Changeset 4406

Timestamp:

31/10/08 16:52:34 (11 years ago)

Author:

pjkersha

Message:

• Fix to Session Manager WSDL to allow nillable X.509 cert and ptrivate key return from connect operation
• working session manager client unit tests up to test 4.

Location:

TI12-security/trunk/python

Files:

• Makefile (modified) (1 diff)
• ndg.security.common/ndg/security/common/attributeauthority.py (modified) (2 diffs)
• ndg.security.common/ndg/security/common/credentialwallet.py (modified) (1 diff)
• ndg.security.common/ndg/security/common/sessionmanager.py (modified) (25 diffs)
• ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py (modified) (5 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py (modified) (5 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py (modified) (6 diffs)
• ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl (modified) (3 diffs)
• ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py (modified) (6 diffs)
• ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py (modified) (8 diffs)
• ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg (modified) (3 diffs)
• ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py (modified) (19 diffs)
• ndg.security.test/ndg/security/test/sessionmanagerclient/user.crt (added)
• ndg.security.test/ndg/security/test/sessionmanagerclient/user.key (added)
• ndg.security.test/ndg/security/test/sessionmanagerclient/usercertauthn.py (added)
• ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini (modified) (1 diff)

TI12-security/trunk/python/Makefile

@@ -48 +48 @@
 
 # Make ZSI stubs from Session Manager WSDL
-SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/SessionMgr \
-                                 ./ndg.security.common/ndg/security/common/SessionMgr
+SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/sessionmanager \
+                                 ./ndg.security.common/ndg/security/common/zsi/sessionmanager
 
 sm_zsi_wsdl_stubs:
         @-for dir in ${SM_ZSI_STUB_DIRS}; do \
-                cd $$dir && make && cd ../../../../..; \
+                cd $$dir && make && cd ../../../../../..; \
         done;
 
 # Make ZSI stubs from Attribute Authority WSDL
-AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/AttAuthority \
-                                 ./ndg.security.common/ndg/security/common/AttAuthority
+AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/attributeauthority \
+                                 ./ndg.security.common/ndg/security/common/zsi/attributeauthority
                                  
 aa_zsi_wsdl_stubs:
         @-for dir in ${AA_ZSI_STUB_DIRS}; do \
-                cd $$dir && make && cd ../../../../..; \
+                cd $$dir && make && cd ../../../../../..; \
         done;
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/attributeauthority.py

@@ -22 +22 @@
 __revision__ = "$Id:attributeauthority.py 4373 2008-10-29 09:54:39Z pjkersha $"
 
-__all__ = [
-    'AttributeAuthorityClient',
-    'AttributeAuthorityClientError',
-    'AttributeRequestDenied',
-    'NoTrustedHosts',]
+import logging
+log = logging.getLogger(__name__)
 
 # Determine https http transport
@@ -32 +29 @@
 from ZSI.wstools.Utility import HTTPResponse
 
-from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services import \
-    AttributeAuthorityServiceLocator
+from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services \
+    import AttributeAuthorityServiceLocator
 from ndg.security.common.wssecurity.dom import SignatureHandler
 from ndg.security.common.AttCert import AttCert, AttCertParse
 from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection, HostCheck
 from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection
-
-import logging
-log = logging.getLogger(__name__)
 
 class AttributeAuthorityClientError(Exception):

TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py

@@ -621 +621 @@
                                  "or a valid string")
         
-        self._userPriKeyPwd = userPriKeyPwd
+        # Explicitly convert to string as M2Crypto OpenSSL wrapper fails with
+        # unicode type
+        self._userPriKeyPwd = str(userPriKeyPwd)
 
     def _getUserPriKeyPwd(self):

TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

@@ -13 +13 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id:sessionmanager.py 4373 2008-10-29 09:54:39Z pjkersha $"
-__all__ = ['SessionManager_services', 'SessionManager_services_types']
+
+import logging
+log = logging.getLogger(__name__)
 
 import sys
@@ -30 +32 @@
 from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection
 from ndg.security.common.zsi.sessionmanager.SessionManager_services import \
-                                                    SessionManagerServiceLocator
-
-import logging
-log = logging.getLogger(__name__)
+                                                SessionManagerServiceLocator
 
 
@@ -55 +54 @@
     """Session is invalid"""
 
-class InvalidAttributeAuthorityClientCtx(SessionManagerClientError):
+class InvalidSessionManagerClientCtx(SessionManagerClientError):
     """Attribute Authority ZSI Client is not initialised"""
  
@@ -78 +77 @@
                     ac = AttCertParse(ac)
                 elif not isinstance(ac, AttCert):
-                    raise SessionManagerClientError, \
-                        "Input external Attribute Cert. must be AttCert type"
+                    raise SessionManagerClientError(
+                        "Input external Attribute Cert. must be AttCert type")
                          
                 self.__extAttCertList += [ac]
@@ -95 +94 @@
 
     extAttCertList = property(fget=__getExtAttCertList,
-                              doc="list of candidate Attribute " + \
-                              "Certificates that could be used " + \
-                              "to try to get a mapped certificate " + \
-                              "from the target Attribute Authority")
+                              doc="list of candidate Attribute Certificates "
+                                  "that could be used to try to get a mapped "
+                                  "certificate from the target Attribute "
+                                  "Authority")
 
