Ignore:
Timestamp:
31/10/08 16:52:34 (12 years ago)
Author:
pjkersha
Message:
  • Fix to Session Manager WSDL to allow nillable X.509 cert and ptrivate key return from connect operation
  • working session manager client unit tests up to test 4.
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
3 added
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py

    r4404 r4406  
    2222from ndg.security.common.AttCert import AttCertRead 
    2323from ndg.security.common.X509 import X509CertParse, X509CertRead 
    24 from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 
    2524from ndg.security.common.utils.ConfigFileParsers import \ 
    2625    CaseSensitiveConfigParser 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4404 r4406  
    11#!/usr/bin/env python 
    22"""Test harness for NDG Session Manager - makes requests for  
    3 authentication and authorisation.  Attribute Authority services must be running 
    4 for *AttCert* test methods 
     3authentication and attribute retrieval.  Attribute Authority services must be  
     4running for *AttCert* test methods.  See README in this directory for details 
    55 
    66NERC Data Grid Project 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/sessionMgrClientTest.cfg

    r4318 r4406  
    1010# $Id:$ 
    1111[setUp] 
    12 smuri = https://localhost:5700/SessionManager 
     12uri = http://localhost:5500/SessionManager 
    1313 
    1414# For https connections only.  !Omit ssl* settings if using http! 
    1515# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    1616# same as peer hostname.  
    17 #sslpeercertcn = junk 
     17#sslPeerCertCN = junk 
    1818 
    1919# For https only - List of CA certificates to enable this client to verify  
    2020# the server's SSL X.509 certificate 
    21 sslcacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    22  
    23 # Set to False to test service without WS-Security signature 
    24 setsignaturehandler = True 
    25  
    26 # ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
    27 # one which applies or leave as default settings (recommended unless you really 
    28 # know what you're doing!) 
    29  
    30 # Specifies token is an X.509 certificate 
    31 #reqbinsectokvaltype = X509 
    32  
    33 # Stipulate X.509 version 3 format 
    34 reqbinsectokvaltype = X509v3 
    35  
    36 # Specify multiple certificates in a chain of trust.  Use this setting for  
    37 # proxy certificates where a certificate chain consisting of user certificate 
    38 # and proxy certificate is required to secure trust back to the 
    39 # CA: <- User Certificate <- Proxy Certificate 
    40 #reqbinsectokvaltype = X509PKIPathv1 
    41  
    42 # Client certificate - used for unit tests where a user certificate is not  
    43 # available.  This applies for initial calls to Session Manager connect and to  
    44 # calls where the user is identified by a session id. 
    45 # 
    46 # if "reqbinsectokvaltype = X509PKIPathv1" above then this certificate is  
    47 # expected to contain a certificate chain of consisting of a proxy certificate  
    48 # and user certificate that issued it.  The default is  
    49 # test.crt, a standard certificate.   
    50 # 
    51 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
    52 # AttAuthorityClientTest.py to default to the same directory as the script 
    53 clntcertfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.crt 
    54  
    55 # Client private key 
    56 clntprikeyfilepath = $NDGSEC_SMCLNT_UNITTEST_DIR/test.key 
    57  
    58 # Set password for private key - leave blank if no password is set or comment  
    59 # out to be prompted for it from the command line 
    60 clntprikeypwd =  
    61  
    62 # Space separated list of CA certificate files used to verify certificate used 
    63 # in message signature 
    64 cacertfilepathlist = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    65  
    66 # Inclusive namespaces for Exclusive C14N 
    67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 refC14nInclNS:  
    70 signedInfoC14nInclNS:  
     21sslCACertFilePathList = $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    7122 
    7223[test1Connect]  
    7324username = testuser 
    74 #passphrase = testpassword 
     25passphrase = testpassword 
    7526 
    7627[test3ConnectNoCreateServerSess]          
    7728username = testuser 
    78 #passphrase = testpassword 
     29passphrase = testpassword 
    7930 
    8031[test6GetAttCertWithSessID] 
     
