Changeset 4521 for TI12-security


Ignore:
Timestamp:
02/12/08 14:20:07 (11 years ago)
Author:
pjkersha
Message:

Completed tests running Attribute Authority and Session Manager in the same WSGI stack:

  • ndg.security.server.wsgi.utils.attributeauthorityclient.WSGIAttributeAuthorityClient: completed this class and tested in combinedservices unit tests. This class enables WSGI apps to access an AttributeAuthority? WSGI app running in the same stack or else make a callout to a remote SOAP service.
  • ndg.security.server.wsgi.wssecurity: improved config set-up
Location:
TI12-security/trunk/python
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/attributeauthority.py

    r4513 r4521  
    444444         
    445445        @rtype ndg.security.common.AttCert.AttCert 
    446         @return attribute certificate for user.  iIf access is refused,  
     446        @return attribute certificate for user.  If access is refused,  
    447447        AttributeRequestDenied is raised""" 
    448448     
     
    456456 
    457457        try: 
    458             sAttCert, msg = self.__srv.getAttCert(userId,userX509Cert,userAttCert)   
     458            sAttCert, msg = self.__srv.getAttCert(userId, 
     459                                                  userX509Cert, 
     460                                                  userAttCert)   
    459461        except httplib.BadStatusLine, e: 
    460462            raise AttributeAuthorityClientError( 
     
    475477        else: 
    476478            raise AttributeRequestDenied(msg) 
    477                                      
    478     def getX509Cert(self): 
    479         """Retrieve the X.509 certificate of the Attribute Authority 
    480          
    481         @rtype: string 
    482         @return X.509 certificate for Attribute Authority""" 
    483      
    484         if not self.__srv: 
    485             raise InvalidAttributeAuthorityClientCtx("Client binding is not " 
    486                                                      "initialised") 
    487          
    488         try: 
    489             return self.__srv.getX509Cert()                 
    490         except httplib.BadStatusLine, e: 
    491             raise AttributeAuthorityClientError, "HTTP bad status line: %s" % e 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services.py

    r4513 r4521  
    2929        # no ws-addressing 
    3030 
    31     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502b8c> 
     31    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fc98c> 
    3232    def getAttCert(self, userId,userX509Cert,userAttCert): 
    3333 
     
    4646        return attCert,msg 
    4747 
    48     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8502eac> 
     48    # op: <ZSI.wstools.WSDLTools.Message instance at 0x84fccac> 
    4949    def getHostInfo(self): 
    5050 
     
    6464        return hostname,aaURI,aaDN,loginURI,loginServerDN,loginRequestServerDN 
    6565 
    66     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507b2c> 
     66    # op: <ZSI.wstools.WSDLTools.Message instance at 0x85037ec> 
    6767    def getTrustedHostInfo(self, role): 
    6868 
     
    7878        return trustedHosts 
    7979 
    80     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507ccc> 
     80    # op: <ZSI.wstools.WSDLTools.Message instance at 0x850396c> 
    8181    def getAllHostsInfo(self): 
    8282 
     
    9090        hosts = response._hosts 
    9191        return hosts 
    92  
    93     # op: <ZSI.wstools.WSDLTools.Message instance at 0x8507e4c> 
    94     def getX509Cert(self): 
    95  
    96         request = getX509CertInputMsg() 
    97  
    98         kw = {} 
    99         # no input wsaction 
    100         self.binding.Send(None, None, request, soapaction="getX509Cert", **kw) 
    101         # no output wsaction 
    102         response = self.binding.Receive(getX509CertOutputMsg.typecode) 
    103         x509Cert = response._x509Cert 
    104         return x509Cert 
    10592 
    10693getAttCertInputMsg = ns0.getAttCert_Dec().pyclass 
     
