Context Navigation

← Previous Change
Next Change →

Changeset 4520 for TI12-security/trunk

Timestamp:

01/12/08 15:39:41 (12 years ago)

Author:

pjkersha

Message:

ndg.security.server.wsgi.utils.sessionmanagerclient.WSGISessionManagerClient: completed this class and tested in combinedservices unit tests. This class enables WSGI apps to access another Session Manager WSGI app running in the same stack or else make a callout to a remote SOAP service.

Location:

TI12-security/trunk/python

Files:

: 8 edited
: 1 moved

ndg.security.server/ndg/security/server/sessionmanager.py (modified) (4 diffs)
ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py (modified) (1 diff)
ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py (modified) (7 diffs)
ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py (modified) (3 diffs)
ndg.security.test/ndg/security/test/combinedservices/serverapp.py (modified) (2 diffs)
ndg.security.test/ndg/security/test/combinedservices/services.ini (modified) (7 diffs)
ndg.security.test/ndg/security/test/combinedservices/sessionmanager/userx509certauthn.py (moved) (moved from TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/sessionmanager/usercertauthn.py)
ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg (modified) (1 diff)
ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sessionmanager.py

-                      r4500
+                      r4520
         # Look for a session corresponding to this ID
         if sessID and userDN:
             raise SessionManagerError('Only "SessID" or "userDN" keywords may be '
                                   'set')
+            raise SessionManagerError('Only "SessID" or "userDN" keywords may '
+                                      'be set')
         elif sessID:
             if sessID in self.__sessDict:
 …
             else:
                 # User session not found with given ID
+                log.info("No user session found matching input ID = %s" % \
+                         sessID)
+                log.info("No user session found matching input ID = %s"%sessID)
                 return False
 …
             else:
                 # User session not found with given proxy cert
                 log.info("No user session found matching input userDN = %s" %\
+                log.info("No user session found matching input userDN = %s" %
                          userDN)
                 return False
 …
                                              userX509Cert=userX509Cert)
         # The user's Credential Wallet carries out attribute request to the
+        # The user's Credential Wallet carries out an attribute request to the
         # Attribute Authority
+        try:
+            attCert=userSess.credentialWallet.getAttCert(**credentialWalletKw)
+            return attCert, None, []
+        except CredentialWalletAttributeRequestDenied, e:
+            # Exception object contains a list of attribute certificates
+            # which could be used to re-try to get authorisation via a mapped
+            # certificate
+            return None, str(e), e.extAttCertList
+        attCert = userSess.credentialWallet.getAttCert(**credentialWalletKw)
+        return attCert
     def auditCredentialRepository(self):

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

-                      r4515
+                      r4520
+"""NDG Security - client interface classes to Session Manager
+Make requests for authentication and authorisation
+NERC Data Grid Project
+This software may be distributed under the terms of the Q Public License,
+version 1.0 or later.
+"""
+__author__ = "P J Kershaw"
+__date__ = "27/11/08"
+__copyright__ = "(C) 2008 STFC & NERC"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = "$Id$"
+import logging
+log = logging.getLogger(__name__)
 class WSGIAttributeAuthorityClient(object):
+    """Client interface to Attribute Authority for WSGI based applications
+    environKey = "ndg.security.server.attributeauthority.AttributeAuthority"
+    This class wraps the SOAP based web service client and alternate direct
+    access to a Attribute Authority instance in the same code stack available
+    via an environ keyword
+    """
+    environKey = "ndg.security.server.wsgi.attributeAuthorityFilter"
     def __init__(self, environKey=None, environ={}, **soapClientKw):
-        """"""
         log.debug("WSGIAttributeAuthorityClient.__init__ ...")