 
@@ -115 +114 @@
     }
     
-    #_________________________________________________________________________
     def __init__(self, 
                  uri=None, 
@@ -164 +162 @@
         
         if uri:
-            self.__setURI(uri)
-
-        self.__setHTTPProxyHost(httpProxyHost)
-        self.__setNoHttpProxyList(noHttpProxyList)
+            self.uri = uri
+
+        self.httpProxyHost = httpProxyHost
+        self.noHttpProxyList = noHttpProxyList
 
         if sslPeerCertCN:
-            self.__setSSLPeerCertCN(sslPeerCertCN)
+            self.sslPeerCertCN = sslPeerCertCN
         
         if sslCACertList:
-            self.__setSSLCACertList(sslCACertList)
+            self.sslCACertList = sslCACertList
         elif sslCACertFilePathList:
-            self.__setSSLCACertFilePathList(sslCACertFilePathList)
+            self.sslCACertFilePathList = sslCACertFilePathList
 
         # WS-Security Signature handler - set only if any of the keywords were
@@ -193 +191 @@
         
 
-    #_________________________________________________________________________
     def __setURI(self, uri):
         """Set URI for service
@@ -218 +215 @@
             self.__setSSLPeerCertCN(None)
 
-    #_________________________________________________________________________
     def __getURI(self):
         """Get URI for service
@@ -228 +224 @@
 
 
-    #_________________________________________________________________________
     def __setHTTPProxyHost(self, val):
         """Set a HTTP Proxy host overriding any http_proxy environment variable
         setting"""
         if self._transport != ProxyHTTPConnection:
-            log.debug("Ignoring httpProxyHost setting: transport class is " +\
-                     "not ProxyHTTPConnection type")
+            log.debug("Ignoring httpProxyHost setting: transport class is "
+                      "not ProxyHTTPConnection type")
             return
         
@@ -240 +235 @@
 
     httpProxyHost = property(fset=__setHTTPProxyHost, 
-        doc="HTTP Proxy hostname - overrides any http_proxy env var setting")
-
-
-    #_________________________________________________________________________
+                             doc="HTTP Proxy hostname - overrides any "
+                                 "http_proxy env var setting")
+
+
     def __setNoHttpProxyList(self, val):
         """Set to list of hosts for which to ignore the HTTP Proxy setting"""
@@ -254 +249 @@
 
     noHttpProxyList = property(fset=__setNoHttpProxyList, 
-    doc="Set to list of hosts for which to ignore the HTTP Proxy setting")
-    
-
-    #_________________________________________________________________________
+                               doc="Set to list of hosts for which to ignore "
+                                   "the HTTP Proxy setting")
+    
+
     def __setSSLPeerCertCN(self, cn):
         """For use with HTTPS connections only.  Specify the Common
@@ -271 +266 @@
 
     sslPeerCertCN = property(fset=__setSSLPeerCertCN, 
-doc="for https connections, set CN of peer cert if other than peer hostname")
-
-
-    #_________________________________________________________________________
+                             doc="for https connections, set CN of peer cert "
+                                 "if other than peer hostname")
+
+
     def __setSSLCACertList(self, caCertList):
         """For use with HTTPS connections only.  Specify CA certs to one of 
@@ -288 +283 @@
 
     sslCACertList = property(fset=__setSSLCACertList, 
-doc="for https connections, set list of CA certs from which to verify peer cert")
-
-
-    #_________________________________________________________________________
+                             doc="for https connections, set list of CA certs "
+                                 "from which to verify peer cert")
+
+
     def __setSSLCACertFilePathList(self, caCertFilePathList):
         """For use with HTTPS connections only.  Specify CA certs to one of 
@@ -306 +301 @@
 
     sslCACertFilePathList = property(fset=__setSSLCACertFilePathList, 
-                                     doc=\
-"for https connections, set list of CA cert files from which to verify peer cert")
-
-
-    #_________________________________________________________________________
+                                     doc="for https connections, set list of "
+                                     "CA cert files from which to verify peer "
+                                     "cert")
+
+
     def __setSignatureHandler(self, signatureHandler):
         """Set SignatureHandler object property method - set to None to for no
@@ -316 +311 @@
         if signatureHandler is not None and \
            not isinstance(signatureHandler, SignatureHandler):
-            raise AttributeError, \
-    "Signature Handler must be %s type or None for no message security" % \
-        "ndg.security.common.wssecurity.dom.SignatureHandler"
+            raise AttributeError("Signature Handler must be %s type or None "
+                                 "for no message security" %
+                        "ndg.security.common.wssecurity.dom.SignatureHandler")
                             
         self.__signatureHandler = signatureHandler
 
-
-    #_________________________________________________________________________
     def __getSignatureHandler(self):
         "Get SignatureHandler object property method"
@@ -332 +325 @@
                                 doc="SignatureHandler object")
     
-        
-    #_________________________________________________________________________
     def initService(self, uri=None):
         """Set the WS client for the Session Manager"""
@@ -352 +343 @@
                 (self.__uri, e.status, e.reason)
     
-        
-    #_________________________________________________________________________   
     def connect(self,
                 username,
@@ -383 +372 @@
     
         if not self.__srv:
-            raise InvalidAttributeAuthorityClientCtx(\
-                                        "Client binding is not initialised")
+            raise InvalidSessionManagerClientCtx("Client binding is not "
+                                                 "initialised")
         
         if passphrase is None:
@@ -401 +390 @@
         return tuple([isinstance(i,unicode) and str(i) or i for i in res])
     
-        
-    #_________________________________________________________________________   
     def disconnect(self, userCert=None, sessID=None):
         """Delete an existing user session from the Session Manager
@@ -419 +406 @@
     
         if not self.__srv:
-            raise InvalidAttributeAuthorityClientCtx(\
-                                        "Client binding is not initialised")
+            raise InvalidSessionManagerClientCtx("Client binding is not "
+                                                 "initialised")
 
