Changeset 4406
- Timestamp:
- 31/10/08 16:52:34 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 3 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/Makefile
r4173 r4406 48 48 49 49 # Make ZSI stubs from Session Manager WSDL 50 SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/ SessionMgr \51 ./ndg.security.common/ndg/security/common/ SessionMgr50 SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/sessionmanager \ 51 ./ndg.security.common/ndg/security/common/zsi/sessionmanager 52 52 53 53 sm_zsi_wsdl_stubs: 54 54 @-for dir in ${SM_ZSI_STUB_DIRS}; do \ 55 cd $$dir && make && cd ../../../../.. ; \55 cd $$dir && make && cd ../../../../../..; \ 56 56 done; 57 57 58 58 # Make ZSI stubs from Attribute Authority WSDL 59 AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/ AttAuthority \60 ./ndg.security.common/ndg/security/common/ AttAuthority59 AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/attributeauthority \ 60 ./ndg.security.common/ndg/security/common/zsi/attributeauthority 61 61 62 62 aa_zsi_wsdl_stubs: 63 63 @-for dir in ${AA_ZSI_STUB_DIRS}; do \ 64 cd $$dir && make && cd ../../../../.. ; \64 cd $$dir && make && cd ../../../../../..; \ 65 65 done; 66 66 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/attributeauthority.py
r4404 r4406 22 22 __revision__ = "$Id:attributeauthority.py 4373 2008-10-29 09:54:39Z pjkersha $" 23 23 24 __all__ = [ 25 'AttributeAuthorityClient', 26 'AttributeAuthorityClientError', 27 'AttributeRequestDenied', 28 'NoTrustedHosts',] 24 import logging 25 log = logging.getLogger(__name__) 29 26 30 27 # Determine https http transport … … 32 29 from ZSI.wstools.Utility import HTTPResponse 33 30 34 from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services import\35 AttributeAuthorityServiceLocator31 from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services \ 32 import AttributeAuthorityServiceLocator 36 33 from ndg.security.common.wssecurity.dom import SignatureHandler 37 34 from ndg.security.common.AttCert import AttCert, AttCertParse 38 35 from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection, HostCheck 39 36 from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection 40 41 import logging42 log = logging.getLogger(__name__)43 37 44 38 class AttributeAuthorityClientError(Exception): -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py
r4404 r4406 621 621 "or a valid string") 622 622 623 self._userPriKeyPwd = userPriKeyPwd 623 # Explicitly convert to string as M2Crypto OpenSSL wrapper fails with 624 # unicode type 625 self._userPriKeyPwd = str(userPriKeyPwd) 624 626 625 627 def _getUserPriKeyPwd(self): -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py
r4404 r4406 13 13 __contact__ = "Philip.Kershaw@stfc.ac.uk" 14 14 __revision__ = "$Id:sessionmanager.py 4373 2008-10-29 09:54:39Z pjkersha $" 15 __all__ = ['SessionManager_services', 'SessionManager_services_types'] 15 16 import logging 17 log = logging.getLogger(__name__) 16 18 17 19 import sys … … 30 32 from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection 31 33 from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 32 SessionManagerServiceLocator 33 34 import logging 35 log = logging.getLogger(__name__) 34 SessionManagerServiceLocator 36 35 37 36 … … 55 54 """Session is invalid""" 56 55 57 class Invalid AttributeAuthorityClientCtx(SessionManagerClientError):56 class InvalidSessionManagerClientCtx(SessionManagerClientError): 58 57 """Attribute Authority ZSI Client is not initialised""" 59 58 … … 78 77 ac = AttCertParse(ac) 79 78 elif not isinstance(ac, AttCert): 80 raise SessionManagerClientError , \81 "Input external Attribute Cert. must be AttCert type" 79 raise SessionManagerClientError( 80 "Input external Attribute Cert. must be AttCert type") 82 81 83 82 self.__extAttCertList += [ac] … … 95 94 96 95 extAttCertList = property(fget=__getExtAttCertList, 97 doc="list of candidate Attribute " + \98 "Certificates that could be used " + \99 "to try to get a mapped certificate " + \100 "from the target AttributeAuthority")96 doc="list of candidate Attribute Certificates " 97 "that could be used to try to get a mapped " 98 "certificate from the target Attribute " 99 "Authority") 101 100 102 101 … … 115 114 } 116 115 117 #_________________________________________________________________________118 116 def __init__(self, 119 117 uri=None, … … 164 162 165 163 if uri: 166 self. __setURI(uri)167 168 self. __setHTTPProxyHost(httpProxyHost)169 self. __setNoHttpProxyList(noHttpProxyList)164 self.uri = uri 165 166 self.httpProxyHost = httpProxyHost 167 self.noHttpProxyList = noHttpProxyList 170 168 171 169 if sslPeerCertCN: 172 self. __setSSLPeerCertCN(sslPeerCertCN)170 self.sslPeerCertCN = sslPeerCertCN 173 171 174 172 if sslCACertList: 175 self. __setSSLCACertList(sslCACertList)173 self.sslCACertList = sslCACertList 176 174 elif sslCACertFilePathList: 177 self. __setSSLCACertFilePathList(sslCACertFilePathList)175 self.sslCACertFilePathList = sslCACertFilePathList 178 176 179 177 # WS-Security Signature handler - set only if any of the keywords were … … 193 191 194 192 195 #_________________________________________________________________________196 193 def __setURI(self, uri): 197 194 """Set URI for service … … 218 215 self.