Changeset 4446


Ignore:
Timestamp:
19/11/08 12:33:21 (11 years ago)
Author:
pjkersha
Message:

Updated CredentialWallet? unit tests to include a call to a locally instantiated Attribute Authority

Location:
TI12-security/trunk/python
Files:
9 added
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py

    r4437 r4446  
    725725    def _setAttributeAuthorityURI(self, attributeAuthorityURI): 
    726726        """Set property method for Attribute Authority Web Service URI to 
    727         connect to.  This method ALSO SETS UP THE CLIENT INTERFACE 
     727        connect to.  This method ALSO RESETS attributeAuthority - a local 
     728        Attribute Authority instance - to None 
    728729         
    729730        @type attributeAuthorityURI: basestring/None 
     
    735736         
    736737        self._attributeAuthorityURI = attributeAuthorityURI 
     738         
     739        # Re-initialize local instance 
     740        self._attributeAuthority = \ 
     741                    CredentialWallet.propertyDefaults['attributeAuthority'] 
    737742             
    738743    attributeAuthorityURI = property(fget=_getAttributeAuthorityURI, 
     
    753758    def _setAttributeAuthority(self, attributeAuthority): 
    754759        """Set property method for Attribute Authority Web Service instance to 
    755         connect to. 
     760        connect to.  This method ALSO RESETS attributeAuthorityURI - the  
     761        address of a remote Attribute Authority - to None 
    756762         
    757763        @type attributeAuthority: ndg.security.server.attributeauthority.AttributeAuthority 
     
    763769             
    764770        self._attributeAuthority = attributeAuthority 
     771         
     772        # Re-initialize setting for remote service 
     773        self._attributeAuthorityURI = \ 
     774                    CredentialWallet.propertyDefaults['attributeAuthorityURI'] 
    765775             
    766776    attributeAuthority = property(fget=_getAttributeAuthority, 
     
    10101020        Attribute Authority. 
    10111021         
    1012         @type attributeAuthority: string 
     1022        @type attributeAuthority: ndg.security.server.attributeauthority.AttributeAuthority 
    10131023        @param attributeAuthority: Alternative to attributeAuthorityURI - to  
    1014         run on the local machine, specify the local Attribute Authority  
     1024        run on the local machine, specify a local Attribute Authority  
    10151025        instance. 
    10161026 
     
    10311041            userId = self.userId 
    10321042             
     1043        if attributeAuthority is not None and \ 
     1044           attributeAuthorityURI is not None: 
     1045            raise KeyError("Both attributeAuthorityURI and attributeAuthority " 
     1046                           "keywords have been set") 
     1047         
    10331048        if attributeAuthority is None: 
    10341049            attributeAuthority = self.attributeAuthority 
     
    10381053             
    10391054        # Set a client alias according to whether the Attribute Authority is 
    1040         # being called locally or asa remote service 
     1055        # being called locally or as a remote service 
    10411056        if attributeAuthorityURI is not None: 
    10421057            # Call Remote Service at given URI 
    1043             attributeAuthorityClnt = self._createAttributeAuthorityClnt( 
    1044                                                     attributeAuthorityURI)                             
     1058            aaInterface = self._createAttributeAuthorityClnt( 
     1059                                                        attributeAuthorityURI)                             
     1060            log.debug('CredentialWallet._getAttCert for remote Attribute ' 
     1061                      'Authority service: "%s" ...' % attributeAuthorityURI) 
     1062                 
    10451063        elif attributeAuthority is not None: 
    10461064            # Call local based Attribute Authority with settings from the  
    10471065            # configuration file attributeAuthority 
    1048             attributeAuthorityClnt = attributeAuthority 
     1066            aaInterface = attributeAuthority 
     1067            log.debug('CredentialWallet._getAttCert for local Attribute ' 
     1068                      'Authority: "%r" ...' % attributeAuthority) 
    10491069        else: 
    10501070            raise CredentialWalletError("Error requesting attribute: " 
     
    10561076            # Request a new attribute certificate from the Attribute 
    10571077            # Authority 
    1058             log.debug('CredentialWallet._getAttCert for service: "%s" ...' %  
    1059                       attributeAuthorityURI or attributeAuthority) 
    1060                  
    1061             attCert = attributeAuthorityClnt.getAttCert(userId=userId, 
    1062                                                         userAttCert=extAttCert) 
     1078            attCert = aaInterface.getAttCert(userId=userId, 
     1079                                             userAttCert=extAttCert) 
    10631080             
    10641081            log.info('Granted Attribute Certificate from issuer DN = "%s"'% 
     
    10671084        except (AttributeAuthorityAccessDenied, AttributeRequestDenied), e: 
    10681085            # AttributeAuthorityAccessDenied is raised if  
    1069             # attributeAuthorityClnt is a local AA instance and  
     1086            # aaInterface is a local AA instance and  
    10701087            # AttributeRequestDenied is raised for a client to a remote AA 
    10711088            # service 
     