    119106 
    120107getAllHostsInfoOutputMsg = ns0.getAllHostsInfoResponse_Dec().pyclass 
    121  
    122 getX509CertInputMsg = ns0.getX509Cert_Dec().pyclass 
    123  
    124 getX509CertOutputMsg = ns0.getX509CertResponse_Dec().pyclass 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/AttributeAuthority_services_types.py

    r4513 r4521  
    210210            self.pyclass = Holder 
    211211 
    212     class getX509Cert_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    213         literal = "getX509Cert" 
    214         schema = "urn:ndg:security:AttributeAuthority" 
    215         def __init__(self, **kw): 
    216             ns = ns0.getX509Cert_Dec.schema 
    217             TClist = [] 
    218             kw["pname"] = ("urn:ndg:security:AttributeAuthority","getX509Cert") 
    219             kw["aname"] = "_getX509Cert" 
    220             self.attribute_typecode_dict = {} 
    221             ZSI.TCcompound.ComplexType.__init__(self,None,TClist,inorder=0,**kw) 
    222             class Holder: 
    223                 __metaclass__ = pyclass_type 
    224                 typecode = self 
    225                 def __init__(self): 
    226                     # pyclass 
    227                     return 
    228             Holder.__name__ = "getX509Cert_Holder" 
    229             self.pyclass = Holder 
    230  
    231     class getX509CertResponse_Dec(ZSI.TCcompound.ComplexType, ElementDeclaration): 
    232         literal = "getX509CertResponse" 
    233         schema = "urn:ndg:security:AttributeAuthority" 
    234         def __init__(self, **kw): 
    235             ns = ns0.getX509CertResponse_Dec.schema 
    236             TClist = [ZSI.TC.String(pname="x509Cert", aname="_x509Cert", minOccurs=1, maxOccurs=1, nillable=False, typed=False, encoded=kw.get("encoded"))] 
    237             kw["pname"] = ("urn:ndg:security:AttributeAuthority","getX509CertResponse") 
    238             kw["aname"] = "_getX509CertResponse" 
    239             self.attribute_typecode_dict = {} 
    240             ZSI.TCcompound.ComplexType.__init__(self,None,TClist,inorder=0,**kw) 
    241             class Holder: 
    242                 __metaclass__ = pyclass_type 
    243                 typecode = self 
    244                 def __init__(self): 
    245                     # pyclass 
    246                     self._x509Cert = None 
    247                     return 
    248             Holder.__name__ = "getX509CertResponse_Holder" 
    249             self.pyclass = Holder 
    250  
    251212# end class ns0 (tns: urn:ndg:security:AttributeAuthority) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/zsi/attributeauthority/attributeauthority.wsdl

    r4513 r4521  
    8888        </xsd:complexType> 
    8989      </xsd:element> 
    90  
    91       <xsd:element name="getX509Cert"> 
    92         <xsd:complexType/> 
    93       </xsd:element> 
    94        
    95       <xsd:element name="getX509CertResponse"> 
    96         <xsd:complexType> 
    97           <xsd:sequence> 
    98             <xsd:element name="x509Cert" type="xsd:string" minOccurs="1" maxOccurs="1"/> 
    99           </xsd:sequence> 
    100         </xsd:complexType> 
    101       </xsd:element> 
    102  
    10390    </xsd:schema> 
    10491  </wsdl:types> 
     
    136123  </wsdl:message> 
    137124 
    138   <wsdl:message name="getX509CertInputMsg"> 
    139     <wsdl:part name="parameters" element="tns:getX509Cert"/> 
    140   </wsdl:message> 
    141  
    142   <wsdl:message name="getX509CertOutputMsg"> 
    143     <wsdl:part name="parameters" element="tns:getX509CertResponse"/> 
    144   </wsdl:message> 
    145  
    146125  <wsdl:portType name="AttributeAuthority"> 
    147126    <wsdl:operation name="getAttCert"> 
     