    8233acOutFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/ac-out.xml 
    8334 
    84 [test6aGetAttCertRefusedWithSessID] 
     35[test7GetAttCertRefusedWithSessID] 
    8536aaURI = http://localhost:5100/AttributeAuthority 
    8637 
     
    9546[test7GetAttCertWithUserCert] 
    9647aaURI = http://localhost:5000/AttributeAuthority 
     48 
     49[wsse] 
     50# WS-Security settings for unit test AA clients 
     51# 
     52# OUTBOUND MESSAGE CONFIG 
     53 
     54# Signature of an outbound message 
     55 
     56# Certificate associated with private key used to sign a message.  The sign  
     57# method will add this to the BinarySecurityToken element of the WSSE header.   
     58signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.crt 
     59 
     60# PEM encoded private key file 
     61signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm-clnt.key 
     62 
     63# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     64# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     65# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     66# give full namespace to alternative - see  
     67# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     68# 
     69# binSecTokValType determines whether signingCert or signingCertChain  
     70# attributes will be used. 
     71reqBinSecTokValType=X509v3 
     72 
     73# Add a timestamp element to an outbound message 
     74addTimestamp=True 
     75 
     76# For WSSE 1.1 - service returns signature confirmation containing signature  
     77# value sent by client 
     78applySignatureConfirmation=False 
     79 
     80# 
     81# INBOUND MESSAGE CONFIG 
     82 
     83# Provide a space separated list of file paths 
     84caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

    r4405 r4406  
    11#!/usr/bin/env python 
    2 """Test harness for NDG Session Manager client - makes requests for  
    3 authentication and authorisation.  An Attribute Authority and Simple CA 
    4 services must be running for the reqAuthorisation and addUser tests 
     2"""Test harness for NDG Session Manager SOAP client interface - makes requests  
     3for authentication and attribute retrieval.  Test Session Manager and Attribute 
     4Authority services must be running for *AttCert* tests.  See README in this  
     5directory 
    56 
    67NERC Data Grid Project 
     
    1314License, version 1.0 or later.""" 
    1415__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    15 __revision__ = '$Id:SessionMgrClientTest.py 4403 2008-10-31 13:41:54Z pjkersha $' 
     16__revision__ = '$Id$' 
    1617 
    1718import unittest 
    18 import os, sys, getpass, re 
    19 from ConfigParser import SafeConfigParser 
     19import os 
     20import sys 
     21import getpass 
     22import re 
     23 
     24from os.path import expandvars as xpdVars 
     25from os.path import join as jnPath 
     26mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 
    2027 
    2128from ndg.security.common.sessionmanager import SessionManagerClient, \ 
     
    2431from ndg.security.common.X509 import X509CertParse, X509CertRead 
    2532from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 
    26  
    27 from os.path import expandvars as xpdVars 
    28 from os.path import join as jnPath 
    29 mkPath = lambda file: jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], file) 
     33from ndg.security.common.utils.ConfigFileParsers import \ 
     34    CaseSensitiveConfigParser 
    3035 
    3136 
    3237class SessionManagerClientTestCase(unittest.TestCase): 
     38    '''Unit tests for ndg.security.common.sessionmanager.SessionManagerClient 
     39    - SOAP Session Manager client interface 
     40    ''' 
    3341    pemPat = "-----BEGIN CERTIFICATE-----[^\-]*-----END CERTIFICATE-----" 
    3442         
     
    4149        certChainFileTxt = open(certChainFilePath).read() 
    4250         
    43         pemPatRE = re.compile(self.__class__.pemPat, re.S) 
     51        pemPatRE = re.compile(SessionManagerClientTestCase.pemPat, re.S) 
    4452        x509CertList = pemPatRE.findall(certChainFileTxt) 
    4553         
     
