Changeset 4513 for TI12-security


Ignore:
Timestamp:
28/11/08 12:22:42 (11 years ago)
Author:
pjkersha
Message:

Added local Session Manager call test to combined services unit tests.

Location:
TI12-security/trunk/python
Files:
27 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/AttAuthority/twistedClnt/AttAuthority_services.py

    r4377 r4513  
    3030 
    3131    # op: <ZSI.wstools.WSDLTools.Message instance at 0xb7861dac> 
    32     def getAttCert(self, userCert): 
     32    def getAttCert(self, userX509Cert): 
    3333 
    3434        request = getAttCertInputMsg() 
    35         request._userCert = userCert 
     35        request._userX509Cert = userX509Cert 
    3636 
    3737        kw = {} 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py

    r4392 r4513  
    5353        else: 
    5454            # No signature from client - they must instead provide the 
    55             # designated holder cert via the UserCert input 
    56             holderCert = request.UserCert 
     55            # designated holder cert via the UserX509Cert input 
     56            holderCert = request.UserX509Cert 
    5757 
    5858        try:     
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/attributeauthority.py

    r4407 r4513  
    415415        return allHostInfo    
    416416 
    417     def getAttCert(self, userId=None, userCert=None, userAttCert=None): 
     417    def getAttCert(self, userId=None, userX509Cert=None, userAttCert=None): 
    418418        """Request attribute certificate from NDG Attribute Authority Web  
    419419        Service. 
     
    430430        value as the holder DN. 
    431431         
    432         @type userCert: string 
    433         @param userCert: certificate corresponding to proxy private key and 
     432        @type userX509Cert: string 
     433        @param userX509Cert: certificate corresponding to proxy private key and 
    434434        proxy cert used to sign the request.  Enables server to establish 
    435435        chain of trust proxy -> user cert -> CA cert.  If a standard  
     
    456456 
    457457        try: 
    458             sAttCert, msg = self.__srv.getAttCert(userId,userCert,userAttCert)   
     458            sAttCert, msg = self.__srv.getAttCert(userId,userX509Cert,userAttCert)   
    459459        except httplib.BadStatusLine, e: 
    460460            raise AttributeAuthorityClientError( 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/myproxy.py

    r4404 r4513  
    191191 
    192192    @classmethod 
    193     def writeProxyFile(cls, proxyCert, proxyPriKey, userCert, filePath=None): 
     193    def writeProxyFile(cls, proxyCert, proxyPriKey, userX509Cert, filePath=None): 
    194194        """Write out proxy cert to file in the same way as myproxy-logon -  
    195195        proxy cert, private key, user cert.  Nb. output from logon can be 
     
    200200        @type proxyPriKey: string 
    201201        @param proxyPriKey: private key for proxy 
    202         @type userCert: string 
    203         @param userCert: user certificate which issued the proxy 
     202        @type userX509Cert: string 
     203        @param userX509Cert: user certificate which issued the proxy 
    204204        @type filePath: string 
    205205        @param filePath: set to override the default filePath""" 
     
    212212                "Error setting proxy file path - invalid platform?" 
    213213         
    214         outStr = proxyCert + proxyPriKey + userCert        
     214        outStr = proxyCert + proxyPriKey + userX509Cert        
    215215        open(MyProxyClient.defProxyFile, 'w').write(outStr) 
    216216        try: 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py

    r4501 r4513  
    391391     
    392392     
    393     def disconnect(self, userCert=None, sessID=None): 
     393    def disconnect(self, userX509Cert=None, sessID=None): 
    394394        """Delete an existing user session from the Session Manager 
    395395         
    396         disconnect([userCert=c]|[sessID=i]) 
    397          
    398         @type userCert: string                  
    399         @param userCert: user's certificate used to identifier which session 
     396        disconnect([userX509Cert=c]|[sessID=i]) 
     397         
     398        @type userX509Cert: string                  
     399        @param userX509Cert: user's certificate used to identifier which session 
    400400        to disconnect.  This arg is not needed if the message is signed with 
    401401        the user cert or if sessID is set.   
    402402                                
    403403        @type sessID: string 
    404         @param sessID: session ID.  Input this as an alternative to userCert 
     404        @param sessID: session ID.  Input this as an alternative to userX509Cert 
    405405        This arg is not needed if the message is signed with the user cert or  
    406         if userCert keyword is.""" 
     406        if userX509Cert keyword is.""" 
    407407     
    408408        if not self.__srv: 
     
    411411 
    412412        # Make connection 
    413         self.__srv.disconnect(userCert, sessID) 
     413        self.__srv.disconnect(userX509Cert, sessID) 
    414414 
    415415 
     