    165144    </wsdl:operation> 
    166145 
    167     <wsdl:operation name="getX509Cert"> 
    168       <wsdl:input message="tns:getX509CertInputMsg"/> 
    169       <wsdl:output message="tns:getX509CertOutputMsg"/> 
    170     </wsdl:operation> 
    171146  </wsdl:portType> 
    172147 
     
    215190      </wsdl:output>  
    216191    </wsdl:operation> 
    217  
    218     <wsdl:operation name="getX509Cert"> 
    219       <soap:operation soapAction="getX509Cert"/> 
    220       <wsdl:input> 
    221         <soap:body use="literal"/> 
    222       </wsdl:input> 
    223       <wsdl:output> 
    224         <soap:body use="literal"/> 
    225       </wsdl:output>  
    226     </wsdl:operation>     
    227    
    228192  </wsdl:binding> 
    229193 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/attributeauthority.py

    r4446 r4521  
    949949        if not self.__mapConfig or not self.__localRole2RemoteRole: 
    950950            # This Attribute Authority has no trusted hosts 
    951             raise AttributeAuthorityNoTrustedHosts("The %s Attribute Authority has " 
    952                                              "no trusted hosts" %  
    953                                              self.__prop['name']) 
     951            raise AttributeAuthorityNoTrustedHosts("The %s Attribute " 
     952                                                   "Authority has no trusted " 
     953                                                   "hosts" %  
     954                                                   self.__prop['name']) 
    954955 
    955956 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

    r4480 r4521  
    280280                 
    281281        if self.pathMatch(environ) and self.enableWSDLQuery and \ 
    282            environ.get('REQUEST_METHOD') == 'GET' and \ 
    283            environ.get('QUERY_STRING') == 'wsdl': 
     282           environ.get('REQUEST_METHOD', '') == 'GET' and \ 
     283           environ.get('QUERY_STRING', '') == 'wsdl': 
    284284            wsdl = self.serviceSOAPBinding._wsdl 
    285285            start_response("200 OK", [('Content-type', 'text/xml'), 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

    r4520 r4521  
    2525     
    2626    environKey = "ndg.security.server.wsgi.attributeAuthorityFilter" 
     27             
     28    _refInEnviron=lambda self: self._environKey in self._environ 
     29     
     30    # Define as property for convenient call syntax 
     31    refInEnviron = property(fget=_refInEnviron, 
     32                            doc="return True if a Attribute Authority " 
     33                                "instance is available in WSGI environ") 
     34     
     35    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa 
     36    ref = property(fget=_getRef, doc="Attribute Authority local instance") 
     37 
    2738     
    2839    def __init__(self, environKey=None, environ={}, **soapClientKw): 
     
