Ignore:
Timestamp:
30/10/08 16:49:30 (12 years ago)
Author:
pjkersha
Message:

ConfigFileParsers?.py: update to the way prefix is handled - if set filter out all params without this prefix
ndg.security.common.logService: removed - old code
SessionManager?: near to completion of refactoring for generic AuthN interface

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/configfileparsers/test_configfileparsers.py

    r4319 r4401  
    7070        print "properties ..." 
    7171        print prop 
    72         print "prop['test2INIPropertyFile']['attributeAuthority']['name']=%s"%\ 
    73             prop['test2INIPropertyFile']['attributeAuthority']['name'] 
     72        print("prop['test2INIPropertyFile']['name']=%s"% 
     73                                        prop['test2INIPropertyFile']['name']) 
    7474             
    75         print("prop['test2INIPropertyFile']['attributeAuthority']['useSSL']" 
    76               "=%s" % prop['test2INIPropertyFile']['attributeAuthority'] 
    77               ['useSSL']) 
    78         print("prop['test2INIPropertyFile']['attributeAuthority']" 
    79               "['attCertLifetime']=%s" % prop['test2INIPropertyFile'] 
    80               ['attributeAuthority']['attCertLifetime']) 
     75        print("prop['test2INIPropertyFile']['useSSL']" 
     76              "=%s" % prop['test2INIPropertyFile']['useSSL']) 
     77        print("prop['test2INIPropertyFile']['attCertLifetime']=%s" %  
     78              prop['test2INIPropertyFile']['attCertLifetime']) 
    8179         
    82         assert(isinstance(prop['test2INIPropertyFile']['attributeAuthority'] 
    83                           ['attCertLifetime'], float)) 
     80        assert(isinstance(prop['test2INIPropertyFile']['attCertLifetime'],  
     81                          float)) 
    8482         
    85         assert(isinstance(prop['test2INIPropertyFile']['attributeAuthority'] 
    86                           ['useSSL'], bool)) 
     83        assert(isinstance(prop['test2INIPropertyFile']['useSSL'], bool)) 
    8784             
    8885    def test3ReadAndValidateProperties(self): 
     
    110107        assert(prop.keys()==['test3ReadAndValidateProperties']) 
    111108         
    112         assert(prop['test3ReadAndValidateProperties']['sessionManager'] 
    113                ['sslCertFile']) 
    114         assert('credentialWallet' in prop['test3ReadAndValidateProperties'] 
    115                ['sessionManager']) 
     109        assert(prop['test3ReadAndValidateProperties']['sslCertFile']) 
     110        assert('credentialWallet' in prop['test3ReadAndValidateProperties']) 
    116111         
    117112        # attributeAuthorityURI is not present in the config so it should be  
    118113        # set to its default value 
    119         assert(prop['test3ReadAndValidateProperties']['sessionManager'] 
     114        assert(prop['test3ReadAndValidateProperties'] 
    120115            ['credentialWallet']['attributeAuthorityURI']=='A DEFAULT VALUE') 
    121116         
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWallet.cfg

    r4397 r4401  
    4141# digital signature of SOAP messages to Attribute Authorities 
    4242#wssCfgSection=WS-Security 
     43 
     44# ... or put the settings in the same section but prefix them with this prefix 
    4345wssCfgPrefix=wssecurity 
    4446 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg

    r4397 r4401  
    4343credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
    4444 
    45 # Omit Credential Repository and use default NullCredentialRepository.  This 
    46 # setting is expected to tie up with the Session Manager's Credential 
    47 # Repository settings - see elsewhere in this file 
    48 #credentialWallet.credentialRepository= 
    49  
    5045# Allow Get Attribute Certificate calls to try to get a mapped certificate 
    5146# from another organisation trusted by the target Attribute Authority 
     