    420420        disconnect([sessID=id]|[userDN=dn]) 
    421421         
    422         @type userCert: string                  
    423         @param userCert: user's certificate used to identifier which session 
    424         to disconnect.  This arg is not needed if the message is signed with 
    425         the user cert or if sessID is set.   
     422        @type userDN: string                  
     423        @param userDN: user's certificate Distinguished Name used to identify 
     424        which session to disconnect from.  This arg is not needed if the  
     425        message is signed with the user X.509 cert or if sessID is set.   
    426426                                
    427427        @type sessID: string 
    428         @param sessID: session ID.  Input this as an alternative to userCert 
    429         This arg is not needed if the message is signed with the user cert or  
    430         if userCert keyword is.""" 
     428        @param sessID: session ID.  Input this as an alternative to userDN 
     429        This arg is not needed if the message is signed with the user X.509 cert or  
     430        if userDN keyword is.""" 
    431431     
    432432        if not self.__srv: 
     
    447447 
    448448    def getAttCert(self, 
    449                    userCert=None, 
     449                   userX509Cert=None, 
    450450                   sessID=None, 
    451451                   attAuthorityURI=None, 
     
    459459        user's credential wallet held by the session manager. 
    460460         
    461         ac = getAttCert([sessID=i]|[userCert=p][key=arg, ...]) 
     461        ac = getAttCert([sessID=i]|[userX509Cert=p][key=arg, ...]) 
    462462          
    463463        @raise AttributeRequestDenied: this is raised if the request is  
     
    468468        extAttCertList attribute 
    469469              
    470         @type userCert: string 
    471         @param userCert: user certificate - use as ID instead of session  
     470        @type userX509Cert: string 
     471        @param userX509Cert: user certificate - use as ID instead of session  
    472472        ID.  This can be omitted if the message is signed with a user  
    473473        certificate.  In this case the user certificate is passed in the  
     
    476476        @type sessID: string 
    477477        @param sessID: session ID.  Input this as an alternative to  
    478         userCert in the case of a browser client. 
     478        userX509Cert in the case of a browser client. 
    479479         
    480480        @type attAuthorityURI: string 
     
    513513        # Make request 
    514514        try: 
    515             attCert, msg, extAttCertList = self.__srv.getAttCert(userCert, 
     515            attCert, msg, extAttCertList = self.__srv.getAttCert(userX509Cert, 
    516516                                                           sessID,  
    517517                                                           attAuthorityURI, 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

    r4406 r4513  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bc92c> 
    32     def getAttCert(self, userId,userCert,userAttCert): 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502b8c> 
     32    def getAttCert(self, userId,userX509Cert,userAttCert): 
    3333 
    3434        request = getAttCertInputMsg() 
    3535        request._userId = userId 
    36         request._userCert = userCert 
     36        request._userX509Cert = userX509Cert 
    3737        request._userAttCert = userAttCert 
    3838 
     
    4646        return attCert,msg 
    4747 
    48     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84bcc4c> 
     48    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502eac> 
    4949    def getHostInfo(self): 
    5050 
     
    6464        return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN 
    6565 
    66     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c38cc> 
     66    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507b2c> 
    6767    def getTrustedHostInfo(self, role): 
    6868 
     
    7878        return trustedHosts 
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3a6c> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507ccc> 
    8181    def getAllHostsInfo(self): 
    8282 
     
    9191        return hosts 
    9292 
    93     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c3bec> 
     93    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507e4c> 
    9494    def getX509Cert(self): 
    9595 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services_types.py

    r4385 r4513  
    4949        def __init__(self, **kw): 
    5050            ns = ns0.getAttCert_Dec.schema 
    51             TClist = [ZSI.TC.String(pname="userId", aname="_userId", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userCert", aname="_userCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userAttCert", aname="_userAttCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
     51            TClist = [ZSI.TC.String(pname="userId", aname="_userId", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userX509Cert", aname="_userX509Cert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded")), ZSI.TC.String(pname="userAttCert", aname="_userAttCert", minOccurs=0, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    5252            kw["pname"] = ("urn:ndg:security:AttributeAuthority","getAttCert") 
    5353            kw["aname"] = "_getAttCert" 
     
    6060                    # pyclass 
    6161                    self._userId = None 
    62                     self._userCert = None 
     62                    self._userX509Cert = None 
    6363                    self._userAttCert = None 
    6464                    return 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/attributeauthority.wsdl

    r4385 r4513  
    2929          <xsd:sequence> 
    3030            <xsd:element name="userId" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    31             <xsd:element name="userCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
     31            <xsd:element name="userX509Cert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    3232            <xsd:element name="userAttCert" type="xsd:string" minOccurs="0" maxOccurs="1"/> 
    3333          </xsd:sequence> 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/sessionmanager/SessionManager_services.py

    r4480 r4513  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84b8b0c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fad6c> 
    3232    def getSessionStatus(self, userDN,sessID): 
    3333 
     