    3849            self._soapClient = AttributeAuthorityClient(**soapClientKw) 
    3950             
    40     _refInEnviron=lambda self: self._environKey in self._environ 
    41      
    42     # Define as property for convenient call syntax 
    43     refInEnviron = property(fget=_refInEnviron, 
    44                             doc="return True if a Attribute Authority " 
    45                                 "instance is available in WSGI environ") 
    46      
    47     _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa 
    48     ref = property(fget=_getRef, doc="Attribute Authority local instance") 
     51             
     52    def getHostInfo(self): 
     53        """Return details about the Attribute Authority host: its ID, 
     54        the user login URI and AA URI address.   
     55         
     56        @rtype: dict 
     57        @return: dictionary of host information derived from the map  
     58        configuration held by the AA""" 
     59         
     60        if self.refInEnviron: 
     61            # Connect to local instance 
     62            return self.ref.hostInfo 
     63        else: 
     64            # Make connection to remote service 
     65            return self._soapClient.getHostInfo() 
     66         
     67         
     68    def getTrustedHostInfo(self, **kw): 
     69        """Get list of trusted hosts for an Attribute Authority 
     70         
     71        @type **kw: dict 
     72        @param **kw: getTrustedHostInfo keywords applicable to  
     73        ndg.security.server.attributeauthority.AttributeAuthority.getTrustedHostInfo and 
     74        ndg.security.common.attributeauthority.AttributeAuthorityClient.getTrustedHostInfo 
     75        the SOAP client 
     76                 
     77        @rtype: dict 
     78        @return: dictionary of host information indexed by hostname derived  
     79        from the map configuration""" 
     80         
     81        if self.refInEnviron: 
     82            # Connect to local instance 
     83            return self.ref.getTrustedHostInfo(**kw) 
     84        else: 
     85            # Make connection to remote service 
     86            return self._soapClient.getTrustedHostHostInfo(**kw) 
     87 
     88 
     89    def getAllHostsInfo(self): 
     90        """Get list of all hosts for an Attribute Authority i.e. itself and 
     91        all the hosts it trusts 
     92         
     93        @rtype: dict 
     94        @return: dictionary of host information indexed by hostname derived  
     95        from the map configuration""" 
     96         
     97        if self.refInEnviron: 
     98            # Connect to local instance - combine this host's info with info 
     99            # from other trusted hosts 
     100            allHostsInfo = self.ref.hostInfo 
     101            allHostsInfo.update(self.ref.getTrustedHostInfo()) 
     102            return allHostsInfo 
     103        else: 
     104            # Make connection to remote service 
     105            return self._soapClient.getTrustedHostHostInfo() 
     106 
     107 
     108    def getAttCert(self, **kw): 
     109        """Request attribute certificate from NDG Attribute Authority  
     110         
     111        @type **kw: dict 
     112        @param **kw: getTrustedHostInfo keywords applicable to  
     113        ndg.security.server.attributeauthority.AttributeAuthority.getAttCert and 
     114        ndg.security.common.attributeauthority.AttributeAuthorityClient.getAttCert 
     115        the SOAP client 
     116                 
     117        @rtype ndg.security.common.AttCert.AttCert 
     118        @return attribute certificate for user.  If access is refused,  
     119        AttributeRequestDenied or AttributeAuthorityAccessDenied are raised 
     120        depending on whether the call is to a local instance or a remote 
     121        service""" 
     122         
     123        if self.refInEnviron: 
     124            # Connect to local instance 
     125            if 'userX509Cert' in kw: 
     126                kw['holderX509Cert'] = kw.pop('userX509Cert') 
     127 
     128            return self.ref.getAttCert(**kw) 
     129        else: 
     130            # Make connection to remote service 
     131            if 'holderX509Cert' in kw: 
     132                kw['userX509Cert'] = kw.pop('holderX509Cert') 
     133                 
     134            return self._soapClient.getAttCert(**kw) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4520 r4521  
    3737    """ 
    3838    environKey = "ndg.security.server.wsgi.sessionManagerFilter" 
    39      
    40     def __init__(self, environKey=None, environ={}, **soapClientKw): 
    41         """""" 
    42  
    43         log.debug("WSGISessionManagerClient.__init__ ...") 
    44          
    45         self._environKey = environKey or WSGISessionManagerClient.environKey 
    46          
    47         # Standard WSGI environment dict 
    48         self._environ = environ 
    49          
    50         if 'uri' in soapClientKw: 
    51             self._soapClient = SessionManagerClient(**soapClientKw) 
    5239 
    5340    _refInEnviron = lambda self: self._environKey in self._environ 
     
    6047    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.sm 
    6148    ref = property(fget=_getRef, doc="Session Manager local instance") 
     49 
     50     
     51    def __init__(self, environKey=None, environ={}, **soapClientKw): 
     52  
     53        log.debug("WSGISessionManagerClient.__init__ ...") 
     54         
     55        self._environKey = environKey or WSGISessionManagerClient.environKey 
     56         
     57        # Standard WSGI environment dict 
     58        self._environ = environ 
     59         
     60        if 'uri' in soapClientKw: 
     61            self._soapClient = SessionManagerClient(**soapClientKw) 
     62     
    6263     
    6364    def connect(self, username, **kw): 
     