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

-                      r4515
+                      r4520
 """NDG Security client - client interface classes to Session Manager
+"""NDG Security
+Make requests for authentication and authorisation
+Client interface to Session Manager for WSGI based applications
 NERC Data Grid Project
 …
 """
 __author__ = "P J Kershaw"
 __date__ = "24/04/06"
 __copyright__ = "(C) 2007 STFC & NERC"
+__date__ = "27/11/08"
+__copyright__ = "(C) 2008 STFC & NERC"
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id:sessionmanager.py 4373 2008-10-29 09:54:39Z pjkersha $"
+__revision__ = "$Id$"
 import logging
 …
     This class wraps the SOAP based web service client and alternate access to
+    a Session Manager in the same code stack via an environ keyword
+    a Session Manager instance in the same code stack available via an environ
+    keyword
     """
     environKey = "ndg.security.server.sessionmanager.SessionManager"
+    environKey = "ndg.security.server.wsgi.sessionManagerFilter"
     def __init__(self, environKey=None, environ={}, **soapClientKw):
 …
             self._soapClient = SessionManagerClient(**soapClientKw)
     _sessionManagerInEnviron = lambda self: self._environKey in self._environ
+    _refInEnviron = lambda self: self._environKey in self._environ
     # Define as property for convenient call syntax
+    sessionManagerInEnviron = property(fget=_sessionManagerInEnviron,
+                                       doc="return True if a Session Manager "
+                                           "instance is available in "
+                                           "WSGI environ")
+    refInEnviron = property(fget=_refInEnviron,
+                            doc="return True if a Session Manager instance is "
+                                "available in WSGI environ")
     _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.sm
 …
         """Delete an existing user session from the Session Manager
+        disconnect([userX509Cert=c]|[sessID=i])
+        @type userX509Cert: string
+        @param userX509Cert: user's certificate used to identifier which session
+        to disconnect.  This arg is not needed if the message is signed with
+        the user cert or if sessID is set.
+        @type sessID: string
+        @param sessID: session ID.  Input this as an alternative to userX509Cert
+        This arg is not needed if the message is signed with the user cert or
+        if userX509Cert keyword is."""
+        @type **kw: dict
+        @param **kw: disconnect keywords applicable to
+        ndg.security.server.sessionmanager.SessionManager.getSessionStatus and
+        ndg.security.common.sessionmanager.SessionManagerClient.getSessionStatus
+        the SOAP client"""
+        # Make connection
+        self._soapClient.disconnect(**kw)
+        # Modify keywords according to correct interface for server side /
+        # SOAP client
+        if self.refInEnviron:
+            if 'userDN' in kw:
+                log.warning('Removing keyword "userDN": this is not supported '
+                            'for calls to ndg.security.server.sessionmanager.'
+                            'SessionManager.deleteUserSession')
+                kw.pop('userX509Cert', None)
+            self.ref.deleteUserSession(**kw)
+        else:
+            if 'userX509Cert' in kw:
+                kw['userDN'] = kw.pop('userX509Cert').dn
+            self._soapClient.disconnect(**kw)