    10731090                     
    10741091        except Exception, e: 
    1075             raise CredentialWalletError("Requesting attribute " 
    1076                                         "certificate: %s" % e) 
     1092            raise CredentialWalletError("Requesting attribute certificate: %s"% 
     1093                                        e) 
    10771094 
    10781095        # Update attribute Certificate instance with CA's certificate ready  
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/dom.py

    r4404 r4446  
    316316        signedInfoC14nAlg = c14nAlgOpt[int(self.signedInfoC14nIsExcl)] 
    317317 
    318         log.info("Forcing use of exclusive namespaces - inclusive namespaces " 
    319                  "do not seem to work for ZSI.Canonicalize") 
     318        log.warning("Forcing use of Exclusive C14N - Inclusive C14N not " 
     319                    "working") 
    320320         
    321321        # TODO: remove this line if ZSI.Canonicalize ever starts working with 
     
    372372        refC14nAlg = c14nAlgOpt[self.refC14nIsExcl] 
    373373 
    374         log.info("Forcing use of exclusive C14N - inclusive C14N " 
    375                  "does not seem to work for ZSI.Canonicalize") 
     374        log.warning("Forcing use of Exclusive C14N - Inclusive C14N not " 
     375                    "working") 
    376376         
    377377        # TODO: remove this line if ZSI.Canonicalize ever starts working with 
     
    477477        nsList = [] 
    478478        newDict = dictToConvert.copy() 
    479         log.debug("Adjusting key name from 'inclusive_namespaces' to " 
    480                   "'unsupressedPrefixes'") 
    481479        if isinstance(newDict, dict) and \ 
    482480            isinstance(newDict.get('inclusive_namespaces'), list): 
     
    485483 
    486484        newDict['unsuppressedPrefixes'] = nsList 
    487         log.debug("Key names adjusted") 
    488485        return newDict 
    489486 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/attributeauthority.py

    r4405 r4446  
    4444from ndg.security.common.utils.ClassFactory import instantiateClass 
    4545 
    46 #_____________________________________________________________________________ 
    4746class AttributeAuthorityError(Exception): 
    4847    """Exception handling for NDG Attribute Authority class.""" 
     
    5150        Exception.__init__(self, msg) 
    5251 
    53 #_____________________________________________________________________________ 
    5452class AttributeAuthorityConfigError(Exception): 
    5553    """NDG Attribute Authority error with configuration. e.g. properties file 
     
    5957        Exception.__init__(self, msg) 
    6058         
    61  
    62 #_____________________________________________________________________________ 
    6359class AttributeAuthorityAccessDenied(AttributeAuthorityError): 
    6460    """NDG Attribute Authority - access denied exception. 
     
    7773 
    7874 
    79 #_____________________________________________________________________________ 
    8075class AttributeAuthority(dict): 
    8176    """NDG Attribute Authority - service for allocation of user authorization 
     
    280275    # Methods for Attribute Authority dictionary like behaviour         
    281276    def __repr__(self): 
    282         """Return file properties dictionary as representation""" 
     277        """Return file properties dictionary as string""" 
    283278        return repr(self.__prop) 
    284279     
     
    438433    def getAttCert(self, 
    439434                   userId=None, 
    440                    holderCert=None, 
    441                    holderCertFilePath=None, 
     435                   holderX509Cert=None, 
     436                   holderX509CertFilePath=None, 
    442437                   userAttCert=None, 
    443438                   userAttCertFilePath=None): 
     
    445440        """Request a new Attribute Certificate for use in authorisation 
    446441 
    447         getAttCert([userId=uid][holderCert=px|holderCertFilePath=pxFile, ] 
     442        getAttCert([userId=uid][holderX509Cert=x509Cert| 
     443                    holderX509CertFilePath=x509CertFile, ] 
    448444                   [userAttCert=cert|userAttCertFilePath=certFile]) 
    449445          
     
    459455        specified in the Attribute Certificate that is issued. 
    460456                   
    461         @type holderCert: string / ndg.security.common.X509.X509Cert type 
    462         @param holderCert: base64 encoded string containing proxy cert./ 
     457        @type holderX509Cert: string / ndg.security.common.X509.X509Cert type 
     458        @param holderX509Cert: base64 encoded string containing proxy cert./ 
    463459        X.509 cert object corresponding to the ID who will be the HOLDER of 
    464460        the Attribute Certificate that will be issued.  - Normally, using 
     
    467463        case for NDG security with the DEWS project 
    468464         
    469         @param holderCertFilePath: string 
    470         @param holderCertFilePath: file path to proxy/X.509 certificate of  
     465        @param holderX509CertFilePath: string 
     466        @param holderX509CertFilePath: file path to proxy/X.509 certificate of  
    471467        candidate holder 
    472468       
     