    6970     
    7071        if self.refInEnviron: 
     72            if 'username' in kw: 
     73                raise TypeError("connect() got an unexpected keyword argument " 
     74                                "'username'") 
     75                 
    7176            # Connect to local instance 
    7277            res = self.ref.connect(username=username, **kw) 
     
    7782             
    7883            # Make connection to remote service 
    79             res = self._soapClient.connect(**kw) 
     84            res = self._soapClient.connect(username, **kw) 
    8085     
    8186            # Convert from unicode because unicode causes problems with 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/wssecurity.py

    r4404 r4521  
    4444        wsseCfgFilePath = self.app_conf.get('wsseCfgFilePath')         
    4545        wsseCfgFileSection = self.app_conf.get('wsseCfgFileSection') 
     46        wsseCfgFilePrefix = self.app_conf.get('wsseCfgFilePrefix') 
    4647         
    4748        self.signatureHandler = SignatureHandler(cfg=wsseCfgFilePath, 
    48                                             cfgFileSection=wsseCfgFileSection) 
     49                                            cfgFileSection=wsseCfgFileSection, 
     50                                            cfgFilePrefix=wsseCfgFilePrefix) 
    4951            
    5052     
    5153class ApplySignatureFilter(SignatureFilter): 
    5254    '''Apply WS-Security digital signature to SOAP message''' 
     55    def __init__(self, *arg, **kw): 
     56        '''Extend SignatureFilter.__init__ to enable setting of 
     57        WS-Security signature verification filter from config''' 
     58        self.wsseSignatureVerificationFilterID = kw.pop( 
     59                                        'wsseSignatureVerificationFilterID',  
     60                                        None) 
     61         
     62        super(ApplySignatureFilter, self).__init__(*arg, **kw) 
     63 
    5364    def __call__(self, environ, start_response): 
    5465        '''Sign message''' 
    5566        if not self.isSOAPMessage(environ) or \ 
    5667           not self.pathMatch(environ): 
    57             log.debug("ApplySignatureFilter.__call__: Non-SOAP " 
    58                       "request or path doesn't match SOAP endpoint specified " 
    59                       "- skipping signature verification") 
     68            log.debug("ApplySignatureFilter.__call__: Non-SOAP request or " 
     69                      "path doesn't match SOAP endpoint specified - skipping " 
     70                      "signature verification") 
    6071            return self.app(environ, start_response) 
    6172         
     
    6778            # TODO: Should SOAP faults be signed at all? 
    6879            log.warning("Attempting to sign a SOAP fault message...") 
    69              
     80          
     81        # The following is broken into two try blocks so that exceptions  
     82        # raised from the 1st can still returned as signed SOAP faults back to  
     83        # the client  
    7084        try: 
    7185            sw = self.getSOAPWriter(environ) 
     86             
     87            # Copy signature value in order to apply signature confirmation 
     88            if self.signatureHandler.applySignatureConfirmation: 
     89                filter = environ.get(self.wsseSignatureVerificationFilterID) 
     90                if filter is None: 
     91                    raise WSSecurityFilterConfigError( 
     92                        'SignatureHandler "applySignatureConfirmation" flag ' 
     93                        'is set to True but no Signature Verification Filter ' 
     94                        'has been set in the environ: check that the ' 
     95                        '"wsseSignatureVerificationFilterID" property is set ' 
     96                        'and that it references the "filterID" set for the ' 
     97                        'verification filter') 
     98                     
     99                self.signatureHandler.b64EncSignatureValue = \ 
     100                                filter.signatureHandler.b64EncSignatureValue 
    72101        except Exception, e: 
    73102            sw = self.exception2SOAPFault(environ, e) 
    74103            self.setSOAPWriter(environ, sw) 
     104 
    75105             
    76         filter = environ.get('wsseSignatureVerificationFilter01') 
    77         if filter is not None: 
    78             # Copy signature value in order to apply signature confirmation 
    79             if self.signatureHandler.applySignatureConfirmation: 
    80                 self.signatureHandler.b64EncSignatureValue = \ 
    81                                 filter.signatureHandler.b64EncSignatureValue 
    82              
    83         try: 
     106        try:     
    84107            self.signatureHandler.sign(sw) 
    85108        except Exception, e: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/AttributeAuthority_services_server.py