     def getSessionStatus(self, userDN=None, sessID=None):
+    def getSessionStatus(self, **kw):
         """Check for the existence of a session with a given
         session ID / user certificate Distinguished Name
-        disconnect([sessID=id]|[userDN=dn])
-        @type userX509Cert: string
-        @param userX509Cert: user's certificate used to identifier which session
-        to disconnect.  This arg is not needed if the message is signed with
-        the user cert or if sessID is set.
+        @type sessID: string
+        @param sessID: session ID.  Input this as an alternative to userX509Cert
+        This arg is not needed if the message is signed with the user cert or
+        if userX509Cert keyword is."""
+        @type **kw: dict
+        @param **kw: disconnect keywords applicable to
+        ndg.security.server.sessionmanager.SessionManager.getSessionStatus and
+        ndg.security.common.sessionmanager.SessionManagerClient.getSessionStatus
+        the SOAP client"""
+        # Make connection
+        return self._soapClient.getSessionStatus(**kw)
+        if self.refInEnviron:
+            return self.ref.getSessionStatus(**kw)
+        else:
+            return self._soapClient.getSessionStatus(**kw)
 …
         user's credential wallet held by the session manager.
+        @type **kw: dict
+        @param **kw: disconnect keywords applicable to
+        ndg.security.server.sessionmanager.SessionManager.getAttCert and
+        ndg.security.common.sessionmanager.SessionManagerClient.getAttCert
+        the SOAP client
         """
         if self.refInEnviron:
             # Connect to local instance
 …
                         "set and no reference is available in environ")
             return self.ref.getAttCert(username=username, **kw)
+            return self.ref.getAttCert(**kw)
         else:
             # Filter out keywords which apply to a Session Manager local
             # instance call
+           kw.pop('refreshAttCert', None)
+           kw.pop('attCertRefreshElapse', None)
+            if 'username' in kw:
+                kw.pop('username')
+                log.warning('Trying call via SOAP interface: '
+                            'removing the "username" keyword '
+                            'ndg.security.common.sessionmanager.'
+                            'SessionManagerClient.getAttCert doesn\'t support '
+                            'this keyword')
+            if 'refreshAttCert' in kw:
+                kw.pop('refreshAttCert')
+                log.warning('Trying call via SOAP interface: '
+                            'removing the "refreshAttCert" keyword '
+                            'ndg.security.common.sessionmanager.'
+                            'SessionManagerClient.getAttCert doesn\'t support '
+                            'this keyword')
+            if 'attCertRefreshElapse' in kw:
+                kw.pop('attCertRefreshElapse')
+                log.warning('Trying call via SOAP interface: '
+                            'removing the "attCertRefreshElapse" keyword '
+                            'ndg.security.common.sessionmanager.'
+                            'SessionManagerClient.getAttCert doesn\'t support '
+                            'this keyword')
            return self._soapClient.getAttCert(username=username, **kw)
+            return self._soapClient.getAttCert(**kw)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/init.py