    4444        return isAlive 
    4545 
    46     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84b8e0c> 
     46    # op: <ZSI.wstools.WSDLTools.Message instance at 0x850208c> 
    4747    def connect(self, username,passphrase,createServerSess): 
    4848 
     
    6363        return userX509Cert,userPriKey,issuingCert,sessID 
    6464 
    65     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c09ac> 
     65    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502c0c> 
    6666    def disconnect(self, userX509Cert,sessID): 
    6767 
     
    7777        return  
    7878 
    79     # op: <ZSI.wstools.WSDLTools.Message instance at 0x84c0b4c> 
     79    # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502dac> 
    8080    def getAttCert(self, userX509Cert,sessID,attAuthorityURI,reqRole,mapFromTrustedHosts,rtnExtAttCertList,extAttCert,extTrustedHost): 
    8181 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4501 r4513  
    159159     
    160160     
    161     def disconnect(self, userCert=None, sessID=None): 
     161    def disconnect(self, **kw): 
    162162        """Delete an existing user session from the Session Manager 
    163163         
    164         disconnect([userCert=c]|[sessID=i]) 
    165          
    166         @type userCert: string                  
    167         @param userCert: user's certificate used to identifier which session 
     164        disconnect([userX509Cert=c]|[sessID=i]) 
     165         
     166        @type userX509Cert: string                  
     167        @param userX509Cert: user's certificate used to identifier which session 
    168168        to disconnect.  This arg is not needed if the message is signed with 
    169169        the user cert or if sessID is set.   
    170170                                
    171171        @type sessID: string 
    172         @param sessID: session ID.  Input this as an alternative to userCert 
     172        @param sessID: session ID.  Input this as an alternative to userX509Cert 
    173173        This arg is not needed if the message is signed with the user cert or  
    174         if userCert keyword is.""" 
    175      
    176         if not self.__srv: 
    177             raise InvalidSessionManagerClientCtx("Client binding is not " 
    178                                                  "initialised") 
    179  
     174        if userX509Cert keyword is.""" 
     175     
    180176        # Make connection 
    181         self.__srv.disconnect(userCert, sessID) 
     177        self._soapClient.disconnect(**kw) 
     178         
    182179     
    183180    def getSessionStatus(self, userDN=None, sessID=None): 
     