    485481        log.debug("Calling getAttCert ...") 
    486482         
    487         # Read X.509 certificate 
    488         try:             
    489             if holderCertFilePath is not None: 
     483        # Read candidate Attribute Certificate holder's X.509 certificate 
     484        try: 
     485            if holderX509CertFilePath is not None: 
    490486                                     
    491487                # Certificate input as a file  
    492                 holderCert = X509Cert() 
    493                 holderCert.read(holderCertFilePath) 
    494                  
    495             elif isinstance(holderCert, basestring): 
     488                holderX509Cert = X509Cert() 
     489                holderX509Cert.read(holderX509CertFilePath) 
     490                 
     491            elif isinstance(holderX509Cert, basestring): 
    496492 
    497493                # Certificate input as string text 
    498                 holderCert = X509CertParse(holderCert) 
    499                  
    500             elif not isinstance(holderCert, X509Cert): 
    501                 raise AttributeAuthorityError("No input file path or cert text/" 
    502                                         "object set") 
    503              
     494                holderX509Cert = X509CertParse(holderX509Cert) 
     495                 
     496            elif not isinstance(holderX509Cert, (X509Cert, None.__class__)): 
     497                raise AttributeAuthorityError("Holder X.509 Certificate must " 
     498                                              "be set to valid type: a file " 
     499                                              "path, string, X509 object or " 
     500                                              "None")             
    504501        except Exception, e: 
    505             raise AttributeAuthorityError("User X.509 certificate: %s" % e) 
     502            log.error("Holder X.509 certificate: %s" % e) 
     503            raise 
    506504 
    507505 
    508506        # Check certificate hasn't expired 
    509         log.debug("Checking client request X.509 certificate ...") 
    510         try: 
    511             holderCert.isValidTime(raiseExcep=True) 
    512              
    513         except Exception, e: 
    514             raise AttributeAuthorityError("User X.509 certificate is invalid: " + \ 
    515                                     str(e)) 
    516  
    517              
    518         # Get Distinguished name from certificate as an X500DN type 
     507        if holderX509Cert: 
     508            log.debug("Checking candidate holder X.509 certificate ...") 
     509            try: 
     510                holderX509Cert.isValidTime(raiseExcep=True) 
     511                 
     512            except Exception, e: 
     513                log.error("User X.509 certificate is invalid: " + str(e)) 
     514                raise 
     515 
     516             
     517        # If no user ID is input, set id from holder X.509 certificate DN 
     518        # instead 
    519519        if not userId: 
     520            if not holderX509Cert: 
     521                raise AttributeAuthorityError("If no user ID is set a holder " 
     522                                              "X.509 certificate must be " 
     523                                              "present") 
    520524            try: 
    521                 userId = holderCert.dn.serialise(\ 
     525                userId = holderX509Cert.dn.serialise(\ 
    522526                                         separator=self.__prop['dnSeparator'])  
    523527            except Exception, e: 
    524                 raise AttributeAuthorityError("Setting user Id from holder " 
    525                                         "certificate DN: %s" % e) 
     528                log.error("Setting user Id from holder certificate DN: %s" % e) 
     529                raise 
    526530        
    527531        # Make a new Attribute Certificate instance passing in certificate 
     
    537541         
    538542         
    539         # Set holder's (user's) Distinguished Name 
    540         try: 
    541             attCert['holder'] = \ 
    542                 holderCert.dn.serialise(separator=self.__prop['dnSeparator'])             
    543         except Exception, e: 
    544             raise AttributeAuthorityError("Holder DN: %s" % e) 
    545  
    546          
     543        # Set holder's Distinguished Name if a holder X.509 certificate was  
     544        # input  
     545        if holderX509Cert: 
     546            try: 
     547                attCert['holder'] = holderX509Cert.dn.serialise( 
     548                                        separator=self.__prop['dnSeparator'])             
     549            except Exception, e: 
     550                 log.error("Holder X.509 Certificate DN: %s" % e) 
     551                 raise 
     552             
    547553        # Set Issuer details from Attribute Authority 
    548554        issuerDN = self.__cert.dn 
     
    551557                    issuerDN.serialise(separator=self.__prop['dnSeparator'])             
    552558        except Exception, e: 
    553             raise AttributeAuthorityError("Issuer DN: %s" % e) 
    554          
     559            log.error("Issuer X.509 Certificate DN: %s" % e) 
     560            raise  
     561            
    555562        attCert['issuerName'] = self.__prop['name'] 
    556563        attCert['issuerSerialNumber'] = self.__issuerSerialNumber 
     
    560567        # Set validity time 
    561568        try: 
    562             attCert.setValidityTime(\ 
     569            attCert.setValidityTime( 
    563570                        lifetime=self.__prop['attCertLifetime'], 
    564571                        notBeforeOffset=self.__prop['attCertNotBeforeOff']) 
    565572 
    566             # Check against the certificate's expiry 
    567             dtHolderCertNotAfter = holderCert.notAfter 
    568              
    569             if attCert.getValidityNotAfter(asDatetime=True) > \ 
    570                dtHolderCertNotAfter: 
    571  
    572                 # Adjust the attribute certificate's expiry date time 
    573                 # so that it agrees with that of the certificate 
    574                 # ... but also make ensure that the not before skew is still 
    575                 # applied 
    576                 attCert.setValidityTime(dtNotAfter=dtHolderCertNotAfter, 
    577                         notBeforeOffset=self.__prop['attCertNotBeforeOff']) 
     573            # Check against the holder X.509 certificate's expiry if set 
     574            if holderX509Cert: 
     575                dtHolderCertNotAfter = holderX509Cert.notAfter 
     576                 
     577                if attCert.getValidityNotAfter(asDatetime=True) > \ 
     578                   dtHolderCertNotAfter: 
     579     
     580                    # Adjust the attribute certificate's expiry date time 
     581                    # so that it agrees with that of the certificate 
     582                    # ... but also make ensure that the not before skew is  
     583                    # still applied 
     584                    attCert.setValidityTime(dtNotAfter=dtHolderCertNotAfter, 
     585                            notBeforeOffset=self.__prop['attCertNotBeforeOff']) 
    578586             
    579587        except Exception, e: 
    580             raise AttributeAuthorityError("Error setting validity time: %s" % e) 
    581          
     588            log.error("Error setting attribute certificate validity time: %s" % 
     589                      e) 
     590            raise  
    582591 
    583592        # Check name is registered with this Attribute Authority - if no 
    584593        # user roles are found, the user is not registered 
    585594        userRoles = self.getRoles(userId) 
    586         if userRoles:             
     595        if userRoles: 
    587596            # Set as an Original Certificate 
    588597            # 
     
