Changeset 4406 for TI12-security


Ignore:
Timestamp:
31/10/08 16:52:34 (11 years ago)
Author:
pjkersha
Message:
  • Fix to Session Manager WSDL to allow nillable X.509 cert and ptrivate key return from connect operation
  • working session manager client unit tests up to test 4.
Location:
TI12-security/trunk/python
Files:
3 added
15 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Makefile

    r4173 r4406  
    4848 
    4949# Make ZSI stubs from Session Manager WSDL 
    50 SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/SessionMgr \ 
    51                                  ./ndg.security.common/ndg/security/common/SessionMgr 
     50SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/sessionmanager \ 
     51                                 ./ndg.security.common/ndg/security/common/zsi/sessionmanager 
    5252 
    5353sm_zsi_wsdl_stubs: 
    5454        @-for dir in ${SM_ZSI_STUB_DIRS}; do \ 
    55                 cd $$dir && make && cd ../../../../..; \ 
     55                cd $$dir && make && cd ../../../../../..; \ 
    5656        done; 
    5757 
    5858# Make ZSI stubs from Attribute Authority WSDL 
    59 AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/AttAuthority \ 
    60                                  ./ndg.security.common/ndg/security/common/AttAuthority 
     59AA_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/zsi/attributeauthority \ 
     60                                 ./ndg.security.common/ndg/security/common/zsi/attributeauthority 
    6161                                  
    6262aa_zsi_wsdl_stubs: 
    6363        @-for dir in ${AA_ZSI_STUB_DIRS}; do \ 
    64                 cd $$dir && make && cd ../../../../..; \ 
     64                cd $$dir && make && cd ../../../../../..; \ 
    6565        done; 
    6666 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/attributeauthority.py

    r4404 r4406  
    2222__revision__ = "$Id:attributeauthority.py 4373 2008-10-29 09:54:39Z pjkersha $" 
    2323 
    24 __all__ = [ 
    25     'AttributeAuthorityClient', 
    26     'AttributeAuthorityClientError', 
    27     'AttributeRequestDenied', 
    28     'NoTrustedHosts',] 
     24import logging 
     25log = logging.getLogger(__name__) 
    2926 
    3027# Determine https http transport 
     
    3229from ZSI.wstools.Utility import HTTPResponse 
    3330 
    34 from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services import \ 
    35     AttributeAuthorityServiceLocator 
     31from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services \ 
     32    import AttributeAuthorityServiceLocator 
    3633from ndg.security.common.wssecurity.dom import SignatureHandler 
    3734from ndg.security.common.AttCert import AttCert, AttCertParse 
    3835from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection, HostCheck 
    3936from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection 
    40  
    41 import logging 
    42 log = logging.getLogger(__name__) 
    4337 
    4438class AttributeAuthorityClientError(Exception): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py

    r4404 r4406  
    621621                                 "or a valid string") 
    622622         
    623         self._userPriKeyPwd = userPriKeyPwd 
     623        # Explicitly convert to string as M2Crypto OpenSSL wrapper fails with 
     624        # unicode type 
     625        self._userPriKeyPwd = str(userPriKeyPwd) 
    624626 
    625627    def _getUserPriKeyPwd(self): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

    r4404 r4406  
    1313__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1414__revision__ = "$Id:sessionmanager.py 4373 2008-10-29 09:54:39Z pjkersha $" 
    15 __all__ = ['SessionManager_services', 'SessionManager_services_types'] 
     15 
     16import logging 
     17log = logging.getLogger(__name__) 
    1618 
    1719import sys 
     
    3032from ndg.security.common.zsi.httpproxy import ProxyHTTPConnection 
    3133from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 
    32                                                     SessionManagerServiceLocator 
    33  
    34 import logging 
    35 log = logging.getLogger(__name__) 
     34                                                SessionManagerServiceLocator 
    3635 
    3736 
     
    5554    """Session is invalid""" 
    5655 
    57 class InvalidAttributeAuthorityClientCtx(SessionManagerClientError): 
     56class InvalidSessionManagerClientCtx(SessionManagerClientError): 
    5857    """Attribute Authority ZSI Client is not initialised""" 
    5958  
     
    7877                    ac = AttCertParse(ac) 
    7978                elif not isinstance(ac, AttCert): 
    80                     raise SessionManagerClientError, \ 
    81                         "Input external Attribute Cert. must be AttCert type" 
     79                    raise SessionManagerClientError( 
     80                        "Input external Attribute Cert. must be AttCert type") 
    8281                          
    8382                self.__extAttCertList += [ac] 
     
    9594 
    9695    extAttCertList = property(fget=__getExtAttCertList, 
    97                               doc="list of candidate Attribute " + \ 
    98                               "Certificates that could be used " + \ 
    99                               "to try to get a mapped certificate " + \ 
    100                               "from the target Attribute Authority") 
     96                              doc="list of candidate Attribute Certificates " 
     97                                  "that could be used to try to get a mapped " 
     98                                  "certificate from the target Attribute " 
     99                                  "Authority") 
    101100 
    102101 
     
    115114    } 
    116115     
    117     #_________________________________________________________________________ 
    118116    def __init__(self,  
    119117                 uri=None,  
     
    164162         
    165163        if uri: 
    166             self.__setURI(uri) 
    167  
    168         self.__setHTTPProxyHost(httpProxyHost) 
    169         self.__setNoHttpProxyList(noHttpProxyList) 
     164            self.uri = uri 
     165 
     166        self.httpProxyHost = httpProxyHost 
     167        self.noHttpProxyList = noHttpProxyList 
    170168 
    171169        if sslPeerCertCN: 
    172             self.__setSSLPeerCertCN(sslPeerCertCN) 
     170            self.sslPeerCertCN = sslPeerCertCN 
    173171         
    174172        if sslCACertList: 
    175             self.__setSSLCACertList(sslCACertList) 
     173            self.sslCACertList = sslCACertList 
    176174        elif sslCACertFilePathList: 
    177             self.__setSSLCACertFilePathList(sslCACertFilePathList) 
     175            self.sslCACertFilePathList = sslCACertFilePathList 
    178176 
    179177        # WS-Security Signature handler - set only if any of the keywords were 
     
    193191         
    194192 
    195     #_________________________________________________________________________ 
    196193    def __setURI(self, uri): 
    197194        """Set URI for service 
     