         # Make connection
         self.__srv.disconnect(userCert, sessID)
     
-        
-    #_________________________________________________________________________   
     def getSessionStatus(self, userDN=None, sessID=None):
         """Check for the existence of a session with a given
@@ -444 +429 @@
     
         if not self.__srv:
-            raise InvalidAttributeAuthorityClientCtx(\
-                                        "Client binding is not initialised")
+            raise InvalidSessionManagerClientCtx("Client binding is not "
+                                                 "initialised")
         
         if sessID and userDN:
@@ -458 +443 @@
         return self.__srv.getSessionStatus(userDN, sessID)
 
-    
-    #_________________________________________________________________________ 
     def getAttCert(self,
                    userCert=None,
@@ -527 +510 @@
     
         if not self.__srv:
-            raise InvalidAttributeAuthorityClientCtx(\
-                                        "Client binding is not initialised")
+            raise InvalidSessionManagerClientCtx("Client binding is not "
+                                                 "initialised")
         
         # Make request
@@ -556 +539 @@
         return AttCertParse(attCert)
     
-                                    
-    #_________________________________________________________________________
     def getX509Cert(self):
         """Retrieve the public key of the Session Manager"""
     
         if not self.__srv:
-            raise InvalidAttributeAuthorityClientCtx(\
-                                        "Client binding is not initialised")
+            raise InvalidSessionManagerClientCtx("Client binding is not "
+                                                 "initialised")
         return self.__srv.getX509Cert()
                             

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

@@ -29 +29 @@
         # no ws-addressing
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c0bcc>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bc92c>
     def getAttCert(self, userId,userCert,userAttCert):
 
@@ -46 +46 @@
         return attCert,msg
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c0eec>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bcc4c>
     def getHostInfo(self):
 
@@ -64 +64 @@
         return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6b6c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c38cc>
     def getTrustedHostInfo(self, role):
 
@@ -78 +78 @@
         return trustedHosts
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6d0c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3a6c>
     def getAllHostsInfo(self):
 
@@ -91 +91 @@
         return hosts
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6e8c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3bec>
     def getX509Cert(self):
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py

@@ -29 +29 @@
         # no ws-addressing
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c524c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bef6c>
     def getSessionStatus(self, userDN,sessID):
 
@@ -44 +44 @@
         return isAlive
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c554c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c428c>
     def connect(self, username,passphrase,createServerSess):
 
@@ -57 +57 @@
         # no output wsaction
         response = self.binding.Receive(connectOutputMsg.typecode)
-        userCert = response._userCert
+        userX509Cert = response._userX509Cert
         userPriKey = response._userPriKey
         issuingCert = response._issuingCert
         sessID = response._sessID
-        return userCert,userPriKey,issuingCert,sessID
+        return userX509Cert,userPriKey,issuingCert,sessID
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd26c>
-    def disconnect(self, userCert,sessID):
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c4f8c>
+    def disconnect(self, userX509Cert,sessID):
 
         request = disconnectInputMsg()
-        request._userCert = userCert
+        request._userX509Cert = userX509Cert
         request._sessID = sessID
 
@@ -77 +77 @@
         return 
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd40c>
-    def getAttCert(self, userCert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost):
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc14c>
+    def getAttCert(self, userX509Cert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost):
 
         request = getAttCertInputMsg()
-        request._userCert = userCert
+        request._userX509Cert = userX509Cert
         request._sessID = sessID
         request._attAuthorityURI = attAuthorityURI
@@ -101 +101 @@
         return attCert,msg,extAttCertOut
 
-    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd58c>
+    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc2cc>
     def getX509Cert(self):
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py

@@ -86 +86 @@
         def __init__(self, **kw):
             ns = ns0.connectResponse_Dec.schema
-            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]
+            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]
             kw["pname"] = ("urn:ndg:security:SessionManager","connectResponse")
             kw["aname"] = "_connectResponse"
@@ -96 +96 @@
                 def __init__(self):
                     # pyclass
-                    self._userCert = None
+                    self._userX509Cert = None
                     self._userPriKey = None
                     self._issuingCert = None
@@ -109 +109 @@
         def __init__(self, **kw):
             ns = ns0.disconnect_Dec.schema
-            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]
+            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]
             kw["pname"] = ("urn:ndg:security:SessionManager","disconnect")
             kw["aname"] = "_disconnect"
@@ -119 +119 @@
                 def __init__(self):
                     # pyclass
-                    self._userCert = None
+                    self._userX509Cert = None
                     self._sessID = None
                     return
@@ -149 +149 @@
         def __init__(self, **kw):
             ns = ns0.getAttCert_Dec.schema
-            TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))]
+            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))]
             kw["pname"] = ("urn:ndg:security:SessionManager","getAttCert")
             kw["aname"] = "_getAttCert"
@@ -159 +159 @@
                 def __init__(self):
                     # pyclass
-                    self._userCert = None
+                    self._userX509Cert = None
                     self._sessID = None
                     self._attAuthorityURI = None

TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl

@@ -42 +42 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element name="userCert" type="xsd:string" minOccurs="1" maxOccurs="1"/>
-                    <xsd:element name="userPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+                    <xsd:element name="userPriKey" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="issuingCert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
@@ -53 +53 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element name="userCert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                   </xsd:sequence>
@@ -66 +66 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element name="userCert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
                     <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="1" maxOccurs="1"/>

TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py

@@ -46 +46 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userCert\" type=\"xsd:string\"/>
-                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userPriKey\" type=\"xsd:string\"/>
+                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/>
+                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userPriKey\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"issuingCert\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
@@ -57 +57 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/>
+                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
                   </xsd:sequence>
@@ -70 +70 @@
         <xsd:complexType>
                   <xsd:sequence>
-                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/>
+                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/>
                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"attAuthorityURI\" type=\"xsd:string\"/>
@@ -280 +280 @@
         if hasattr(self,'impl'):
             # Should have a tuple of 4 args
-            result._userCert = parameters[0]
+            result._userX509Cert = parameters[0]
             result._userPriKey = parameters[1]
             result._issuingCert = parameters[2]
@@ -291 +291 @@
     def soap_disconnect(self, ps):
         self.request = ps.Parse(disconnectInputMsg.typecode)
-        parameters = (self.request._userCert, self.request._sessID)
+        parameters = (self.request._userX509Cert, self.request._sessID)
 
         # If we have an implementation object use it
@@ -305 +305 @@
     def soap_getAttCert(self, ps):
         self.request = ps.Parse(getAttCertInputMsg.typecode)
-        parameters = (self.request._userCert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)
+        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)
 
         # If we have an implementation object use it

TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

@@ -18 +18 @@
 from ndg.security.server.zsi.sessionmanager.SessionManager_services_server \
     import SessionManagerService as _SessionManagerService
-
+from ndg.security.common.zsi.sessionmanager.SessionManager_services import \
+    connectInputMsg, disconnectInputMsg, getSessionStatusInputMsg, \
+    getAttCertInputMsg
+    
+    
 from ndg.security.server.sessionmanager import SessionManager
     
@@ -54 +58 @@
             pdb.set_trace()
             
+        request = ps.Parse(connectInputMsg.typecode)    
         response = _SessionManagerService.soap_connect(self, ps)
         
@@ -60 +65 @@
                                  createServerSess=request.CreateServerSess)
                     
-        response.UserCert, response.UserPriKey, response.issuingCert, \
+        response.UserX509Cert, response.UserPriKey, response.issuingCert, \
             response.SessID = result
                  
@@ -76 +81 @@
             import pdb
             pdb.set_trace()
-                        
+           
+        request = ps.Parse(disconnectInputMsg.typecode)             
         response = _SessionManagerService.soap_disconnect(self, ps)
         
@@ -92 +98 @@
             # Get certificate corresponding to private key that signed the
             # message - i.e. the user's proxy
-            userCert = signatureFilter.signatureHandler.verifyingCert
+            userX509Cert = signatureFilter.signatureHandler.verifyingCert
         else:
             # No signature from client - they must instead provide the
-            # designated holder cert via the UserCert input
-            userCert = request.UserCert
-        self.sm.deleteUserSession(sessID=sessID, userCert=userCert)
+            # designated holder cert via the UserX509Cert input
+            userX509Cert = request.UserX509Cert
+        self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert)
         return response
 
@@ -114 +120 @@
             pdb.set_trace()
             
+        request = ps.Parse(getSessionStatusInputMsg.typecode)             
         response = _SessionManagerService.soap_getSessionStatus(self, ps)
         
@@ -134 +141 @@
             pdb.set_trace()
             
+        request = ps.Parse(getAttCertInputMsg.typecode)             
         response = _SessionManagerService.soap_getAttCert(self, ps)
 
@@ -145 +153 @@
             # Get certificate corresponding to private key that signed the
             # message - i.e. the user's proxy
-            userCert = signatureFilter.signatureHandler.verifyingCert
+            userX509Cert = signatureFilter.signatureHandler.verifyingCert
         else:
             # No signature from client - they must instead provide the
-            # designated holder cert via the UserCert input
-            userCert = request.UserCert
+            # designated holder cert via the UserX509Cert input
+            userX509Cert = request.UserX509Cert
 
         
-        # Cert used in signature is prefered over userCert input element - 
-        # userCert may have been omitted.
+        # Cert used in signature is prefered over userX509Cert input element - 
+        # userX509Cert may have been omitted.
         result = self.sm.getAttCert(
-                            userCert=userCert or request.UserCert,
+                            userX509Cert=userX509Cert or request.UserX509Cert,
                             sessID=request.SessID,
                             aaURI=request.AttAuthorityURI,

TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py

@@ -22 +22 @@
 from ndg.security.common.AttCert import AttCertRead
 from ndg.security.common.X509 import X509CertParse, X509CertRead
-from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr
 from ndg.security.common.utils.ConfigFileParsers import \
     CaseSensitiveConfigParser

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

@@ -1 +1 @@
 #!/usr/bin/env python
 """Test harness for NDG Session Manager - makes requests for 
-authentication and authorisation.  Attribute Authority services must be running
-for *AttCert* test methods
+authentication and attribute retrieval.  Attribute Authority services must be 
+running for *AttCert* test methods.  See README in this directory for details
 
 NERC Data Grid Project

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg

@@ -10 +10 @@
 # $Id:$
 [setUp]
-smuri = https://localhost:5700/SessionManager
+uri = http://localhost:5500/SessionManager
 
 # For https connections only.  !Omit ssl* settings if using http!
 # sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the 
 # same as peer hostname. 
-#sslpeercertcn = junk
+#sslPeerCertCN = junk
 