    r4513 r4521  
    9292        </xsd:complexType> 
    9393      </xsd:element> 
    94  
    95       <xsd:element name=\"getX509Cert\"> 
    96         <xsd:complexType/> 
    97       </xsd:element> 
    98        
    99       <xsd:element name=\"getX509CertResponse\"> 
    100         <xsd:complexType> 
    101           <xsd:sequence> 
    102             <xsd:element maxOccurs=\"1\" minOccurs=\"1\" name=\"x509Cert\" type=\"xsd:string\"/> 
    103           </xsd:sequence> 
    104         </xsd:complexType> 
    105       </xsd:element> 
    106  
    10794    </xsd:schema> 
    10895  </wsdl:types> 
     
    140127  </wsdl:message> 
    141128 
    142   <wsdl:message name=\"getX509CertInputMsg\"> 
    143     <wsdl:part element=\"tns:getX509Cert\" name=\"parameters\"/> 
    144   </wsdl:message> 
    145  
    146   <wsdl:message name=\"getX509CertOutputMsg\"> 
    147     <wsdl:part element=\"tns:getX509CertResponse\" name=\"parameters\"/> 
    148   </wsdl:message> 
    149  
    150129  <wsdl:portType name=\"AttributeAuthority\"> 
    151130    <wsdl:operation name=\"getAttCert\"> 
     
    169148    </wsdl:operation> 
    170149 
    171     <wsdl:operation name=\"getX509Cert\"> 
    172       <wsdl:input message=\"tns:getX509CertInputMsg\"/> 
    173       <wsdl:output message=\"tns:getX509CertOutputMsg\"/> 
    174     </wsdl:operation> 
    175150  </wsdl:portType> 
    176151 
     
    217192      </wsdl:output>  
    218193    </wsdl:operation> 
    219  
    220     <wsdl:operation name=\"getX509Cert\"> 
    221       <soap:operation soapAction=\"getX509Cert\"/> 
    222       <wsdl:input> 
    223         <soap:body use=\"literal\"/> 
    224       </wsdl:input> 
    225       <wsdl:output> 
    226         <soap:body use=\"literal\"/> 
    227       </wsdl:output>  
    228     </wsdl:operation>     
    229    
    230194  </wsdl:binding> 
    231195 
     
    325289    root[(getAllHostsInfoInputMsg.typecode.nspname,getAllHostsInfoInputMsg.typecode.pname)] = 'soap_getAllHostsInfo' 
    326290 
    327     def soap_getX509Cert(self, ps): 
    328         self.request = ps.Parse(getX509CertInputMsg.typecode) 
    329  
    330         # If we have an implementation object use it 
    331         if hasattr(self,'impl'): 
    332             parameters = self.impl.getX509Cert() 
    333  
    334         result = getX509CertOutputMsg() 
    335         # If we have an implementation object, copy the result  
    336         if hasattr(self,'impl'): 
    337             result._x509Cert = parameters 
    338         return result 
    339  
    340     soapAction['getX509Cert'] = 'soap_getX509Cert' 
    341     root[(getX509CertInputMsg.typecode.nspname,getX509CertInputMsg.typecode.pname)] = 'soap_getX509Cert' 
    342  
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority/__init__.py

