = self.cfg.get(section,  
     142                                                              'passphrase') 
    139143         
    140144        if not SessionMgrTestCase.test3Passphrase: 
    141             SessionMgrTestCase.test3Passphrase = getpass.getpass(\ 
    142         prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: " % \ 
    143             username) 
     145            SessionMgrTestCase.test3Passphrase = getpass.getpass(prompt=\ 
     146                                            "\ntest3ConnectNoCreateServerSess " 
     147                                            "pass-phrase for user %s: " %  
     148                                            username) 
    144149 
    145150        self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
     
    151156        assert not sessID, "Expecting a null session ID!" 
    152157           
    153         print "User '%s' retrieved creds. from Session Manager:\n%s" % \ 
    154                                                     (username, self.userCert) 
     158        print("User '%s' retrieved creds. from Session Manager:\n%s" %  
     159                                                    (username, self.userCert)) 
    155160             
    156161 
    157162    def test4DisconnectWithSessID(self): 
    158         """test4DisconnectWithSessID: disconnect as if acting as a browser client  
     163        """test4DisconnectWithSessID: disconnect as if acting as a browser  
     164        client  
    159165        """ 
    160166         
    161         self.sessionMgrConnect()         
     167        self._sessionMgrConnect()         
    162168        self.sm.deleteUserSession(sessID=self.sessID) 
    163169         
     
    169175        """ 
    170176         
    171         self.sessionMgrConnect() 
     177        self._sessionMgrConnect() 
    172178         
    173179        # Proxy cert in signature determines ID of session to 
     
    181187        a session ID as authentication credential""" 
    182188 
    183         self.sessionMgrConnect() 
    184          
     189        self._sessionMgrConnect() 
     190         
     191        section = 'test6GetAttCertWithSessID' 
    185192        attCert, errMsg, extAttCertList = self.sm.getAttCert(\ 
    186             sessID=self.sessID,  
    187             aaURI=self.cfg.get('test6GetAttCertWithSessID', 'aauri')) 
     193                                        sessID=self.sessID,  
     194                                        aaURI=self.cfg.get(section, 'aaURI')) 
    188195        if errMsg: 
    189196            self.fail(errMsg) 
    190197             
    191198        print "Attribute Certificate:\n%s" % attCert  
    192         attCert.filePath = \ 
    193             xpdVars(self.cfg.get('test6GetAttCertWithSessID', 'acoutfilepath'))  
     199        attCert.filePath = xpdVars(self.cfg.get(section, 'acoutfilepath'))  
    194200        attCert.write() 
    195201         
     
    202208        Attribute Authority where the user is NOT registered""" 
    203209 
    204         self.sessionMgrConnect() 
    205          
    206         aaURI = self.cfg.get('test6aGetAttCertRefusedWithSessID', 'aauri') 
    207          
    208         attCert, errMsg, extAttCertList = self.sm.getAttCert(sessID=self.sessID,  
    209                                          aaURI=aaURI, 
    210                                          mapFromTrustedHosts=False) 
     210        self._sessionMgrConnect() 
     211         
     212        aaURI = self.cfg.get('test6aGetAttCertRefusedWithSessID', 'aaURI') 
     213         
     214        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,  
     215                                                     aaURI=aaURI, 
     216                                                     mapFromTrustedHosts=False) 
    211217        if errMsg: 
    212218            print "SUCCESS - obtained expected result: %s" % errMsg 
     
    220226        a session ID as authentication credential""" 
    221227 
    222         self.sessionMgrConnect() 
     228        self._sessionMgrConnect() 
    223229         
    224230        # Attribute Certificate cached in test 6 can be used to get a mapped 
     
    226232        self.sm = self.test6GetAttCertWithSessID() 
    227233 
    228         aaURI = self.cfg.get('test6bGetMappedAttCertWithSessID', 'aauri') 
     234        aaURI = self.cfg.get('test6bGetMappedAttCertWithSessID', 'aaURI') 
    229235         
    230236        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID, 
     
    241247        a session ID as authentication credential""" 
    242248         
    243         self.sessionMgrConnect() 
    244          
    245         aaURI = \ 
    246             self.cfg.get('test6cGetAttCertWithExtAttCertListWithSessID', 'aauri') 
     249        self._sessionMgrConnect() 
     250        section = 'test6cGetAttCertWithExtAttCertListWithSessID' 
     251        aaURI = self.cfg.get(section, 'aaURI') 
    247252         
    248253        # Use output from test6GetAttCertWithSessID! 
    249         extACFilePath = \ 
    250         xpdVars(self.cfg.get('test6cGetAttCertWithExtAttCertListWithSessID',  
    251                              'extacfilepath'))    
     254        extACFilePath = xpdVars(self.cfg.get(section, 'extACFilePath'))    
    252255        extAttCert = open(extACFilePath).read() 
    253256         
     
    265268        """test7GetAttCertWithUserCert: make an attribute request using 
    266269        a user cert as authentication credential""" 
    267         self.sessionMgrConnect() 
     270        self._sessionMgrConnect() 
    268271 
    269272        # Request an attribute certificate from an Attribute Authority  
    270273        # using the userCert returned from connect() 
    271274         
    272         aaURI = self.cfg.get('test7GetAttCertWithUserCert', 'aauri') 
    273         attCert, errMsg, extAttCertList = self.sm.getAttCert(\ 
     275        aaURI = self.cfg.get('test7GetAttCertWithUserCert', 'aaURI') 
     276        attCert, errMsg, extAttCertList = self.sm.getAttCert( 
    274277                                     userCert=self.userCert, aaURI=aaURI) 
    275278        if errMsg: 
Note: See TracChangeset for help on using the changeset viewer.