Changeset 4447 for TI12-security


Ignore:
Timestamp:
19/11/08 13:10:48 (11 years ago)
Author:
pjkersha
Message:
  • Updated Session Manager unit tests to include a call to a locally instantiated Attribute Authority
  • fixed bug in CredentialWallet?.getAttCert - ensure attributeAuthority keyword input correctly picked up.
Location:
TI12-security/trunk/python
Files:
9 added
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py

    r4446 r4447  
    10701070            raise CredentialWalletError("Error requesting attribute: " 
    10711071                                        "certificate a URI or Attribute " 
    1072                                         "Authority configuration file must be " 
    1073                                         "specified") 
     1072                                        "Authority instance must be specified") 
    10741073         
    10751074        try: 
     
    13431342            self.attributeAuthorityURI = attributeAuthorityURI 
    13441343             
    1345         if attributeAuthority: 
     1344        if attributeAuthority is not None: 
    13461345            self.attributeAuthority = attributeAuthority 
    13471346            
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/__init__.py

    r4404 r4447  
    7373            # Get certificate corresponding to private key that signed the 
    7474            # message - i.e. the user's proxy 
    75             holderCert = signatureFilter.signatureHandler.verifyingCert 
     75            holderX509Cert = signatureFilter.signatureHandler.verifyingCert 
    7676        else: 
    7777            # No signature from client - they must instead provide the 
    7878            # designated holder cert via the UserCert input 
    79             holderCert = request.UserCert 
     79            holderX509Cert = request.UserCert 
    8080 
    8181        try: 
    8282            attCert = self.aa.getAttCert(userId=request.UserId, 
    83                                          holderCert=holderCert, 
     83                                         holderX509Cert=holderX509Cert, 
    8484                                         userAttCert=request.UserAttCert)   
    8585            response.AttCert = attCert.toString() 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/siteAAttributeAuthority/__init__.py

    r4446 r4447  
    1 """NDG Security Session Manager unit test package - ca directory 
    2 for storing CA cert.s used in SSL connections 
     1"""NDG Security Credential Wallet unit test package - directory 
     2for test Attribute Authority used in these tests 
    33 
    44NERC Data Grid Project 
    55""" 
    66__author__ = "P J Kershaw" 
    7 __date__ = "12/12/07" 
    8 __copyright__ = "(C) 2007 STFC & NERC" 
     7__date__ = "19/11/08" 
     8__copyright__ = "(C) 2008 STFC & NERC" 
    99__license__ = \ 
    1010"""This software may be distributed under the terms of the Q Public  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/test_credentialwallet.py