    218215            self.__setSSLPeerCertCN(None) 
    219216 
    220     #_________________________________________________________________________ 
    221217    def __getURI(self): 
    222218        """Get URI for service 
     
    228224 
    229225 
    230     #_________________________________________________________________________ 
    231226    def __setHTTPProxyHost(self, val): 
    232227        """Set a HTTP Proxy host overriding any http_proxy environment variable 
    233228        setting""" 
    234229        if self._transport != ProxyHTTPConnection: 
    235             log.debug("Ignoring httpProxyHost setting: transport class is " +\ 
    236                      "not ProxyHTTPConnection type") 
     230            log.debug("Ignoring httpProxyHost setting: transport class is " 
     231                      "not ProxyHTTPConnection type") 
    237232            return 
    238233         
     
    240235 
    241236    httpProxyHost = property(fset=__setHTTPProxyHost,  
    242         doc="HTTP Proxy hostname - overrides any http_proxy env var setting") 
    243  
    244  
    245     #_________________________________________________________________________ 
     237                             doc="HTTP Proxy hostname - overrides any " 
     238                                 "http_proxy env var setting") 
     239 
     240 
    246241    def __setNoHttpProxyList(self, val): 
    247242        """Set to list of hosts for which to ignore the HTTP Proxy setting""" 
     
    254249 
    255250    noHttpProxyList = property(fset=__setNoHttpProxyList,  
    256     doc="Set to list of hosts for which to ignore the HTTP Proxy setting") 
    257      
    258  
    259     #_________________________________________________________________________ 
     251                               doc="Set to list of hosts for which to ignore " 
     252                                   "the HTTP Proxy setting") 
     253     
     254 
    260255    def __setSSLPeerCertCN(self, cn): 
    261256        """For use with HTTPS connections only.  Specify the Common 
     
    271266 
    272267    sslPeerCertCN = property(fset=__setSSLPeerCertCN,  
    273 doc="for https connections, set CN of peer cert if other than peer hostname") 
    274  
    275  
    276     #_________________________________________________________________________ 
     268                             doc="for https connections, set CN of peer cert " 
     269                                 "if other than peer hostname") 
     270 
     271 
    277272    def __setSSLCACertList(self, caCertList): 
    278273        """For use with HTTPS connections only.  Specify CA certs to one of  
     
    288283 
    289284    sslCACertList = property(fset=__setSSLCACertList,  
    290 doc="for https connections, set list of CA certs from which to verify peer cert") 
    291  
    292  
    293     #_________________________________________________________________________ 
     285                             doc="for https connections, set list of CA certs " 
     286                                 "from which to verify peer cert") 
     287 
     288 
    294289    def __setSSLCACertFilePathList(self, caCertFilePathList): 
    295290        """For use with HTTPS connections only.  Specify CA certs to one of  
     
    306301 
    307302    sslCACertFilePathList = property(fset=__setSSLCACertFilePathList,  
    308                                      doc=\ 
    309 "for https connections, set list of CA cert files from which to verify peer cert") 
    310  
    311  
    312     #_________________________________________________________________________ 
     303                                     doc="for https connections, set list of " 
     304                                     "CA cert files from which to verify peer " 
     305                                     "cert") 
     306 
     307 
    313308    def __setSignatureHandler(self, signatureHandler): 
    314309        """Set SignatureHandler object property method - set to None to for no 
     
    316311        if signatureHandler is not None and \ 
    317312           not isinstance(signatureHandler, SignatureHandler): 
    318             raise AttributeError, \ 
    319     "Signature Handler must be %s type or None for no message security" % \ 
    320         "ndg.security.common.wssecurity.dom.SignatureHandler" 
     313            raise AttributeError("Signature Handler must be %s type or None " 
     314                                 "for no message security" % 
     315                        "ndg.security.common.wssecurity.dom.SignatureHandler") 
    321316                             
    322317        self.__signatureHandler = signatureHandler 
    323318 
    324  
    325     #_________________________________________________________________________ 
    326319    def __getSignatureHandler(self): 
    327320        "Get SignatureHandler object property method" 
     
    332325                                doc="SignatureHandler object") 
    333326     
    334          
    335     #_________________________________________________________________________ 
    336327    def initService(self, uri=None): 
    337328        """Set the WS client for the Session Manager""" 
     
    352343                (self.__uri, e.status, e.reason) 
    353344     
    354          
    355     #_________________________________________________________________________    
    356345    def connect(self, 
    357346                username, 
     
    383372     
    384373        if not self.__srv: 
    385             raise InvalidAttributeAuthorityClientCtx(\ 
    386                                         "Client binding is not initialised") 
     374            raise InvalidSessionManagerClientCtx("Client binding is not " 
     375                                                 "initialised") 
    387376         
    388377        if passphrase is None: 
     
    401390        return tuple([isinstance(i,unicode) and str(i) or i for i in res]) 
    402391     
    403          
    404     #_________________________________________________________________________    
    405392    def disconnect(self, userCert=None, sessID=None): 
    406393        """Delete an existing user session from the Session Manager 
     
    419406     
    420407        if not self.__srv: 
    421             raise InvalidAttributeAuthorityClientCtx(\ 
    422                                         "Client binding is not initialised") 
     408            raise InvalidSessionManagerClientCtx("Client binding is not " 
     409                                                 "initialised") 
    423410 
    424411        # Make connection 
    425412        self.__srv.disconnect(userCert, sessID) 
    426413     
    427          
    428     #_________________________________________________________________________    
    429414    def getSessionStatus(self, userDN=None, sessID=None): 
    430415        """Check for the existence of a session with a given 
     
    444429     
    445430        if not self.__srv: 
    446             raise InvalidAttributeAuthorityClientCtx(\ 
    447                                         "Client binding is not initialised") 
     431            raise InvalidSessionManagerClientCtx("Client binding is not " 
     432                                                 "initialised") 
    448433         
    449434        if sessID and userDN: 
     
    458443        return self.__srv.getSessionStatus(userDN, sessID) 
    459444 
    460      
    461     #_________________________________________________________________________  
    462445    def getAttCert(self, 
    463446                   userCert=None, 
     