    5462 
    5563 
     64#    def setUp(self): 
     65#         
     66#        if 'NDGSEC_INT_DEBUG' in os.environ: 
     67#            import pdb 
     68#            pdb.set_trace() 
     69#         
     70#        if 'NDGSEC_SMCLNT_UNITTEST_DIR' not in os.environ: 
     71#            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 
     72#                os.path.abspath(os.path.dirname(__file__)) 
     73#         
     74#        configParser = SafeConfigParser() 
     75#        configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
     76#                                "sessionMgrClientTest.cfg") 
     77#        configParser.read(configFilePath) 
     78#         
     79#        self.cfg = {} 
     80#        for section in configParser.sections(): 
     81#            self.cfg[section] = dict(configParser.items(section)) 
     82# 
     83#        try: 
     84#            if self.cfg['setUp'].get('clntprikeypwd') is None: 
     85#                clntPriKeyPwd = getpass.getpass(\ 
     86#                            prompt="\nsetUp - client private key password: ") 
     87#            else: 
     88#                clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 
     89#        except KeyboardInterrupt: 
     90#            sys.exit(0) 
     91# 
     92#        # List of CA certificates for use in validation of certs used in 
     93#        # signature for server reponse 
     94#        try: 
     95#            caCertFilePathList = [xpdVars(file) for file in \ 
     96#                            self.cfg['setUp']['cacertfilepathlist'].split()] 
     97#        except: 
     98#            caCertFilePathList = [] 
     99#           
     100#        try: 
     101#            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
     102#                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     103#        except KeyError: 
     104#            sslCACertList = [] 
     105#           
     106#        clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 
     107#        clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 
     108#         
     109#        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
     110# 
     111#        # Set format for certificate(s) to be included in client SOAP messages 
     112#        # to enable the Session Manager server to verify messages. 
     113#        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
     114#            signingCertChain = \ 
     115#                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     116#            signingCertFilePath = None 
     117#        else: 
     118#            signingCertChain = None 
     119#            signingCertFilePath = clntCertFilePath 
     120# 
     121#        # Inclusive namespace prefixes for Exclusive C14N 
     122#        try: 
     123#            refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()            
     124#        except KeyError: 
     125#            refC14nInclNS = [] 
     126# 
     127#        try: 
     128#            signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()           
     129#        except KeyError: 
     130#            signedInfoC14nInclNS = [] 
     131#                 
     132#        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
     133#             
     134#        # Initialise the Session Manager client connection 
     135#        # Omit traceFile keyword to leave out SOAP debug info 
     136#        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 
     137#                        sslCACertList=sslCACertList, 
     138#                        sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
     139#                        setSignatureHandler=setSignatureHandler, 
     140#                        reqBinSecTokValType=reqBinSecTokValType, 
     141#                        signingCertFilePath=clntCertFilePath, 
     142#                        signingCertChain=signingCertChain, 
     143#                        signingPriKeyFilePath=clntPriKeyFilePath, 
     144#                        signingPriKeyPwd=clntPriKeyPwd, 
     145#                        caCertFilePathList=caCertFilePathList, 
     146#                        refC14nInclNS=refC14nInclNS, 
     147#                        signedInfoC14nInclNS=signedInfoC14nInclNS, 
     148#                        tracefile=sys.stderr)  
     149         
    56150    def setUp(self): 
    57          
     151 
    58152        if 'NDGSEC_INT_DEBUG' in os.environ: 
    59153            import pdb 
     