    608617                except Exception, e: 
    609618                    raise AttributeAuthorityError("Reading external Attribute " 
    610                                             "Certificate: %s" % e)                            
     619                                                  "Certificate: %s" % e)                            
    611620            elif userAttCert: 
    612621                # Allow input as a string but convert to  
     
    618627                        "Expecting userAttCert as a string or AttCert type")         
    619628            else: 
    620                 raise AttributeAuthorityAccessDenied("User \"%s\" is not registered " 
    621                                                "and no external attribute " 
    622                                                "certificate is available to " 
    623                                                "make a mapping." % userId) 
     629                raise AttributeAuthorityAccessDenied('User "%s" is not ' 
     630                    'registered and no external attribute certificate is ' 
     631                    'available to make a mapping.' % userId) 
    624632 
    625633 
     
    627635            # be used to make further mappings 
    628636            if userAttCert.isMapped(): 
    629                 raise AttributeAuthorityError("External Attribute Certificate must " 
    630                                         "have an original provenance in order " 
    631                                         "to make further mappings.") 
     637                raise AttributeAuthorityError("External Attribute Certificate " 
     638                                              "must have an original " 
     639                                              "provenance in order " 
     640                                              "to make further mappings.") 
    632641 
    633642 
     
    645654            # Check that's it's holder matches the candidate holder  
    646655            # certificate DN 
    647             if userAttCert.holderDN != holderCert.dn: 
     656            if holderX509Cert and userAttCert.holderDN != holderX509Cert.dn: 
    648657                raise AttributeAuthorityError("User certificate and Attribute " 
    649658                                        'Certificate DNs don\'t match: "%s"' 
    650                                         ' and "%s"' % (holderCert.dn,  
     659                                        ' and "%s"' % (holderX509Cert.dn,  
    651660                                                       userAttCert.holderDN)) 
    652661             
     
    657666 
    658667            # Map external roles to local ones 
    659             localRoles = self.mapRemoteRoles2LocalRoles(\ 
     668            localRoles = self.mapRemoteRoles2LocalRoles( 
    660669                                                    userAttCert['issuerName'], 
    661670                                                    trustedHostRoles) 
    662671            if not localRoles: 
    663                 raise AttributeAuthorityAccessDenied("No local roles mapped to the " 
    664                                                "%s roles: %s" % \ 
     672                raise AttributeAuthorityAccessDenied("No local roles mapped " 
     673                                               "to the %s roles: %s" %  
    665674                                               (userAttCert['issuerName'],  
    666675                                                ', '.join(trustedHostRoles))) 
     
    696705         
    697706        except Exception, e: 
    698             raise AttributeAuthorityError("New Attribute Certificate \"%s\": %s" % \ 
    699                                     (attCert.filePath, e)) 
     707            raise AttributeAuthorityError('New Attribute Certificate "%s": %s'% 
     708                                          (attCert.filePath, e)) 
    700709        
    701710         
    702     #_________________________________________________________________________      
    703711    def readMapConfig(self, mapConfigFilePath=None): 
    704712        """Parse Map Configuration file. 
     
    777785        # P J Kershaw 14/06/06 
    778786        if hostName != self.__prop['name']: 
    779             raise AttributeAuthorityError('"name" attribute of "thisHost" element in' 
    780                                     " Map Configuration file doesn't match " 
    781                                     '"name" element in properties file.') 
     787            raise AttributeAuthorityError('"name" attribute of "thisHost" ' 
     788                                          'element in Map Configuration file ' 
     789                                          'doesn\'t match "name" element in ' 
     790                                          'properties file.') 
    782791         
    783792        # Information for THIS Attribute Authority 
     
    797806                 
    798807            except Exception, e: 
    799                 raise AttributeAuthorityError('Error reading trusted host name: %s' % 
    800                                         e) 
     808                raise AttributeAuthorityError('Error reading trusted host ' 
     809                                              'name: %s' % e) 
    801810 
    802811             
     
    871880 
    872881        
    873     #_________________________________________________________________________      
    874882    def userIsRegistered(self, userId): 
    875883        """Check a particular user is registered with the Data Centre that the 
     
    887895        
    888896         
    889     #_________________________________________________________________________      
    890897    def getRoles(self, userId): 
    891898        """Get the roles available to the registered user identified userId. 
     