    187184        disconnect([sessID=id]|[userDN=dn]) 
    188185         
    189         @type userCert: string                  
    190         @param userCert: user's certificate used to identifier which session 
     186        @type userX509Cert: string                  
     187        @param userX509Cert: user's certificate used to identifier which session 
    191188        to disconnect.  This arg is not needed if the message is signed with 
    192189        the user cert or if sessID is set.   
    193190                                
    194191        @type sessID: string 
    195         @param sessID: session ID.  Input this as an alternative to userCert 
     192        @param sessID: session ID.  Input this as an alternative to userX509Cert 
    196193        This arg is not needed if the message is signed with the user cert or  
    197         if userCert keyword is.""" 
    198      
    199         if not self.__srv: 
    200             raise InvalidSessionManagerClientCtx("Client binding is not " 
    201                                                  "initialised") 
    202          
    203         if sessID and userDN: 
    204             raise SessionManagerClientError( 
    205                             'Only "SessID" or "userDN" keywords may be set') 
    206              
    207         if not sessID and not userDN: 
    208             raise SessionManagerClientError( 
    209                             'A "SessID" or "userDN" keyword must be set')           
    210              
     194        if userX509Cert keyword is.""" 
     195     
    211196        # Make connection 
    212         return self.__srv.getSessionStatus(userDN, sessID) 
    213  
    214     def getAttCert(self, 
    215                    userCert=None, 
    216                    sessID=None, 
    217                    attAuthorityURI=None, 
    218                    reqRole=None, 
    219                    mapFromTrustedHosts=True, 
    220                    rtnExtAttCertList=False, 
    221                    extAttCertList=[], 
    222                    extTrustedHostList=[]):     
     197        return self._soapClient.getSessionStatus(**kw) 
     198 
     199    def getAttCert(self, **kw): 
    223200        """Request NDG Session Manager Web Service to retrieve an Attribute 
    224201        Certificate from the given Attribute Authority and cache it in the 
    225202        user's credential wallet held by the session manager. 
    226203         
    227         ac = getAttCert([sessID=i]|[userCert=p][key=arg, ...]) 
    228           
    229         @raise AttributeRequestDenied: this is raised if the request is  
    230         denied because the user is not registered with the Attribute  
    231         Authority.  In this case, a list of candidate attribute certificates 
    232         may be returned which could be used to retry with a request for a 
    233         mapped AC.  These are assigned to the raised exception's  
    234         extAttCertList attribute 
    235               
    236         @type userCert: string 
    237         @param userCert: user certificate - use as ID instead of session  
    238         ID.  This can be omitted if the message is signed with a user  
    239         certificate.  In this case the user certificate is passed in the  
    240         BinarySecurityToken of the WS-Security header 
    241          
    242         @type sessID: string 
    243         @param sessID: session ID.  Input this as an alternative to  
    244         userCert in the case of a browser client. 
    245          
    246         @type attAuthorityURI: string 
    247         @param attAuthorityURI: URI for Attribute Authority WS. 
    248          
    249         @type reqRole: string 
    250         @param reqRole: The required role for access to a data set.  This  
    251         can be left out in which case the Attribute Authority just returns  
    252         whatever Attribute Certificate it has for the user 
    253          
    254         @type mapFromTrustedHosts: bool 
    255         @param mapFromTrustedHosts: Allow a mapped Attribute Certificate to  
    256         be created from a user certificate from another trusted host. 
    257          
    258         @type rtnExtAttCertList: bool 
    259         @param rtnExtAttCertList: Set this flag True so that if the  
    260         attribute request is denied, a list of potential attribute  
    261         certificates for mapping may be returned.  
    262          
    263         @type extAttCertList: list 
    264         @param extAttCertList: A list of Attribute Certificates from other 
    265         trusted hosts from which the target Attribute Authority can make a  
    266         mapped certificate 
    267          
    268         @type extTrustedHostList: list 
    269         @param extTrustedHostList: A list of trusted hosts that can be used  
    270         to get Attribute Certificates for making a mapped AC. 
    271          
    272         @rtype: ndg.security.common.AttCert.AttCert 
    273         @return: if successful, an attribute certificate.""" 
    274      
    275         if not self.__srv: 
    276             raise InvalidSessionManagerClientCtx("Client binding is not " 
    277                                                  "initialised") 
    278          
    279         # Make request 
    280         try: 
    281             attCert, msg, extAttCertList = self.__srv.getAttCert(userCert, 
    282                                                            sessID,  
    283                                                            attAuthorityURI, 
    284                                                            reqRole, 
    285                                                            mapFromTrustedHosts, 
    286                                                            rtnExtAttCertList, 
    287                                                            extAttCertList, 
    288                                                            extTrustedHostList) 
    289         except Exception, e: 
    290             # Try to detect exception type from SOAP fault message 
    291             errMsg = str(e) 
    292             for excep in self.excepMap: 
    293                 if excep in errMsg: 
    294                     raise self.excepMap[excep] 
    295          
    296             # Catch all in case none of the known types matched 
    297             raise e 
    298          
    299         if not attCert: 
    300             raise AttributeRequestDenied(msg, extAttCertList=extAttCertList) 
    301          
    302         return AttCertParse(attCert) 
     204        """ 
     205        if self.sessionManagerInEnviron: 
     206            # Connect to local instance 
     207            res = self.sessionManager.getAttCert(username=username, **kw) 
     208        else: 
     209            # Filter out keywords which apply to a Session Manager local  
     210            # instance call 
     211            if 'userX509Cert' in kw: 
     212                 
     213             
     214     
     215           username=None, 
     216           userX509Cert=None, 
     217           sessID=None, 
     218           reqRole=None, 
     219           attributeAuthority=None, 
     220           attributeAuthorityURI=None, 
     221           mapFromTrustedHosts=None, 
     222           rtnExtAttCertList=None, 
     223           extAttCertList=None, 
     224           extTrustedHostList=None, 
     225           kw.pop('refreshAttCert', None) 
     226           kw.pop('attCertRefreshElapse', None) 
     227 
     228           userCert=None, 
     229           sessID=None, 
     230           attAuthorityURI=None, 
     231           reqRole=None, 
     232           mapFromTrustedHosts=True, 
     233           rtnExtAttCertList=False, 
     234           extAttCertList=[], 
     235           extTrustedHostList=[]):     
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/AttributeAuthority_services_server.py

    r4386 r4513  
    3333          <xsd:sequence> 
    3434            <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userId\" type=\"xsd:string\"/> 
    35             <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userCert\" type=\"xsd:string\"/> 
     35            <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userX509Cert\" type=\"xsd:string\"/> 
    3636            <xsd:element maxOccurs=\"1\" minOccurs=\"0\" name=\"userAttCert\" type=\"xsd:string\"/> 
    3737          </xsd:sequence> 
     