    r4446 r4447  
    5353         
    5454 
    55 #    def test01ReadOnlyClassVariables(self): 
    56 #         
    57 #        try: 
    58 #            CredentialWallet.accessDenied = 'yes' 
    59 #            self.fail("accessDenied class variable should be read-only") 
    60 #        except Exception, e: 
    61 #            print("PASS - accessDenied class variable is read-only") 
    62 # 
    63 #        try: 
    64 #            CredentialWallet.accessGranted = False 
    65 #            self.fail("accessGranted class variable should be read-only") 
    66 #        except Exception, e: 
    67 #            print("PASS - accessGranted class variable is read-only") 
    68 #             
    69 #        assert(not CredentialWallet.accessDenied) 
    70 #        assert(CredentialWallet.accessGranted) 
    71 #         
    72 #         
    73 #    def test02SetAttributes(self): 
    74 #         
    75 #        credWallet = CredentialWallet() 
    76 #        credWallet.userX509Cert = \ 
    77 #'''-----BEGIN CERTIFICATE----- 
    78 #MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    79 #MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
    80 #N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
    81 #MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
    82 #rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
    83 #ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
    84 #JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
    85 #oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
    86 #B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
    87 #B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
    88 #KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
    89 #aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
    90 #9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
    91 #-----END CERTIFICATE----- 
    92 #''' 
    93 #        print("userCert=%s" % credWallet.userX509Cert) 
    94 #        credWallet.userId = 'ndg-user' 
    95 #        print("userId=%s" % credWallet.userId) 
    96 #         
    97 #        try: 
    98 #            credWallet.blah = 'blah blah' 
    99 #            self.fail("Attempting to set attribute not in __slots__ class " 
    100 #                      "variable should fail") 
    101 #        except AttributeError: 
    102 #            print("PASS - expected AttributeError when setting attribute " 
    103 #                  "not in __slots__ class variable") 
    104 #             
    105 #        credWallet.caCertFilePathList=None 
    106 #        credWallet.attributeAuthorityURI='http://localhost/AttributeAuthority' 
    107 #             
    108 #        credWallet.attributeAuthority = None 
    109 #        credWallet.credentialRepository = None 
    110 #        credWallet.mapFromTrustedHosts = False 
    111 #        credWallet.rtnExtAttCertList = True 
    112 #        credWallet.attCertRefreshElapse = 7200 
    113 #             
    114 #    def test03GetAttCertWithUserId(self): 
    115 #                     
    116 #        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
    117 #        attCert = credWallet.getAttCert() 
    118 #         
    119 #        # No user X.509 cert is set so the resulting Attribute Certificate 
    120 #        # user ID should be the same as that set for the wallet 
    121 #        assert(attCert.userId == credWallet.userId) 
    122 #        print "Attribute Certificate:\n%s" % attCert 
    123 #         
    124 #    def test04GetAttCertWithUserX509Cert(self): 
    125 #                     
    126 #        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
    127 #         
    128 #        # Set a test individual user certificate to override the client  
    129 #        # cert. and private key in WS-Security settings in the config file 
    130 #        credWallet.userX509Cert = """ 
    131 #-----BEGIN CERTIFICATE----- 
    132 #MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    133 #MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
    134 #N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
    135 #MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
    136 #rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
    137 #ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
    138 #JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
    139 #oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
    140 #B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
    141 #B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
    142 #KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
    143 #aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
    144 #9Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
    145 #-----END CERTIFICATE----- 
    146 #""" 
    147 #        credWallet.userPriKey = """ 
    148 #-----BEGIN RSA PRIVATE KEY----- 
    149 #MIIEowIBAAKCAQEArpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xM 
    150 #ieMZy9XQft2dFBDYZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk 
    151 #2dZxaAt97zXEruEHJoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5 
    152 #Je8QREThIE5hRd9FoUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLC 
    153 #cLvs3THQ3kO5qYYbB0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhM 
    154 #ZvSJ/tVGJY4HfWG7B4PZzYwo5vn/tYH1mk7w5QIDAQABAoIBAQCQdxly/iBxWo60 
    155 #Jh1zukxOj4QCzwLnps1P8z27FMeK/eJ33scCjeWpkios4An7MZktSW0UqXt135E1 
    156 #wxjwdaBzABDZm/Q0xkGLyLfTXI5EgnIWQO+mRVifxGqXhsFSB6gYCUPEFfZnOE6x 
    157 #XZ9sPluKvtTRUR79eb1glzGHRfEF31eBQdPkATA011twBNL3ApULxjlnFBch1LXD 
    158 #lldbYb9wWV9Bcl9ftJ7Sr4kJ7gqiETWRgKuyMMwGfhIrr8PXB/oq9VOAGg+XSQQY 
    159 #+0sm1URfh/N5Q7ES+dgOR4MTCn8LUFW859OqY5QZidqDxg/fTNNt6znx0FZcGfbd 
    160 #oDJV6Oc9AoGBAOgjNePWgxiDYJohNWATs7fUXvT4cGrR6TdJKXd3T8bVp+AO94au 
    161 #vM9iOZiCfQNRxGYHA25EfwflaF3yKLOvlsK7k1ewRvQ4Hqi/MRyRxIhPmLYCkavl 
    162 #FOKHV3UeLItpRJMzjU4OBq2k1g3uC22ZYWWXFaYmP+KSW5ICq0v8M4SfAoGBAMCJ 
    163 #UqbPP8MPht36P43dZJDX+GlPlhWcXrWCD0ePX0wExEBeg+M0GqHTWrz4OwSzHTY0 
    164 #XPwPqm2kEICIhHyK/BSZ09CMOdHwUc3gRZULCrSnTkEcJY+XY9IftYcVXIL2xFfx 
    165 #qXqiLe7Le7p2mscSKXUM4uE4Vz16JHDE3Kh3Gnf7AoGAdi2WvcrzKoOXpl/JoIPn 
    166 #NmrzfJsOABOlOvQQHDWtc3hJ4pM8CGDk1l8XG0EzC4GRDq/7WyOb2BU+MLWbav61 
    167 #LaX4uOeQ97uqQBY1lmnPN+XtxJtCNdSF8V0ddQ5Ldx28P4Q7J8WUOMp1/tl1D/LJ 