__setSSLPeerCertCN(None) 219 216 220 #_________________________________________________________________________221 217 def __getURI(self): 222 218 """Get URI for service … … 228 224 229 225 230 #_________________________________________________________________________231 226 def __setHTTPProxyHost(self, val): 232 227 """Set a HTTP Proxy host overriding any http_proxy environment variable 233 228 setting""" 234 229 if self._transport != ProxyHTTPConnection: 235 log.debug("Ignoring httpProxyHost setting: transport class is " +\236 "not ProxyHTTPConnection type")230 log.debug("Ignoring httpProxyHost setting: transport class is " 231 "not ProxyHTTPConnection type") 237 232 return 238 233 … … 240 235 241 236 httpProxyHost = property(fset=__setHTTPProxyHost, 242 doc="HTTP Proxy hostname - overrides any http_proxy env var setting")243 244 245 #_________________________________________________________________________ 237 doc="HTTP Proxy hostname - overrides any " 238 "http_proxy env var setting") 239 240 246 241 def __setNoHttpProxyList(self, val): 247 242 """Set to list of hosts for which to ignore the HTTP Proxy setting""" … … 254 249 255 250 noHttpProxyList = property(fset=__setNoHttpProxyList, 256 doc="Set to list of hosts for which to ignore the HTTP Proxy setting")257 258 259 #_________________________________________________________________________ 251 doc="Set to list of hosts for which to ignore " 252 "the HTTP Proxy setting") 253 254 260 255 def __setSSLPeerCertCN(self, cn): 261 256 """For use with HTTPS connections only. Specify the Common … … 271 266 272 267 sslPeerCertCN = property(fset=__setSSLPeerCertCN, 273 doc="for https connections, set CN of peer cert if other than peer hostname") 274 275 276 #_________________________________________________________________________ 268 doc="for https connections, set CN of peer cert " 269 "if other than peer hostname") 270 271 277 272 def __setSSLCACertList(self, caCertList): 278 273 """For use with HTTPS connections only. Specify CA certs to one of … … 288 283 289 284 sslCACertList = property(fset=__setSSLCACertList, 290 doc="for https connections, set list of CA certs from which to verify peer cert") 291 292 293 #_________________________________________________________________________ 285 doc="for https connections, set list of CA certs " 286 "from which to verify peer cert") 287 288 294 289 def __setSSLCACertFilePathList(self, caCertFilePathList): 295 290 """For use with HTTPS connections only. Specify CA certs to one of … … 306 301 307 302 sslCACertFilePathList = property(fset=__setSSLCACertFilePathList, 308 doc= \309 "for https connections, set list of CA cert files from which to verify peer cert") 310 311 312 #_________________________________________________________________________ 303 doc="for https connections, set list of " 304 "CA cert files from which to verify peer " 305 "cert") 306 307 313 308 def __setSignatureHandler(self, signatureHandler): 314 309 """Set SignatureHandler object property method - set to None to for no … … 316 311 if signatureHandler is not None and \ 317 312 not isinstance(signatureHandler, SignatureHandler): 318 raise AttributeError , \319 "Signature Handler must be %s type or None for no message security" % \320 "ndg.security.common.wssecurity.dom.SignatureHandler"313 raise AttributeError("Signature Handler must be %s type or None " 314 "for no message security" % 315 "ndg.security.common.wssecurity.dom.SignatureHandler") 321 316 322 317 self.__signatureHandler = signatureHandler 323 318 324 325 #_________________________________________________________________________326 319 def __getSignatureHandler(self): 327 320 "Get SignatureHandler object property method" … … 332 325 doc="SignatureHandler object") 333 326 334 335 #_________________________________________________________________________336 327 def initService(self, uri=None): 337 328 """Set the WS client for the Session Manager""" … … 352 343 (self.__uri, e.status, e.reason) 353 344 354 355 #_________________________________________________________________________356 345 def connect(self, 357 346 username, … … 383 372 384 373 if not self.__srv: 385 raise Invalid AttributeAuthorityClientCtx(\386 "Client binding is notinitialised")374 raise InvalidSessionManagerClientCtx("Client binding is not " 375 "initialised") 387 376 388 377 if passphrase is None: … … 401 390 return tuple([isinstance(i,unicode) and str(i) or i for i in res]) 402 391 403 404 #_________________________________________________________________________405 392 def disconnect(self, userCert=None, sessID=None): 406 393 """Delete an existing user session from the Session Manager … … 419 406 420 407 if not self.__srv: 421 raise Invalid AttributeAuthorityClientCtx(\422 "Client binding is notinitialised")408 raise InvalidSessionManagerClientCtx("Client binding is not " 409 "initialised") 423 410 424 411 # Make connection 425 412 self.__srv.disconnect(userCert, sessID) 426 413 427 428 #_________________________________________________________________________429 414 def getSessionStatus(self, userDN=None, sessID=None): 430 415 """Check for the existence of a session with a given … … 444 429 445 430 if not self.__srv: 446 raise Invalid AttributeAuthorityClientCtx(\447 "Client binding is notinitialised")431 raise InvalidSessionManagerClientCtx("Client binding is not " 432 "initialised") 448 433 449 434 if sessID and userDN: … … 458 443 return self.__srv.getSessionStatus(userDN, sessID) 459 444 460 461 #_________________________________________________________________________462 445 def getAttCert(self, 463 446 userCert=None, … … 527 510 528 511 if not self.__srv: 529 raise Invalid AttributeAuthorityClientCtx(\530 "Client binding is notinitialised")512 raise InvalidSessionManagerClientCtx("Client binding is not " 513 "initialised") 531 514 532 515 # Make request … … 556 539 return AttCertParse(attCert) 557 540 558 559 #_________________________________________________________________________560 541 def getX509Cert(self): 561 542 """Retrieve the public key of the Session Manager""" 562 543 563 544 if not self.__srv: 564 raise Invalid AttributeAuthorityClientCtx(\565 "Client binding is notinitialised")545 raise InvalidSessionManagerClientCtx("Client binding is not " 546 "initialised") 566 547 return self.__srv.getX509Cert() 567 548 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py