    527510     
    528511        if not self.__srv: 
    529             raise InvalidAttributeAuthorityClientCtx(\ 
    530                                         "Client binding is not initialised") 
     512            raise InvalidSessionManagerClientCtx("Client binding is not " 
     513                                                 "initialised") 
    531514         
    532515        # Make request 
     
    556539        return AttCertParse(attCert) 
    557540     
    558                                      
    559     #_________________________________________________________________________ 
    560541    def getX509Cert(self): 
    561542        """Retrieve the public key of the Session Manager""" 
    562543     
    563544        if not self.__srv: 
    564             raise InvalidAttributeAuthorityClientCtx(\ 
    565                                         "Client binding is not initialised") 
     545            raise InvalidSessionManagerClientCtx("Client binding is not " 
     546                                                 "initialised") 
    566547        return self.__srv.getX509Cert() 
    567548                             
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

    r4385 r4406  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c0bcc> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bc92c> 
    3232    def getAttCert(self, userId,userCert,userAttCert): 
    3333 
     
    4646        return attCert,msg 
    4747 
    48     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c0eec> 
     48    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bcc4c> 
    4949    def getHostInfo(self): 
    5050 
     
    6464        return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN 
    6565 
    66     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6b6c> 
     66    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c38cc> 
    6767    def getTrustedHostInfo(self, role): 
    6868 
     
    7878        return trustedHosts 
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6d0c> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3a6c> 
    8181    def getAllHostsInfo(self): 
    8282 
     
    9191        return hosts 
    9292 
    93     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c6e8c> 
     93    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3bec> 
    9494    def getX509Cert(self): 
    9595 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py

    r4389 r4406  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c524c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bef6c> 
    3232    def getSessionStatus(self, userDN,sessID): 
    3333 
     
    4444        return isAlive 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c554c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c428c> 
    4747    def connect(self, username,passphrase,createServerSess): 
    4848 
     
    5757        # no output wsaction 
    5858        response = self.binding.Receive(connectOutputMsg.typecode) 
    59         userCert = response._userCert 
     59        userX509Cert = response._userX509Cert 
    6060        userPriKey = response._userPriKey 
    6161        issuingCert = response._issuingCert 
    6262        sessID = response._sessID 
    63         return userCert,userPriKey,issuingCert,sessID 
     63        return userX509Cert,userPriKey,issuingCert,sessID 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd26c> 
    66     def disconnect(self, userCert,sessID): 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c4f8c> 
     66    def disconnect(self, userX509Cert,sessID): 
    6767 
    6868        request = disconnectInputMsg() 
    69         request._userCert = userCert 
     69        request._userX509Cert = userX509Cert 
    7070        request._sessID = sessID 
    7171 
     
    7777        return  
    7878 
    79     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd40c> 
    80     def getAttCert(self, userCert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
     79    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc14c> 
     80    def getAttCert(self, userX509Cert,sessID,attAuthorityURI,attAuthorityCert,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8181 
    8282        request = getAttCertInputMsg() 
    83         request._userCert = userCert 
     83        request._userX509Cert = userX509Cert 
    8484        request._sessID = sessID 
    8585        request._attAuthorityURI = attAuthorityURI 
     
    101101        return attCert,msg,extAttCertOut 
    102102 
    103     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cd58c> 
     103    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84cc2cc> 
    104104    def getX509Cert(self): 
    105105 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services_types.py

    r4389 r4406  
    8686        def __init__(self, **kw): 
    8787            ns = ns0.connectResponse_Dec.schema 
    88             TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
     88            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userPriKey", aname="_userPriKey", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="issuingCert", aname="_issuingCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    8989            kw["pname"] = ("urn:ndg:security:SessionManager","connectResponse") 
    9090            kw["aname"] = "_connectResponse" 
     
    9696                def __init__(self): 
    9797                    # pyclass 
    98                     self._userCert = None 
     98                    self._userX509Cert = None 
    9999                    self._userPriKey = None 
    100100                    self._issuingCert = None 
     
    109109        def __init__(self, **kw): 
    110110            ns = ns0.disconnect_Dec.schema 
    111             TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
     111            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    112112            kw["pname"] = ("urn:ndg:security:SessionManager","disconnect") 
    113113            kw["aname"] = "_disconnect" 
     
    119119                def __init__(self): 
    120120                    # pyclass 
    121                     self._userCert = None 
     121                    self._userX509Cert = None 
    122122                    self._sessID = None 
    123123                    return 
     
    149149        def __init__(self, **kw): 
    150150            ns = ns0.getAttCert_Dec.schema 
    151             TClist = [ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
     151            TClist = [ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="sessID", aname="_sessID", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityURI", aname="_attAuthorityURI", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="attAuthorityCert", aname="_attAuthorityCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="reqRole", aname="_reqRole", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="mapFromTrustedHosts", aname="_mapFromTrustedHosts", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.Boolean(pname="rtnExtAttCertList", aname="_rtnExtAttCertList", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extAttCert", aname="_extAttCert", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="extTrustedHost", aname="_extTrustedHost", minOccurs=0, maxOccurs="unbounded", nillable=False, typed=False, encoded=kw.get("encoded"))] 
    152152            kw["pname"] = ("urn:ndg:security:SessionManager","getAttCert") 
    153153            kw["aname"] = "_getAttCert" 
     
    159159                def __init__(self): 
    160160                    # pyclass 
    161                     self._userCert = None 
     161                    self._userX509Cert = None 
    162162                    self._sessID = None 
    163163                    self._attAuthorityURI = None 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl

    r4385 r4406  
    4242        <xsd:complexType> 
    4343                  <xsd:sequence> 
    44                     <xsd:element name="userCert" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
    45                     <xsd:element name="userPriKey" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
     44                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     45                    <xsd:element name="userPriKey" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    4646                    <xsd:element name="issuingCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    4747                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     
    5353        <xsd:complexType> 
    5454                  <xsd:sequence> 
    55                     <xsd:element name="userCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     55                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    5656                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    5757                  </xsd:sequence> 
     
    6666        <xsd:complexType> 
    6767                  <xsd:sequence> 
    68                     <xsd:element name="userCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     68                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    6969                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    7070                    <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/SessionManager_services_server.py

    r4386 r4406  
    4646        <xsd:complexType> 
    4747                  <xsd:sequence> 
    48                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userCert\" type=\"xsd:string\"/> 
    49                     <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"userPriKey\" type=\"xsd:string\"/> 
     48                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
     49                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userPriKey\" type=\"xsd:string\"/> 
    5050                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"issuingCert\" type=\"xsd:string\"/> 
    5151                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
     
