Ignore:
Timestamp:
30/10/08 09:32:02 (12 years ago)
Author:
pjkersha
Message:

Fixes to CredentialWallet?:

  • refactored _getAttCert, _getAATrustedHostInfo and added _getAAHostInfo - fixed capability to query a local AA instance instead of a remote service
  • added ability to configure WS-Security settings via a prefix in the config file in addition to a separate section
  • unittests re-run OK
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWallet.cfg

    r4318 r4397  
    4040# Section in this file from which to retrieve WS-Security settings for  
    4141# digital signature of SOAP messages to Attribute Authorities 
    42 wssCfgSection=WS-Security 
     42#wssCfgSection=WS-Security 
     43wssCfgPrefix=wssecurity 
    4344 
    44 [WS-Security] 
    45 # 
    46 # OUTBOUND MESSAGE CONFIG 
    47  
     45# WS-Security 
    4846# Signature of an outbound message 
    4947 
     
    5149# method will add this to the BinarySecurityToken element of the WSSE header.   
    5250# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    53 signingCertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.crt 
     51wssecurity.signingCertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.crt 
    5452 
    5553# ... or provide file path to PEM encoded private key file 
    56 signingPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.key 
     54wssecurity.signingPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.key 
    5755 
    5856# Password protecting private key.  Leave blank if there is no password. 
    59 signingPriKeyPwd= 
     57wssecurity.signingPriKeyPwd= 
    6058 
    6159# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    6765# binSecTokValType determines whether signingCert or signingCertChain  
    6866# attributes will be used. 
    69 reqBinSecTokValType=X509v3 
     67wssecurity.reqBinSecTokValType=X509v3 
    7068 
    7169# Add a timestamp element to an outbound message 
    72 addTimestamp=True 
     70wssecurity.addTimestamp=True 
    7371 
    7472# For WSSE 1.1 - service returns signature confirmation containing signature  
    7573# value sent by client 
    76 applySignatureConfirmation=True 
     74wssecurity.applySignatureConfirmation=True 
    7775 
    7876# 
     
    8078 
    8179# Provide a space separated list of file paths 
    82 caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt  
     80wssecurity.caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/test_credentialwallet.py

    r4381 r4397  
    2121from ndg.security.common.X509 import X509CertParse 
    2222from ndg.security.common.credentialwallet import CredentialWallet, \ 
    23                                             CredentialWalletAttributeRequestDenied 
     23                                        CredentialWalletAttributeRequestDenied 
    2424 
    2525from os.path import expandvars as xpdVars 
     
    3232 
    3333class CredentialWalletTestCase(unittest.TestCase): 
    34     """Unit test case for ndg.security.common.credentialwallet.CredentialWallet class. 
    35      
     34    """Unit test case for ndg.security.common.credentialwallet.CredentialWallet 
     35    class. 
    3636    """ 
    3737     
     
    173173-----END RSA PRIVATE KEY----- 
    174174""" 
    175         credWallet.createAttributeAuthorityClnt() 
    176175        attCert = credWallet.getAttCert() 
    177176         
     
    185184    def test5GetAttCertRefusedWithUserCert(self): 
    186185         
    187         credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'))     
     186        # Keyword mapFromTrustedHosts overrides any setting in the config file 
     187        # This flag prevents role mapping from a trusted AA and so in this case 
     188        # forces refusal of the request 
     189        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
     190                                      mapFromTrustedHosts=False)     
    188191        credWallet.userX509CertFilePath = self.cfg.get('setUp', 
    189192                                                       'userX509CertFilePath') 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg

    r4320 r4397  
    7171# 
    7272# Module name - the default is an empty stub 
    73 credentialRepository.modName: ndg.security.common.CredWallet 
     73credentialRepository.modName: ndg.security.common.credentialwallet 
    7474 
    7575# Name of class in module to instantiate  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4384 r4397  
    6767        if SessionManagerTestCase.test1Passphrase is None and \ 
    6868           self.cfg.has_option('test1Connect', 'passphrase'): 
    69             SessionManagerTestCase.test1Passphrase = self.cfg.get('test1Connect',  
    70                                                               'passphrase') 
     69            SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
     70                                                                'passphrase') 
    7171         
    7272        if not SessionManagerTestCase.test1Passphrase: 
     
    7878            self.sm.connect(username=username,  
    7979                            passphrase=SessionManagerTestCase.test1Passphrase) 
    80         self.userCert = X509CertParse(userCert) 
    81          
     80#        self.userCert = X509CertParse(userCert) 
     81#         
    8282        print "User '%s' connected to Session Manager:\n%s" % (username,  
    8383                                                               self.sessID) 
    84         creds='\n'.join((self.issuingCert or '', 
    85                          self.userCert.asPEM().strip(), 
    86                          self.userPriKey)) 
    87         open(mkPath("user.creds"), "w").write(creds) 
     84#        creds='\n'.join((self.issuingCert or '', 
     85#                         self.userCert.asPEM().strip(), 
     86#                         self.userPriKey)) 
     87#        open(mkPath("user.creds"), "w").write(creds) 
    8888        print "Finished setting up connection" 
    8989         
     
    9494        if SessionManagerTestCase.test1Passphrase is None and \ 
    9595           self.cfg.has_option('test1Connect', 'passphrase'): 
    96             SessionManagerTestCase.test1Passphrase = self.cfg.get('test1Connect',  
    97                                                               'passphrase') 
     96            SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
     97                                                                'passphrase') 
    9898         
    9999        if not SessionManagerTestCase.test1Passphrase: 
     
    110110         
    111111        print "User '%s' connected to Session Manager:\n%s" % \ 
    112                                                         (username, self.sessID)        
     112                                                        (username, sessID)        
    113113                                   
    114114    def test2Connect2AuthNServiceReturningAUserCert(self): 
     
    117117        if SessionManagerTestCase.test1Passphrase is None and \ 
    118118           self.cfg.has_option('test1Connect', 'passphrase'): 
    119             SessionManagerTestCase.test1Passphrase = self.cfg.get('test1Connect',  
    120                                                               'passphrase') 
     119            SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
     120                                                                'passphrase') 
    121121         
    122122        if not SessionManagerTestCase.test1Passphrase: 
     
    125125 
    126126        print "Connecting to session manager as user: %s..." %username 
    127         userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
     127        userCert, self.userPriKey, self.issuingCert, sessID = \ 
    128128            self.sm.connect(username=username,  
    129129                            passphrase=SessionManagerTestCase.test1Passphrase) 
     
    131131         
    132132        print "User '%s' connected to Session Manager:\n%s" % \ 
    133                                                         (username, self.sessID) 
     133                                                        (username, sessID) 
    134134        creds='\n'.join((self.issuingCert or '', 
    135135                         self.userCert.asPEM().strip(), 
     
    157157 
    158158        if SessionManagerTestCase.test3Passphrase is None and \ 
    159            self.cfg.has_option(section, passphrase): 
     159           self.cfg.has_option(section, 'passphrase'): 
    160160            SessionManagerTestCase.test3Passphrase = self.cfg.get(section,  
    161                                                               'passphrase') 
     161                                                                  'passphrase') 
    162162         
    163163        if not SessionManagerTestCase.test3Passphrase: 
Note: See TracChangeset for help on using the changeset viewer.