r4385 r4406 29 29 # no ws-addressing 30 30 31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84 c0bcc>31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bc92c> 32 32 def getAttCert(self, userId,userCert,userAttCert): 33 33 … … 46 46 return attCert,msg 47 47 48 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84 c0eec>48 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bcc4c> 49 49 def getHostInfo(self): 50 50 … … 64 64 return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN 65 65 66 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c 6b6c>66 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c38cc> 67 67 def getTrustedHostInfo(self, role): 68 68 … … 78 78 return trustedHosts 79 79 80 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c 6d0c>80 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3a6c> 81 81 def getAllHostsInfo(self): 82 82 … … 91 91 return hosts 92 92 93 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c 6e8c>93 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3bec> 94 94 def getX509Cert(self): 95 95 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py
r4389 r4406 29 29 # no ws-addressing 30 30 31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84 c524c>31 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bef6c> 32 32 def getSessionStatus(self, userDN,sessID): 33 33 … … 44 44 return isAlive 45 45 46 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c 554c>46 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c428c> 47 47 def connect(self, username,passphrase,createServerSess): 48 48 … … 57 57 # no output wsaction 58 58 response = self.binding.Receive(connectOutputMsg.typecode) 59 user Cert = response._userCert59 userX509Cert = response._userX509Cert 60 60 userPriKey = response._userPriKey 61 61 issuingCert = response._issuingCert 62 62 sessID = response._sessID 63 return user Cert,userPriKey,issuingCert,sessID63 return userX509Cert,userPriKey,issuingCert,sessID 64 64 65 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c d26c>66 def disconnect(self, user Cert,sessID):65 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c4f8c> 66 def disconnect(self, userX509Cert,sessID): 67 67 68 68 request = disconnectInputMsg() 69 request._user Cert = userCert69 request._userX509Cert = userX509Cert 70 70 request._sessID = sessID 71 71 … … 77 77 return 78 78 79 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c d40c>80 def getAttCert(self, user Cert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost):79 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc14c> 80 def getAttCert(self, userX509Cert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 81 81 82 82 request = getAttCertInputMsg() 83 request._user Cert = userCert83 request._userX509Cert = userX509Cert 84 84 request._sessID = sessID 85 85 request._attAuthorityURI = attAuthorityURI … … 101 101 return attCert,msg,extAttCertOut 102 102 103 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c d58c>103 # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc2cc> 104 104 def getX509Cert(self): 105 105 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py
r4389 r4406 86 86 def __init__(self, **kw): 87 87 ns = ns0.connectResponse_Dec.schema 88 TClist = [ZSI.TC.String(pname="user Cert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]88 TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 89 89 kw["pname"] = ("urn:ndg:security:SessionManager","connectResponse") 90 90 kw["aname"] = "_connectResponse" … … 96 96 def __init__(self): 97 97 # pyclass 98 self._user Cert = None98 self._userX509Cert = None 99 99 self._userPriKey = None 100 100 self._issuingCert = None … … 109 109 def __init__(self, **kw): 110 110 ns = ns0.disconnect_Dec.schema 111 TClist = [ZSI.TC.String(pname="user Cert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))]111 TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 112 112 kw["pname"] = ("urn:ndg:security:SessionManager","disconnect") 113 113 kw["aname"] = "_disconnect" … … 119 119 def __init__(self): 120 120 # pyclass 121 self._user Cert = None121 self._userX509Cert = None 122 122 self._sessID = None 123 123 return … … 149 149 def __init__(self, **kw): 150 150 ns = ns0.getAttCert_Dec.schema 151 TClist = [ZSI.TC.String(pname="user Cert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))]151 TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 152 152 kw["pname"] = ("urn:ndg:security:SessionManager","getAttCert") 153 153 kw["aname"] = "_getAttCert" … … 159 159 def __init__(self): 160 160 # pyclass 161 self._user Cert = None161 self._userX509Cert = None 162 162 self._sessID = None 163 163 self._attAuthorityURI = None -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl
r4385 r4406 42 42 <xsd:complexType> 43 43 <xsd:sequence> 44 <xsd:element name="user Cert" type="xsd:string" minOccurs="1" maxOccurs="1"/>45 <xsd:element name="userPriKey" type="xsd:string" minOccurs=" 1" maxOccurs="1"/>44 <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 45 <xsd:element name="userPriKey" type="xsd:string" minOccurs="0" maxOccurs="1"/> 46 46 <xsd:element name="issuingCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 47 47 <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> … … 53 53 <xsd:complexType> 54 54 <xsd:sequence> 55 <xsd:element name="user Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>55 <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 56 56 <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 57 57 </xsd:sequence> … … 66 66 <xsd:complexType> 67 67 <xsd:sequence> 68 <xsd:element name="user Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/>68 <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 69 69 <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 70 70 <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="1" maxOccurs="1"/> -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py