-                      r4480
+                      r4520
 from ndg.security.server.sessionmanager import SessionManager
+from ndg.security.common.credentialwallet import \
+                                        CredentialWalletAttributeRequestDenied
 from ndg.security.common.wssecurity.dom import SignatureHandler
 from ndg.security.common.X509 import X509Cert, X509CertRead
 …
         # X.509 Cert used in signature is preferred over userX509Cert input
         # element - userX509Cert may have been omitted.
+        result = self.sm.getAttCert(
+        try:
+            attCert = self.sm.getAttCert(
                             userX509Cert=userX509Cert or request.UserX509Cert,
                             sessID=request.SessID,
 …
                             extAttCertList=request.ExtAttCert,
                             extTrustedHostList=request.ExtTrustedHost)
+        if result[0]:
+            response.AttCert = result[0].toString()
+        response.Msg, response.ExtAttCertOut = result[1:]
+        return response
+            response.AttCert = attCert.toString()
+        except CredentialWalletAttributeRequestDenied, e:
+            # Exception object contains a list of attribute certificates
+            # which could be used to re-try to get authorisation via a mapped
+            # certificate
+            response.Msg = str(e)
+            response.ExtAttCertOut = e.extAttCertList
+        return response

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

-                      r4513
+                      r4520
 from ndg.security.server.wsgi.utils.sessionmanagerclient import \
     WSGISessionManagerClient
+class HTTPBasicAuthentication(object):
+    '''Enable Authkit based HTTP Basic Authentication for test methods'''
+    def __init__(self):
+        self._userIn = UserIn([])
+    def __call__(self, environ, username, password):
+        """validation function"""
+        try:
+            client = WSGISessionManagerClient(environ=environ)
+            res = client.connect(username, passphrase=password)
+            if username not in self._userIn.users:
+                self._userIn.users += [username]
+            # Keep a reference to the session ID for test purposes
+            environ[client.environKey+'.user'] = res[-1]
+        except Exception, e:
+            return False
+        else:
+            return True
 class InfoApp(object):
     method = {
         "/": 'default',
+        "/test_connect": "test_connect"
+        "/test_connect": "test_connect",
+        "/test_getSessionStatus": "test_getSessionStatus",
+        "/test_disconnect": "test_disconnect",
+        "/test_getAttCert": "test_getAttCert"
+    }
+    httpBasicAuthentication = HTTPBasicAuthentication()
     def __call__(self, environ, start_response):
 …
         return "NDG Security Combined Services Unit Tests"
+    @authorize(httpBasicAuthentication._userIn)
     def test_connect(self, environ, start_response):
         start_response('200 OK', [('Content-type', 'text/plain')])
         return "test_connect succeeded"
+    @authorize(httpBasicAuthentication._userIn)
+    def test_getSessionStatus(self, environ, start_response):
+        client = WSGISessionManagerClient(environ=environ)
+        stat=client.getSessionStatus(sessID=environ[client.environKey+'.user'])
+        start_response('200 OK', [('Content-type', 'text/xml')])
+        return "test_getSessionStatus succeeded. Response = %s" % stat
+    def test_getAttributeCertificate(self, environ, start_response):
+    @authorize(httpBasicAuthentication._userIn)
+    def test_disconnect(self, environ, start_response):
         client = WSGISessionManagerClient(environ=environ)
+        attCert = client.getAttCert()
+        client.disconnect(sessID=environ[client.environKey+'.user'])
+        # Re-initialise user authentication
+        InfoApp.httpBasicAuthentication._userIn.users = []
+        start_response('200 OK', [('Content-type', 'text/plain')])
+        return "test_disconnect succeeded."
+    @authorize(httpBasicAuthentication._userIn)
+    def test_getAttCert(self, environ, start_response):
+        client = WSGISessionManagerClient(environ=environ)
+        attCert = client.getAttCert(sessID=environ[client.environKey+'.user'])
         start_response('200 OK', [('Content-type', 'text/xml')])
+        return attCert
+def valid(environ, username, password):
+    """validation function"""
+    try:
+        client = WSGISessionManagerClient(environ=environ)
+        res = client.connect(username, passphrase=password)
+    except Exception, e:
+        return False
+    else:
+        return True
+        return str(attCert)
 def app_factory(global_config, **local_conf):

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

-                      r4513
+                      r4520
 wsseCfgFileSection = WS-Security
+#______________________________________________________________________________
 # Attribute Authority settings
 # 'name' setting MUST agree with map config file 'thisHost' name attribute
 …
 attributeAuthority.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt
+#______________________________________________________________________________
 # Session Manager specific settings - commented out settings will take their
 # default settings.  To override the defaults uncomment and set as required.
 …
 # values should be delimited by a space
 sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt
 # Signature of an outbound message
+#
 …
 # Authentication service properties
 sessionManager.authNService.moduleFilePath:
 sessionManager.authNService.moduleName: ndg.security.test.combinedservices.sessionmanager.usercertauthn
 sessionManager.authNService.className: UserCertAuthN
+sessionManager.authNService.moduleName: ndg.security.test.combinedservices.sessionmanager.userx509certauthn
+sessionManager.authNService.className: UserX509CertAuthN
 # Specific settings for UserCertAuthN Session Manager authentication plugin
 …
 enableWSDLQuery = True
 charset = utf-8
 filterID = attributeAuthorityFilter
+filterID = ndg.security.server.wsgi.attributeAuthorityFilter
 [filter:SessionManagerFilter]
 …
 enableWSDLQuery = True
 charset = utf-8
 filterID = ndg.security.server.sessionmanager.SessionManager
+filterID = ndg.security.server.wsgi.sessionManagerFilter
 [filter:wsseSignatureVerificationFilter]
 …
 setup_method=basic
 basic_realm=Test Realm
 basic_authenticate_function=ndg.security.test.combinedservices.serverapp:valid
+basic_authenticate_function=ndg.security.test.combinedservices.serverapp:InfoApp.httpBasicAuthentication