    6358# ...A section name could also be used. 
    6459#credentialWallet.wssCfgSection= 
     60 
     61# SOAP Signature Handler settings for the Credential Wallet's Attribute  
     62# Authority interface 
     63# 
     64# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     65# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     66# values should be delimited by a space 
     67credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
     68 
     69# Signature of an outbound message 
     70# 
     71# Certificate associated with private key used to sign a message.  The sign  
     72# method will add this to the BinarySecurityToken element of the WSSE header.   
     73# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
     74# As an alternative, use signingCertChain - see below... 
     75 
     76# PEM encoded cert 
     77credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt 
     78 
     79# ... or provide file path to PEM encoded private key file 
     80credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key 
     81 
     82# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     83# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     84# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     85# give full namespace to alternative - see  
     86# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     87# 
     88# binSecTokValType determines whether signingCert or signingCertChain  
     89# attributes will be used. 
     90credentialWallet.wssecurity.reqBinSecTokValType: X509v3 
     91 
     92# Add a timestamp element to an outbound message 
     93credentialWallet.wssecurity.addTimestamp: True 
     94 
     95# For WSSE 1.1 - service returns signature confirmation containing signature  
     96# value sent by client 
     97credentialWallet.wssecurity.applySignatureConfirmation: True 
    6598 
    6699# Settings for Credential Repository plugin 
     
    90123authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
    91124 
    92 # 
    93 # SOAP Signature Handler settings for the Credential Wallet's Attribute  
    94 # Authority interface 
    95 # 
    96 # OUTBOUND MESSAGE CONFIG 
    97125 
    98 # CA Certificates used to verify X.509 certs used in Attribute Certificates. 
    99 # The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    100 # values should be delimited by a space 
    101 wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
    102  
    103 # Signature of an outbound message 
    104  
    105 # Certificate associated with private key used to sign a message.  The sign  
    106 # method will add this to the BinarySecurityToken element of the WSSE header.   
    107 # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    108 # As an alternative, use signingCertChain - see below... 
    109  
    110 # PEM encoded cert 
    111 wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt 
    112  
    113 # ... or provide file path to PEM encoded private key file 
    114 wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key 
    115  
    116 # Password protecting private key.  Leave blank if there is no password. 
    117 wssecurity.signingPriKeyPwd= 
    118  
    119 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    120 # signed message.  See __setReqBinSecTokValType method and binSecTokValType  
    121 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
    122 # give full namespace to alternative - see  
    123 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 
    124 # 
    125 # binSecTokValType determines whether signingCert or signingCertChain  
    126 # attributes will be used. 
    127 wssecurity.reqBinSecTokValType: X509v3 
    128  
    129 # Add a timestamp element to an outbound message 
    130 wssecurity.addTimestamp: True 
    131  
    132 # For WSSE 1.1 - service returns signature confirmation containing signature  
    133 # value sent by client 
    134 wssecurity.applySignatureConfirmation: True 
    135  
    136 # Inclusive namespace prefixes - for Exclusive Canonicalisation only 
    137 # TODO: include option to set C14N algorithm - C14N currently set to Exclusive 
    138  
    139 # Inclusive namespace prefixes Canonicalisation of reference elements -  
    140 # space separated list e.g. refC14nInclNS=wsse ds ns1 
    141 wssecurity.refC14nInclNS: 
    142  
    143 # Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    144 # same format as the above 
    145 wssecurity.signedInfoC14nInclNS: 
    146  
    147 # 
    148 # INBOUND MESSAGE CONFIG 
    149  
    150 # X.509 certificate used by verify method to verify a message.  This argument  
    151 # can be omitted if the message to be verified contains the X.509 certificate  
    152 # in the BinarySecurityToken element.  In this case, the cert read from the 
    153 # message will be assigned to the verifyingCert attribute. 
    154  
    155 # ... or provide file path PEM encode cert here 
    156 wssecurity.verifyingCertFilePath:  
    157  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgrTest.cfg

    r4318 r4401  
    99# 
    1010# $Id:$ 
     11[DEFAULT] 
     12# For connect calls used to setup some of the unit tests 
     13username = testuser 
     14passphrase = testpassword 
     15userX509CertFilePath = $NDGSEC_SM_UNITTEST_DIR/user.crt 
     16userPriKeyFilePath = $NDGSEC_SM_UNITTEST_DIR/user.key 
     17userPriKeyPwd = testpassword 
     18 
    1119[setUp] 
    1220# Test with INI file - use of XML file likely to be deprecated 
     