    63157            os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'] = \ 
    64158                os.path.abspath(os.path.dirname(__file__)) 
    65          
    66         configParser = SafeConfigParser() 
    67         configFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
    68                                 "sessionMgrClientTest.cfg") 
    69         configParser.read(configFilePath) 
     159 
     160        self.cfgParser = CaseSensitiveConfigParser() 
     161        cfgFilePath = jnPath(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
     162                                'sessionMgrClientTest.cfg') 
     163        self.cfgParser.read(cfgFilePath) 
    70164         
    71165        self.cfg = {} 
    72         for section in configParser.sections(): 
    73             self.cfg[section] = dict(configParser.items(section)) 
    74  
    75         try: 
    76             if self.cfg['setUp'].get('clntprikeypwd') is None: 
    77                 clntPriKeyPwd = getpass.getpass(\ 
    78                             prompt="\nsetUp - client private key password: ") 
    79             else: 
    80                 clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') 
    81         except KeyboardInterrupt: 
    82             sys.exit(0) 
    83  
    84         # List of CA certificates for use in validation of certs used in 
    85         # signature for server reponse 
    86         try: 
    87             caCertFilePathList = [xpdVars(file) for file in \ 
    88                             self.cfg['setUp']['cacertfilepathlist'].split()] 
    89         except: 
    90             caCertFilePathList = [] 
    91            
     166        for section in self.cfgParser.sections(): 
     167            self.cfg[section] = dict(self.cfgParser.items(section)) 
     168 
    92169        try: 
    93170            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
    94                          self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     171                         self.cfg['setUp']['sslCACertFilePathList'].split()] 
    95172        except KeyError: 
    96173            sslCACertList = [] 
    97            
    98         clntCertFilePath = xpdVars(self.cfg['setUp']['clntcertfilepath']) 
    99         clntPriKeyFilePath = xpdVars(self.cfg['setUp']['clntprikeyfilepath']) 
    100          
    101         reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    102  
    103         # Set format for certificate(s) to be included in client SOAP messages 
    104         # to enable the Session Manager server to verify messages. 
    105         if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    106             signingCertChain = \ 
    107                         self._getCertChainFromProxyCertFile(clntCertFilePath) 
    108             signingCertFilePath = None 
    109         else: 
    110             signingCertChain = None 
    111             signingCertFilePath = clntCertFilePath 
    112  
    113         # Inclusive namespace prefixes for Exclusive C14N 
    114         try: 
    115             refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()            
    116         except KeyError: 
    117             refC14nInclNS = [] 
    118  
    119         try: 
    120             signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()           
    121         except KeyError: 
    122             signedInfoC14nInclNS = [] 
    123                  
    124         setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
    125              
    126         # Initialise the Session Manager client connection 
    127         # Omit traceFile keyword to leave out SOAP debug info 
    128         self.clnt = SessionManagerClient(uri=self.cfg['setUp']['smuri'], 
     174             
     175        # Instantiate WS proxy 
     176        self.clnt = SessionManagerClient(uri=self.cfg['setUp']['uri'], 
     177                        sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'), 
    129178                        sslCACertList=sslCACertList, 
    130                         sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
    131                         setSignatureHandler=setSignatureHandler, 
    132                         reqBinSecTokValType=reqBinSecTokValType, 
    133                         signingCertFilePath=clntCertFilePath, 
    134                         signingCertChain=signingCertChain, 
    135                         signingPriKeyFilePath=clntPriKeyFilePath, 
    136                         signingPriKeyPwd=clntPriKeyPwd, 
    137                         caCertFilePathList=caCertFilePathList, 
    138                         refC14nInclNS=refC14nInclNS, 
    139                         signedInfoC14nInclNS=signedInfoC14nInclNS, 
    140                         tracefile=sys.stderr)  
    141          
     179                        cfgFileSection='wsse', 
     180                        cfg=self.cfgParser)   
     181                
    142182        self.sessID = None 
    143         self.userCert = None 
     183        self.userX509Cert = None 
    144184        self.userPriKey = None 
    145185        self.issuingCert = None 
     