    907914        
    908915         
    909     #_________________________________________________________________________      
    910916    def __getHostInfo(self): 
    911917        """Return the host that this Attribute Authority represents: its ID, 
     
    923929        
    924930         
    925     #_________________________________________________________________________      
    926931    def getTrustedHostInfo(self, role=None): 
    927932        """Return a dictionary of the hosts that have trust relationships 
     
    10031008        
    10041009         
    1005     #_________________________________________________________________________      
    10061010    def mapRemoteRoles2LocalRoles(self, trustedHost, trustedHostRoles): 
    10071011        """Map roles of trusted hosts to roles for this data centre 
     
    10331037 
    10341038 
    1035 #_____________________________________________________________________________ 
    10361039from logging.handlers import RotatingFileHandler 
    10371040 
    1038 #_________________________________________________________________________ 
    10391041# Inherit directly from Logger 
    10401042_loggerClass = logging.getLoggerClass() 
     
    10461048        """Set up a rotating file handler to log ACs issued. 
    10471049        @type attCertFilePath: string 
    1048         @param attCertFilePath: set where to store ACs.  Set from AttributeAuthority 
    1049         properties file. 
     1050        @param attCertFilePath: set where to store ACs.  Set from  
     1051        AttributeAuthority properties file. 
    10501052         
    10511053        @type backUpCnt: int 
     
    10681070        self.addHandler(fileLog) 
    10691071                        
    1070 #_____________________________________________________________________________ 
    10711072class AAUserRolesError(Exception): 
    10721073    """Exception handling for NDG Attribute Authority User Roles interface 
     
    10741075 
    10751076 
    1076 #_____________________________________________________________________________ 
    10771077class AAUserRoles: 
    10781078    """An abstract base class to define the user roles interface to an 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/ca/__init__.py

    r4404 r4446  
    1 """NDG Security Session Manager unit test package - ca directory 
    2 for storing CA cert.s used in SSL connections 
     1"""NDG Credential Wallet unit test package - ca directory 
     2for storing CA cert.s used in Attribute Certificate validation 
    33 
    44NERC Data Grid Project 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWalletTest.cfg

    r4318 r4446  
    1919userX509CertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/test.crt 
    2020userPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/test.key 
     21 
     22[test07GetAttCertFromLocalAAInstance] 
     23attributeAuthorityPropFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.cfg 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/test_credentialwallet.py

    r4404 r4446  
    2222from ndg.security.common.credentialwallet import CredentialWallet, \ 
    2323                                        CredentialWalletAttributeRequestDenied 
     24from ndg.security.server.attributeauthority import AttributeAuthority 
    2425 
    2526from os.path import expandvars as xpdVars 
     