    2129passphrase = testpassword 
    2230 
    23 [test2GetSessionStatus] 
     31[test2Connect2AuthNServiceReturningAUserCert] 
     32outputCredsFilePath = user.creds 
    2433 
    25 [test3ConnectNoCreateServerSess]          
     34[test4ConnectNoCreateServerSess]          
    2635username = testuser 
    2736passphrase = testpassword 
    2837 
    29 [test6GetAttCertWithSessID] 
     38[test7GetAttCertWithSessID] 
    3039aaURI = http://localhost:4900/AttributeAuthority 
    31 acOutFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml 
     40acOutputFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml 
    3241 
    3342[test6aGetAttCertRefusedWithSessID] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4397 r4401  
    3434 
    3535class SessionManagerTestCase(unittest.TestCase): 
    36     """Unit test case for ndg.security.server.sessionmanager.SessionManager class. 
     36    """Unit test case for ndg.security.server.sessionmanager.SessionManager  
     37    class. 
    3738     
    3839    This class manages server side sessions""" 
    3940     
    40     test1Passphrase = None 
    41     test3Passphrase = None 
     41    passphrase = None 
     42    test4Passphrase = None 
    4243     
    4344    def setUp(self): 
     
    6162        self.sm = SessionManager(propFilePath=self.propFilePath) 
    6263 
    63     def _sessionMgrConnect(self): 
     64    def _connect(self): 
    6465        '''Helper method to set up connections''' 
    6566        print "Connecting to session manager..." 
     67        section = 'DEFAULT' 
     68         
     69        username = self.cfg.get(section, 'username') 
     70        if SessionManagerTestCase.passphrase is None and \ 
     71           self.cfg.has_option(section, 'passphrase'): 
     72            SessionManagerTestCase.passphrase=self.cfg.get(section, 
     73                                                           'passphrase') 
     74         
     75        if not SessionManagerTestCase.passphrase: 
     76            SessionManagerTestCase.passphrase = getpass.getpass( 
     77                            prompt="\nPass-phrase for user %s: " % username) 
     78 
     79        print("Connecting to session manager as user: %s..." % username) 
     80        userX509Cert, userPriKey, issuingCert, self.sessID = \ 
     81            self.sm.connect(username=username,  
     82                            passphrase=SessionManagerTestCase.passphrase) 
     83 
     84        print("User '%s' connected to Session Manager:\n%s" % (username,  
     85                                                               self.sessID)) 
     86        print("Finished setting up connection") 
     87 
     88    def _connect2UserCertAuthNService(self): 
     89        '''Same as _connect but Session Manager is using an Authentication  
     90        Service that returns PKI credentials i.e. like MyProxy''' 
     91         
     92        section = 'DEFAULT' 
     93 
     94        print("Connecting to session manager with AuthN service returning " 
     95              "PKI creds...") 
     96                
     97        # Change to alternative authentication service 
     98        userX509CertFilePath = self.cfg.get(section, 'userX509CertFilePath') 
     99        userPriKeyFilePath = self.cfg.get(section, 'userPriKeyFilePath') 
     100        userPriKeyPwd = self.cfg.get(section, 'userPriKeyPwd') 
     101                                           
     102        self.sm['authNService'] = { 
     103            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
     104            'moduleName': 'usercertauthn', 
     105            'className': 'UserCertAuthN', 
     106            'userX509CertFilePath': userX509CertFilePath, 
     107            'userPriKeyFilePath': userPriKeyFilePath 
     108        } 
     109 
     110        self.sm.initAuthNService() 
     111         
     112        username = self.cfg.get(section, 'username') 
     113        if SessionManagerTestCase.passphrase is None and \ 
     114           self.cfg.has_option(section, 'passphrase'): 
     115            SessionManagerTestCase.passphrase=self.cfg.get(section,  