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

-                      r4513
+                      r4520
 passphrase = testpassword
+[test10WSGILocalInstanceGetSessionStatus]
+url = http://localhost:8000/test_getSessionStatus
+username = testuser
+passphrase = testpassword
+[test11WSGILocalInstanceDisconnect]
+url = http://localhost:8000/test_disconnect
+username = testuser
+passphrase = testpassword
+[test12WSGILocalInstanceGetAttCert]
+url = http://localhost:8000/test_getAttCert
+username = testuser
+passphrase = testpassword
 [wsse]
 # WS-Security settings for unit test AA clients

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

-                      r4513
+                      r4520
     def test01Connect(self):
         """test01Connect: Connect as if acting as a browser client -
         a session ID is returned"""
         username = self.cfg['test01Connect']['username']
         if CombinedServicesTestCase.test01Passphrase is None:
             CombinedServicesTestCase.test01Passphrase = \
                                     self.cfg['test01Connect'].get('passphrase')
         if not CombinedServicesTestCase.test01Passphrase:
             CombinedServicesTestCase.test01Passphrase = getpass.getpass(\
                 prompt="\ntest01Connect pass-phrase for user %s: " % username)
         self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \
             self.clnt.connect(self.cfg['test01Connect']['username'],
                     passphrase=CombinedServicesTestCase.test01Passphrase)
         print("User '%s' connected to Session Manager:\n%s" % (username,
                                                                self.sessID))
     def test02GetSessionStatus(self):
         """test02GetSessionStatus: check a session is alive"""
         print "\n\t" + self.test02GetSessionStatus.__doc__
         self.test01Connect()
         assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead"
         print("User connected to Session Manager with sessID=%s" % self.sessID)
         assert not self.clnt.getSessionStatus(sessID='abc'), \
                                                 "sessID=abc shouldn't exist!"
         print "CORRECT: sessID=abc doesn't exist"
     def test03ConnectNoCreateServerSess(self):
         """test03ConnectNoCreateServerSess: Connect without creating a session -
         sessID should be None.  This only indicates that the username/password
         are correct.  To be of practical use the AuthNService plugin at
         the Session Manager needs to return X.509 credentials e.g.
         with MyProxy plugin."""
         username = self.cfg['test03ConnectNoCreateServerSess']['username']
         if CombinedServicesTestCase.test03Passphrase is None:
             CombinedServicesTestCase.test03Passphrase = \
                 self.cfg['test03ConnectNoCreateServerSess'].get('passphrase')
         if not CombinedServicesTestCase.test03Passphrase:
             prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: "
             CombinedServicesTestCase.test03Passphrase = getpass.getpass(\
                                                     prompt=prompt % username)
         userX509Cert, userPriKey,issuingCert, sessID = \
             self.clnt.connect(username,
                       passphrase=CombinedServicesTestCase.test03Passphrase,
                       createServerSess=False)
         # Expect null session ID
         assert(not sessID)
         print("Successfully authenticated")
     def test04DisconnectWithSessID(self):
         """test04DisconnectWithSessID: disconnect as if acting as a browser
         client
         """
         print "\n\t" + self.test04DisconnectWithSessID.__doc__
         self.test01Connect()
         self.clnt.disconnect(sessID=self.sessID)
         print("User disconnected from Session Manager:\n%s" % self.sessID)
     def test05DisconnectWithUserX509Cert(self):
         """test05DisconnectWithUserX509Cert: Disconnect as a command line client
         """
         print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__
         self.test01Connect()
         # Use user cert / private key just obtained from connect call for
         # signature generation
         if self.issuingCert:
             self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1'
             self.clnt.signatureHandler.signingPriKey = self.userPriKey
             self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
                                                            self.userX509Cert)