 # For https only - List of CA certificates to enable this client to verify 
 # the server's SSL X.509 certificate
-sslcacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
-
-# Set to False to test service without WS-Security signature
-setsignaturehandler = True
-
-# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
-# one which applies or leave as default settings (recommended unless you really
-# know what you're doing!)
-
-# Specifies token is an X.509 certificate
-#reqbinsectokvaltype = X509
-
-# Stipulate X.509 version 3 format
-reqbinsectokvaltype = X509v3
-
-# Specify multiple certificates in a chain of trust.  Use this setting for 
-# proxy certificates where a certificate chain consisting of user certificate
-# and proxy certificate is required to secure trust back to the
-# CA: <- User Certificate <- Proxy Certificate
-#reqbinsectokvaltype = X509PKIPathv1
-
-# Client certificate - used for unit tests where a user certificate is not 
-# available.  This applies for initial calls to Session Manager connect and to 
-# calls where the user is identified by a session id.
-#
-# if "reqbinsectokvaltype = X509PKIPathv1" above then this certificate is 
-# expected to contain a certificate chain of consisting of a proxy certificate 
-# and user certificate that issued it.  The default is 
-# test.crt, a standard certificate.  
-#
-# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script 
-# AttAuthorityClientTest.py to default to the same directory as the script
-clntcertfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.crt
-
-# Client private key
-clntprikeyfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.key
-
-# Set password for private key - leave blank if no password is set or comment 
-# out to be prompted for it from the command line
-clntprikeypwd = 
-
-# Space separated list of CA certificate files used to verify certificate used
-# in message signature
-cacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
-
-# Inclusive namespaces for Exclusive C14N
-#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1
-#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec
-refC14nInclNS: 
-signedInfoC14nInclNS: 
+sslCACertFilePathList = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
 
 [test1Connect] 
 username = testuser
-#passphrase = testpassword
+passphrase = testpassword
 
 [test3ConnectNoCreateServerSess]         
 username = testuser
-#passphrase = testpassword
+passphrase = testpassword
 
 [test6GetAttCertWithSessID]
@@ -82 +33 @@
 acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml
 
-[test6aGetAttCertRefusedWithSessID]
+[test7GetAttCertRefusedWithSessID]
 aaURI = http://localhost:5100/AttributeAuthority
 
@@ -95 +46 @@
 [test7GetAttCertWithUserCert]
 aaURI = http://localhost:5000/AttributeAuthority
+
+[wsse]
+# WS-Security settings for unit test AA clients
+#
+# OUTBOUND MESSAGE CONFIG
+
+# Signature of an outbound message
+
+# Certificate associated with private key used to sign a message.  The sign 
+# method will add this to the BinarySecurityToken element of the WSSE header.  
+signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.crt
+
+# PEM encoded private key file
+signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.key
+
+# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
+# signed message.  See __setReqBinSecTokValType method and binSecTokValType 
+# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or 
+# give full namespace to alternative - see 
+# ZSI.wstools.Namespaces.OASIS.X509TOKEN
+#
+# binSecTokValType determines whether signingCert or signingCertChain 
+# attributes will be used.
+reqBinSecTokValType=X509v3
+
+# Add a timestamp element to an outbound message
+addTimestamp=True
+
+# For WSSE 1.1 - service returns signature confirmation containing signature 
+# value sent by client
+applySignatureConfirmation=False
+
+#
+# INBOUND MESSAGE CONFIG
+
+# Provide a space separated list of file paths
+caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

@@ -1 +1 @@
 #!/usr/bin/env python
-"""Test harness for NDG Session Manager client - makes requests for 
-authentication and authorisation.  An Attribute Authority and Simple CA
-services must be running for the reqAuthorisation and addUser tests
+"""Test harness for NDG Session Manager SOAP client interface - makes requests 
+for authentication and attribute retrieval.  Test Session Manager and Attribute
+Authority services must be running for *AttCert* tests.  See README in this 
+directory
 
 NERC Data Grid Project
@@ -13 +14 @@
 License, version 1.0 or later."""
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
-__revision__ = '$Id:SessionMgrClientTest.py 4403 2008-10-31 13:41:54Z pjkersha $'
+__revision__ = '$Id$'
 
 import unittest
-import os, sys, getpass, re
-from ConfigParser import SafeConfigParser
+import os
+import sys
+import getpass
+import re
+
+from os.path import expandvars as xpdVars
+from os.path import join as jnPath
+mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file)
 
 from ndg.security.common.sessionmanager import SessionManagerClient, \
@@ -24 +31 @@
 from ndg.security.common.X509 import X509CertParse, X509CertRead
 from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr
-
-from os.path import expandvars as xpdVars
-from os.path import join as jnPath
-mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file)
+from ndg.security.common.utils.ConfigFileParsers import \
+    CaseSensitiveConfigParser
 
 
 class SessionManagerClientTestCase(unittest.TestCase):
+    '''Unit tests for ndg.security.common.sessionmanager.SessionManagerClient
+    - SOAP Session Manager client interface
+    '''
     pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----"
         
@@ -41 +49 @@
         certChainFileTxt = open(certChainFilePath).read()
         
-        pemPatRE = re.compile(self.__class__.pemPat, re.S)
+        pemPatRE = re.compile(SessionManagerClientTestCase.pemPat, re.S)
         x509CertList = pemPatRE.findall(certChainFileTxt)
         
@@ -54 +62 @@
 
 
+#    def setUp(self):
+#        
+#        if 'NDGSEC_INT_DEBUG' in os.environ:
+#            import pdb
+#            pdb.set_trace()
+#        
+#        if 'NDGSEC_SMCLNT_UNITTEST_DIR' not in os.environ:
+#            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \
+#                os.path.abspath(os.path.dirname(__file__))
+#        
+#        configParser = SafeConfigParser()
+#        configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'],
+#                                "sessionMgrClientTest.cfg")
+#        configParser.read(configFilePath)
+#        
+#        self.cfg = {}
+#        for section in configParser.sections():
+#            self.cfg[section] = dict(configParser.items(section))
+#
+#        try:
+#            if self.cfg['setUp'].get('clntprikeypwd') is None:
+#                clntPriKeyPwd = getpass.getpass(\
+#                            prompt="\nsetUp - client private key password: ")
+#            else:
+#                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
+#        except KeyboardInterrupt:
+#            sys.exit(0)
+#
+#        # List of CA certificates for use in validation of certs used in
+#        # signature for server reponse
+#        try:
+#            caCertFilePathList = [xpdVars(file) for file in \
+#                            self.cfg['setUp']['cacertfilepathlist'].split()]
+#        except:
+#            caCertFilePathList = []
+#          
+#        try:
+#            sslCACertList = [X509CertRead(xpdVars(file)) for file in \
+#                         self.cfg['setUp']['sslcacertfilepathlist'].split()]
+#        except KeyError:
+#            sslCACertList = []
+#          
+#        clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath'])
+#        clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath'])
+#        
+#        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype')
+#
+#        # Set format for certificate(s) to be included in client SOAP messages
+#        # to enable the Session Manager server to verify messages.
+#        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]:
+#            signingCertChain = \
+#                        self._getCertChainFromProxyCertFile(clntCertFilePath)
+#            signingCertFilePath = None
+#        else:
+#            signingCertChain = None
+#            signingCertFilePath = clntCertFilePath
+#
+#        # Inclusive namespace prefixes for Exclusive C14N
+#        try:
+#            refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()           
+#        except KeyError:
+#            refC14nInclNS = []
+#
+#        try:
+#            signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()          
+#        except KeyError:
+#            signedInfoC14nInclNS = []
+#                
+#        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler'])
+#            
+#        # Initialise the Session Manager client connection
+#        # Omit traceFile keyword to leave out SOAP debug info
+#        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'],
+#                        sslCACertList=sslCACertList,
+#                        sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'),
+#                        setSignatureHandler=setSignatureHandler,
+#                        reqBinSecTokValType=reqBinSecTokValType,
+#                        signingCertFilePath=clntCertFilePath,
+#                        signingCertChain=signingCertChain,
+#                        signingPriKeyFilePath=clntPriKeyFilePath,
+#                        signingPriKeyPwd=clntPriKeyPwd,
+#                        caCertFilePathList=caCertFilePathList,
+#                        refC14nInclNS=refC14nInclNS,
+#                        signedInfoC14nInclNS=signedInfoC14nInclNS,
+#                        tracefile=sys.stderr) 
+        
     def setUp(self):
-        
+
         if 'NDGSEC_INT_DEBUG' in os.environ:
             import pdb
@@ -63 +157 @@
             os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \
                 os.path.abspath(os.path.dirname(__file__))
-        
-        configParser = SafeConfigParser()
-        configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'],
-                                "sessionMgrClientTest.cfg")
-        configParser.read(configFilePath)
+
+        self.cfgParser = CaseSensitiveConfigParser()
+        cfgFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'],
+                                'sessionMgrClientTest.cfg')
+        self.cfgParser.read(cfgFilePath)
         
         self.cfg = {}
-        for section in configParser.sections():
-            self.cfg[section] = dict(configParser.items(section))
-
-        try:
-            if self.cfg['setUp'].get('clntprikeypwd') is None:
-                clntPriKeyPwd = getpass.getpass(\
-                            prompt="\nsetUp - client private key password: ")
-            else:
-                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd')
-        except KeyboardInterrupt:
-            sys.exit(0)
-
-        # List of CA certificates for use in validation of certs used in
-        # signature for server reponse
-        try:
-            caCertFilePathList = [xpdVars(file) for file in \
-                            self.cfg['setUp']['cacertfilepathlist'].split()]
-        except:
-            caCertFilePathList = []
-          
+        for section in self.cfgParser.sections():
+            self.cfg[section] = dict(self.cfgParser.items(section))
+
         try:
             sslCACertList = [X509CertRead(xpdVars(file)) for file in \
-                         self.cfg['setUp']['sslcacertfilepathlist'].split()]
+                         self.cfg['setUp']['sslCACertFilePathList'].split()]
         except KeyError:
             sslCACertList = []
-          
-        clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath'])
-        clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath'])
-        
-        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype')
-
-        # Set format for certificate(s) to be included in client SOAP messages
-        # to enable the Session Manager server to verify messages.
-        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]:
-            signingCertChain = \
-                        self._getCertChainFromProxyCertFile(clntCertFilePath)
-            signingCertFilePath = None
-        else:
-            signingCertChain = None
-            signingCertFilePath = clntCertFilePath
-
-        # Inclusive namespace prefixes for Exclusive C14N
-        try:
-            refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()           
-        except KeyError:
-            refC14nInclNS = []
-
-        try:
-            signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()          
-        except KeyError:
-            signedInfoC14nInclNS = []
-                
-        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler'])
-            
-        # Initialise the Session Manager client connection
-        # Omit traceFile keyword to leave out SOAP debug info
-        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'],
+            
+        # Instantiate WS proxy
+        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'],
+                        sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'),
                         sslCACertList=sslCACertList,
-                        sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'),
-                        setSignatureHandler=setSignatureHandler,
-                        reqBinSecTokValType=reqBinSecTokValType,
-                        signingCertFilePath=clntCertFilePath,
-                        signingCertChain=signingCertChain,
-                        signingPriKeyFilePath=clntPriKeyFilePath,
-                        signingPriKeyPwd=clntPriKeyPwd,
-                        caCertFilePathList=caCertFilePathList,
-                        refC14nInclNS=refC14nInclNS,
-                        signedInfoC14nInclNS=signedInfoC14nInclNS,
-                        tracefile=sys.stderr) 
-        
+                        cfgFileSection='wsse',
+                        cfg=self.cfgParser)  
+               
         self.sessID = None
-        self.userCert = None
+        self.userX509Cert = None
         self.userPriKey = None
         self.issuingCert = None
@@ -152 +192 @@
         username = self.cfg['test1Connect']['username']
         