    5253         
    5354 
    54     def test1ReadOnlyClassVariables(self): 
    55          
    56         try: 
    57             CredentialWallet.accessDenied = 'yes' 
    58             self.fail("accessDenied class variable should be read-only") 
    59         except Exception, e: 
    60             print("PASS - accessDenied class variable is read-only") 
    61  
    62         try: 
    63             CredentialWallet.accessGranted = False 
    64             self.fail("accessGranted class variable should be read-only") 
    65         except Exception, e: 
    66             print("PASS - accessGranted class variable is read-only") 
    67              
    68         assert(not CredentialWallet.accessDenied) 
    69         assert(CredentialWallet.accessGranted) 
    70          
    71          
    72     def test2SetAttributes(self): 
    73          
    74         credWallet = CredentialWallet() 
    75         credWallet.userX509Cert = \ 
    76 '''-----BEGIN CERTIFICATE----- 
    77 MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    78 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
    79 N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
    80 MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
    81 rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
    82 ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
    83 JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
    84 oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
    85 B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
    86 B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
    87 KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
    88 aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
    89 9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
    90 -----END CERTIFICATE----- 
    91 ''' 
    92         print("userCert=%s" % credWallet.userX509Cert) 
    93         credWallet.userId = 'ndg-user' 
    94         print("userId=%s" % credWallet.userId) 
    95          
    96         try: 
    97             credWallet.blah = 'blah blah' 
    98             self.fail("Attempting to set attribute not in __slots__ class " 
    99                       "variable should fail") 
    100         except AttributeError: 
    101             print("PASS - expected AttributeError when setting attribute " 
    102                   "not in __slots__ class variable") 
    103              
    104         credWallet.caCertFilePathList=None 
    105         credWallet.attributeAuthorityURI='http://localhost/AttributeAuthority' 
    106              
    107         credWallet.attributeAuthority = None 
    108         credWallet.credentialRepository = None 
    109         credWallet.mapFromTrustedHosts = False 
    110         credWallet.rtnExtAttCertList = True 
    111         credWallet.attCertRefreshElapse = 7200 
    112              
    113     def test3GetAttCertWithUserId(self): 
    114                      
     55#    def test01ReadOnlyClassVariables(self): 
     56#         
     57#        try: 
     58#            CredentialWallet.accessDenied = 'yes' 
     59#            self.fail("accessDenied class variable should be read-only") 
     60#        except Exception, e: 
     61#            print("PASS - accessDenied class variable is read-only") 
     62# 
     63#        try: 
     64#            CredentialWallet.accessGranted = False 
     65#            self.fail("accessGranted class variable should be read-only") 
     66#        except Exception, e: 
     67#            print("PASS - accessGranted class variable is read-only") 
     68#             
     69#        assert(not CredentialWallet.accessDenied) 
     70#        assert(CredentialWallet.accessGranted) 
     71#         
     72#         
     73#    def test02SetAttributes(self): 
     74#         
     75#        credWallet = CredentialWallet() 
     76#        credWallet.userX509Cert = \ 
     77#'''-----BEGIN CERTIFICATE----- 
     78#MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     79#MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
     80#N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
     81#MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
     82#rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
     83#ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
     84#JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
     85#oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
     86#B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
     87#B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
     88#KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
     89#aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
     90#9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
     91#-----END CERTIFICATE----- 
     92#''' 
     93#        print("userCert=%s" % credWallet.userX509Cert) 
     94#        credWallet.userId = 'ndg-user' 
     95#        print("userId=%s" % credWallet.userId) 
     96#         
     97#        try: 
     98#            credWallet.blah = 'blah blah' 
     99#            self.fail("Attempting to set attribute not in __slots__ class " 
     100#                      "variable should fail") 
     101#        except AttributeError: 
     102#            print("PASS - expected AttributeError when setting attribute " 
     103#                  "not in __slots__ class variable") 
     104#             
     105#        credWallet.caCertFilePathList=None 
     106#        credWallet.attributeAuthorityURI='http://localhost/AttributeAuthority' 
     107#             
     108#        credWallet.attributeAuthority = None 
     109#        credWallet.credentialRepository = None 
     110#        credWallet.mapFromTrustedHosts = False 
     111#        credWallet.rtnExtAttCertList = True 
     112#        credWallet.attCertRefreshElapse = 7200 
     113#             
     114#    def test03GetAttCertWithUserId(self): 
     115#                     
     116#        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     117#        attCert = credWallet.getAttCert() 
     118#         
     119#        # No user X.509 cert is set so the resulting Attribute Certificate 
     120#        # user ID should be the same as that set for the wallet 
     121#        assert(attCert.userId == credWallet.userId) 
     122#        print "Attribute Certificate:\n%s" % attCert 
     123#         
     124#    def test04GetAttCertWithUserX509Cert(self): 
     125#                     
     126#        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     127#         