             self.clnt.signatureHandler.signingCert = None
         else:
             self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3'
             self.clnt.signatureHandler.signingPriKeyPwd = \
                 CombinedServicesTestCase.test01Passphrase
             self.clnt.signatureHandler.signingPriKey = self.userPriKey
             self.clnt.signatureHandler.signingCertChain = ()
             self.clnt.signatureHandler.signingCert = self.userX509Cert
         # user X.509 cert in signature determines ID of session to delete
         self.clnt.disconnect()
         print("User disconnected from Session Manager:\n%s"%self.userX509Cert)
     def test06GetAttCertWithSessID(self):
         """test06GetAttCertWithSessID: make an attribute request using
         a session ID as authentication credential"""
         print "\n\t" + self.test06GetAttCertWithSessID.__doc__
         thisSection = self.cfg['test06GetAttCertWithSessID']
         self.test01Connect()
         attCert = self.clnt.getAttCert(sessID=self.sessID,
                                        attAuthorityURI=thisSection['aaURI'])
         print "Attribute Certificate:\n%s" % attCert
         attCert.filePath = xpdVars(thisSection['acOutFilePath'])
         attCert.write()
     def test07GetAttCertWithUserX509Cert(self):
         """test07GetAttCertWithUserX509Cert: make an attribute request using
         a user cert as authentication credential"""
         print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__
         self.test01Connect()
         if self.issuingCert:
             self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1'
             self.clnt.signatureHandler.signingPriKeyPwd = \
                                 CombinedServicesTestCase.test01Passphrase
             self.clnt.signatureHandler.signingPriKey = self.userPriKey
             self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
                                                            self.userX509Cert)
             self.clnt.signatureHandler.signingCert = None
         else:
             self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3'
             self.clnt.signatureHandler.signingPriKeyPwd = \
                                 CombinedServicesTestCase.test01Passphrase
             self.clnt.signatureHandler.signingPriKey = self.userPriKey
             self.clnt.signatureHandler.signingCertChain = ()
             self.clnt.signatureHandler.signingCert = self.userX509Cert
         # Request an attribute certificate from an Attribute Authority
         # using the userX509Cert returned from connect()
         aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI']
         attCert = self.clnt.getAttCert(attAuthorityURI=aaURI)
         print("Attribute Certificate:\n%s" % attCert)
     def test08GetAttCertFromLocalAttributeAuthority(self):
         """test08GetAttCertFromLocalAttributeAuthority: query the Attribute
         Authority running in the same server instance as the Session Manager"""
         print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__
         self.test01Connect()
         attCert = self.clnt.getAttCert(sessID=self.sessID)
         print "Attribute Certificate:\n%s" % attCert
+#    def test01Connect(self):
+#        """test01Connect: Connect as if acting as a browser client -
+#        a session ID is returned"""
+#
+#        username = self.cfg['test01Connect']['username']
+#
+#        if CombinedServicesTestCase.test01Passphrase is None:
+#            CombinedServicesTestCase.test01Passphrase = \
+#                                    self.cfg['test01Connect'].get('passphrase')
+#
+#        if not CombinedServicesTestCase.test01Passphrase:
+#            CombinedServicesTestCase.test01Passphrase = getpass.getpass(\
+#                prompt="\ntest01Connect pass-phrase for user %s: " % username)
+#
+#        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \
+#            self.clnt.connect(self.cfg['test01Connect']['username'],
+#                    passphrase=CombinedServicesTestCase.test01Passphrase)
+#
+#        print("User '%s' connected to Session Manager:\n%s" % (username,
+#                                                               self.sessID))
+#
+#
+#    def test02GetSessionStatus(self):
+#        """test02GetSessionStatus: check a session is alive"""
+#        print "\n\t" + self.test02GetSessionStatus.__doc__
+#
+#        self.test01Connect()
+#        assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead"