     116                                                           'passphrase') 
     117         
     118        if not SessionManagerTestCase.passphrase: 
     119            SessionManagerTestCase.passphrase = getpass.getpass(\ 
     120                prompt="\nPass-phrase for user %s: " % username) 
     121 
     122        print("Connecting to session manager as user: %s..." % username) 
     123        userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
     124            self.sm.connect(username=username,  
     125                            passphrase=SessionManagerTestCase.passphrase) 
     126        self.userX509Cert = X509CertParse(userX509Cert) 
     127         
     128        print("User '%s' connected to Session Manager:\n%s" % (username,  
     129                                                               self.sessID)) 
     130        print("Finished setting up connection") 
     131    
     132    def test1Connect2AuthNServiceWithNoUserCertReturned(self): 
     133         
    66134        username = self.cfg.get('test1Connect', 'username') 
    67         if SessionManagerTestCase.test1Passphrase is None and \ 
     135        if SessionManagerTestCase.passphrase is None and \ 
    68136           self.cfg.has_option('test1Connect', 'passphrase'): 
    69             SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
     137            SessionManagerTestCase.passphrase=self.cfg.get('test1Connect',  
    70138                                                                'passphrase') 
    71139         
    72         if not SessionManagerTestCase.test1Passphrase: 
    73             SessionManagerTestCase.test1Passphrase = getpass.getpass(\ 
     140        if not SessionManagerTestCase.passphrase: 
     141            SessionManagerTestCase.passphrase = getpass.getpass( 
    74142                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    75143 
    76         print "Connecting to session manager as user: %s..." % username 
    77         userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
    78             self.sm.connect(username=username,  
    79                             passphrase=SessionManagerTestCase.test1Passphrase) 
    80 #        self.userCert = X509CertParse(userCert) 
    81 #         
    82         print "User '%s' connected to Session Manager:\n%s" % (username,  
    83                                                                self.sessID) 
    84 #        creds='\n'.join((self.issuingCert or '', 
    85 #                         self.userCert.asPEM().strip(), 
    86 #                         self.userPriKey)) 
    87 #        open(mkPath("user.creds"), "w").write(creds) 
    88         print "Finished setting up connection" 
    89          
    90                                    
    91     def test1Connect2AuthNServiceWithNoUserCertReturned(self): 
    92          
    93         username = self.cfg.get('test1Connect', 'username') 
    94         if SessionManagerTestCase.test1Passphrase is None and \ 
    95            self.cfg.has_option('test1Connect', 'passphrase'): 
    96             SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
    97                                                                 'passphrase') 
    98          
    99         if not SessionManagerTestCase.test1Passphrase: 
    100             SessionManagerTestCase.test1Passphrase = getpass.getpass( 
    101                 prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    102  
    103144        print "Connecting to session manager as user: %s..." %username 
    104         userCert, userPriKey, issuingCert, sessID = self.sm.connect( 
    105                             username=username,  
    106                             passphrase=SessionManagerTestCase.test1Passphrase) 
    107         assert(userCert is None) 
     145        userX509Cert, userPriKey, issuingCert, sessID = self.sm.connect( 
     146                                username=username,  
     147                                passphrase=SessionManagerTestCase.passphrase) 
     148        assert(userX509Cert is None) 
    108149        assert(userPriKey is None) 
    109150        assert(issuingCert is None) 
     