    152192        username = self.cfg['test1Connect']['username'] 
    153193         
    154         if self.__class__.test2Passphrase is None: 
    155             self.__class__.test2Passphrase = \ 
     194        if SessionManagerClientTestCase.test2Passphrase is None: 
     195            SessionManagerClientTestCase.test2Passphrase = \ 
    156196                                    self.cfg['test1Connect'].get('passphrase') 
    157197         
    158         if not self.__class__.test2Passphrase: 
    159             self.__class__.test2Passphrase = getpass.getpass(\ 
     198        if not SessionManagerClientTestCase.test2Passphrase: 
     199            SessionManagerClientTestCase.test2Passphrase = getpass.getpass(\ 
    160200                prompt="\ntest1Connect pass-phrase for user %s: " % username) 
    161201 
    162         self.userCert, self.userPriKey, self.issuingCert, self.sessID = \ 
     202        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
    163203            self.clnt.connect(self.cfg['test1Connect']['username'],  
    164                               passphrase=self.__class__.test2Passphrase) 
    165  
    166         print "User '%s' connected to Session Manager:\n%s" % \ 
    167                                                         (username, self.sessID) 
    168              
    169         creds='\n'.join((self.issuingCert or '', 
    170                          self.userCert, 
    171                          self.userPriKey)) 
    172         open(mkPath("user.creds"), "w").write(creds) 
     204                    passphrase=SessionManagerClientTestCase.test2Passphrase) 
     205 
     206        print("User '%s' connected to Session Manager:\n%s" %  
     207                                                    (username, self.sessID)) 
    173208             
    174209             
     
    181216                "Session is dead" 
    182217                 
    183         print "User connected to Session Manager with sessID=%s" % self.sessID 
     218        print("User connected to Session Manager with sessID=%s" % self.sessID) 
    184219 
    185220        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
     
    190225 
    191226    def test3ConnectNoCreateServerSess(self): 
    192         """test3ConnectNoCreateServerSess: Connect as a non browser client -  
    193         sessID should be None""" 
     227        """test3ConnectNoCreateServerSess: Connect without creating a session -  
     228        sessID should be None.  This only indicates that the username/password 
     229        are correct.  To be of practical use the AuthNService plugin at 
     230        the Session Manager needs to return X.509 credentials e.g. 
     231        with MyProxy plugin.""" 
    194232 
    195233        username = self.cfg['test3ConnectNoCreateServerSess']['username'] 
    196234         
    197         if self.__class__.test3Passphrase is None: 
    198             self.__class__.test3Passphrase = \ 
     235        if SessionManagerClientTestCase.test3Passphrase is None: 
     236            SessionManagerClientTestCase.test3Passphrase = \ 
    199237                self.cfg['test3ConnectNoCreateServerSess'].get('passphrase') 
    200238                 
    201         if not self.__class__.test3Passphrase: 
     239        if not SessionManagerClientTestCase.test3Passphrase: 
    202240            prompt="\ntest3ConnectNoCreateServerSess pass-phrase for user %s: " 
    203             self.__class__.test3Passphrase = getpass.getpass(\ 
     241            SessionManagerClientTestCase.test3Passphrase = getpass.getpass(\ 
    204242                                                    prompt=prompt % username) 
    205243             
    206         self.userCert, self.userPriKey, self.issuingCert, sessID = \ 
     244        userX509Cert, userPriKey,issuingCert, sessID = \ 
    207245            self.clnt.connect(username,  
    208                               passphrase=self.__class__.test3Passphrase, 
    209                               createServerSess=False) 
     246                      passphrase=SessionManagerClientTestCase.test3Passphrase, 
     247                      createServerSess=False) 
    210248         
    211249        # Expect null session ID 
    212250        assert(not sessID) 
    213251           
    214         print "User '%s' retrieved creds. from Session Manager:\n%s" % \ 
    215                                                     (username, self.userCert) 
     252        print("Successfully authenticated") 
    216253             
    217254 
    218255    def test4DisconnectWithSessID(self): 
    219         """test4DisconnectWithSessID: disconnect as if acting as a browser client  
     256        """test4DisconnectWithSessID: disconnect as if acting as a browser  
     257        client  
    220258        """ 
    221259         
     
    228266             
    229267 
    230     def test5DisconnectWithUserCert(self): 
    231         """test5DisconnectWithUserCert: Disconnect as a command line client  
     268    def test5DisconnectWithUserX509Cert(self): 
     269        """test5DisconnectWithUserX509Cert: Disconnect as a command line client  
    232270        """ 
    233271         
    234         print "\n\t" + self.test5DisconnectWithUserCert.__doc__ 
     272        print "\n\t" + self.test5DisconnectWithUserX509Cert.__doc__ 
    235273        self.test1Connect() 
    236274         
     