+#
+#        print("User connected to Session Manager with sessID=%s" % self.sessID)
+#
+#        assert not self.clnt.getSessionStatus(sessID='abc'), \
+#                                                "sessID=abc shouldn't exist!"
+#
+#        print "CORRECT: sessID=abc doesn't exist"
+#
+#
+#    def test03ConnectNoCreateServerSess(self):
+#        """test03ConnectNoCreateServerSess: Connect without creating a session -
+#        sessID should be None.  This only indicates that the username/password
+#        are correct.  To be of practical use the AuthNService plugin at
+#        the Session Manager needs to return X.509 credentials e.g.
+#        with MyProxy plugin."""
+#
+#        username = self.cfg['test03ConnectNoCreateServerSess']['username']
+#
+#        if CombinedServicesTestCase.test03Passphrase is None:
+#            CombinedServicesTestCase.test03Passphrase = \
+#                self.cfg['test03ConnectNoCreateServerSess'].get('passphrase')
+#
+#        if not CombinedServicesTestCase.test03Passphrase:
+#            prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: "
+#            CombinedServicesTestCase.test03Passphrase = getpass.getpass(\
+#                                                    prompt=prompt % username)
+#
+#        userX509Cert, userPriKey,issuingCert, sessID = \
+#            self.clnt.connect(username,
+#                      passphrase=CombinedServicesTestCase.test03Passphrase,
+#                      createServerSess=False)
+#
+#        # Expect null session ID
+#        assert(not sessID)
+#
+#        print("Successfully authenticated")
+#
+#
+#    def test04DisconnectWithSessID(self):
+#        """test04DisconnectWithSessID: disconnect as if acting as a browser
+#        client
+#        """
+#
+#        print "\n\t" + self.test04DisconnectWithSessID.__doc__
+#        self.test01Connect()
+#
+#        self.clnt.disconnect(sessID=self.sessID)
+#
+#        print("User disconnected from Session Manager:\n%s" % self.sessID)
+#
+#
+#    def test05DisconnectWithUserX509Cert(self):
+#        """test05DisconnectWithUserX509Cert: Disconnect as a command line client
+#        """
+#
+#        print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__
+#        self.test01Connect()
+#
+#        # Use user cert / private key just obtained from connect call for
+#        # signature generation
+#        if self.issuingCert:
+#            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1'
+#            self.clnt.signatureHandler.signingPriKey = self.userPriKey
+#            self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
+#                                                           self.userX509Cert)
+#            self.clnt.signatureHandler.signingCert = None
+#        else:
+#            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3'
+#            self.clnt.signatureHandler.signingPriKeyPwd = \
+#                CombinedServicesTestCase.test01Passphrase
+#            self.clnt.signatureHandler.signingPriKey = self.userPriKey
+#            self.clnt.signatureHandler.signingCertChain = ()
+#            self.clnt.signatureHandler.signingCert = self.userX509Cert
+#
+#        # user X.509 cert in signature determines ID of session to delete
+#        self.clnt.disconnect()
+#        print("User disconnected from Session Manager:\n%s"%self.userX509Cert)
+#
+#
+#    def test06GetAttCertWithSessID(self):
+#        """test06GetAttCertWithSessID: make an attribute request using
+#        a session ID as authentication credential"""
+#
+#        print "\n\t" + self.test06GetAttCertWithSessID.__doc__
+#        thisSection = self.cfg['test06GetAttCertWithSessID']
+#        self.test01Connect()
+#
+#        attCert = self.clnt.getAttCert(sessID=self.sessID,
+#                                       attAuthorityURI=thisSection['aaURI'])
+#
+#        print "Attribute Certificate:\n%s" % attCert
+#        attCert.filePath = xpdVars(thisSection['acOutFilePath'])
+#        attCert.write()
+#
+#
+#    def test07GetAttCertWithUserX509Cert(self):
+#        """test07GetAttCertWithUserX509Cert: make an attribute request using
+#        a user cert as authentication credential"""
+#        print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__
+#        self.test01Connect()
+#
+#        if self.issuingCert:
+#            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1'
+#            self.clnt.signatureHandler.signingPriKeyPwd = \