    114155    def test2Connect2AuthNServiceReturningAUserCert(self): 
    115156         
    116         username = self.cfg.get('test1Connect', 'username') 
    117         if SessionManagerTestCase.test1Passphrase is None and \ 
    118            self.cfg.has_option('test1Connect', 'passphrase'): 
    119             SessionManagerTestCase.test1Passphrase=self.cfg.get('test1Connect',  
    120                                                                 'passphrase') 
    121          
    122         if not SessionManagerTestCase.test1Passphrase: 
    123             SessionManagerTestCase.test1Passphrase = getpass.getpass( 
    124                 prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    125  
    126         print "Connecting to session manager as user: %s..." %username 
    127         userCert, self.userPriKey, self.issuingCert, sessID = \ 
    128             self.sm.connect(username=username,  
    129                             passphrase=SessionManagerTestCase.test1Passphrase) 
    130         self.userCert = X509CertParse(userCert) 
    131          
    132         print "User '%s' connected to Session Manager:\n%s" % \ 
    133                                                         (username, sessID) 
     157        section = 'test2Connect2AuthNServiceReturningAUserCert' 
     158         
     159        # Change to alternative authentication service 
     160        userX509CertFilePath = self.cfg.get('DEFAULT', 'userX509CertFilePath') 
     161        userPriKeyFilePath = self.cfg.get('DEFAULT', 'userPriKeyFilePath') 
     162        userPriKeyPwd = self.cfg.get('DEFAULT', 'userPriKeyPwd') 
     163        outputCredFilePath = self.cfg.get(section, 'outputCredsFilePath') 
     164                                           
     165        self.sm['authNService'] = { 
     166            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
     167            'moduleName': 'usercertauthn', 
     168            'className': 'UserCertAuthN', 
     169            'userX509CertFilePath': userX509CertFilePath, 
     170            'userPriKeyFilePath': userPriKeyFilePath 
     171        } 
     172 
     173        self.sm.initAuthNService() 
     174         
     175        print("Connecting to session manager...") 
     176        userX509Cert, self.userPriKey, self.issuingCert, sessID = self.sm.connect( 
     177                                                    passphrase=userPriKeyPwd) 
     178        self.userX509Cert = X509CertParse(userX509Cert) 
     179         
     180        print("Connected to Session Manager:\n%s" % sessID) 
    134181        creds='\n'.join((self.issuingCert or '', 
    135                          self.userCert.asPEM().strip(), 
     182                         self.userX509Cert.asPEM().strip(), 
    136183                         self.userPriKey)) 
    137         open(mkPath("user.creds"), "w").write(creds) 
    138      
    139              
    140     def test2GetSessionStatus(self): 
    141         """test2GetSessionStatus: check a session is alive""" 
    142          
    143         self._sessionMgrConnect() 
     184        open(mkPath(outputCredFilePath), "w").write(creds) 
     185     
     186             
     187    def test3GetSessionStatus(self): 
     188        """test3GetSessionStatus: check a session is alive""" 
     189         
     190        self._connect() 
    144191        assert self.sm.getSessionStatus(sessID=self.sessID), "Session is dead" 
    145192        print "User connected to Session Manager with sessID=%s" % self.sessID 
     
    150197        print "CORRECT: sessID=abc doesn't exist" 
    151198         
    152     def test3ConnectNoCreateServerSess(self): 
    153         """test3ConnectNoCreateServerSess: Connect as a non browser client -  
    154         sessID should be None""" 
    155         section = 'test3ConnectNoCreateServerSess' 
     199    def test4ConnectNoCreateServerSess(self): 
     200        """test4ConnectNoCreateServerSess: Connect to retrieve credentials 
     201        only - no session is created.  This makes sense only for an AuthN 
     202        Service that returns user credentials""" 
     203        section = 'test4ConnectNoCreateServerSess' 
     204         
     205        # Change to alternative authentication service 
     206        userX509CertFilePath = self.cfg.get('DEFAULT', 'userX509CertFilePath') 
     207        userPriKeyFilePath = self.cfg.get('DEFAULT', 'userPriKeyFilePath') 
     208        userPriKeyPwd = self.cfg.get('DEFAULT', 'userPriKeyPwd') 
     209                                           
     210        self.sm['authNService'] = { 
     211            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
     212            'moduleName': 'usercertauthn', 
     213            'className': 'UserCertAuthN', 
     214            'userX509CertFilePath': userX509CertFilePath, 
     215            'userPriKeyFilePath': userPriKeyFilePath 
     216        } 
     217 
     218        self.sm.initAuthNService() 
     219         
     220         
    156221        username = self.cfg.get(section, 'username') 
    157222 
    158         if SessionManagerTestCase.test3Passphrase is None and \ 
     223        if SessionManagerTestCase.test4Passphrase is None and \ 
    159224           self.cfg.has_option(section, 'passphrase'): 
    160             SessionManagerTestCase.test3Passphrase = self.cfg.get(section,  
     225            SessionManagerTestCase.test4Passphrase = self.cfg.get(section,  
    161226                                                                  'passphrase') 
    162227         
    163         if not SessionManagerTestCase.test3Passphrase: 
    164             SessionManagerTestCase.test3Passphrase = getpass.getpass(prompt=\ 
    165                                             "\ntest3ConnectNoCreateServerSess " 
    166                                             "pass-phrase for user %s: " %  
    167                                             username) 
    168  
    169         self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
     228        if not SessionManagerTestCase.test4Passphrase: 
     229            SessionManagerTestCase.test4Passphrase = getpass.getpass(prompt=\ 
     230                                            "\n%s pass-phrase for user %s: " %  
     231                                            (section, username)) 
     232 
     233        userX509Cert, userPriKey, issuingCert, sessID = \ 
    170234            self.sm.connect(username=username,  
    171                             passphrase=SessionManagerTestCase.test3Passphrase, 
     235                            passphrase=SessionManagerTestCase.test4Passphrase, 
    172236                            createServerSess=False) 
    173237         
     