    241279            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    242280            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    243                                                            self.userCert) 
     281                                                           self.userX509Cert) 
    244282            self.clnt.signatureHandler.signingCert = None 
    245283        else: 
    246284            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     285            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     286                SessionManagerClientTestCase.test2Passphrase 
    247287            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    248288            self.clnt.signatureHandler.signingCertChain = () 
    249             self.clnt.signatureHandler.signingCert = self.userCert 
     289            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    250290             
    251291        # Proxy cert in signature determines ID of session to 
    252292        # delete 
    253293        self.clnt.disconnect() 
    254         print "User disconnected from Session Manager:\n%s" % self.userCert 
     294        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
    255295 
    256296 
     
    264304        attCert = self.clnt.getAttCert(\ 
    265305            sessID=self.sessID,  
    266             attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aauri']) 
     306            attAuthorityURI=self.cfg['test6GetAttCertWithSessID']['aaURI']) 
    267307         
    268308        print "Attribute Certificate:\n%s" % attCert  
     
    272312 
    273313 
    274     def test6aGetAttCertRefusedWithSessID(self): 
    275         """test6aGetAttCertRefusedWithSessID: make an attribute request using 
     314    def test7GetAttCertRefusedWithSessID(self): 
     315        """test7GetAttCertRefusedWithSessID: make an attribute request using 
    276316        a sessID as authentication credential requesting an AC from an 
    277317        Attribute Authority where the user is NOT registered""" 
    278318 
    279         print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__         
    280         self.test1Connect() 
    281          
    282         aaURI = self.cfg['test6aGetAttCertRefusedWithSessID']['aauri'] 
     319        print "\n\t" + self.test7GetAttCertRefusedWithSessID.__doc__         
     320        self.test1Connect() 
     321         
     322        aaURI = self.cfg['test7GetAttCertRefusedWithSessID']['aaURI'] 
    283323         
    284324        try: 
     
    293333 
    294334 
    295     def test6bGetMappedAttCertWithSessID(self): 
    296         """test6bGetMappedAttCertWithSessID: make an attribute request using 
     335    def test8GetMappedAttCertWithSessID(self): 
     336        """test8GetMappedAttCertWithSessID: make an attribute request using 
    297337        a session ID as authentication credential""" 
    298338 
    299         print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__         
    300         self.test1Connect() 
    301          
    302         aaURI = self.cfg['test6bGetMappedAttCertWithSessID']['aauri'] 
     339        print "\n\t" + self.test8GetMappedAttCertWithSessID.__doc__         
     340        self.test1Connect() 
     341         
     342        aaURI = self.cfg['test8GetMappedAttCertWithSessID']['aaURI'] 
    303343         
    304344        attCert=self.clnt.getAttCert(sessID=self.sessID,attAuthorityURI=aaURI) 
     
    307347 
    308348 
    309     def test6cGetAttCertWithExtAttCertListWithSessID(self): 
    310         """test6cGetAttCertWithSessID: make an attribute request using 
    311         a session ID as authentication credential""" 
     349    def test9GetAttCertWithExtAttCertListWithSessID(self): 
     350        """test9GetAttCertWithExtAttCertListWithSessID: make an attribute  
     351        request usinga session ID as authentication credential""" 
    312352         
    313353        print "\n\t" + \ 
    314             self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__         
     354            self.test9GetAttCertWithExtAttCertListWithSessID.__doc__         
    315355        self.test1Connect() 
    316356         
    317357        aaURI = \ 
    318             self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['aauri'] 
     358            self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['aaURI'] 
    319359         
    320360        # Use output from test6GetAttCertWithSessID! 
    321361        extACFilePath = xpdVars(\ 
    322     self.cfg['test6cGetAttCertWithExtAttCertListWithSessID']['extacfilepath']) 
     362    self.cfg['test9GetAttCertWithExtAttCertListWithSessID']['extACFilePath']) 
    323363        extAttCert = open(extACFilePath).read() 
    324364         
     