    168 #1sI3z0Ihu+Luo0Kgmipmv9kCgYB+eTZL0RQHZCmpovsgi2/GHbhWJStnosIr5PV4 
    169 #gluNKgxoZC2qj812w8l1HHJYUfg8ZQU3pmrDfuRAKm0tCncwaSPUeGh62axC2rGa 
    170 #iBhONyCWcJDT1BSEMMQjqgqNFOBBDMPRhLs7g3sRL1vYrLuC4iYe382e2p8ZXJe+ 
    171 #Kg6/BQKBgDlFDM9m/9A11PIlh/ir0KXUqtPA1q+Hn629BRsbbsH2HW+kj018RLT+ 
    172 #SgRwhrqFtF5HCMXEh0ez/RyHHoMiVnan9jpLtGEdE8ojJnISjvkIyLUCCJdq8HYC 
    173 #25UDHqKuoqHBiXWazfZ6MOlcIm6vp1FpVDygu59JHPROMxW+BAg/ 
    174 #-----END RSA PRIVATE KEY----- 
    175 #""" 
    176 #        attCert = credWallet.getAttCert() 
    177 #         
    178 #        # A user X.509 cert. was set so this cert's DN should be set in the 
    179 #        # userId field of the resulting Attribute Certificate 
    180 #        assert(attCert.userId == str(credWallet.userX509Cert.dn)) 
    181 #        print "Attribute Certificate:\n%s" % attCert 
    182 #          
    183 # 
    184 # 
    185 #    def test05GetAttCertRefusedWithUserCert(self): 
    186 #         
    187 #        # Keyword mapFromTrustedHosts overrides any setting in the config file 
    188 #        # This flag prevents role mapping from a trusted AA and so in this case 
    189 #        # forces refusal of the request 
    190 #        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
    191 #                                      mapFromTrustedHosts=False)     
    192 #        credWallet.userX509CertFilePath = self.cfg.get('setUp', 
    193 #                                                       'userX509CertFilePath') 
    194 #        credWallet.userPriKeyFilePath = self.cfg.get('setUp', 
    195 #                                                     'userPriKeyFilePath') 
    196 #         
    197 #        # Set AA URI AFTER user PKI settings so that these are picked in the 
    198 #        # implicit call to create a new AA Client when the URI is set 
    199 #        credWallet.attributeAuthorityURI = self.cfg.get('setUp',  
    200 #                                                    'attributeAuthorityURI') 
    201 #        try: 
    202 #            attCert = credWallet.getAttCert() 
    203 #        except CredentialWalletAttributeRequestDenied, e: 
    204 #            print "SUCCESS - obtained expected result: %s" % e 
    205 #            return 
    206 #         
    207 #        self.fail("Request allowed from Attribute Authority where user is NOT " 
    208 #                  "registered!") 
    209 # 
    210 #    def test06GetMappedAttCertWithUserId(self): 
    211 #         
    212 #        # Call Site A Attribute Authority where user is registered 
    213 #        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
    214 #        attCert = credWallet.getAttCert() 
    215 # 
    216 #        # Use Attribute Certificate cached in wallet to get a mapped  
    217 #        # Attribute Certificate from Site B's Attribute Authority 
    218 #        siteBURI = self.cfg.get('setUp', 'attributeAuthorityURI')         
    219 #        attCert = credWallet.getAttCert(attributeAuthorityURI=siteBURI) 
    220 #             
    221 #        print("Mapped Attribute Certificate from Site B Attribute " 
    222 #              "Authority:\n%s" % attCert) 
     55    def test01ReadOnlyClassVariables(self): 
     56         
     57        try: 
     58            CredentialWallet.accessDenied = 'yes' 
     59            self.fail("accessDenied class variable should be read-only") 
     60        except Exception, e: 
     61            print("PASS - accessDenied class variable is read-only") 
     62 
     63        try: 
     64            CredentialWallet.accessGranted = False 
     65            self.fail("accessGranted class variable should be read-only") 
     66        except Exception, e: 
     67            print("PASS - accessGranted class variable is read-only") 
     68             
     69        assert(not CredentialWallet.accessDenied) 
     70        assert(CredentialWallet.accessGranted) 
     71         
     72         
     73    def test02SetAttributes(self): 
     74         
     75        credWallet = CredentialWallet() 
     76        credWallet.userX509Cert = \ 
     77'''-----BEGIN CERTIFICATE----- 
     78MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     79MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
     80N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
     81MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
     82rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
     83ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
     84JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
     85oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
     86B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
     87B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
     88KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
     89aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
     909Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
     91-----END CERTIFICATE----- 
     92''' 
     93        print("userCert=%s" % credWallet.userX509Cert) 
     94        credWallet.userId = 'ndg-user' 
     95        print("userId=%s" % credWallet.userId) 
     96         
     97        try: 
     98            credWallet.blah = 'blah blah' 
     99            self.fail("Attempting to set attribute not in __slots__ class " 
     100                      "variable should fail") 
     101        except AttributeError: 
     102            print("PASS - expected AttributeError when setting attribute " 
     103                  "not in __slots__ class variable") 
     104             
     105        credWallet.caCertFilePathList=None 
     106        credWallet.attributeAuthorityURI='http://localhost/AttributeAuthority' 
     107             
     108        credWallet.attributeAuthority = None 
     109        credWallet.credentialRepository = None 
     110        credWallet.mapFromTrustedHosts = False 
     111        credWallet.rtnExtAttCertList = True 
     112        credWallet.attCertRefreshElapse = 7200 
     113             
     114    def test03GetAttCertWithUserId(self): 
     115                     
     116        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     117        attCert = credWallet.getAttCert() 
     118         
     119        # No user X.509 cert is set so the resulting Attribute Certificate 
     120        # user ID should be the same as that set for the wallet 