    176240           
    177241        print("User '%s' retrieved creds. from Session Manager:\n%s" %  
    178                                                     (username, self.userCert)) 
    179              
    180  
    181     def test4DisconnectWithSessID(self): 
    182         """test4DisconnectWithSessID: disconnect as if acting as a browser  
     242                                                    (username, sessID)) 
     243             
     244 
     245    def test5DisconnectWithSessID(self): 
     246        """test5DisconnectWithSessID: disconnect as if acting as a browser  
    183247        client  
    184248        """ 
    185249         
    186         self._sessionMgrConnect()         
     250        self._connect()         
    187251        self.sm.deleteUserSession(sessID=self.sessID) 
    188252         
     
    190254             
    191255 
    192     def test5DisconnectWithUserCert(self): 
    193         """test5DisconnectWithUserCert: Disconnect as a command line client  
     256    def test6DisconnectWithUserCert(self): 
     257        """test5DisconnectWithUserCert: Disconnect based on a user X.509 
     258        cert. credential from an earlier call to connect  
    194259        """ 
    195260         
    196         self._sessionMgrConnect() 
    197          
    198         # Proxy cert in signature determines ID of session to 
    199         # delete 
    200         self.sm.deleteUserSession(userCert=self.userCert) 
    201         print "User disconnected from Session Manager:\n%s" % self.userCert 
    202  
    203  
    204     def test6GetAttCertWithSessID(self): 
    205         """test6GetAttCertWithSessID: make an attribute request using 
     261        self._connect2UserCertAuthNService() 
     262         
     263        # User cert DN determines ID of session to delete 
     264        self.sm.deleteUserSession(userX509Cert=self.userX509Cert) 
     265        print "User disconnected from Session Manager:\n%s" % self.userX509Cert 
     266 
     267 
     268    def test7GetAttCertWithSessID(self): 
     269        """test7GetAttCertWithSessID: make an attribute request using 
    206270        a session ID as authentication credential""" 
    207271 
    208         self._sessionMgrConnect() 
    209          
    210         section = 'test6GetAttCertWithSessID' 
    211         attCert, errMsg, extAttCertList = self.sm.getAttCert(\ 
    212                                         sessID=self.sessID,  
    213                                         aaURI=self.cfg.get(section, 'aaURI')) 
     272        self._connect() 
     273         
     274        section = 'test7GetAttCertWithSessID' 
     275        aaURI = self.cfg.get(section, 'aaURI') 
     276        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,  
     277                                                           aaURI=aaURI) 
    214278        if errMsg: 
    215279            self.fail(errMsg) 
    216280             
    217281        print "Attribute Certificate:\n%s" % attCert  
    218         attCert.filePath = xpdVars(self.cfg.get(section, 'acoutfilepath'))  
     282        attCert.filePath = xpdVars(self.cfg.get(section, 'acOutputFilePath'))  
    219283        attCert.write() 
    220284         
     
    222286 
    223287 
    224     def test6aGetAttCertRefusedWithSessID(self): 
     288    def test8GetAttCertRefusedWithSessID(self): 
    225289        """test6aGetAttCertRefusedWithSessID: make an attribute request using 
    226290        a sessID as authentication credential requesting an AC from an 
    227291        Attribute Authority where the user is NOT registered""" 
    228292 
    229         self._sessionMgrConnect() 
     293        self._connect() 
    230294         
    231295        aaURI = self.cfg.get('test6aGetAttCertRefusedWithSessID', 'aaURI') 
     