    253253    def soap_getAttCert(self, ps): 
    254254        self.request = ps.Parse(getAttCertInputMsg.typecode) 
    255         parameters = (self.request._userId, self.request._userCert, self.request._userAttCert) 
     255        parameters = (self.request._userId, self.request._userX509Cert, self.request._userAttCert) 
    256256 
    257257        # If we have an implementation object use it 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/__init__.py

    r4479 r4513  
    7676        else: 
    7777            # No signature from client - they must instead provide the 
    78             # designated holder cert via the UserCert input 
    79             holderX509Cert = request.UserCert 
     78            # designated holder cert via the UserX509Cert input 
     79            holderX509Cert = request.UserX509Cert 
    8080 
    8181        try: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/twisted/attributeauthority/attributeauthority.tac

    r4404 r4513  
    9393        else: 
    9494            # No signature from client - they must instead provide the 
    95             # designated holder cert via the UserCert input 
    96             holderCert = request.UserCert 
     95            # designated holder cert via the userX509Cert input 
     96            holderCert = request.UserX509Cert 
    9797 
    9898        try:     
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/twisted/sessionmanager/sessionmanager.tac

    r4404 r4513  
    9393                                                                 createServerSess=request.CreateServerSess) 
    9494                                         
    95         response.UserCert, response.UserPriKey, response.issuingCert, \ 
     95        response.UserX509Cert, response.UserPriKey, response.issuingCert, \ 
    9696                response.SessID = result 
    9797                          
     
    119119            # Get certificate corresponding to private key that signed the 
    120120            # message - i.e. the user's proxy 
    121             userCert = WSSecurityHandler.signatureHandler.verifyingCert 
     121            userX509Cert = WSSecurityHandler.signatureHandler.verifyingCert 
    122122        else: 
    123             userCert = request.UserCert 
    124  
    125         self.sm.deleteUserSession(sessID=sessID, userCert=userCert) 
     123            userX509Cert = request.UserX509Cert 
     124 
     125        self.sm.deleteUserSession(sessID=sessID, userX509Cert=UserX509Cert) 
    126126        return request, response 
    127127 
     
    167167            # Get certificate corresponding to private key that signed the 
    168168            # message - i.e. the user's proxy 
    169             userCert = WSSecurityHandler.signatureHandler.verifyingCert 
     169            userX509Cert = WSSecurityHandler.signatureHandler.verifyingCert 
    170170        else: 
    171             userCert = None 
    172          
    173                 # Cert used in signature is prefered over userCert input element -  
    174                 # userCert may have been omitted. 
     171            userX509Cert = None 
     172         
     173                # Cert used in signature is prefered over userX509Cert input element -  
     174                # userX509Cert may have been omitted. 
    175175        result = self.sm.getAttCert(\ 
    176                                             userCert=userCert or request.UserCert, 
     176                                            userX509Cert=userX509Cert or request.UserX509Cert, 
    177177                                                sessID=request.SessID, 
    178178                                                aaURI=request.AttAuthorityURI, 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/test_attributeauthorityclient.py

    r4406 r4513  
    151151        # Read user Certificate into a string ready for passing via WS 
    152152        try: 
    153             userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    154             userCertTxt = open(userCertFilePath, 'r').read() 
     153            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
     154            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    155155         
    156156        except TypeError: 
    157157            # No issuing cert set 
    158             userCertTxt = None 
     158            userX509CertTxt = None 
    159159                 
    160160        except IOError, ioErr: 
     
    163163 
    164164        # Make attribute certificate request 
    165         attCert = self.siteAClnt.getAttCert(userCert=userCertTxt) 
     165        attCert = self.siteAClnt.getAttCert(userX509Cert=userX509CertTxt) 
    166166         
    167167        print "Attribute Certificate: \n\n:" + str(attCert) 
     
    179179        # Read user Certificate into a string ready for passing via WS 
    180180        try: 
    181             userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    182             userCertTxt = open(userCertFilePath, 'r').read() 
     181            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
     182            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    183183         
    184184        except TypeError: 
    185185            # No issuing cert set 
    186             userCertTxt = None 
     186            userX509CertTxt = None 
    187187                 
    188188        except IOError, ioErr: 
     
    193193        userId = _cfg['userId'] 
    194194        attCert = self.siteAClnt.getAttCert(userId=userId, 
    195                                             userCert=userCertTxt) 
     195                                            userX509Cert=userX509CertTxt) 
    196196         
    197197        print "Attribute Certificate: \n\n:" + str(attCert) 
     
    208208        # Read user Certificate into a string ready for passing via WS 
    209209        try: 
    210             userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    211             userCertTxt = open(userCertFilePath, 'r').read() 
     210            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
     211            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    212212         
    213213        except TypeError: 
    214214            # No issuing cert set 
    215             userCertTxt = None 
     215            userX509CertTxt = None 
    216216                 
    217217        except IOError, ioErr: 
     
    233233     
    234234        # Make attribute certificate request 
    235         attCert = siteBClnt.getAttCert(userCert=userCertTxt, 
     235        attCert = siteBClnt.getAttCert(userX509Cert=userX509CertTxt, 
    236236                                       userAttCert=userAttCert) 
    237237        print "Attribute Certificate: \n\n:" + str(attCert) 
     