     128#        # Set a test individual user certificate to override the client  
     129#        # cert. and private key in WS-Security settings in the config file 
     130#        credWallet.userX509Cert = """ 
     131#-----BEGIN CERTIFICATE----- 
     132#MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     133#MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
     134#N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
     135#MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
     136#rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
     137#ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
     138#JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
     139#oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
     140#B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
     141#B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
     142#KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
     143#aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
     144#9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
     145#-----END CERTIFICATE----- 
     146#""" 
     147#        credWallet.userPriKey = """ 
     148#-----BEGIN RSA PRIVATE KEY----- 
     149#MIIEowIBAAKCAQEArpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xM 
     150#ieMZy9XQft2dFBDYZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk 
     151#2dZxaAt97zXEruEHJoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5 
     152#Je8QREThIE5hRd9FoUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLC 
     153#cLvs3THQ3kO5qYYbB0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhM 
     154#ZvSJ/tVGJY4HfWG7B4PZzYwo5vn/tYH1mk7w5QIDAQABAoIBAQCQdxly/iBxWo60 
     155#Jh1zukxOj4QCzwLnps1P8z27FMeK/eJ33scCjeWpkios4An7MZktSW0UqXt135E1 
     156#wxjwdaBzABDZm/Q0xkGLyLfTXI5EgnIWQO+mRVifxGqXhsFSB6gYCUPEFfZnOE6x 
     157#XZ9sPluKvtTRUR79eb1glzGHRfEF31eBQdPkATA011twBNL3ApULxjlnFBch1LXD 
     158#lldbYb9wWV9Bcl9ftJ7Sr4kJ7gqiETWRgKuyMMwGfhIrr8PXB/oq9VOAGg+XSQQY 
     159#+0sm1URfh/N5Q7ES+dgOR4MTCn8LUFW859OqY5QZidqDxg/fTNNt6znx0FZcGfbd 
     160#oDJV6Oc9AoGBAOgjNePWgxiDYJohNWATs7fUXvT4cGrR6TdJKXd3T8bVp+AO94au 
     161#vM9iOZiCfQNRxGYHA25EfwflaF3yKLOvlsK7k1ewRvQ4Hqi/MRyRxIhPmLYCkavl 
     162#FOKHV3UeLItpRJMzjU4OBq2k1g3uC22ZYWWXFaYmP+KSW5ICq0v8M4SfAoGBAMCJ 
     163#UqbPP8MPht36P43dZJDX+GlPlhWcXrWCD0ePX0wExEBeg+M0GqHTWrz4OwSzHTY0 
     164#XPwPqm2kEICIhHyK/BSZ09CMOdHwUc3gRZULCrSnTkEcJY+XY9IftYcVXIL2xFfx 
     165#qXqiLe7Le7p2mscSKXUM4uE4Vz16JHDE3Kh3Gnf7AoGAdi2WvcrzKoOXpl/JoIPn 
     166#NmrzfJsOABOlOvQQHDWtc3hJ4pM8CGDk1l8XG0EzC4GRDq/7WyOb2BU+MLWbav61 
     167#LaX4uOeQ97uqQBY1lmnPN+XtxJtCNdSF8V0ddQ5Ldx28P4Q7J8WUOMp1/tl1D/LJ 
     168#1sI3z0Ihu+Luo0Kgmipmv9kCgYB+eTZL0RQHZCmpovsgi2/GHbhWJStnosIr5PV4 
     169#gluNKgxoZC2qj812w8l1HHJYUfg8ZQU3pmrDfuRAKm0tCncwaSPUeGh62axC2rGa 
     170#iBhONyCWcJDT1BSEMMQjqgqNFOBBDMPRhLs7g3sRL1vYrLuC4iYe382e2p8ZXJe+ 
     171#Kg6/BQKBgDlFDM9m/9A11PIlh/ir0KXUqtPA1q+Hn629BRsbbsH2HW+kj018RLT+ 
     172#SgRwhrqFtF5HCMXEh0ez/RyHHoMiVnan9jpLtGEdE8ojJnISjvkIyLUCCJdq8HYC 
     173#25UDHqKuoqHBiXWazfZ6MOlcIm6vp1FpVDygu59JHPROMxW+BAg/ 
     174#-----END RSA PRIVATE KEY----- 
     175#""" 
     176#        attCert = credWallet.getAttCert() 
     177#         
     178#        # A user X.509 cert. was set so this cert's DN should be set in the 
     179#        # userId field of the resulting Attribute Certificate 
     180#        assert(attCert.userId == str(credWallet.userX509Cert.dn)) 
     181#        print "Attribute Certificate:\n%s" % attCert 
     182#          
     183# 
     184# 
     185#    def test05GetAttCertRefusedWithUserCert(self): 
     186#         
     187#        # Keyword mapFromTrustedHosts overrides any setting in the config file 
     188#        # This flag prevents role mapping from a trusted AA and so in this case 
     189#        # forces refusal of the request 
     190#        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
     191#                                      mapFromTrustedHosts=False)     
     192#        credWallet.userX509CertFilePath = self.cfg.get('setUp', 
     193#                                                       'userX509CertFilePath') 
     194#        credWallet.userPriKeyFilePath = self.cfg.get('setUp', 
     195#                                                     'userPriKeyFilePath') 
     196#         
     197#        # Set AA URI AFTER user PKI settings so that these are picked in the 
     198#        # implicit call to create a new AA Client when the URI is set 
     199#        credWallet.attributeAuthorityURI = self.cfg.get('setUp',  
     200#                                                    'attributeAuthorityURI') 
     201#        try: 
     202#            attCert = credWallet.getAttCert() 
     203#        except CredentialWalletAttributeRequestDenied, e: 
     204#            print "SUCCESS - obtained expected result: %s" % e 
     205#            return 
     206#         
     207#        self.fail("Request allowed from Attribute Authority where user is NOT " 
     208#                  "registered!") 
     209# 
     210#    def test06GetMappedAttCertWithUserId(self): 
     211#         
     212#        # Call Site A Attribute Authority where user is registered 
     213#        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     214#        attCert = credWallet.getAttCert() 
     215# 
     216#        # Use Attribute Certificate cached in wallet to get a mapped  
     217#        # Attribute Certificate from Site B's Attribute Authority 
     218#        siteBURI = self.cfg.get('setUp', 'attributeAuthorityURI')         
     219#        attCert = credWallet.getAttCert(attributeAuthorityURI=siteBURI) 
     220#             
     221#        print("Mapped Attribute Certificate from Site B Attribute " 
     222#              "Authority:\n%s" % attCert) 
     223                         
     224    def test07GetAttCertFromLocalAAInstance(self): 
     225        thisSection = 'test07GetAttCertFromLocalAAInstance' 
     226        aaPropFilePath = self.cfg.get(thisSection, 
     227                                      'attributeAuthorityPropFilePath')  
     228                   
    115229        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     230        credWallet.attributeAuthority = AttributeAuthority( 
     231                                            propFilePath=aaPropFilePath, 
     232                                            propPrefix='attributeAuthority') 
    116233        attCert = credWallet.getAttCert() 
    117234         
     