+#                                CombinedServicesTestCase.test01Passphrase
+#            self.clnt.signatureHandler.signingPriKey = self.userPriKey
+#            self.clnt.signatureHandler.signingCertChain = (self.issuingCert,
+#                                                           self.userX509Cert)
+#            self.clnt.signatureHandler.signingCert = None
+#        else:
+#            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3'
+#            self.clnt.signatureHandler.signingPriKeyPwd = \
+#                                CombinedServicesTestCase.test01Passphrase
+#            self.clnt.signatureHandler.signingPriKey = self.userPriKey
+#            self.clnt.signatureHandler.signingCertChain = ()
+#            self.clnt.signatureHandler.signingCert = self.userX509Cert
+#
+#        # Request an attribute certificate from an Attribute Authority
+#        # using the userX509Cert returned from connect()
+#
+#        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI']
+#        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI)
+#
+#        print("Attribute Certificate:\n%s" % attCert)
+#
+#
+#    def test08GetAttCertFromLocalAttributeAuthority(self):
+#        """test08GetAttCertFromLocalAttributeAuthority: query the Attribute
+#        Authority running in the same server instance as the Session Manager"""
+#
+#        print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__
+#        self.test01Connect()
+#
+#        attCert = self.clnt.getAttCert(sessID=self.sessID)
+#
+#        print "Attribute Certificate:\n%s" % attCert
 …
         # Make a client connection to the WSGI app - authenticate with WSGI
         # basic auth
         thisSection = 'test09WSGILocalInstanceConnect'
         url = self.cfg[thisSection]['url']
         username = self.cfg[thisSection]['username']
         password = self.cfg[thisSection]['passphrase']
+        thisSection = self.cfg['test09WSGILocalInstanceConnect']
+        url = thisSection['url']
+        username = thisSection['username']
+        password = thisSection['passphrase']
         print("WSGI app connecting to local Session Manager instance: %s" %
               self._httpBasicAuthReq(url, username, password))
+    def test10WSGILocalInstanceGetSessionStatus(self):
+        """test10WSGILocalInstanceGetSessionStatus: test a WSGI app calling a
+        Session Manager WSGI local instance"""
+        # Make a client connection to the WSGI app - authenticate with WSGI
+        # basic auth
+        thisSection = self.cfg['test10WSGILocalInstanceGetSessionStatus']
+        url = thisSection['url']
+        username = thisSection['username']
+        password = thisSection['passphrase']
+        print("WSGI app connecting to local Session Manager instance: %s" %
+              self._httpBasicAuthReq(url, username, password))
+    def test11WSGILocalInstanceDisconnect(self):
+        """test11WSGILocalInstanceDisconnect: test a WSGI app calling a
+        Session Manager WSGI local instance"""
+        # Make a client connection to the WSGI app - authenticate with WSGI
+        # basic auth
+        thisSection = self.cfg['test11WSGILocalInstanceDisconnect']
+        url = thisSection['url']
+        username = thisSection['username']
+        password = thisSection['passphrase']
+        print("WSGI app connecting to local Session Manager instance: %s" %
+              self._httpBasicAuthReq(url, username, password))
+    def test12WSGILocalInstanceGetAttCert(self):
+        """test12WSGILocalInstanceGetAttCert: test a WSGI app calling a
+        Session Manager WSGI local instance"""
+        # Make a client connection to the WSGI app - authenticate with WSGI
+        # basic auth
+        thisSection = self.cfg['test12WSGILocalInstanceGetAttCert']
+        url = thisSection['url']
+        username = thisSection['username']
+        password = thisSection['passphrase']
+        print("WSGI app connecting to local Session Manager instance: %s" %
+              self._httpBasicAuthReq(url, username, password))
 class CombinedServicesTestSuite(unittest.TestSuite):
 …
                     "test08GetAttCertFromLocalAttributeAuthority",
                     "test09WSGILocalInstanceConnect",
+                    "test10WSGILocalInstanceGetSessionStatus",
+                    "test11WSGILocalInstanceDisconnect"
                   ))
         unittest.TestSuite.__init__(self, map)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 4520 for TI12-security/trunk

Legend:

Download in other formats: