Changeset 4479


Ignore:
Timestamp:
21/11/08 10:01:54 (11 years ago)
Author:
pjkersha
Message:

Added Combined Services unit test - tests Session Manager and Attribtue Authority WSGIs running under the same Paste instance.

Location:
TI12-security/trunk/python
Files:
4 added
9 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/credentialwallet.py

    r4447 r4479  
    2424 
    2525# Access Attribute Authority's web service using ZSI - allow pass if not  
    26 # loaded since it's possible to make AttributeAuthority instance locally without  
    27 # using the WS 
     26# loaded since it's possible to make AttributeAuthority instance locally 
     27# without using the WS 
    2828aaImportError = True 
    2929try: 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/dom.py

    r4446 r4479  
    316316        signedInfoC14nAlg = c14nAlgOpt[int(self.signedInfoC14nIsExcl)] 
    317317 
    318         log.warning("Forcing use of Exclusive C14N - Inclusive C14N not " 
    319                     "working") 
     318        log.warning("Forcing use of Exclusive C14N for SignedInfo section - " 
     319                    "Inclusive C14N not working") 
    320320         
    321321        # TODO: remove this line if ZSI.Canonicalize ever starts working with 
     
    372372        refC14nAlg = c14nAlgOpt[self.refC14nIsExcl] 
    373373 
    374         log.warning("Forcing use of Exclusive C14N - Inclusive C14N not " 
    375                     "working") 
     374        log.warning("Forcing use of Exclusive C14N for references - Inclusive " 
     375                    "C14N not working") 
    376376         
    377377        # TODO: remove this line if ZSI.Canonicalize ever starts working with 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/sessionmanager.wsdl

    r4437 r4479  
    6868                    <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    6969                    <xsd:element name="sessID" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    70                     <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
     70                    <xsd:element name="attAuthorityURI" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    7171                    <xsd:element name="attAuthorityCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    7272                    <xsd:element name="reqRole" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/__init__.py

    r4447 r4479  
    1616log = logging.getLogger(__name__) 
    1717 
    18 from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services import \ 
    19     getAttCertInputMsg, getAttCertOutputMsg, \ 
    20     getHostInfoInputMsg, getHostInfoOutputMsg, \ 
    21     getTrustedHostInfoInputMsg, getTrustedHostInfoOutputMsg, \ 
    22     getAllHostsInfoInputMsg, getAllHostsInfoOutputMsg, \ 
    23     getX509CertInputMsg, getX509CertOutputMsg 
     18from ndg.security.common.zsi.attributeauthority.AttributeAuthority_services \ 
     19    import getAttCertInputMsg, getAttCertOutputMsg, \ 
     20        getHostInfoInputMsg, getHostInfoOutputMsg, \ 
     21        getTrustedHostInfoInputMsg, getTrustedHostInfoOutputMsg, \ 
     22        getAllHostsInfoInputMsg, getAllHostsInfoOutputMsg, \ 
     23        getX509CertInputMsg, getX509CertOutputMsg 
    2424     
    2525from ndg.security.server.zsi.attributeauthority.AttributeAuthority_services_server \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/siteB/siteBMapConfig.xml

    r4460 r4479  
    1010    <trusted name="Site A"> 
    1111            <aaURI>http://localhost:5000/AttributeAuthority</aaURI> 
     12            <aaURI>http://localhost:5000/AttributeAuthority</aaURI> 
    1213        <loginURI>https://localhost/login</loginURI> 
    1314            <aaDN>/O=NDG/OU=Site A/CN=AttributeAuthority</aaDN> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/README

    r4464 r4479  
    11Combined Session Manager and Attribute Authority Deployment 
    22=========================================================== 
    3 This directory contains a configuration to run Session Manager and Attribute 
    4 Authority WSGIs under the same Paste instance. 
     3Test a configuration running Session Manager and Attribute Authority WSGIs  
     4under the same Paste instance. 
     5 
     61) Start the Paste test service in this directory but from a separate 
     7terminal: 
     8 
     9$ python ./serverapp.py 
     10 
     112) Run the tests with the command: 
     12 
     13$ python ./test_combinedservices.py 
     14 
     156) To run individual tests give the test method name: 
     16 
     17$ python ./test_combinedservices.py combinedServicesTestCase.test01Connect 
     18 
    519 
    620P J Kershaw 20/11/09 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4464 r4479  
    3939        port = int(sys.argv[1]) 
    4040    else: 
    41         port = 5000 
     41        port = 8000 
    4242         
    4343    cfgFilePath = os.path.join(os.path.dirname(os.path.abspath(__file__)), 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/README

    r4405 r4479  
    1010window so that the output can be monitored: 
    1111 
    12 $ ../attributeauthorityclient/wsgi/siteAServerApp.py 
    13 $ ../attributeauthorityclient/wsgi/siteBServerApp.py 
     12$ ../attributeauthorityclient/siteA/siteAServerApp.py 
     13$ ../attributeauthorityclient/siteB/siteBServerApp.py 
    1414 
    15152) Run the tests with the command: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/README

    r4139 r4479  
    44to be running: 
    55 * Test Session Manager web service run from this directory 
    6  * MyProxy server 
    76 * Two test Attribute Authorities run from the Attribute Authority unit test 
    8  directory ../attAuthority 
     7 directory ../attributeauthority 
    98  
    10 It is worthwhile trying out the Attribute Authority (../attAuthority) and  
    11 Session Manager (../sessionMgr) unit tests first.  These tests differ from 
    12 the Session Manager unit tests in that they test a SOAP *client* to a  
    13 Session Manager web service whereas the Session Manager tests just the server 
    14 side code.  
     9It is worthwhile trying out the Attribute Authority  
     10(../attributeauthorityclient) and Session Manager (../sessionmanager) unit  
     11tests first.  These tests differ from the Session Manager unit tests in that  
     12they test a SOAP *client* to a Session Manager web service whereas the Session  
     13Manager tests just the server side code.  
     14  
     15The Attribute Authorities and Session Manager accept client requests 
     16authenticated based on user credentials obtained in the unit test 
     17test01Connect.   
    1518 
    16 MyProxy is installed as part of the NDG Security installation.  See the  
    17 installation guide for details: 
    18  
    19 http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw 
    20  
    21 1) Ensure MyProxy is running on it's host machine.  Depending on how you have 
    22 configured it it may be running as SysV init script or with xinetd or inetd. 
    23 Check with the Installation guide.  To start myproxy-server manually as root  
    24 run, 
    25  
    26 $ myproxy-server 
    27  
    28 2) Edit sessionMgrProperties.xml in this directory and set the hostname element 
    29 to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively  
    30 set the environment variable MYPROXY_SERVER to the FQDN e.g. 
    31  
    32 export MYPROXY_SERVER=myproxyhost.somewhere.uk 
    33  
    34 If you use the environment variable it must be set in the shell in which you 
    35 run the test Session Manager service - see step 4). 
    36  
    37 3) Edit sessionMgrClientTest.cfg and set the username for the MyProxy account  
    38 you wish to test: NDG Security uses MyProxy with a PAM plugin to enable 
    39 authentication against an external source such as a user database or a UNIX 
    40 system account.  The passphrase field can also be filled, or alternatively if 
    41 omitted from the file or commented out it will be prompted for from the 
    42 command line.  Both test1Connect and test3ConnectNoCreateServerSess fields 
    43 should be set. 
    44   
    45 3) Two test Attribute Authority services are required.  These can be run from  
    46 the Attribute Authority unit test directory.  It's path relative to this  
    47 directory is ../attAuthority.   
    48  
    49 The Attribute Authorities and Session Manager accept client requests 
    50 authenticated based on the MyProxy user credentials obtained in the unit test 
    51 test1Connect.  In order to accept these, these services must be configured to  
    52 trust the MyProxy CA.  This can be done by including the MyProxy CA certificate 
    53 in the list of trusted CA files in the respective Session Manager and Attribute 
    54 Authority configuration files: 
    55  i) Copy the CA certificate from your MyProxy host computer to the ca/ sub- 
    56  directory under THIS directory. 
    57   
    58  The file will be located on the MyProxy server as e.g. 
    59   
    60  /etc/grid-security/certificates/abcdef01.0 
    61   
    62  The exact name of the CA certificate file will be unique to your installation. 
    63  In the above, it is "abcdef01.0".    
    64   
    65  ii) edit 'caCertFilePathList' element in sessionManagerProperties.xml and add a  
    66  new entry for the MyProxy CA: 
    67  
    68  -8<--------------------------------------------------------------------------- 
    69     <caCertFilePathList> 
    70         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    71 -->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    72     </caCertFilePathList> 
    73  -8<--------------------------------------------------------------------------- 
    74 Ammend to the correct setting.  Edit  
    75  ../attAuthority/siteAAttAuthorityProperties.xml and  
    76  ../attAuthority/siteBAttAuthorityProperties.xml in the same way add a new  
    77  entry for the MyProxy CA certificate. 
    78   
    79  Nb. You can check the MyProxy certificate file independently with OpenSSL: 
    80   
    81  $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text 
    82  
    83 4) Start the Session Manager test service in this directory but from a separate 
     191) Start the Session Manager test service in this directory but from a separate 
    8420terminal: 
    8521 
    86 $ python ./server.py 
     22$ python ./wsgi/sessionManagerServerApp.py 
    8723 
    88 Nb. If you've specified the MyProxy server host with the MYPROXY_SERVER  
    89 environment variable, make sure it's set in this shell. 
     242) Two test Attribute Authority services are required.  These can be run from  
     25the Attribute Authority Client unit test directory.  It's path relative to this  
     26directory is ../attributeauthorityclient/.  Run each service in a separate  
     27window so that the output can be monitored: 
     28 
     29$ ../attributeauthorityclient/siteA/siteAServerApp.py 
     30$ ../attributeauthorityclient/siteB/siteBServerApp.py 
    9031 
    91325) Run the tests with the command: 
    9233 
    93 $ python ./SessionMgrClientTest.py 
     34$ python ./test_sessionmanagerclient.py 
    9435 
    95366) To run individual tests give the test method name: 
    9637 
    97 $ python ./SessionMgrClientTest.py SessionMgrClientTestCase.test1Connect 
     38$ python ./test_sessionmanagerclient.py SessionManagerClientTestCase.test01Connect 
    9839 
    9940Finally, 
    10041 * See sessionMgrClientTest.cfg configuration file to change test parameters. 
    101  * See the installation guide for MyProxy trouble shooting information. 
    10242 
Note: See TracChangeset for help on using the changeset viewer.