-        if self.__class__.test2Passphrase is None:
-            self.__class__.test2Passphrase = \
+        if SessionManagerClientTestCase.test2Passphrase is None:
+            SessionManagerClientTestCase.test2Passphrase = \
                                     self.cfg['test1Connect'].get('passphrase')
         
-        if not self.__class__.test2Passphrase:
-            self.__class__.test2Passphrase = getpass.getpass(\
+        if not SessionManagerClientTestCase.test2Passphrase:
+            SessionManagerClientTestCase.test2Passphrase = getpass.getpass(\
                 prompt="\ntest1Connect pass-phrase for user %s: " % username)
 
-        self.userCert, self.userPriKey, self.issuingCert, self.sessID = \
+        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \
             self.clnt.connect(self.cfg['test1Connect']['username'], 
-                              passphrase=self.__class__.test2Passphrase)
-
-        print "User '%s' connected to Session Manager:\n%s" % \
-                                                        (username, self.sessID)
-            
-        creds='\n'.join((self.issuingCert or '',
-                         self.userCert,
-                         self.userPriKey))
-        open(mkPath("user.creds"), "w").write(creds)
+                    passphrase=SessionManagerClientTestCase.test2Passphrase)
+
+        print("User '%s' connected to Session Manager:\n%s" % 
+                                                    (username, self.sessID))
             
             
@@ -181 +216 @@
                 "Session is dead"
                 
-        print "User connected to Session Manager with sessID=%s" % self.sessID
+        print("User connected to Session Manager with sessID=%s" % self.sessID)
 
         assert not self.clnt.getSessionStatus(sessID='abc'), \
@@ -190 +225 @@
 
     def test3ConnectNoCreateServerSess(self):
-        """test3ConnectNoCreateServerSess: Connect as a non browser client - 
-        sessID should be None"""
+        """test3ConnectNoCreateServerSess: Connect without creating a session - 
+        sessID should be None.  This only indicates that the username/password
+        are correct.  To be of practical use the AuthNService plugin at
+        the Session Manager needs to return X.509 credentials e.g.
+        with MyProxy plugin."""
 
         username = self.cfg['test3ConnectNoCreateServerSess']['username']
         
-        if self.__class__.test3Passphrase is None:
-            self.__class__.test3Passphrase = \
+        if SessionManagerClientTestCase.test3Passphrase is None:
+            SessionManagerClientTestCase.test3Passphrase = \
                 self.cfg['test3ConnectNoCreateServerSess'].get('passphrase')
                 
-        if not self.__class__.test3Passphrase:
+        if not SessionManagerClientTestCase.test3Passphrase:
             prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: "
-            self.__class__.test3Passphrase = getpass.getpass(\
+            SessionManagerClientTestCase.test3Passphrase = getpass.getpass(\
                                                     prompt=prompt % username)
             
-        self.userCert, self.userPriKey, self.issuingCert, sessID = \
+        userX509Cert, userPriKey,issuingCert, sessID = \
             self.clnt.connect(username, 
-                              passphrase=self.__class__.test3Passphrase,
-                              createServerSess=False)
+                      passphrase=SessionManagerClientTestCase.test3Passphrase,
+                      createServerSess=False)
         
         # Expect null session ID
         assert(not sessID)
           
-        print "User '%s' retrieved creds. from Session Manager:\n%s" % \
-                                                    (username, self.userCert)
+        print("Successfully authenticated")
             
 
     def test4DisconnectWithSessID(self):
-        """test4DisconnectWithSessID: disconnect as if acting as a browser client 
+        """test4DisconnectWithSessID: disconnect as if acting as a browser 
+        client 
         """
         
@@ -228 +266 @@
             
 
-    def test5DisconnectWithUserCert(self):
-        """test5DisconnectWithUserCert: Disconnect as a command line client 
+    def test5DisconnectWithUserX509Cert(self):
+        """test5DisconnectWithUserX509Cert: Disconnect as a command line client 
         """
         
-        print "\n\t" + self.test5DisconnectWithUserCert.__doc__
+        print "\n\t" + self.test5DisconnectWithUserX509Cert.__doc__
         self.test1Connect()
         
@@ -241 +279 @@
             self.clnt.signatureHandler.signingPriKey = self.userPriKey        
             self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
-                                                           self.userCert)
+                                                           self.userX509Cert)
             self.clnt.signatureHandler.signingCert = None
         else:
             self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3'
+            self.clnt.signatureHandler.signingPriKeyPwd = \
+                SessionManagerClientTestCase.test2Passphrase
             self.clnt.signatureHandler.signingPriKey = self.userPriKey        
             self.clnt.signatureHandler.signingCertChain = ()
-            self.clnt.signatureHandler.signingCert = self.userCert
+            self.clnt.signatureHandler.signingCert = self.userX509Cert
             
         # Proxy cert in signature determines ID of session to
         # delete
         self.clnt.disconnect()
-        print "User disconnected from Session Manager:\n%s" % self.userCert
+        print("User disconnected from Session Manager:\n%s"%self.userX509Cert)
 
 
@@ -264 +304 @@
         attCert = self.clnt.getAttCert(\
             sessID=self.sessID, 
-            attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aauri'])
+            attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aaURI'])
         
         print "Attribute Certificate:\n%s" % attCert 
@@ -272 +312 @@
 
 
-    def test6aGetAttCertRefusedWithSessID(self):
-        """test6aGetAttCertRefusedWithSessID: make an attribute request using
+    def test7GetAttCertRefusedWithSessID(self):
+        """test7GetAttCertRefusedWithSessID: make an attribute request using
         a sessID as authentication credential requesting an AC from an
         Attribute Authority where the user is NOT registered"""
 