    248248        # Read user Certificate into a string ready for passing via WS 
    249249        try: 
    250             userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    251             userCertTxt = open(userCertFilePath, 'r').read() 
     250            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
     251            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    252252         
    253253        except TypeError: 
    254254            # No issuing cert set 
    255             userCertTxt = None 
     255            userX509CertTxt = None 
    256256                 
    257257        except IOError, ioErr: 
     
    277277            # Make attribute certificate request 
    278278            try: 
    279                 attCert = siteBClnt.getAttCert(userCert=userCertTxt, 
     279                attCert = siteBClnt.getAttCert(userX509Cert=userX509CertTxt, 
    280280                                               userAttCert=userAttCert) 
    281281            except Exception, e: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/authnservice/test_authnservice.py

    r4404 r4513  
    6262        log.info("Finished loading all required data") 
    6363 
    64     def writeProxyFile(cls, proxyCert, proxyPriKey, userCert, filePath=None): 
     64    def writeProxyFile(cls, proxyCert, proxyPriKey, userX509Cert, filePath=None): 
    6565        log.info("TestAuthNService writeProxyFile() called") 
    6666 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4501 r4513  
    1414__revision__ = "$Id$" 
    1515import os 
     16from authkit.permissions import UserIn 
     17from authkit.authorize import authorize 
     18 
    1619from ndg.security.server.wsgi.utils.sessionmanagerclient import \ 
    1720    WSGISessionManagerClient 
     
    3942    def test_connect(self, environ, start_response): 
    4043         
    41         client = WSGISessionManagerClient(environ=environ) 
    42         res = client.connect("testuser", passphrase="testpassword") 
    4344        start_response('200 OK', [('Content-type', 'text/plain')]) 
    4445        return "test_connect succeeded" 
     46 
     47    def test_getAttributeCertificate(self, environ, start_response): 
     48        client = WSGISessionManagerClient(environ=environ) 
     49        attCert = client.getAttCert() 
     50        start_response('200 OK', [('Content-type', 'text/xml')]) 
     51        return attCert 
     52 
     53def valid(environ, username, password): 
     54    """validation function""" 
     55    try: 
     56        client = WSGISessionManagerClient(environ=environ) 
     57        res = client.connect(username, passphrase=password) 
     58    except Exception, e: 
     59        return False 
     60    else: 
     61        return True 
    4562         
    4663def app_factory(global_config, **local_conf): 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4501 r4513  
    152152# Chain of SOAP Middleware filters 
    153153[pipeline:main] 
    154 pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter SessionManagerFilter wsseSignatureFilter mainApp 
     154pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter SessionManagerFilter wsseSignatureFilter httpBasicAuthFilter mainApp 
    155155 
    156156 
     
    194194writeResponse = True 
    195195 
     196[filter:httpBasicAuthFilter] 
     197paste.filter_app_factory = authkit.authenticate:middleware 
     198setup_method=basic 
     199basic_realm=Test Realm 
     200basic_authenticate_function=ndg.security.test.combinedservices.serverapp:valid 
     201 
    196202 
    197203[WS-Security] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/sessionmanager/usercertauthn.py

    r4464 r4513  
    2121from ndg.security.common.myproxy import MyProxyClient 
    2222 
    23 class UserCertAuthN(AbstractAuthNService): 
     23class UserX509CertAuthN(AbstractAuthNService): 
    2424    '''Test Authentication interface to the Session Manager  
    2525    returning a certificate and private key 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

    r4479 r4513  
    3636aaURI = http://localhost:8000/AttributeAuthority 
    3737 
     38[test09WSGILocalInstanceConnect] 
     39url = http://localhost:8000/test_connect 
     40username = testuser 
     41passphrase = testpassword 
     42 
    3843[wsse] 
    3944# WS-Security settings for unit test AA clients 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

    r4480 r4513  
    2121import getpass 
    2222import re 
     23import base64 
     24import urllib2 
    2325 
    2426from os.path import expandvars as xpdVars 
    2527from os.path import join as jnPath 
    26 mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'], file) 
     28mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'],  
     29                             file) 
    2730 
    2831from ndg.security.common.sessionmanager import SessionManagerClient, \ 
     
    6164        return signingCertChain 
    6265 
    63  
    64          
     66    def _httpBasicAuthReq(self, url, username, password): 
     67        """Utility for making a client request to the WSGI test application 
     68        using HTTP Basic Authentication""" 
     69        req = urllib2.Request(url) 
     70        base64String = base64.encodestring('%s:%s' % (username, password))[:-1] 
     71        authHeader =  "Basic %s" % base64String 
     72        req.add_header("Authorization", authHeader) 
     73        handle = urllib2.urlopen(req) 
     74             
     75        return handle.read() 
     76         
     77 
    6578    def setUp(self): 
    6679 
     