    119236        # user ID should be the same as that set for the wallet 
    120237        assert(attCert.userId == credWallet.userId) 
    121         print "Attribute Certificate:\n%s" % attCert 
    122          
    123     def test4GetAttCertWithUserX509Cert(self): 
    124                      
    125         credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
    126          
    127         # Set a test individual user certificate to override the client  
    128         # cert. and private key in WS-Security settings in the config file 
    129         credWallet.userX509Cert = """ 
    130 -----BEGIN CERTIFICATE----- 
    131 MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    132 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
    133 N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
    134 MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
    135 rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
    136 ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
    137 JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
    138 oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
    139 B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
    140 B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
    141 KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
    142 aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
    143 9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
    144 -----END CERTIFICATE----- 
    145 """ 
    146         credWallet.userPriKey = """ 
    147 -----BEGIN RSA PRIVATE KEY----- 
    148 MIIEowIBAAKCAQEArpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xM 
    149 ieMZy9XQft2dFBDYZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk 
    150 2dZxaAt97zXEruEHJoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5 
    151 Je8QREThIE5hRd9FoUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLC 
    152 cLvs3THQ3kO5qYYbB0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhM 
    153 ZvSJ/tVGJY4HfWG7B4PZzYwo5vn/tYH1mk7w5QIDAQABAoIBAQCQdxly/iBxWo60 
    154 Jh1zukxOj4QCzwLnps1P8z27FMeK/eJ33scCjeWpkios4An7MZktSW0UqXt135E1 
    155 wxjwdaBzABDZm/Q0xkGLyLfTXI5EgnIWQO+mRVifxGqXhsFSB6gYCUPEFfZnOE6x 
    156 XZ9sPluKvtTRUR79eb1glzGHRfEF31eBQdPkATA011twBNL3ApULxjlnFBch1LXD 
    157 lldbYb9wWV9Bcl9ftJ7Sr4kJ7gqiETWRgKuyMMwGfhIrr8PXB/oq9VOAGg+XSQQY 
    158 +0sm1URfh/N5Q7ES+dgOR4MTCn8LUFW859OqY5QZidqDxg/fTNNt6znx0FZcGfbd 
    159 oDJV6Oc9AoGBAOgjNePWgxiDYJohNWATs7fUXvT4cGrR6TdJKXd3T8bVp+AO94au 
    160 vM9iOZiCfQNRxGYHA25EfwflaF3yKLOvlsK7k1ewRvQ4Hqi/MRyRxIhPmLYCkavl 
    161 FOKHV3UeLItpRJMzjU4OBq2k1g3uC22ZYWWXFaYmP+KSW5ICq0v8M4SfAoGBAMCJ 
    162 UqbPP8MPht36P43dZJDX+GlPlhWcXrWCD0ePX0wExEBeg+M0GqHTWrz4OwSzHTY0 
    163 XPwPqm2kEICIhHyK/BSZ09CMOdHwUc3gRZULCrSnTkEcJY+XY9IftYcVXIL2xFfx 
    164 qXqiLe7Le7p2mscSKXUM4uE4Vz16JHDE3Kh3Gnf7AoGAdi2WvcrzKoOXpl/JoIPn 
    165 NmrzfJsOABOlOvQQHDWtc3hJ4pM8CGDk1l8XG0EzC4GRDq/7WyOb2BU+MLWbav61 
    166 LaX4uOeQ97uqQBY1lmnPN+XtxJtCNdSF8V0ddQ5Ldx28P4Q7J8WUOMp1/tl1D/LJ 
    167 1sI3z0Ihu+Luo0Kgmipmv9kCgYB+eTZL0RQHZCmpovsgi2/GHbhWJStnosIr5PV4 
    168 gluNKgxoZC2qj812w8l1HHJYUfg8ZQU3pmrDfuRAKm0tCncwaSPUeGh62axC2rGa 
    169 iBhONyCWcJDT1BSEMMQjqgqNFOBBDMPRhLs7g3sRL1vYrLuC4iYe382e2p8ZXJe+ 
    170 Kg6/BQKBgDlFDM9m/9A11PIlh/ir0KXUqtPA1q+Hn629BRsbbsH2HW+kj018RLT+ 
    171 SgRwhrqFtF5HCMXEh0ez/RyHHoMiVnan9jpLtGEdE8ojJnISjvkIyLUCCJdq8HYC 
    172 25UDHqKuoqHBiXWazfZ6MOlcIm6vp1FpVDygu59JHPROMxW+BAg/ 
    173 -----END RSA PRIVATE KEY----- 
    174 """ 
    175         attCert = credWallet.getAttCert() 
    176          
    177         # A user X.509 cert. was set so this cert's DN should be set in the 
    178         # userId field of the resulting Attribute Certificate 
    179         assert(attCert.userId == str(credWallet.userX509Cert.dn)) 
    180         print "Attribute Certificate:\n%s" % attCert 
    181           
    182  
    183  
    184     def test5GetAttCertRefusedWithUserCert(self): 
    185          
    186         # Keyword mapFromTrustedHosts overrides any setting in the config file 
    187         # This flag prevents role mapping from a trusted AA and so in this case 
    188         # forces refusal of the request 
    189         credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
    190                                       mapFromTrustedHosts=False)     
    191         credWallet.userX509CertFilePath = self.cfg.get('setUp', 
    192                                                        'userX509CertFilePath') 
    193         credWallet.userPriKeyFilePath = self.cfg.get('setUp', 
    194                                                      'userPriKeyFilePath') 
    195          
    196         # Set AA URI AFTER user PKI settings so that these are picked in the 
    197         # implicit call to create a new AA Client when the URI is set 
    198         credWallet.attributeAuthorityURI = self.cfg.get('setUp',  
    199                                                     'attributeAuthorityURI') 
    200         try: 
    201             attCert = credWallet.getAttCert() 
    202         except CredentialWalletAttributeRequestDenied, e: 
    203             print "SUCCESS - obtained expected result: %s" % e 
    204             return 
    205          
    206         self.fail("Request allowed from Attribute Authority where user is NOT " 
    207                   "registered!") 
    208  
    209     def test6GetMappedAttCertWithUserId(self): 
    210          
    211         # Call Site A Attribute Authority where user is registered 
    212         credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
    213         attCert = credWallet.getAttCert() 
    214  
    215         # Use Attribute Certificate cached in wallet to get a mapped  
    216         # Attribute Certificate from Site B's Attribute Authority 
    217         siteBURI = self.cfg.get('setUp', 'attributeAuthorityURI')         
    218         attCert = credWallet.getAttCert(attributeAuthorityURI=siteBURI) 
    219              
    220         print("Mapped Attribute Certificate from Site B Attribute " 
    221               "Authority:\n%s" % attCert) 
    222              
    223                                                      
     238        print "Attribute Certificate:\n%s" % attCert   
     239                                                          
    224240if __name__ == "__main__": 
    225241    unittest.main()         
Note: See TracChangeset for help on using the changeset viewer.