    5757        <xsd:complexType> 
    5858                  <xsd:sequence> 
    59                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/> 
     59                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
    6060                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
    6161                  </xsd:sequence> 
     
    7070        <xsd:complexType> 
    7171                  <xsd:sequence> 
    72                     <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/> 
     72                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
    7373                    <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"sessID\" type=\"xsd:string\"/> 
    7474                    <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"attAuthorityURI\" type=\"xsd:string\"/> 
     
    280280        if hasattr(self,'impl'): 
    281281            # Should have a tuple of 4 args 
    282             result._userCert = parameters[0] 
     282            result._userX509Cert = parameters[0] 
    283283            result._userPriKey = parameters[1] 
    284284            result._issuingCert = parameters[2] 
     
    291291    def soap_disconnect(self, ps): 
    292292        self.request = ps.Parse(disconnectInputMsg.typecode) 
    293         parameters = (self.request._userCert, self.request._sessID) 
     293        parameters = (self.request._userX509Cert, self.request._sessID) 
    294294 
    295295        # If we have an implementation object use it 
     
    305305    def soap_getAttCert(self, ps): 
    306306        self.request = ps.Parse(getAttCertInputMsg.typecode) 
    307         parameters = (self.request._userCert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
     307        parameters = (self.request._userX509Cert, self.request._sessID, self.request._attAuthorityURI, self.request._attAuthorityCert, self.request._reqRole, self.request._mapFromTrustedHosts, self.request._rtnExtAttCertList, self.request._extAttCert, self.request._extTrustedHost) 
    308308 
    309309        # If we have an implementation object use it 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

    r4404 r4406  
    1818from ndg.security.server.zsi.sessionmanager.SessionManager_services_server \ 
    1919    import SessionManagerService as _SessionManagerService 
    20  
     20from ndg.security.common.zsi.sessionmanager.SessionManager_services import \ 
     21    connectInputMsg, disconnectInputMsg, getSessionStatusInputMsg, \ 
     22    getAttCertInputMsg 
     23     
     24     
    2125from ndg.security.server.sessionmanager import SessionManager 
    2226     
     
    5458            pdb.set_trace() 
    5559             
     60        request = ps.Parse(connectInputMsg.typecode)     
    5661        response = _SessionManagerService.soap_connect(self, ps) 
    5762         
     
    6065                                 createServerSess=request.CreateServerSess) 
    6166                     
    62         response.UserCert, response.UserPriKey, response.issuingCert, \ 
     67        response.UserX509Cert, response.UserPriKey, response.issuingCert, \ 
    6368            response.SessID = result 
    6469                  
     
    7681            import pdb 
    7782            pdb.set_trace() 
    78                          
     83            
     84        request = ps.Parse(disconnectInputMsg.typecode)              
    7985        response = _SessionManagerService.soap_disconnect(self, ps) 
    8086         
     
    9298            # Get certificate corresponding to private key that signed the 
    9399            # message - i.e. the user's proxy 
    94             userCert = signatureFilter.signatureHandler.verifyingCert 
     100            userX509Cert = signatureFilter.signatureHandler.verifyingCert 
    95101        else: 
    96102            # No signature from client - they must instead provide the 
    97             # designated holder cert via the UserCert input 
    98             userCert = request.UserCert 
    99         self.sm.deleteUserSession(sessID=sessID, userCert=userCert) 
     103            # designated holder cert via the UserX509Cert input 
     104            userX509Cert = request.UserX509Cert 
     105        self.sm.deleteUserSession(sessID=sessID, userX509Cert=userX509Cert) 
    100106        return response 
    101107 
     
    114120            pdb.set_trace() 
    115121             
     122        request = ps.Parse(getSessionStatusInputMsg.typecode)              
    116123        response = _SessionManagerService.soap_getSessionStatus(self, ps) 
    117124         
     
    134141            pdb.set_trace() 
    135142             
     143        request = ps.Parse(getAttCertInputMsg.typecode)              
    136144        response = _SessionManagerService.soap_getAttCert(self, ps) 
    137145 
     
    145153            # Get certificate corresponding to private key that signed the 
    146154            # message - i.e. the user's proxy 
    147             userCert = signatureFilter.signatureHandler.verifyingCert 
     155            userX509Cert = signatureFilter.signatureHandler.verifyingCert 
    148156        else: 
    149157            # No signature from client - they must instead provide the 
    150             # designated holder cert via the UserCert input 
    151             userCert = request.UserCert 
     158            # designated holder cert via the UserX509Cert input 
     159            userX509Cert = request.UserX509Cert 
    152160 
    153161         
    154         # Cert used in signature is prefered over userCert input element -  
    155         # userCert may have been omitted. 
     162        # Cert used in signature is prefered over userX509Cert input element -  
     163        # userX509Cert may have been omitted. 
    156164        result = self.sm.getAttCert( 
    157                             userCert=userCert or request.UserCert, 
     165                            userX509Cert=userX509Cert or request.UserX509Cert, 
    158166                            sessID=request.SessID, 
    159167                            aaURI=request.AttAuthorityURI, 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py

    r4404 r4406  
    2222from ndg.security.common.AttCert import AttCertRead 
    2323from ndg.security.common.X509 import X509CertParse, X509CertRead 
    24 from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 
    2524from ndg.security.common.utils.ConfigFileParsers import \ 
    2625    CaseSensitiveConfigParser 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4404 r4406  
    11#!/usr/bin/env python 
    22"""Test harness for NDG Session Manager - makes requests for  
    3 authentication and authorisation.  Attribute Authority services must be running 
    4 for *AttCert* test methods 
     3authentication and attribute retrieval.  Attribute Authority services must be  
     4running for *AttCert* test methods.  See README in this directory for details 
    55 
    66NERC Data Grid Project 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg

    r4318 r4406  
    1010# $Id:$ 
    1111[setUp] 
    12 smuri = https://localhost:5700/SessionManager 
     12uri = http://localhost:5500/SessionManager 
    1313 
    1414# For https connections only.  !Omit ssl* settings if using http! 
    1515# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    1616# same as peer hostname.  
    17 #sslpeercertcn = junk 
     17#sslPeerCertCN = junk 
    1818 
    1919# For https only - List of CA certificates to enable this client to verify  
    2020# the server's SSL X.509 certificate 
    21 sslcacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    22  
    23 # Set to False to test service without WS-Security signature 
    24 setsignaturehandler = True 
    25  
    26 # ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
    27 # one which applies or leave as default settings (recommended unless you really 
    28 # know what you're doing!) 
    29  
    30 # Specifies token is an X.509 certificate 
    31 #reqbinsectokvaltype = X509 
    32  
    33 # Stipulate X.509 version 3 format 
    34 reqbinsectokvaltype = X509v3 
    35  
    36 # Specify multiple certificates in a chain of trust.  Use this setting for  
    37 # proxy certificates where a certificate chain consisting of user certificate 
    38 # and proxy certificate is required to secure trust back to the 
    39 # CA: <- User Certificate <- Proxy Certificate 
    40 #reqbinsectokvaltype = X509PKIPathv1 
    41  
    42 # Client certificate - used for unit tests where a user certificate is not  
    43 # available.  This applies for initial calls to Session Manager connect and to  
    44 # calls where the user is identified by a session id. 
    45 # 
    46 # if "reqbinsectokvaltype = X509PKIPathv1" above then this certificate is  
    47 # expected to contain a certificate chain of consisting of a proxy certificate  
    48 # and user certificate that issued it.  The default is  
    49 # test.crt, a standard certificate.   
    50 # 
    51 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
    52 # AttAuthorityClientTest.py to default to the same directory as the script 
    53 clntcertfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.crt 
    54  
    55 # Client private key 
    56 clntprikeyfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.key 
    57  
    58 # Set password for private key - leave blank if no password is set or comment  
    59 # out to be prompted for it from the command line 
    60 clntprikeypwd =  
    61  
    62 # Space separated list of CA certificate files used to verify certificate used 
    63 # in message signature 
    64 cacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    65  
    66 # Inclusive namespaces for Exclusive C14N 
    67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 refC14nInclNS:  
    70 signedInfoC14nInclNS:  
     21sslCACertFilePathList = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    7122 
    7223[test1Connect]  
    7324username = testuser 
    74 #passphrase = testpassword 
     25passphrase = testpassword 
    7526 
    7627[test3ConnectNoCreateServerSess]          
    7728username = testuser 
    78 #passphrase = testpassword 
     29passphrase = testpassword 
    7930 
    8031[test6GetAttCertWithSessID] 
     
    8233acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 
    8334 
    84 [test6aGetAttCertRefusedWithSessID] 
     35[test7GetAttCertRefusedWithSessID] 
    8536aaURI = http://localhost:5100/AttributeAuthority 
    8637 
     
    9546[test7GetAttCertWithUserCert] 
    9647aaURI = http://localhost:5000/AttributeAuthority 
     48 
     49[wsse] 
     50# WS-Security settings for unit test AA clients 
     51# 
     52# OUTBOUND MESSAGE CONFIG 
     53 
     54# Signature of an outbound message 
     55 
     56# Certificate associated with private key used to sign a message.  The sign  
     57# method will add this to the BinarySecurityToken element of the WSSE header.   
     58signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.crt 
     59 
     60# PEM encoded private key file 
     61signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.key 
     62 
     63# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     64# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     65# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     66# give full namespace to alternative - see  
     67# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     68# 
     69# binSecTokValType determines whether signingCert or signingCertChain  
     70# attributes will be used. 
     71reqBinSecTokValType=X509v3 
     72 
     73# Add a timestamp element to an outbound message 
     74addTimestamp=True 
     75 
     76# For WSSE 1.1 - service returns signature confirmation containing signature  
     77# value sent by client 
     78applySignatureConfirmation=False 
     79 
     80# 
     81# INBOUND MESSAGE CONFIG 
     82 
     83# Provide a space separated list of file paths 
     84caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

    r4405 r4406  
    11#!/usr/bin/env python 
    2 """Test harness for NDG Session Manager client - makes requests for  
    3 authentication and authorisation.  An Attribute Authority and Simple CA 
    4 services must be running for the reqAuthorisation and addUser tests 
     2"""Test harness for NDG Session Manager SOAP client interface - makes requests  
     3for authentication and attribute retrieval.  Test Session Manager and Attribute 
     4Authority services must be running for *AttCert* tests.  See README in this  
     5directory 
    56 
    67NERC Data Grid Project 
     
    1314License, version 1.0 or later.""" 
    1415__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    15 __revision__ = '$Id:SessionMgrClientTest.py 4403 2008-10-31 13:41:54Z pjkersha $' 
     16__revision__ = '$Id$' 
    1617 
    1718import unittest 
    18 import os, sys, getpass, re 
    19 from ConfigParser import SafeConfigParser 
     19import os 
     20import sys 
     21import getpass 
     22import re 
     23 
     24from os.path import expandvars as xpdVars 
     25from os.path import join as jnPath 
     26mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 
    2027 
    2128from ndg.security.common.sessionmanager import SessionManagerClient, \ 
     
    2431from ndg.security.common.X509 import X509CertParse, X509CertRead 
    2532from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 
    26  
    27 from os.path import expandvars as xpdVars 
    28 from os.path import join as jnPath 
    29 mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 
     33from ndg.security.common.utils.ConfigFileParsers import \ 
     34    CaseSensitiveConfigParser 
    3035 
    3136 
    3237class SessionManagerClientTestCase(unittest.TestCase): 
     38    '''Unit tests for ndg.security.common.sessionmanager.SessionManagerClient 
     39    - SOAP Session Manager client interface 
     40    ''' 
    3341    pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----" 
    3442         
     
    4149        certChainFileTxt = open(certChainFilePath).read() 
    4250         
    43         pemPatRE = re.compile(self.__class__.pemPat, re.S) 
     51        pemPatRE = re.compile(SessionManagerClientTestCase.pemPat, re.S) 
    4452        x509CertList = pemPatRE.findall(certChainFileTxt) 
    4553         
     