    241305 
    242306 
    243     def test6bGetMappedAttCertWithSessID(self): 
     307    def test9GetMappedAttCertWithSessID(self): 
    244308        """test6bGetMappedAttCertWithSessID: make an attribute request using 
    245309        a session ID as authentication credential""" 
    246310 
    247         self._sessionMgrConnect() 
     311        self._connect() 
    248312         
    249313        # Attribute Certificate cached in test 6 can be used to get a mapped 
    250314        # AC for this test ... 
    251         self.sm = self.test6GetAttCertWithSessID() 
     315        self.sm = self.test7GetAttCertWithSessID() 
    252316 
    253317        aaURI = self.cfg.get('test6bGetMappedAttCertWithSessID', 'aaURI') 
     
    266330        a session ID as authentication credential""" 
    267331         
    268         self._sessionMgrConnect() 
     332        self._connect() 
    269333        section = 'test6cGetAttCertWithExtAttCertListWithSessID' 
    270334        aaURI = self.cfg.get(section, 'aaURI') 
     
    287351        """test7GetAttCertWithUserCert: make an attribute request using 
    288352        a user cert as authentication credential""" 
    289         self._sessionMgrConnect() 
     353        self._connect() 
    290354 
    291355        # Request an attribute certificate from an Attribute Authority  
    292         # using the userCert returned from connect() 
     356        # using the userX509Cert returned from connect() 
    293357         
    294358        aaURI = self.cfg.get('test7GetAttCertWithUserCert', 'aaURI') 
    295359        attCert, errMsg, extAttCertList = self.sm.getAttCert( 
    296                                      userCert=self.userCert, aaURI=aaURI) 
     360                                     userX509Cert=self.userX509Cert, aaURI=aaURI) 
    297361        if errMsg: 
    298362            self.fail(errMsg) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/usercertauthn.py

    r4397 r4401  
    2222 
    2323class UserCertAuthN(AbstractAuthNService): 
    24     '''Provide a basic Authentication interface to the Session Manager  
    25     based on username/password entries in a config file''' 
     24    '''Test Authentication interface to the Session Manager  
     25    returning a certificate and private key 
     26     
     27    For use with SessionManager unittests only''' 
    2628     
    2729    def __init__(self, **prop): 
    28         '''Instantiate MyProxy client object taking in settings from the  
    29         properties file''' 
    30         accounts = prop.get('basicAuthN_accounts', []).split() 
    31         self.accounts = dict([tuple(account.split(':')) \ 
    32                               for account in accounts]) 
    33         
     30        '''Instantiate client object from X.509 cert and private key file path 
     31        inputs.  Private key must be none password protected.''' 
     32        self.userX509Cert = open(prop['userX509CertFilePath']).read() 
     33        self.userPriKey = open(prop['userPriKeyFilePath']).read() 
     34         
    3435    def logon(self, username, passphrase): 
    35         '''Implementation of AbstractAuthNService logon for a MyProxy client 
     36        '''Implementation of AbstractAuthNService logon for Session Manager 
     37        unittests.  TEST ONLY - no check is carried out on username/passphrase 
     38        credentials 
     39         
    3640        @type username: basestring 
    3741        @param username: username for account login 
    3842        @type passphrase: basestring 
    3943        @param passphrase: passphrase (or password) for user account 
    40         @rtype: None 
    41         @return: this interface doesn't return any user PKI credentials. 
     44        @rtype: tuple 
     45        @return: user PKI credentials. 
    4246        ''' 
    43         try: 
    44             md5Passwd = hashlib.sha224(passphrase).hexdigest() 
    45         except Exception, e: 
    46             raise AuthNServiceError("%s exception raised making a digest of " 
    47                                     "the input passphrase: %s" % \ 
    48                                     (e.__class__, e)) 
    49  
    50         if self.accounts.get(username) != md5Passwd: 
    51             raise AuthNServiceInvalidCredentials() 
     47         
     48        return self.userX509Cert, self.userPriKey 
Note: See TracChangeset for help on using the changeset viewer.