    247260         
    248261        # Request an attribute certificate from an Attribute Authority  
    249         # using the userCert returned from connect() 
     262        # using the userX509Cert returned from connect() 
    250263         
    251264        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
     
    266279        print "Attribute Certificate:\n%s" % attCert  
    267280 
    268              
     281 
     282    def test09WSGILocalInstanceConnect(self): 
     283        """test09WSGILocalInstanceConnect: test a WSGI app calling a Session 
     284        Manager WSGI local instance""" 
     285         
     286        # Make a client connection to the WSGI app - authenticate with WSGI 
     287        # basic auth 
     288        thisSection = 'test09WSGILocalInstanceConnect' 
     289        url = self.cfg[thisSection]['url'] 
     290        username = self.cfg[thisSection]['username'] 
     291        password = self.cfg[thisSection]['passphrase'] 
     292        print("WSGI app connecting to local Session Manager instance: %s" % 
     293              self._httpBasicAuthReq(url, username, password)) 
     294         
     295         
    269296class CombinedServicesTestSuite(unittest.TestSuite): 
    270297     
     
    279306                    "test06GetAttCertWithSessID", 
    280307                    "test07GetAttCertWithUserX509Cert", 
     308                    "test08GetAttCertFromLocalAttributeAuthority", 
     309                    "test09WSGILocalInstanceConnect", 
    281310                  )) 
    282311        unittest.TestSuite.__init__(self, map) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/test_credentialwallet.py

    r4447 r4513  
    9191-----END CERTIFICATE----- 
    9292''' 
    93         print("userCert=%s" % credWallet.userX509Cert) 
     93        print("userX509Cert=%s" % credWallet.userX509Cert) 
    9494        credWallet.userId = 'ndg-user' 
    9595        print("userId=%s" % credWallet.userId) 
     
    183183 
    184184 
    185     def test05GetAttCertRefusedWithUserCert(self): 
     185    def test05GetAttCertRefusedWithUserX509Cert(self): 
    186186         
    187187        # Keyword mapFromTrustedHosts overrides any setting in the config file 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgrTest.cfg

    r4447 r4513  
    2222propFilePath = $NDGSEC_SM_UNITTEST_DIR/sessionMgr.cfg 
    2323 
    24 [test01Connect2AuthNServiceWithNoUserCertReturned] 
     24[test01Connect2AuthNServiceWithNoUserX509CertReturned] 
    2525# Alter username according to the MyProxy credentials you wish to test.  If 
    2626# passphrase is commented out you will be prompted for it on the command line. 
     
    2929passphrase = testpassword 
    3030 
    31 [test02Connect2AuthNServiceReturningAUserCert] 
     31[test02Connect2AuthNServiceReturningAUserX509Cert] 
    3232outputCredsFilePath = user.creds 
    3333 
     
    5151extACFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml 
    5252 
    53 [test11GetAttCertWithUserCert] 
     53[test11GetAttCertWithUserX509Cert] 
    5454aaURI = http://localhost:5000/AttributeAuthority 
    5555 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/test_sessionmanager.py

    r4447 r4513  
    8787        print("Finished setting up connection") 
    8888 
    89     def _connect2UserCertAuthNService(self): 
     89    def _connect2UserX509CertAuthNService(self): 
    9090        '''Same as _connect but Session Manager is using an Authentication  
    9191        Service that returns PKI credentials i.e. like MyProxy''' 
     
    103103        self.sm['authNService'] = { 
    104104            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
    105             'moduleName': 'usercertauthn', 
    106             'className': 'UserCertAuthN', 
     105            'moduleName': 'userx509certauthn', 
     106            'className': 'UserX509CertAuthN', 
    107107            'userX509CertFilePath': userX509CertFilePath, 
    108108            'userPriKeyFilePath': userPriKeyFilePath 
     
    131131        print("Finished setting up connection") 
    132132    
    133     def test01Connect2AuthNServiceWithNoUserCertReturned(self): 
    134          
    135         thisSection = 'test01Connect2AuthNServiceWithNoUserCertReturned' 
     133    def test01Connect2AuthNServiceWithNoUserX509CertReturned(self): 
     134         
     135        thisSection = 'test01Connect2AuthNServiceWithNoUserX509CertReturned' 
    136136        username = self.cfg.get(thisSection, 'username') 
    137137        if SessionManagerTestCase.passphrase is None and \ 
     
    154154        print("User '%s' connected to Session Manager:\n%s"%(username, sessID))      
    155155                                   
    156     def test02Connect2AuthNServiceReturningAUserCert(self): 
    157          
    158         section = 'test02Connect2AuthNServiceReturningAUserCert' 
     156    def test02Connect2AuthNServiceReturningAUserX509Cert(self): 
     157         
     158        section = 'test02Connect2AuthNServiceReturningAUserX509Cert' 
    159159         
    160160        # Change to alternative authentication service 
     