    5462 
    5563 
     64#    def setUp(self): 
     65#         
     66#        if 'NDGSEC_INT_DEBUG' in os.environ: 
     67#            import pdb 
     68#            pdb.set_trace() 
     69#         
     70#        if 'NDGSEC_SMCLNT_UNITTEST_DIR' not in os.environ: 
     71#            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 
     72#                os.path.abspath(os.path.dirname(__file__)) 
     73#         
     74#        configParser = SafeConfigParser() 
     75#        configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
     76#                                "sessionMgrClientTest.cfg") 
     77#        configParser.read(configFilePath) 
     78#         
     79#        self.cfg = {} 
     80#        for section in configParser.sections(): 
     81#            self.cfg[section] = dict(configParser.items(section)) 
     82# 
     83#        try: 
     84#            if self.cfg['setUp'].get('clntprikeypwd') is None: 
     85#                clntPriKeyPwd = getpass.getpass(\ 
     86#                            prompt="\nsetUp - client private key password: ") 
     87#            else: 
     88#                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 
     89#        except KeyboardInterrupt: 
     90#            sys.exit(0) 
     91# 
     92#        # List of CA certificates for use in validation of certs used in 
     93#        # signature for server reponse 
     94#        try: 
     95#            caCertFilePathList = [xpdVars(file) for file in \ 
     96#                            self.cfg['setUp']['cacertfilepathlist'].split()] 
     97#        except: 
     98#            caCertFilePathList = [] 
     99#           
     100#        try: 
     101#            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
     102#                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     103#        except KeyError: 
     104#            sslCACertList = [] 
     105#           
     106#        clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 
     107#        clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 
     108#         
     109#        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
     110# 
     111#        # Set format for certificate(s) to be included in client SOAP messages 
     112#        # to enable the Session Manager server to verify messages. 
     113#        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
     114#            signingCertChain = \ 
     115#                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     116#            signingCertFilePath = None 
     117#        else: 
     118#            signingCertChain = None 
     119#            signingCertFilePath = clntCertFilePath 
     120# 
     121#        # Inclusive namespace prefixes for Exclusive C14N 
     122#        try: 
     123#            refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()            
     124#        except KeyError: 
     125#            refC14nInclNS = [] 
     126# 
     127#        try: 
     128#            signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()           
     129#        except KeyError: 
     130#            signedInfoC14nInclNS = [] 
     131#                 
     132#        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
     133#             
     134#        # Initialise the Session Manager client connection 
     135#        # Omit traceFile keyword to leave out SOAP debug info 
     136#        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 
     137#                        sslCACertList=sslCACertList, 
     138#                        sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
     139#                        setSignatureHandler=setSignatureHandler, 
     140#                        reqBinSecTokValType=reqBinSecTokValType, 
     141#                        signingCertFilePath=clntCertFilePath, 
     142#                        signingCertChain=signingCertChain, 
     143#                        signingPriKeyFilePath=clntPriKeyFilePath, 
     144#                        signingPriKeyPwd=clntPriKeyPwd, 
     145#                        caCertFilePathList=caCertFilePathList, 
     146#                        refC14nInclNS=refC14nInclNS, 
     147#                        signedInfoC14nInclNS=signedInfoC14nInclNS, 
     148#                        tracefile=sys.stderr)  
     149         
    56150    def setUp(self): 
    57          
     151 
    58152        if 'NDGSEC_INT_DEBUG' in os.environ: 
    59153            import pdb 
     
    63157            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 
    64158                os.path.abspath(os.path.dirname(__file__)) 
    65          
    66         configParser = SafeConfigParser() 
    67         configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
    68                                 "sessionMgrClientTest.cfg") 
    69         configParser.read(configFilePath) 
     159 
     160        self.cfgParser = CaseSensitiveConfigParser() 
     161        cfgFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
     162                                'sessionMgrClientTest.cfg') 
     163        self.cfgParser.read(cfgFilePath) 
    70164         
    71165        self.cfg = {} 
    72         for section in configParser.sections(): 
    73             self.cfg[section] = dict(configParser.items(section)) 
    74  
    75         try: 
    76             if self.cfg['setUp'].get('clntprikeypwd') is None: 
    77                 clntPriKeyPwd = getpass.getpass(\ 
    78                             prompt="\nsetUp - client private key password: ") 
    79             else: 
    80                 clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 
    81         except KeyboardInterrupt: 
    82             sys.exit(0) 
    83  
    84         # List of CA certificates for use in validation of certs used in 
    85         # signature for server reponse 
    86         try: 
    87             caCertFilePathList = [xpdVars(file) for file in \ 
    88                             self.cfg['setUp']['cacertfilepathlist'].split()] 
    89         except: 
    90             caCertFilePathList = [] 
    91            
     166        for section in self.cfgParser.sections(): 
     167            self.cfg[section] = dict(self.cfgParser.items(section)) 
     168 
    92169        try: 
    93170            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
    94                          self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     171                         self.cfg['setUp']['sslCACertFilePathList'].split()] 
    95172        except KeyError: 
    96173            sslCACertList = [] 
    97            
    98         clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 
    99         clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 
    100          
    101         reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    102  
    103         # Set format for certificate(s) to be included in client SOAP messages 
    104         # to enable the Session Manager server to verify messages. 
    105         if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    106             signingCertChain = \ 
    107                         self._getCertChainFromProxyCertFile(clntCertFilePath) 
    108             signingCertFilePath = None 
    109         else: 
    110             signingCertChain = None 
    111             signingCertFilePath = clntCertFilePath 
    112  
    113         # Inclusive namespace prefixes for Exclusive C14N 
    114         try: 
    115             refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()            
    116         except KeyError: 
    117             refC14nInclNS = [] 
    118  
    119         try: 
    120             signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()           
    121         except KeyError: 
    122             signedInfoC14nInclNS = [] 
    123                  
    124         setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
    125              
    126         # Initialise the Session Manager client connection 
    127         # Omit traceFile keyword to leave out SOAP debug info 
    128         self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 
     174             
     175        # Instantiate WS proxy 
     176        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'], 
     177                        sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'), 
    129178                        sslCACertList=sslCACertList, 
    130                         sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
    131                         setSignatureHandler=setSignatureHandler, 
    132                         reqBinSecTokValType=reqBinSecTokValType, 
    133                         signingCertFilePath=clntCertFilePath, 
    134                         signingCertChain=signingCertChain, 
    135                         signingPriKeyFilePath=clntPriKeyFilePath, 
    136                         signingPriKeyPwd=clntPriKeyPwd, 
    137                         caCertFilePathList=caCertFilePathList, 
    138                         refC14nInclNS=refC14nInclNS, 
    139                         signedInfoC14nInclNS=signedInfoC14nInclNS, 
    140                         tracefile=sys.stderr)  
    141          
     179                        cfgFileSection='wsse', 
     180                        cfg=self.cfgParser)   
     181                
    142182        self.sessID = None 
    143         self.userCert = None 
     183        self.userX509Cert = None 
    144184        self.userPriKey = None 
    145185        self.issuingCert = None 
     