     121        assert(attCert.userId == credWallet.userId) 
     122        print "Attribute Certificate:\n%s" % attCert 
     123         
     124    def test04GetAttCertWithUserX509Cert(self): 
     125                     
     126        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     127         
     128        # Set a test individual user certificate to override the client  
     129        # cert. and private key in WS-Security settings in the config file 
     130        credWallet.userX509Cert = """ 
     131-----BEGIN CERTIFICATE----- 
     132MIICazCCAdSgAwIBAgICAPcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     133MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MDEwNDEwMTk0 
     134N1oXDTA5MDEwMzEwMTk0N1owLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD 
     135MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 
     136rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY 
     137ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH 
     138JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F 
     139oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb 
     140B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7 
     141B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ 
     142KoZIhvcNAQEEBQADgYEAFKEdr2FwlposAGRDHBMX9d48TKm1gXzOMEvReTYIaq46 
     143aMpDDuApsbjpRqohvKIrngGa2e1p81tOTL5kbuusNjcNsagXkNgeO6qcGZCly/Bl 
     1449Kxfynaned5jmgWgoxJP7VtOynvlLqJfrS/cEwOWDYpyPjJDRx2cZgEd3P4WfYI= 
     145-----END CERTIFICATE----- 
     146""" 
     147        credWallet.userPriKey = """ 
     148-----BEGIN RSA PRIVATE KEY----- 
     149MIIEowIBAAKCAQEArpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xM 
     150ieMZy9XQft2dFBDYZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk 
     1512dZxaAt97zXEruEHJoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5 
     152Je8QREThIE5hRd9FoUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLC 
     153cLvs3THQ3kO5qYYbB0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhM 
     154ZvSJ/tVGJY4HfWG7B4PZzYwo5vn/tYH1mk7w5QIDAQABAoIBAQCQdxly/iBxWo60 
     155Jh1zukxOj4QCzwLnps1P8z27FMeK/eJ33scCjeWpkios4An7MZktSW0UqXt135E1 
     156wxjwdaBzABDZm/Q0xkGLyLfTXI5EgnIWQO+mRVifxGqXhsFSB6gYCUPEFfZnOE6x 
     157XZ9sPluKvtTRUR79eb1glzGHRfEF31eBQdPkATA011twBNL3ApULxjlnFBch1LXD 
     158lldbYb9wWV9Bcl9ftJ7Sr4kJ7gqiETWRgKuyMMwGfhIrr8PXB/oq9VOAGg+XSQQY 
     159+0sm1URfh/N5Q7ES+dgOR4MTCn8LUFW859OqY5QZidqDxg/fTNNt6znx0FZcGfbd 
     160oDJV6Oc9AoGBAOgjNePWgxiDYJohNWATs7fUXvT4cGrR6TdJKXd3T8bVp+AO94au 
     161vM9iOZiCfQNRxGYHA25EfwflaF3yKLOvlsK7k1ewRvQ4Hqi/MRyRxIhPmLYCkavl 
     162FOKHV3UeLItpRJMzjU4OBq2k1g3uC22ZYWWXFaYmP+KSW5ICq0v8M4SfAoGBAMCJ 
     163UqbPP8MPht36P43dZJDX+GlPlhWcXrWCD0ePX0wExEBeg+M0GqHTWrz4OwSzHTY0 
     164XPwPqm2kEICIhHyK/BSZ09CMOdHwUc3gRZULCrSnTkEcJY+XY9IftYcVXIL2xFfx 
     165qXqiLe7Le7p2mscSKXUM4uE4Vz16JHDE3Kh3Gnf7AoGAdi2WvcrzKoOXpl/JoIPn 
     166NmrzfJsOABOlOvQQHDWtc3hJ4pM8CGDk1l8XG0EzC4GRDq/7WyOb2BU+MLWbav61 
     167LaX4uOeQ97uqQBY1lmnPN+XtxJtCNdSF8V0ddQ5Ldx28P4Q7J8WUOMp1/tl1D/LJ 
     1681sI3z0Ihu+Luo0Kgmipmv9kCgYB+eTZL0RQHZCmpovsgi2/GHbhWJStnosIr5PV4 
     169gluNKgxoZC2qj812w8l1HHJYUfg8ZQU3pmrDfuRAKm0tCncwaSPUeGh62axC2rGa 
     170iBhONyCWcJDT1BSEMMQjqgqNFOBBDMPRhLs7g3sRL1vYrLuC4iYe382e2p8ZXJe+ 
     171Kg6/BQKBgDlFDM9m/9A11PIlh/ir0KXUqtPA1q+Hn629BRsbbsH2HW+kj018RLT+ 
     172SgRwhrqFtF5HCMXEh0ez/RyHHoMiVnan9jpLtGEdE8ojJnISjvkIyLUCCJdq8HYC 
     17325UDHqKuoqHBiXWazfZ6MOlcIm6vp1FpVDygu59JHPROMxW+BAg/ 
     174-----END RSA PRIVATE KEY----- 
     175""" 
     176        attCert = credWallet.getAttCert() 
     177         
     178        # A user X.509 cert. was set so this cert's DN should be set in the 
     179        # userId field of the resulting Attribute Certificate 
     180        assert(attCert.userId == str(credWallet.userX509Cert.dn)) 
     181        print "Attribute Certificate:\n%s" % attCert 
     182          
     183 
     184 
     185    def test05GetAttCertRefusedWithUserCert(self): 
     186         
     187        # Keyword mapFromTrustedHosts overrides any setting in the config file 
     188        # This flag prevents role mapping from a trusted AA and so in this case 
     189        # forces refusal of the request 
     190        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
     191                                      mapFromTrustedHosts=False)     
     192        credWallet.userX509CertFilePath = self.cfg.get('setUp', 
     193                                                       'userX509CertFilePath') 
     194        credWallet.userPriKeyFilePath = self.cfg.get('setUp', 
     195                                                     'userPriKeyFilePath') 
     196         
     197        # Set AA URI AFTER user PKI settings so that these are picked in the 
     198        # implicit call to create a new AA Client when the URI is set 
     199        credWallet.attributeAuthorityURI = self.cfg.get('setUp',  
     200                                                    'attributeAuthorityURI') 
     201        try: 
     202            attCert = credWallet.getAttCert() 
     203        except CredentialWalletAttributeRequestDenied, e: 
     204            print "SUCCESS - obtained expected result: %s" % e 
     205            return 
     206         
     207        self.fail("Request allowed from Attribute Authority where user is NOT " 
     208                  "registered!") 
     209 
     210    def test06GetMappedAttCertWithUserId(self): 
     211         
     212        # Call Site A Attribute Authority where user is registered 
     213        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath')) 
     214        attCert = credWallet.getAttCert() 
     215 
     216        # Use Attribute Certificate cached in wallet to get a mapped  
     217        # Attribute Certificate from Site B's Attribute Authority 
     218        siteBURI = self.cfg.get('setUp', 'attributeAuthorityURI')         
     219        attCert = credWallet.getAttCert(attributeAuthorityURI=siteBURI) 
     220             
     221        print("Mapped Attribute Certificate from Site B Attribute " 
     222              "Authority:\n%s" % attCert) 
    223223                         
    224224    def test07GetAttCertFromLocalAAInstance(self): 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgrTest.cfg

    r4402 r4447  
    2222propFilePath = $NDGSEC_SM_UNITTEST_DIR/sessionMgr.cfg 
    2323 
    24 [test1Connect] 
     24[test01Connect2AuthNServiceWithNoUserCertReturned] 
    2525# Alter username according to the MyProxy credentials you wish to test.  If 
    2626# passphrase is commented out you will be prompted for it on the command line. 
     
    2929passphrase = testpassword 
    3030 
    31 [test2Connect2AuthNServiceReturningAUserCert] 
     31[test02Connect2AuthNServiceReturningAUserCert] 
    3232outputCredsFilePath = user.creds 
    3333 
    34 [test4ConnectNoCreateServerSess]          
     34[test04ConnectNoCreateServerSess]          
    3535username = testuser 
    3636passphrase = testpassword 
    3737 
    38 [test7GetAttCertWithSessID] 
     38[test07GetAttCertWithSessID] 
    3939aaURI = http://localhost:5000/AttributeAuthority 
    4040acOutputFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml 
    4141 
    42 [test8GetAttCertRefusedWithSessID] 
     42[test08GetAttCertRefusedWithSessID] 
    4343aaURI = http://localhost:5100/AttributeAuthority 
    4444 
    45 [test9GetMappedAttCertWithSessID] 
     45[test09GetMappedAttCertWithSessID] 
    4646aaURI = http://localhost:5100/AttributeAuthority 
    4747 
    4848[test10GetAttCertWithExtAttCertListWithSessID] 
    4949aaURI = http://localhost:5100/AttributeAuthority 
    50 # Use output from test7GetAttCertWithSessID! 
     50# Use output from test07GetAttCertWithSessID! 
    5151extACFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml 
    5252 
    5353[test11GetAttCertWithUserCert] 
    5454aaURI = http://localhost:5000/AttributeAuthority 
     55 
     56[test12GetAttCertFromLocalAAInstance] 
     57aaPropFilePath = $NDGSEC_SM_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.cfg 
     58acOutputFilePath = $NDGSEC_SM_UNITTEST_DIR/test12-ac-out.xml 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4406 r4447  
    2323                                                    CaseSensitiveConfigParser 
    2424from ndg.security.common.X509 import X509CertParse 
    25 from ndg.security.server.sessionmanager import * 
     25from ndg.security.server.sessionmanager import SessionManager 
     26from ndg.security.server.attributeauthority import AttributeAuthority 
    2627 
    2728from os.path import expandvars as xpdVars 
     