-        print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__        
-        self.test1Connect()
-        
-        aaURI = self.cfg['test6aGetAttCertRefusedWithSessID']['aauri']
+        print "\n\t" + self.test7GetAttCertRefusedWithSessID.__doc__        
+        self.test1Connect()
+        
+        aaURI = self.cfg['test7GetAttCertRefusedWithSessID']['aaURI']
         
         try:
@@ -293 +333 @@
 
 
-    def test6bGetMappedAttCertWithSessID(self):
-        """test6bGetMappedAttCertWithSessID: make an attribute request using
+    def test8GetMappedAttCertWithSessID(self):
+        """test8GetMappedAttCertWithSessID: make an attribute request using
         a session ID as authentication credential"""
 
-        print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__        
-        self.test1Connect()
-        
-        aaURI = self.cfg['test6bGetMappedAttCertWithSessID']['aauri']
+        print "\n\t" + self.test8GetMappedAttCertWithSessID.__doc__        
+        self.test1Connect()
+        
+        aaURI = self.cfg['test8GetMappedAttCertWithSessID']['aaURI']
         
         attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI)
@@ -307 +347 @@
 
 
-    def test6cGetAttCertWithExtAttCertListWithSessID(self):
-        """test6cGetAttCertWithSessID: make an attribute request using
-        a session ID as authentication credential"""
+    def test9GetAttCertWithExtAttCertListWithSessID(self):
+        """test9GetAttCertWithExtAttCertListWithSessID: make an attribute 
+        request usinga session ID as authentication credential"""
         
         print "\n\t" + \
-            self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__        
+            self.test9GetAttCertWithExtAttCertListWithSessID.__doc__        
         self.test1Connect()
         
         aaURI = \
-            self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['aauri']
+            self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['aaURI']
         
         # Use output from test6GetAttCertWithSessID!
         extACFilePath = xpdVars(\
-    self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath'])
+    self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['extACFilePath'])
         extAttCert = open(extACFilePath).read()
         
@@ -327 +367 @@
                                        extAttCertList=[extAttCert])
           
-        print "Attribute Certificate:\n%s" % attCert  
-
-
-    def test7GetAttCertWithUserCert(self):
-        """test7GetAttCertWithUserCert: make an attribute request using
+        print("Attribute Certificate:\n%s" % attCert)  
+
+
+    def test10GetAttCertWithUserX509Cert(self):
+        """test10GetAttCertWithUserX509Cert: make an attribute request using
         a user cert as authentication credential"""
-        print "\n\t" + self.test7GetAttCertWithUserCert.__doc__
+        print "\n\t" + self.test10GetAttCertWithUserX509Cert.__doc__
         self.test1Connect()
 
@@ -340 +380 @@
             self.clnt.signatureHandler.signingPriKey = self.userPriKey        
             self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
-                                                           self.userCert)
+                                                           self.userX509Cert)
             self.clnt.signatureHandler.signingCert = None
         else:
@@ -346 +386 @@
             self.clnt.signatureHandler.signingPriKey = self.userPriKey        
             self.clnt.signatureHandler.signingCertChain = ()
-            self.clnt.signatureHandler.signingCert = self.userCert
+            self.clnt.signatureHandler.signingCert = self.userX509Cert
         
         # Request an attribute certificate from an Attribute Authority 
         # using the userCert returned from connect()
         
-        aaURI = self.cfg['test7GetAttCertWithUserCert']['aauri']
+        aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI']
         attCert = self.clnt.getAttCert(attAuthorityURI=aaURI)
           
-        print "Attribute Certificate:\n%s" % attCert  
-
-
-    def test8GetX509Cert(self):
-        "test8GetX509Cert: return the Session Manager's X.509 Cert."
+        print("Attribute Certificate:\n%s" % attCert)  
+
+
+    def test11GetX509Cert(self):
+        "test11GetX509Cert: return the Session Manager's X.509 Cert."
         cert = self.clnt.getX509Cert()
                                              
-        print "Session Manager X.509 Certificate:\n" + cert
-            
-            
-#_____________________________________________________________________________       
+        print("Session Manager X.509 Certificate:\n" + cert)
+            
+            
 class SessionManagerClientTestSuite(unittest.TestSuite):
     
@@ -374 +413 @@
                     "test3ConnectNoCreateServerSess",
                     "test4DisconnectWithSessID",
-                    "test5DisconnectWithUserCert",
+                    "test5DisconnectWithUserX509Cert",
                     "test6GetAttCertWithSessID",
-                    "test6bGetMappedAttCertWithSessID",
-                    "test6cGetAttCertWithExtAttCertListWithSessID",
-                    "test7GetAttCertWithUserCert",
-                    "test8GetX509Cert",
+                    "test8GetMappedAttCertWithSessID",
+                    "test9GetAttCertWithExtAttCertListWithSessID",
+                    "test10GetAttCertWithUserX509Cert",
+                    "test11GetX509Cert",
                   ))
         unittest.TestSuite.__init__(self, map)

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini

@@ -98 +98 @@
 # Authentication service properties 
 sessionManager.authNService.moduleFilePath: 
-sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn
-sessionManager.authNService.className: BasicAuthN
-
-# Specific settings for BasicAuthN Session Manager authentication plugin
-# This sets up two test accounts.  Passwords are MD5 encrypted
-sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01
+sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn
+sessionManager.authNService.className: UserCertAuthN
+
+# Specific settings for UserCertAuthN Session Manager authentication plugin
+# This sets up PKI credentials for a single test account
+sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt
+sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key
+sessionManager.authNService.userPriKeyPwd: testpassword
 
 # Settings for the Credential Repository - NullCredRepos is