    166166        self.sm['authNService'] = { 
    167167            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
    168             'moduleName': 'usercertauthn', 
    169             'className': 'UserCertAuthN', 
     168            'moduleName': 'userX509certauthn', 
     169            'className': 'UserX509CertAuthN', 
    170170            'userX509CertFilePath': userX509CertFilePath, 
    171171            'userPriKeyFilePath': userPriKeyFilePath 
     
    211211        self.sm['authNService'] = { 
    212212            'moduleFilePath': os.environ['NDGSEC_SM_UNITTEST_DIR'], 
    213             'moduleName': 'usercertauthn', 
    214             'className': 'UserCertAuthN', 
     213            'moduleName': 'userX509certauthn', 
     214            'className': 'UserX509CertAuthN', 
    215215            'userX509CertFilePath': userX509CertFilePath, 
    216216            'userPriKeyFilePath': userPriKeyFilePath 
     
    255255             
    256256 
    257     def test06DisconnectWithUserCert(self): 
    258         """test5DisconnectWithUserCert: Disconnect based on a user X.509 
     257    def test06DisconnectWithUserX509Cert(self): 
     258        """test5DisconnectWithUserX509Cert: Disconnect based on a user X.509 
    259259        cert. credential from an earlier call to connect  
    260260        """ 
    261261         
    262         self._connect2UserCertAuthNService() 
     262        self._connect2UserX509CertAuthNService() 
    263263         
    264264        # User cert DN determines ID of session to delete 
     
    347347 
    348348 
    349     def test11GetAttCertWithUserCert(self): 
    350         """test11GetAttCertWithUserCert: make an attribute request using 
     349    def test11GetAttCertWithUserX509Cert(self): 
     350        """test11GetAttCertWithUserX509Cert: make an attribute request using 
    351351        a user cert as authentication credential""" 
    352         self._connect2UserCertAuthNService() 
     352        self._connect2UserX509CertAuthNService() 
    353353 
    354354        # Request an attribute certificate from an Attribute Authority  
    355355        # using the userX509Cert returned from connect() 
    356356         
    357         aaURI = self.cfg.get('test11GetAttCertWithUserCert', 'aaURI') 
     357        aaURI = self.cfg.get('test11GetAttCertWithUserX509Cert', 'aaURI') 
    358358        attCert, errMsg, extAttCertList = self.sm.getAttCert( 
    359359                                     userX509Cert=self.userX509Cert,  
     
    392392        smTestCaseMap = map(SessionManagerTestCase, 
    393393                          ( 
    394                             "test01Connect2AuthNServiceWithNoUserCertReturned", 
    395                             "test02Connect2AuthNServiceReturningAUserCert", 
     394                            "test01Connect2AuthNServiceWithNoUserX509CertReturned", 
     395                            "test02Connect2AuthNServiceReturningAUserX509Cert", 
    396396                            "test03GetSessionStatus", 
    397397                            "test04ConnectNoCreateServerSess", 
    398398                            "test05DisconnectWithSessID", 
    399                             "test06DisconnectWithUserCert", 
     399                            "test06DisconnectWithUserX509Cert", 
    400400                            "test07GetAttCertWithSessID", 
    401401                            "test08GetAttCertRefusedWithSessID", 
    402402                            "test09GetMappedAttCertWithSessID", 
    403403                            "test10GetAttCertWithExtAttCertListWithSessID", 
    404                             "test11GetAttCertWithUserCert", 
     404                            "test11GetAttCertWithUserX509Cert", 
    405405                            "test12GetAttCertFromLocalAAInstance", 
    406406                          )) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/usercertauthn.py

    r4404 r4513  
    2121from ndg.security.common.myproxy import MyProxyClient 
    2222 
    23 class UserCertAuthN(AbstractAuthNService): 
     23class UserX509CertAuthN(AbstractAuthNService): 
    2424    '''Test Authentication interface to the Session Manager  
    2525    returning a certificate and private key 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/test_sessionmanagerclient.py

    r4437 r4513  
    303303         
    304304        # Request an attribute certificate from an Attribute Authority  
    305         # using the userCert returned from connect() 
     305        # using the userX509Cert returned from connect() 
    306306         
    307307        aaURI = self.cfg['test10GetAttCertWithUserX509Cert']['aaURI'] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/usercertauthn.py

    r4406 r4513  
    2121from ndg.security.common.myproxy import MyProxyClient 
    2222 
    23 class UserCertAuthN(AbstractAuthNService): 
     23class UserX509CertAuthN(AbstractAuthNService): 
    2424    '''Test Authentication interface to the Session Manager  
    2525    returning a certificate and private key 
Note: See TracChangeset for help on using the changeset viewer.