    327367                                       extAttCertList=[extAttCert]) 
    328368           
    329         print "Attribute Certificate:\n%s" % attCert   
    330  
    331  
    332     def test7GetAttCertWithUserCert(self): 
    333         """test7GetAttCertWithUserCert: make an attribute request using 
     369        print("Attribute Certificate:\n%s" % attCert)   
     370 
     371 
     372    def test10GetAttCertWithUserX509Cert(self): 
     373        """test10GetAttCertWithUserX509Cert: make an attribute request using 
    334374        a user cert as authentication credential""" 
    335         print "\n\t" + self.test7GetAttCertWithUserCert.__doc__ 
     375        print "\n\t" + self.test10GetAttCertWithUserX509Cert.__doc__ 
    336376        self.test1Connect() 
    337377 
     
    340380            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    341381            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    342                                                            self.userCert) 
     382                                                           self.userX509Cert) 
    343383            self.clnt.signatureHandler.signingCert = None 
    344384        else: 
     
    346386            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    347387            self.clnt.signatureHandler.signingCertChain = () 
    348             self.clnt.signatureHandler.signingCert = self.userCert 
     388            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    349389         
    350390        # Request an attribute certificate from an Attribute Authority  
    351391        # using the userCert returned from connect() 
    352392         
    353         aaURI = self.cfg['test7GetAttCertWithUserCert']['aauri'] 
     393        aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI'] 
    354394        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    355395           
    356         print "Attribute Certificate:\n%s" % attCert   
    357  
    358  
    359     def test8GetX509Cert(self): 
    360         "test8GetX509Cert: return the Session Manager's X.509 Cert." 
     396        print("Attribute Certificate:\n%s" % attCert)   
     397 
     398 
     399    def test11GetX509Cert(self): 
     400        "test11GetX509Cert: return the Session Manager's X.509 Cert." 
    361401        cert = self.clnt.getX509Cert() 
    362402                                              
    363         print "Session Manager X.509 Certificate:\n" + cert 
    364              
    365              
    366 #_____________________________________________________________________________        
     403        print("Session Manager X.509 Certificate:\n" + cert) 
     404             
     405             
    367406class SessionManagerClientTestSuite(unittest.TestSuite): 
    368407     
     
    374413                    "test3ConnectNoCreateServerSess", 
    375414                    "test4DisconnectWithSessID", 
    376                     "test5DisconnectWithUserCert", 
     415                    "test5DisconnectWithUserX509Cert", 
    377416                    "test6GetAttCertWithSessID", 
    378                     "test6bGetMappedAttCertWithSessID", 
    379                     "test6cGetAttCertWithExtAttCertListWithSessID", 
    380                     "test7GetAttCertWithUserCert", 
    381                     "test8GetX509Cert", 
     417                    "test8GetMappedAttCertWithSessID", 
     418                    "test9GetAttCertWithExtAttCertListWithSessID", 
     419                    "test10GetAttCertWithUserX509Cert", 
     420                    "test11GetX509Cert", 
    382421                  )) 
    383422        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini

    r4405 r4406  
    9898# Authentication service properties  
    9999sessionManager.authNService.moduleFilePath:  
    100 sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn 
    101 sessionManager.authNService.className: BasicAuthN 
    102  
    103 # Specific settings for BasicAuthN Session Manager authentication plugin 
    104 # This sets up two test accounts.  Passwords are MD5 encrypted 
    105 sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
     100sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn 
     101sessionManager.authNService.className: UserCertAuthN 
     102 
     103# Specific settings for UserCertAuthN Session Manager authentication plugin 
     104# This sets up PKI credentials for a single test account 
     105sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt 
     106sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key 
     107sessionManager.authNService.userPriKeyPwd: testpassword 
    106108 
    107109# Settings for the Credential Repository - NullCredRepos is  
Note: See TracChangeset for help on using the changeset viewer.