    130131        print("Finished setting up connection") 
    131132    
    132     def test1Connect2AuthNServiceWithNoUserCertReturned(self): 
    133          
    134         username = self.cfg.get('test1Connect', 'username') 
     133    def test01Connect2AuthNServiceWithNoUserCertReturned(self): 
     134         
     135        thisSection = 'test01Connect2AuthNServiceWithNoUserCertReturned' 
     136        username = self.cfg.get(thisSection, 'username') 
    135137        if SessionManagerTestCase.passphrase is None and \ 
    136            self.cfg.has_option('test1Connect', 'passphrase'): 
    137             SessionManagerTestCase.passphrase=self.cfg.get('test1Connect',  
    138                                                                 'passphrase') 
     138           self.cfg.has_option(thisSection, 'passphrase'): 
     139            SessionManagerTestCase.passphrase=self.cfg.get(thisSection,  
     140                                                           'passphrase') 
    139141         
    140142        if not SessionManagerTestCase.passphrase: 
     
    150152        assert(issuingCert is None) 
    151153         
    152         print "User '%s' connected to Session Manager:\n%s" % \ 
    153                                                         (username, sessID)        
     154        print("User '%s' connected to Session Manager:\n%s"%(username, sessID))      
    154155                                   
    155     def test2Connect2AuthNServiceReturningAUserCert(self): 
    156          
    157         section = 'test2Connect2AuthNServiceReturningAUserCert' 
     156    def test02Connect2AuthNServiceReturningAUserCert(self): 
     157         
     158        section = 'test02Connect2AuthNServiceReturningAUserCert' 
    158159         
    159160        # Change to alternative authentication service 
     