r4386 r4406 46 46 <xsd:complexType> 47 47 <xsd:sequence> 48 <xsd:element maxOccurs=\"1\" minOccurs=\" 1\" name=\"userCert\" type=\"xsd:string\"/>49 <xsd:element maxOccurs=\"1\" minOccurs=\" 1\" name=\"userPriKey\" type=\"xsd:string\"/>48 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 49 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userPriKey\" type=\"xsd:string\"/> 50 50 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"issuingCert\" type=\"xsd:string\"/> 51 51 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> … … 57 57 <xsd:complexType> 58 58 <xsd:sequence> 59 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"user Cert\" type=\"xsd:string\"/>59 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 60 60 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 61 61 </xsd:sequence> … … 70 70 <xsd:complexType> 71 71 <xsd:sequence> 72 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"user Cert\" type=\"xsd:string\"/>72 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 73 73 <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 74 74 <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"attAuthorityURI\" type=\"xsd:string\"/> … … 280 280 if hasattr(self,'impl'): 281 281 # Should have a tuple of 4 args 282 result._user Cert = parameters[0]282 result._userX509Cert = parameters[0] 283 283 result._userPriKey = parameters[1] 284 284 result._issuingCert = parameters[2] … … 291 291 def soap_disconnect(self, ps): 292 292 self.request = ps.Parse(disconnectInputMsg.typecode) 293 parameters = (self.request._user Cert, self.request._sessID)293 parameters = (self.request._userX509Cert, self.request._sessID) 294 294 295 295 # If we have an implementation object use it … … 305 305 def soap_getAttCert(self, ps): 306 306 self.request = ps.Parse(getAttCertInputMsg.typecode) 307 parameters = (self.request._user Cert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost)307 parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 308 308 309 309 # If we have an implementation object use it -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py
r4404 r4406 18 18 from ndg.security.server.zsi.sessionmanager.SessionManager_services_server \ 19 19 import SessionManagerService as _SessionManagerService 20 20 from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 21 connectInputMsg, disconnectInputMsg, getSessionStatusInputMsg, \ 22 getAttCertInputMsg 23 24 21 25 from ndg.security.server.sessionmanager import SessionManager 22 26 … … 54 58 pdb.set_trace() 55 59 60 request = ps.Parse(connectInputMsg.typecode) 56 61 response = _SessionManagerService.soap_connect(self, ps) 57 62 … … 60 65 createServerSess=request.CreateServerSess) 61 66 62 response.User Cert, response.UserPriKey, response.issuingCert, \67 response.UserX509Cert, response.UserPriKey, response.issuingCert, \ 63 68 response.SessID = result 64 69 … … 76 81 import pdb 77 82 pdb.set_trace() 78 83 84 request = ps.Parse(disconnectInputMsg.typecode) 79 85 response = _SessionManagerService.soap_disconnect(self, ps) 80 86 … … 92 98 # Get certificate corresponding to private key that signed the 93 99 # message - i.e. the user's proxy 94 user Cert = signatureFilter.signatureHandler.verifyingCert100 userX509Cert = signatureFilter.signatureHandler.verifyingCert 95 101 else: 96 102 # No signature from client - they must instead provide the 97 # designated holder cert via the User Cert input98 user Cert = request.UserCert99 self.sm.deleteUserSession(sessID=sessID, user Cert=userCert)103 # designated holder cert via the UserX509Cert input 104 userX509Cert = request.UserX509Cert 105 self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert) 100 106 return response 101 107 … … 114 120 pdb.set_trace() 115 121 122 request = ps.Parse(getSessionStatusInputMsg.typecode) 116 123 response = _SessionManagerService.soap_getSessionStatus(self, ps) 117 124 … … 134 141 pdb.set_trace() 135 142 143 request = ps.Parse(getAttCertInputMsg.typecode) 136 144 response = _SessionManagerService.soap_getAttCert(self, ps) 137 145 … … 145 153 # Get certificate corresponding to private key that signed the 146 154 # message - i.e. the user's proxy 147 user Cert = signatureFilter.signatureHandler.verifyingCert155 userX509Cert = signatureFilter.signatureHandler.verifyingCert 148 156 else: 149 157 # No signature from client - they must instead provide the 150 # designated holder cert via the User Cert input151 user Cert = request.UserCert158 # designated holder cert via the UserX509Cert input 159 userX509Cert = request.UserX509Cert 152 160 153 161 154 # Cert used in signature is prefered over user Cert input element -155 # user Cert may have been omitted.162 # Cert used in signature is prefered over userX509Cert input element - 163 # userX509Cert may have been omitted. 156 164 result = self.sm.getAttCert( 157 user Cert=userCert or request.UserCert,165 userX509Cert=userX509Cert or request.UserX509Cert, 158 166 sessID=request.SessID, 159 167 aaURI=request.AttAuthorityURI, -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py
r4404 r4406 22 22 from ndg.security.common.AttCert import AttCertRead 23 23 from ndg.security.common.X509 import X509CertParse, X509CertRead 24 from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr25 24 from ndg.security.common.utils.ConfigFileParsers import \ 26 25 CaseSensitiveConfigParser -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py
r4404 r4406 1 1 #!/usr/bin/env python 2 2 """Test harness for NDG Session Manager - makes requests for 3 authentication and a uthorisation. Attribute Authority services must be running4 for *AttCert* test methods3 authentication and attribute retrieval. Attribute Authority services must be 4 running for *AttCert* test methods. See README in this directory for details 5 5 6 6 NERC Data Grid Project -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg
r4318 r4406 10 10 # $Id:$ 11 11 [setUp] 12 smuri = https://localhost:5700/SessionManager12 uri = http://localhost:5500/SessionManager 13 13 14 14 # For https connections only. !Omit ssl* settings if using http! 15 15 # sslpeercertcn is the expected CommonName of peer cert. Omit if it's the 16 16 # same as peer hostname. 17 #ssl peercertcn= junk17 #sslPeerCertCN = junk 18 18 19 19 # For https only - List of CA certificates to enable this client to verify 20 20 # the server's SSL X.509 certificate 21 sslcacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 22 23 # Set to False to test service without WS-Security signature 24 setsignaturehandler = True 25 26 # ValueType for BinarySecurityToken element of WSSE header. Uncomment the 27 # one which applies or leave as default settings (recommended unless you really 28 # know what you're doing!) 29 30 # Specifies token is an X.509 certificate 31 #reqbinsectokvaltype = X509 32 33 # Stipulate X.509 version 3 format 34 reqbinsectokvaltype = X509v3 35 36 # Specify multiple certificates in a chain of trust. Use this setting for 37 # proxy certificates where a certificate chain consisting of user certificate 38 # and proxy certificate is required to secure trust back to the 39 # CA: <- User Certificate <- Proxy Certificate 40 #reqbinsectokvaltype = X509PKIPathv1 41 42 # Client certificate - used for unit tests where a user certificate is not 43 # available. This applies for initial calls to Session Manager connect and to 44 # calls where the user is identified by a session id. 45 # 46 # if "reqbinsectokvaltype = X509PKIPathv1" above then this certificate is 47 # expected to contain a certificate chain of consisting of a proxy certificate 48 # and user certificate that issued it. The default is 49 # test.crt, a standard certificate. 50 # 51 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script 52 # AttAuthorityClientTest.py to default to the same directory as the script 53 clntcertfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.crt 54 55 # Client private key 56 clntprikeyfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.key 57 58 # Set password for private key - leave blank if no password is set or comment 59 # out to be prompted for it from the command line 60 clntprikeypwd = 61 62 # Space separated list of CA certificate files used to verify certificate used 63 # in message signature 64 cacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 65 66 # Inclusive namespaces for Exclusive C14N 67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 69 refC14nInclNS: 70 signedInfoC14nInclNS: 21 sslCACertFilePathList = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 71 22 72 23 [test1Connect] 73 24 username = testuser 74 #passphrase = testpassword25 passphrase = testpassword 75 26 76 27 [test3ConnectNoCreateServerSess] 77 28 username = testuser 78 #passphrase = testpassword29 passphrase = testpassword 79 30 80 31 [test6GetAttCertWithSessID] … … 82 33 acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 83 34 84 [test 6aGetAttCertRefusedWithSessID]35 [test7GetAttCertRefusedWithSessID] 85 36 aaURI = http://localhost:5100/AttributeAuthority 86 37 … … 95 46 [test7GetAttCertWithUserCert] 96 47 aaURI = http://localhost:5000/AttributeAuthority 48 49 [wsse] 50 # WS-Security settings for unit test AA clients 51 # 52 # OUTBOUND MESSAGE CONFIG 53 54 # Signature of an outbound message 55 56 # Certificate associated with private key used to sign a message. The sign 57 # method will add this to the BinarySecurityToken element of the WSSE header. 58 signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.crt 59 60 # PEM encoded private key file 61 signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.key 62 63 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 64 # signed message. See __setReqBinSecTokValType method and binSecTokValType 65 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or 66 # give full namespace to alternative - see 67 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 68 # 69 # binSecTokValType determines whether signingCert or signingCertChain 70 # attributes will be used. 71 reqBinSecTokValType=X509v3 72 73 # Add a timestamp element to an outbound message 74 addTimestamp=True 75 76 # For WSSE 1.1 - service returns signature confirmation containing signature 77 # value sent by client 78 applySignatureConfirmation=False 79 80 # 81 # INBOUND MESSAGE CONFIG 82 83 # Provide a space separated list of file paths 84 caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py
r4405 r4406 1 1 #!/usr/bin/env python 2 """Test harness for NDG Session Manager client - makes requests for 3 authentication and authorisation. An Attribute Authority and Simple CA 4 services must be running for the reqAuthorisation and addUser tests 2 """Test harness for NDG Session Manager SOAP client interface - makes requests 3 for authentication and attribute retrieval. Test Session Manager and Attribute 4 Authority services must be running for *AttCert* tests. See README in this 5 directory 5 6 6 7 NERC Data Grid Project … … 13 14 License, version 1.0 or later.""" 14 15 __contact__ = "Philip.Kershaw@stfc.ac.uk" 15 __revision__ = '$Id :SessionMgrClientTest.py 4403 2008-10-31 13:41:54Z pjkersha$'16 __revision__ = '$Id$' 16 17 17 18 import unittest 18 import os, sys, getpass, re 19 from ConfigParser import SafeConfigParser 19 import os 20 import sys 21 import getpass 22 import re 23 24 from os.path import expandvars as xpdVars 25 from os.path import join as jnPath 26 mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 20 27 21 28 from ndg.security.common.sessionmanager import SessionManagerClient, \ … … 24 31 from ndg.security.common.X509 import X509CertParse, X509CertRead 25 32 from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 26 27 from os.path import expandvars as xpdVars 28 from os.path import join as jnPath 29 mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 33 from ndg.security.common.utils.ConfigFileParsers import \ 34 CaseSensitiveConfigParser 30 35 31 36 32 37 class SessionManagerClientTestCase(unittest.TestCase): 38 '''Unit tests for ndg.security.common.sessionmanager.SessionManagerClient 39 - SOAP Session Manager client interface 40 ''' 33 41 pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----" 34 42 … … 41 49 certChainFileTxt = open(certChainFilePath).read() 42 50 43 pemPatRE = re.compile( self.