    152192        username = self.cfg['test1Connect']['username'] 
    153193         
    154         if self.__class__.test2Passphrase is None: 
    155             self.__class__.test2Passphrase = \ 
     194        if SessionManagerClientTestCase.test2Passphrase is None: 
     195            SessionManagerClientTestCase.test2Passphrase = \ 
    156196                                    self.cfg['test1Connect'].get('passphrase') 
    157197         
    158         if not self.__class__.test2Passphrase: 
    159             self.__class__.test2Passphrase = getpass.getpass(\ 
     198        if not SessionManagerClientTestCase.test2Passphrase: 
     199            SessionManagerClientTestCase.test2Passphrase = getpass.getpass(\ 
    160200                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    161201 
    162         self.userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
     202        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
    163203            self.clnt.connect(self.cfg['test1Connect']['username'],  
    164                               passphrase=self.__class__.test2Passphrase) 
    165  
    166         print "User '%s' connected to Session Manager:\n%s" % \ 
    167                                                         (username, self.sessID) 
    168              
    169         creds='\n'.join((self.issuingCert or '', 
    170                          self.userCert, 
    171                          self.userPriKey)) 
    172         open(mkPath("user.creds"), "w").write(creds) 
     204                    passphrase=SessionManagerClientTestCase.test2Passphrase) 
     205 
     206        print("User '%s' connected to Session Manager:\n%s" %  
     207                                                    (username, self.sessID)) 
    173208             
    174209             
     
    181216                "Session is dead" 
    182217                 
    183         print "User connected to Session Manager with sessID=%s" % self.sessID 
     218        print("User connected to Session Manager with sessID=%s" % self.sessID) 
    184219 
    185220        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
     
    190225 
    191226    def test3ConnectNoCreateServerSess(self): 
    192         """test3ConnectNoCreateServerSess: Connect as a non browser client -  
    193         sessID should be None""" 
     227        """test3ConnectNoCreateServerSess: Connect without creating a session -  
     228        sessID should be None.  This only indicates that the username/password 
     229        are correct.  To be of practical use the AuthNService plugin at 
     230        the Session Manager needs to return X.509 credentials e.g. 
     231        with MyProxy plugin.""" 
    194232 
    195233        username = self.cfg['test3ConnectNoCreateServerSess']['username'] 
    196234         
    197         if self.__class__.test3Passphrase is None: 
    198             self.__class__.test3Passphrase = \ 
     235        if SessionManagerClientTestCase.test3Passphrase is None: 
     236            SessionManagerClientTestCase.test3Passphrase = \ 
    199237                self.cfg['test3ConnectNoCreateServerSess'].get('passphrase') 
    200238                 
    201         if not self.__class__.test3Passphrase: 
     239        if not SessionManagerClientTestCase.test3Passphrase: 
    202240            prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: " 
    203             self.__class__.test3Passphrase = getpass.getpass(\ 
     241            SessionManagerClientTestCase.test3Passphrase = getpass.getpass(\ 
    204242                                                    prompt=prompt % username) 
    205243             
    206         self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
     244        userX509Cert, userPriKey,issuingCert, sessID = \ 
    207245            self.clnt.connect(username,  
    208                               passphrase=self.__class__.test3Passphrase, 
    209                               createServerSess=False) 
     246                      passphrase=SessionManagerClientTestCase.test3Passphrase, 
     247                      createServerSess=False) 
    210248         
    211249        # Expect null session ID 
    212250        assert(not sessID) 
    213251           
    214         print "User '%s' retrieved creds. from Session Manager:\n%s" % \ 
    215                                                     (username, self.userCert) 
     252        print("Successfully authenticated") 
    216253             
    217254 
    218255    def test4DisconnectWithSessID(self): 
    219         """test4DisconnectWithSessID: disconnect as if acting as a browser client  
     256        """test4DisconnectWithSessID: disconnect as if acting as a browser  
     257        client  
    220258        """ 
    221259         
     
    228266             
    229267 
    230     def test5DisconnectWithUserCert(self): 
    231         """test5DisconnectWithUserCert: Disconnect as a command line client  
     268    def test5DisconnectWithUserX509Cert(self): 
     269        """test5DisconnectWithUserX509Cert: Disconnect as a command line client  
    232270        """ 
    233271         
    234         print "\n\t" + self.test5DisconnectWithUserCert.__doc__ 
     272        print "\n\t" + self.test5DisconnectWithUserX509Cert.__doc__ 
    235273        self.test1Connect() 
    236274         
     
    241279            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    242280            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    243                                                            self.userCert) 
     281                                                           self.userX509Cert) 
    244282            self.clnt.signatureHandler.signingCert = None 
    245283        else: 
    246284            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     285            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     286                SessionManagerClientTestCase.test2Passphrase 
    247287            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    248288            self.clnt.signatureHandler.signingCertChain = () 
    249             self.clnt.signatureHandler.signingCert = self.userCert 
     289            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    250290             
    251291        # Proxy cert in signature determines ID of session to 
    252292        # delete 
    253293        self.clnt.disconnect() 
    254         print "User disconnected from Session Manager:\n%s" % self.userCert 
     294        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
    255295 
    256296 
     
    264304        attCert = self.clnt.getAttCert(\ 
    265305            sessID=self.sessID,  
    266             attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aauri']) 
     306            attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aaURI']) 
    267307         
    268308        print "Attribute Certificate:\n%s" % attCert  
     