    185186     
    186187             
    187     def test3GetSessionStatus(self): 
    188         """test3GetSessionStatus: check a session is alive""" 
     188    def test03GetSessionStatus(self): 
     189        """test03GetSessionStatus: check a session is alive""" 
    189190         
    190191        self._connect() 
     
    197198        print "CORRECT: sessID=abc doesn't exist" 
    198199         
    199     def test4ConnectNoCreateServerSess(self): 
    200         """test4ConnectNoCreateServerSess: Connect to retrieve credentials 
     200    def test04ConnectNoCreateServerSess(self): 
     201        """test04ConnectNoCreateServerSess: Connect to retrieve credentials 
    201202        only - no session is created.  This makes sense only for an AuthN 
    202203        Service that returns user credentials""" 
    203         section = 'test4ConnectNoCreateServerSess' 
     204        section = 'test04ConnectNoCreateServerSess' 
    204205         
    205206        # Change to alternative authentication service 
     
    243244             
    244245 
    245     def test5DisconnectWithSessID(self): 
    246         """test5DisconnectWithSessID: disconnect as if acting as a browser  
     246    def test05DisconnectWithSessID(self): 
     247        """test05DisconnectWithSessID: disconnect as if acting as a browser  
    247248        client  
    248249        """ 
     
    254255             
    255256 
    256     def test6DisconnectWithUserCert(self): 
     257    def test06DisconnectWithUserCert(self): 
    257258        """test5DisconnectWithUserCert: Disconnect based on a user X.509 
    258259        cert. credential from an earlier call to connect  
     
    266267 
    267268 
    268     def test7GetAttCertWithSessID(self): 
    269         """test7GetAttCertWithSessID: make an attribute request using 
     269    def test07GetAttCertWithSessID(self): 
     270        """test07GetAttCertWithSessID: make an attribute request using 
    270271        a session ID as authentication credential""" 
    271272 
    272273        self._connect() 
    273274         
    274         section = 'test7GetAttCertWithSessID' 
     275        section = 'test07GetAttCertWithSessID' 
    275276        aaURI = self.cfg.get(section, 'aaURI') 
    276277        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,  
     
    282283        attCert.filePath = xpdVars(self.cfg.get(section, 'acOutputFilePath'))  
    283284        attCert.write() 
    284          
    285         return self.sm 
    286  
    287  
    288     def test8GetAttCertRefusedWithSessID(self): 
    289         """test8GetAttCertRefusedWithSessID: make an attribute request using 
     285 
     286 
     287    def test08GetAttCertRefusedWithSessID(self): 
     288        """test08GetAttCertRefusedWithSessID: make an attribute request using 
    290289        a sessID as authentication credential requesting an AC from an 
    291290        Attribute Authority where the user is NOT registered""" 
     