__class__.pemPat, re.S)51 pemPatRE = re.compile(SessionManagerClientTestCase.pemPat, re.S) 44 52 x509CertList = pemPatRE.findall(certChainFileTxt) 45 53 … … 54 62 55 63 64 # def setUp(self): 65 # 66 # if 'NDGSEC_INT_DEBUG' in os.environ: 67 # import pdb 68 # pdb.set_trace() 69 # 70 # if 'NDGSEC_SMCLNT_UNITTEST_DIR' not in os.environ: 71 # os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 72 # os.path.abspath(os.path.dirname(__file__)) 73 # 74 # configParser = SafeConfigParser() 75 # configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 76 # "sessionMgrClientTest.cfg") 77 # configParser.read(configFilePath) 78 # 79 # self.cfg = {} 80 # for section in configParser.sections(): 81 # self.cfg[section] = dict(configParser.items(section)) 82 # 83 # try: 84 # if self.cfg['setUp'].get('clntprikeypwd') is None: 85 # clntPriKeyPwd = getpass.getpass(\ 86 # prompt="\nsetUp - client private key password: ") 87 # else: 88 # clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 89 # except KeyboardInterrupt: 90 # sys.exit(0) 91 # 92 # # List of CA certificates for use in validation of certs used in 93 # # signature for server reponse 94 # try: 95 # caCertFilePathList = [xpdVars(file) for file in \ 96 # self.cfg['setUp']['cacertfilepathlist'].split()] 97 # except: 98 # caCertFilePathList = [] 99 # 100 # try: 101 # sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 102 # self.cfg['setUp']['sslcacertfilepathlist'].split()] 103 # except KeyError: 104 # sslCACertList = [] 105 # 106 # clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 107 # clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 108 # 109 # reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 110 # 111 # # Set format for certificate(s) to be included in client SOAP messages 112 # # to enable the Session Manager server to verify messages. 113 # if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 114 # signingCertChain = \ 115 # self._getCertChainFromProxyCertFile(clntCertFilePath) 116 # signingCertFilePath = None 117 # else: 118 # signingCertChain = None 119 # signingCertFilePath = clntCertFilePath 120 # 121 # # Inclusive namespace prefixes for Exclusive C14N 122 # try: 123 # refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split() 124 # except KeyError: 125 # refC14nInclNS = [] 126 # 127 # try: 128 # signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split() 129 # except KeyError: 130 # signedInfoC14nInclNS = [] 131 # 132 # setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 133 # 134 # # Initialise the Session Manager client connection 135 # # Omit traceFile keyword to leave out SOAP debug info 136 # self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 137 # sslCACertList=sslCACertList, 138 # sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 139 # setSignatureHandler=setSignatureHandler, 140 # reqBinSecTokValType=reqBinSecTokValType, 141 # signingCertFilePath=clntCertFilePath, 142 # signingCertChain=signingCertChain, 143 # signingPriKeyFilePath=clntPriKeyFilePath, 144 # signingPriKeyPwd=clntPriKeyPwd, 145 # caCertFilePathList=caCertFilePathList, 146 # refC14nInclNS=refC14nInclNS, 147 # signedInfoC14nInclNS=signedInfoC14nInclNS, 148 # tracefile=sys.stderr) 149 56 150 def setUp(self): 57 151 58 152 if 'NDGSEC_INT_DEBUG' in os.environ: 59 153 import pdb … … 63 157 os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 64 158 os.path.abspath(os.path.dirname(__file__)) 65 66 configParser = SafeConfigParser()67 c onfigFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'],68 "sessionMgrClientTest.cfg")69 configParser.read(configFilePath)159 160 self.cfgParser = CaseSensitiveConfigParser() 161 cfgFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 162 'sessionMgrClientTest.cfg') 163 self.cfgParser.read(cfgFilePath) 70 164 71 165 self.cfg = {} 72 for section in configParser.sections(): 73 self.cfg[section] = dict(configParser.items(section)) 74 75 try: 76 if self.cfg['setUp'].get('clntprikeypwd') is None: 77 clntPriKeyPwd = getpass.getpass(\ 78 prompt="\nsetUp - client private key password: ") 79 else: 80 clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 81 except KeyboardInterrupt: 82 sys.exit(0) 83 84 # List of CA certificates for use in validation of certs used in 85 # signature for server reponse 86 try: 87 caCertFilePathList = [xpdVars(file) for file in \ 88 self.cfg['setUp']['cacertfilepathlist'].split()] 89 except: 90 caCertFilePathList = [] 91 166 for section in self.cfgParser.sections(): 167 self.cfg[section] = dict(self.cfgParser.items(section)) 168 92 169 try: 93 170 sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 94 self.cfg['setUp']['ssl cacertfilepathlist'].split()]171 self.cfg['setUp']['sslCACertFilePathList'].split()] 95 172 except KeyError: 96 173 sslCACertList = [] 97 98 clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 99 clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 100 101 reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 102 103 # Set format for certificate(s) to be included in client SOAP messages 104 # to enable the Session Manager server to verify messages. 105 if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 106 signingCertChain = \ 107 self._getCertChainFromProxyCertFile(clntCertFilePath) 108 signingCertFilePath = None 109 else: 110 signingCertChain = None 111 signingCertFilePath = clntCertFilePath 112 113 # Inclusive namespace prefixes for Exclusive C14N 114 try: 115 refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split() 116 except KeyError: 117 refC14nInclNS = [] 118 119 try: 120 signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split() 121 except KeyError: 122 signedInfoC14nInclNS = [] 123 124 setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 125 126 # Initialise the Session Manager client connection 127 # Omit traceFile keyword to leave out SOAP debug info 128 self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 174 175 # Instantiate WS proxy 176 self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'], 177 sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'), 129 178 sslCACertList=sslCACertList, 130 sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 131 setSignatureHandler=setSignatureHandler, 132 reqBinSecTokValType=reqBinSecTokValType, 133 signingCertFilePath=clntCertFilePath, 134 signingCertChain=signingCertChain, 135 signingPriKeyFilePath=clntPriKeyFilePath, 136 signingPriKeyPwd=clntPriKeyPwd, 137 caCertFilePathList=caCertFilePathList, 138 refC14nInclNS=refC14nInclNS, 139 signedInfoC14nInclNS=signedInfoC14nInclNS, 140 tracefile=sys.stderr) 141 179 cfgFileSection='wsse', 180 cfg=self.cfgParser) 181 142 182 self.sessID = None 143 self.user Cert = None183 self.userX509Cert = None 144 184 self.userPriKey = None 145 185 self.issuingCert = None … … 152 192 username = self.cfg['test1Connect']['username'] 153 193 154 if self.