    272312 
    273313 
    274     def test6aGetAttCertRefusedWithSessID(self): 
    275         """test6aGetAttCertRefusedWithSessID: make an attribute request using 
     314    def test7GetAttCertRefusedWithSessID(self): 
     315        """test7GetAttCertRefusedWithSessID: make an attribute request using 
    276316        a sessID as authentication credential requesting an AC from an 
    277317        Attribute Authority where the user is NOT registered""" 
    278318 
    279         print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__         
    280         self.test1Connect() 
    281          
    282         aaURI = self.cfg['test6aGetAttCertRefusedWithSessID']['aauri'] 
     319        print "\n\t" + self.test7GetAttCertRefusedWithSessID.__doc__         
     320        self.test1Connect() 
     321         
     322        aaURI = self.cfg['test7GetAttCertRefusedWithSessID']['aaURI'] 
    283323         
    284324        try: 
     
    293333 
    294334 
    295     def test6bGetMappedAttCertWithSessID(self): 
    296         """test6bGetMappedAttCertWithSessID: make an attribute request using 
     335    def test8GetMappedAttCertWithSessID(self): 
     336        """test8GetMappedAttCertWithSessID: make an attribute request using 
    297337        a session ID as authentication credential""" 
    298338 
    299         print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__         
    300         self.test1Connect() 
    301          
    302         aaURI = self.cfg['test6bGetMappedAttCertWithSessID']['aauri'] 
     339        print "\n\t" + self.test8GetMappedAttCertWithSessID.__doc__         
     340        self.test1Connect() 
     341         
     342        aaURI = self.cfg['test8GetMappedAttCertWithSessID']['aaURI'] 
    303343         
    304344        attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) 
     
    307347 
    308348 
    309     def test6cGetAttCertWithExtAttCertListWithSessID(self): 
    310         """test6cGetAttCertWithSessID: make an attribute request using 
    311         a session ID as authentication credential""" 
     349    def test9GetAttCertWithExtAttCertListWithSessID(self): 
     350        """test9GetAttCertWithExtAttCertListWithSessID: make an attribute  
     351        request usinga session ID as authentication credential""" 
    312352         
    313353        print "\n\t" + \ 
    314             self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__         
     354            self.test9GetAttCertWithExtAttCertListWithSessID.__doc__         
    315355        self.test1Connect() 
    316356         
    317357        aaURI = \ 
    318             self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['aauri'] 
     358            self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['aaURI'] 
    319359         
    320360        # Use output from test6GetAttCertWithSessID! 
    321361        extACFilePath = xpdVars(\ 
    322     self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath']) 
     362    self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['extACFilePath']) 
    323363        extAttCert = open(extACFilePath).read() 
    324364         
     
    327367                                       extAttCertList=[extAttCert]) 
    328368           
    329         print "Attribute Certificate:\n%s" % attCert   
    330  
    331  
    332     def test7GetAttCertWithUserCert(self): 
    333         """test7GetAttCertWithUserCert: make an attribute request using 
     369        print("Attribute Certificate:\n%s" % attCert)   
     370 
     371 
     372    def test10GetAttCertWithUserX509Cert(self): 
     373        """test10GetAttCertWithUserX509Cert: make an attribute request using 
    334374        a user cert as authentication credential""" 
    335         print "\n\t" + self.test7GetAttCertWithUserCert.__doc__ 
     375        print "\n\t" + self.test10GetAttCertWithUserX509Cert.__doc__ 
    336376        self.test1Connect() 
    337377 
     
    340380            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    341381            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    342                                                            self.userCert) 
     382                                                           self.userX509Cert) 
    343383            self.clnt.signatureHandler.signingCert = None 
    344384        else: 
     
    346386            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    347387            self.clnt.signatureHandler.signingCertChain = () 
    348             self.clnt.signatureHandler.signingCert = self.userCert 
     388            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    349389         
    350390        # Request an attribute certificate from an Attribute Authority  
    351391        # using the userCert returned from connect() 
    352392         
    353         aaURI = self.cfg['test7GetAttCertWithUserCert']['aauri'] 
     393        aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI'] 
    354394        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    355395           
    356         print "Attribute Certificate:\n%s" % attCert   
    357  
    358  
    359     def test8GetX509Cert(self): 
    360         "test8GetX509Cert: return the Session Manager's X.509 Cert." 
     396        print("Attribute Certificate:\n%s" % attCert)   
     397 
     398 
     399    def test11GetX509Cert(self): 
     400        "test11GetX509Cert: return the Session Manager's X.509 Cert." 
    361401        cert = self.clnt.getX509Cert() 
    362402                                              
    363         print "Session Manager X.509 Certificate:\n" + cert 
    364              
    365              
    366 #_____________________________________________________________________________        
     403        print("Session Manager X.509 Certificate:\n" + cert) 
     404             
     405             
    367406class SessionManagerClientTestSuite(unittest.TestSuite): 
    368407     
     
    374413                    "test3ConnectNoCreateServerSess", 
    375414                    "test4DisconnectWithSessID", 
    376                     "test5DisconnectWithUserCert", 
     415                    "test5DisconnectWithUserX509Cert", 
    377416                    "test6GetAttCertWithSessID", 
    378                     "test6bGetMappedAttCertWithSessID", 
    379                     "test6cGetAttCertWithExtAttCertListWithSessID", 
    380                     "test7GetAttCertWithUserCert", 
    381                     "test8GetX509Cert", 
     417                    "test8GetMappedAttCertWithSessID", 
     418                    "test9GetAttCertWithExtAttCertListWithSessID", 
     419                    "test10GetAttCertWithUserX509Cert", 
     420                    "test11GetX509Cert", 
    382421                  )) 
    383422        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini

    r4405 r4406  
    9898# Authentication service properties  
    9999sessionManager.authNService.moduleFilePath:  
    100 sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn 
    101 sessionManager.authNService.className: BasicAuthN 
    102  
    103 # Specific settings for BasicAuthN Session Manager authentication plugin 
    104 # This sets up two test accounts.  Passwords are MD5 encrypted 
    105 sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
     100sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn 
     101sessionManager.authNService.className: UserCertAuthN 
     102 
     103# Specific settings for UserCertAuthN Session Manager authentication plugin 
     104# This sets up PKI credentials for a single test account 
     105sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt 
     106sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key 
     107sessionManager.authNService.userPriKeyPwd: testpassword 
    106108 
    107109# Settings for the Credential Repository - NullCredRepos is  
Note: See TracChangeset for help on using the changeset viewer.