    293292        self._connect() 
    294293         
    295         aaURI = self.cfg.get('test8GetAttCertRefusedWithSessID', 'aaURI') 
     294        aaURI = self.cfg.get('test08GetAttCertRefusedWithSessID', 'aaURI') 
    296295         
    297296        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,  
     
    305304 
    306305 
    307     def test9GetMappedAttCertWithSessID(self): 
    308         """test9GetMappedAttCertWithSessID: make an attribute request using 
     306    def test09GetMappedAttCertWithSessID(self): 
     307        """test09GetMappedAttCertWithSessID: make an attribute request using 
    309308        a session ID as authentication credential""" 
    310309 
     
    313312        # Attribute Certificate cached in test 6 can be used to get a mapped 
    314313        # AC for this test ... 
    315         self.sm = self.test7GetAttCertWithSessID() 
    316  
    317         aaURI = self.cfg.get('test9GetMappedAttCertWithSessID', 'aaURI') 
     314        self.test07GetAttCertWithSessID() 
     315 
     316        aaURI = self.cfg.get('test09GetMappedAttCertWithSessID', 'aaURI') 
    318317         
    319318        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID, 
     
    364363           
    365364        print("Attribute Certificate:\n%s" % attCert)   
     365 
     366 
     367    def test12GetAttCertFromLocalAAInstance(self): 
     368        """test12GetAttCertFromLocalAAInstance: make an attribute request to a 
     369        locally instantiated Attribute Authority""" 
     370 
     371        self._connect() 
     372         
     373        section = 'test12GetAttCertFromLocalAAInstance' 
     374        aaPropFilePath = self.cfg.get(section, 'aaPropFilePath') 
     375        attributeAuthority=AttributeAuthority(propFilePath=aaPropFilePath, 
     376                                              propPrefix='attributeAuthority') 
     377         
     378        attCert, errMsg, extAttCertList=self.sm.getAttCert(sessID=self.sessID,  
     379                                        attributeAuthority=attributeAuthority) 
     380        if errMsg: 
     381            self.fail(errMsg) 
     382             
     383        print("Attribute Certificate:\n%s" % attCert)  
     384        attCert.filePath = xpdVars(self.cfg.get(section, 'acOutputFilePath'))  
     385        attCert.write() 
    366386 
    367387 
     
    372392        smTestCaseMap = map(SessionManagerTestCase, 
    373393                          ( 
    374                             "test1Connect2AuthNServiceWithNoUserCertReturned", 
    375                             "test2Connect2AuthNServiceReturningAUserCert", 
    376                             "test3GetSessionStatus", 
    377                             "test4ConnectNoCreateServerSess", 
    378                             "test5DisconnectWithSessID", 
    379                             "test6DisconnectWithUserCert", 
    380                             "test7GetAttCertWithSessID", 
    381                             "test8GetAttCertRefusedWithSessID", 
    382                             "test9GetMappedAttCertWithSessID", 
     394                            "test01Connect2AuthNServiceWithNoUserCertReturned", 
     395                            "test02Connect2AuthNServiceReturningAUserCert", 
     396                            "test03GetSessionStatus", 
     397                            "test04ConnectNoCreateServerSess", 
     398                            "test05DisconnectWithSessID", 
     399                            "test06DisconnectWithUserCert", 
     400                            "test07GetAttCertWithSessID", 
     401                            "test08GetAttCertRefusedWithSessID", 
     402                            "test09GetMappedAttCertWithSessID", 
    383403                            "test10GetAttCertWithExtAttCertListWithSessID", 
    384404                            "test11GetAttCertWithUserCert", 
     405                            "test12GetAttCertFromLocalAAInstance", 
    385406                          )) 
    386407        unittest.TestSuite.__init__(self, smTestCaseMap) 
Note: See TracChangeset for help on using the changeset viewer.