__class__.test2Passphrase is None:155 self.__class__.test2Passphrase = \194 if SessionManagerClientTestCase.test2Passphrase is None: 195 SessionManagerClientTestCase.test2Passphrase = \ 156 196 self.cfg['test1Connect'].get('passphrase') 157 197 158 if not self.__class__.test2Passphrase:159 self.__class__.test2Passphrase = getpass.getpass(\198 if not SessionManagerClientTestCase.test2Passphrase: 199 SessionManagerClientTestCase.test2Passphrase = getpass.getpass(\ 160 200 prompt="\ntest1Connect pass-phrase for user %s: " % username) 161 201 162 self.user Cert, self.userPriKey, self.issuingCert, self.sessID = \202 self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 163 203 self.clnt.connect(self.cfg['test1Connect']['username'], 164 passphrase=self.__class__.test2Passphrase) 165 166 print "User '%s' connected to Session Manager:\n%s" % \ 167 (username, self.sessID) 168 169 creds='\n'.join((self.issuingCert or '', 170 self.userCert, 171 self.userPriKey)) 172 open(mkPath("user.creds"), "w").write(creds) 204 passphrase=SessionManagerClientTestCase.test2Passphrase) 205 206 print("User '%s' connected to Session Manager:\n%s" % 207 (username, self.sessID)) 173 208 174 209 … … 181 216 "Session is dead" 182 217 183 print "User connected to Session Manager with sessID=%s" % self.sessID218 print("User connected to Session Manager with sessID=%s" % self.sessID) 184 219 185 220 assert not self.clnt.getSessionStatus(sessID='abc'), \ … … 190 225 191 226 def test3ConnectNoCreateServerSess(self): 192 """test3ConnectNoCreateServerSess: Connect as a non browser client - 193 sessID should be None""" 227 """test3ConnectNoCreateServerSess: Connect without creating a session - 228 sessID should be None. This only indicates that the username/password 229 are correct. To be of practical use the AuthNService plugin at 230 the Session Manager needs to return X.509 credentials e.g. 231 with MyProxy plugin.""" 194 232 195 233 username = self.cfg['test3ConnectNoCreateServerSess']['username'] 196 234 197 if self.__class__.test3Passphrase is None:198 self.__class__.test3Passphrase = \235 if SessionManagerClientTestCase.test3Passphrase is None: 236 SessionManagerClientTestCase.test3Passphrase = \ 199 237 self.cfg['test3ConnectNoCreateServerSess'].get('passphrase') 200 238 201 if not self.__class__.test3Passphrase:239 if not SessionManagerClientTestCase.test3Passphrase: 202 240 prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: " 203 self.__class__.test3Passphrase = getpass.getpass(\241 SessionManagerClientTestCase.test3Passphrase = getpass.getpass(\ 204 242 prompt=prompt % username) 205 243 206 self.userCert, self.userPriKey, self.issuingCert, sessID = \244 userX509Cert, userPriKey,issuingCert, sessID = \ 207 245 self.clnt.connect(username, 208 passphrase=self.__class__.test3Passphrase,209 246 passphrase=SessionManagerClientTestCase.test3Passphrase, 247 createServerSess=False) 210 248 211 249 # Expect null session ID 212 250 assert(not sessID) 213 251 214 print "User '%s' retrieved creds. from Session Manager:\n%s" % \ 215 (username, self.userCert) 252 print("Successfully authenticated") 216 253 217 254 218 255 def test4DisconnectWithSessID(self): 219 """test4DisconnectWithSessID: disconnect as if acting as a browser client 256 """test4DisconnectWithSessID: disconnect as if acting as a browser 257 client 220 258 """ 221 259 … … 228 266 229 267 230 def test5DisconnectWithUser Cert(self):231 """test5DisconnectWithUser Cert: Disconnect as a command line client268 def test5DisconnectWithUserX509Cert(self): 269 """test5DisconnectWithUserX509Cert: Disconnect as a command line client 232 270 """ 233 271 234 print "\n\t" + self.test5DisconnectWithUser Cert.__doc__272 print "\n\t" + self.test5DisconnectWithUserX509Cert.__doc__ 235 273 self.test1Connect() 236 274 … … 241 279 self.clnt.signatureHandler.signingPriKey = self.userPriKey 242 280 self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 243 self.user Cert)281 self.userX509Cert) 244 282 self.clnt.signatureHandler.signingCert = None 245 283 else: 246 284 self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 285 self.clnt.signatureHandler.signingPriKeyPwd = \ 286 SessionManagerClientTestCase.test2Passphrase 247 287 self.clnt.signatureHandler.signingPriKey = self.userPriKey 248 288 self.clnt.signatureHandler.signingCertChain = () 249 self.clnt.signatureHandler.signingCert = self.user Cert289 self.clnt.signatureHandler.signingCert = self.userX509Cert 250 290 251 291 # Proxy cert in signature determines ID of session to 252 292 # delete 253 293 self.clnt.disconnect() 254 print "User disconnected from Session Manager:\n%s" % self.userCert294 print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 255 295 256 296 … … 264 304 attCert = self.clnt.getAttCert(\ 265 305 sessID=self.sessID, 266 attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aa uri'])306 attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aaURI']) 267 307 268 308 print "Attribute Certificate:\n%s" % attCert … … 272 312 273 313 274 def test 6aGetAttCertRefusedWithSessID(self):275 """test 6aGetAttCertRefusedWithSessID: make an attribute request using314 def test7GetAttCertRefusedWithSessID(self): 315 """test7GetAttCertRefusedWithSessID: make an attribute request using 276 316 a sessID as authentication credential requesting an AC from an 277 317 Attribute Authority where the user is NOT registered""" 278 318 279 print "\n\t" + self.test 6aGetAttCertRefusedWithSessID.__doc__280 self.test1Connect() 281 282 aaURI = self.cfg['test 6aGetAttCertRefusedWithSessID']['aauri']319 print "\n\t" + self.test7GetAttCertRefusedWithSessID.__doc__ 320 self.test1Connect() 321 322 aaURI = self.cfg['test7GetAttCertRefusedWithSessID']['aaURI'] 283 323 284 324 try: … … 293 333 294 334 295 def test 6bGetMappedAttCertWithSessID(self):296 """test 6bGetMappedAttCertWithSessID: make an attribute request using335 def test8GetMappedAttCertWithSessID(self): 336 """test8GetMappedAttCertWithSessID: make an attribute request using 297 337 a session ID as authentication credential""" 298 338 299 print "\n\t" + self.test 6bGetMappedAttCertWithSessID.__doc__300 self.test1Connect() 301 302 aaURI = self.cfg['test 6bGetMappedAttCertWithSessID']['aauri']339 print "\n\t" + self.test8GetMappedAttCertWithSessID.__doc__ 340 self.test1Connect() 341 342 aaURI = self.cfg['test8GetMappedAttCertWithSessID']['aaURI'] 303 343 304 344 attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) … … 307 347 308 348 309 def test 6cGetAttCertWithExtAttCertListWithSessID(self):310 """test 6cGetAttCertWithSessID: make an attribute request using311 a session ID as authentication credential"""349 def test9GetAttCertWithExtAttCertListWithSessID(self): 350 """test9GetAttCertWithExtAttCertListWithSessID: make an attribute 351 request usinga session ID as authentication credential""" 312 352 313 353 print "\n\t" + \ 314 self.test 6cGetAttCertWithExtAttCertListWithSessID.__doc__354 self.test9GetAttCertWithExtAttCertListWithSessID.__doc__ 315 355 self.test1Connect() 316 356 317 357 aaURI = \ 318 self.cfg['test 6cGetAttCertWithExtAttCertListWithSessID']['aauri']358 self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['aaURI'] 319 359 320 360 # Use output from test6GetAttCertWithSessID! 321 361 extACFilePath = xpdVars(\ 322 self.cfg['test 6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath'])362 self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['extACFilePath']) 323 363 extAttCert = open(extACFilePath).read() 324 364 … … 327 367 extAttCertList=[extAttCert]) 328 368 329 print "Attribute Certificate:\n%s" % attCert330 331 332 def test 7GetAttCertWithUserCert(self):333 """test 7GetAttCertWithUserCert: make an attribute request using369 print("Attribute Certificate:\n%s" % attCert) 370 371 372 def test10GetAttCertWithUserX509Cert(self): 373 """test10GetAttCertWithUserX509Cert: make an attribute request using 334 374 a user cert as authentication credential""" 335 print "\n\t" + self.test 7GetAttCertWithUserCert.__doc__375 print "\n\t" + self.test10GetAttCertWithUserX509Cert.__doc__ 336 376 self.test1Connect() 337 377 … … 340 380 self.clnt.signatureHandler.signingPriKey = self.userPriKey 341 381 self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 342 self.user Cert)382 self.userX509Cert) 343 383 self.clnt.signatureHandler.signingCert = None 344 384 else: … … 346 386 self.clnt.signatureHandler.signingPriKey = self.userPriKey 347 387 self.clnt.signatureHandler.signingCertChain = () 348 self.clnt.signatureHandler.signingCert = self.user Cert388 self.clnt.signatureHandler.signingCert = self.userX509Cert 349 389 350 390 # Request an attribute certificate from an Attribute Authority 351 391 # using the userCert returned from connect() 352 392 353 aaURI = self.cfg['test 7GetAttCertWithUserCert']['aauri']393 aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI'] 354 394 attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 355 395 356 print "Attribute Certificate:\n%s" % attCert357 358 359 def test 8GetX509Cert(self):360 "test 8GetX509Cert: return the Session Manager's X.509 Cert."396 print("Attribute Certificate:\n%s" % attCert) 397 398 399 def test11GetX509Cert(self): 400 "test11GetX509Cert: return the Session Manager's X.509 Cert." 361 401 cert = self.clnt.getX509Cert() 362 402 363 print "Session Manager X.509 Certificate:\n" + cert 364 365 366 #_____________________________________________________________________________ 403 print("Session Manager X.509 Certificate:\n" + cert) 404 405 367 406 class SessionManagerClientTestSuite(unittest.TestSuite): 368 407 … … 374 413 "test3ConnectNoCreateServerSess", 375 414 "test4DisconnectWithSessID", 376 "test5DisconnectWithUser Cert",415 "test5DisconnectWithUserX509Cert", 377 416 "test6GetAttCertWithSessID", 378 "test 6bGetMappedAttCertWithSessID",379 "test 6cGetAttCertWithExtAttCertListWithSessID",380 "test 7GetAttCertWithUserCert",381 "test 8GetX509Cert",417 "test8GetMappedAttCertWithSessID", 418 "test9GetAttCertWithExtAttCertListWithSessID", 419 "test10GetAttCertWithUserX509Cert", 420 "test11GetX509Cert", 382 421 )) 383 422 unittest.TestSuite.__init__(self, map) -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini
r4405 r4406 98 98 # Authentication service properties 99 99 sessionManager.authNService.moduleFilePath: 100 sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn 101 sessionManager.authNService.className: BasicAuthN 102 103 # Specific settings for BasicAuthN Session Manager authentication plugin 104 # This sets up two test accounts. Passwords are MD5 encrypted 105 sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 100 sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn 101 sessionManager.authNService.className: UserCertAuthN 102 103 # Specific settings for UserCertAuthN Session Manager authentication plugin 104 # This sets up PKI credentials for a single test account 105 sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt 106 sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key 107 sessionManager.authNService.userPriKeyPwd: testpassword 106 108 107 109 # Settings for the Credential Repository - NullCredRepos is
Note: See TracChangeset
for help on using the changeset viewer.