    r4513 r4521  
    2020        getHostInfoInputMsg, getHostInfoOutputMsg, \ 
    2121        getTrustedHostInfoInputMsg, getTrustedHostInfoOutputMsg, \ 
    22         getAllHostsInfoInputMsg, getAllHostsInfoOutputMsg, \ 
    23         getX509CertInputMsg, getX509CertOutputMsg 
     22        getAllHostsInfoInputMsg, getAllHostsInfoOutputMsg 
    2423     
    25 from ndg.security.server.zsi.attributeauthority.AttributeAuthority_services_server \ 
     24from \ 
     25ndg.security.server.zsi.attributeauthority.AttributeAuthority_services_server \ 
    2626    import AttributeAuthorityService as _AttributeAuthorityService 
    2727 
     
    4444            import pdb 
    4545            pdb.set_trace() 
     46             
     47        # Extract local WS-Security signature verification filter 
     48        self.wsseSignatureVerificationFilterID = kw.pop( 
     49                                        'wsseSignatureVerificationFilterID',  
     50                                        None) 
    4651          
    4752        # Initialise Attribute Authority class - property file will be 
     
    6873        # on whether a reference to the signature filter was set in the  
    6974        # environment 
    70         signatureFilter = \ 
    71             self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01') 
     75        signatureFilter = self.referencedWSGIFilters.get( 
     76                                        self.wsseSignatureVerificationFilterID) 
    7277        if signatureFilter is not None: 
    7378            # Get certificate corresponding to private key that signed the 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/sessionmanager/__init__.py

    r4520 r4521  
    4949                                                 None) 
    5050         
     51        # ... and WS-Security signature verification filter 
     52        self.wsseSignatureVerificationFilterID = kw.pop( 
     53                                        'wsseSignatureVerificationFilterID',  
     54                                        None) 
     55         
    5156        # Initialise Attribute Authority class - property file will be 
    5257        # picked up from default location under $NDG_DIR directory 
     
    101106        # on whether a reference to the signature filter was set in the  
    102107        # environment 
    103         signatureFilter = \ 
    104             self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01') 
     108        signatureFilter = self.referencedWSGIFilters.get( 
     109                                        self.wsseSignatureVerificationFilterID) 
    105110        if signatureFilter is not None: 
    106111            # Get certificate corresponding to private key that signed the 
     
    157162        # on whether a reference to the signature filter was set in the  
    158163        # environment 
    159         signatureFilter = \ 
    160             self.referencedWSGIFilters.get('wsseSignatureVerificationFilter01') 
     164        signatureFilter = self.referencedWSGIFilters.get( 
     165                                        self.wsseSignatureVerificationFilterID) 
    161166        if signatureFilter is not None: 
    162167            # Get certificate corresponding to private key that signed the 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4520 r4521  
    1919from ndg.security.server.wsgi.utils.sessionmanagerclient import \ 
    2020    WSGISessionManagerClient 
     21from ndg.security.server.wsgi.utils.attributeauthorityclient import \ 
     22    WSGIAttributeAuthorityClient 
    2123 
    2224 
     
    4345            return True 
    4446 
    45 class InfoApp(object): 
     47class CombinedServicesWSGI(object): 
    4648    method = { 
    47         "/": 'default', 
    48         "/test_connect": "test_connect", 
    49         "/test_getSessionStatus": "test_getSessionStatus", 
    50         "/test_disconnect": "test_disconnect", 
    51         "/test_getAttCert": "test_getAttCert" 
     49"/": 'default', 
     50"/test_localSessionManagerConnect": "test_localSessionManagerConnect", 
     51"/test_localSessionManagerGetSessionStatus": "test_localSessionManagerGetSessionStatus", 
     52"/test_localSessionManagerDisconnect": "test_localSessionManagerDisconnect", 
     53"/test_localSessionManagerGetAttCert": "test_localSessionManagerGetAttCert", 
     54"/test_localAttributeAuthorityGetHostInfo": "test_localAttributeAuthorityGetHostInfo", 
     55"/test_localAttributeAuthorityGetTrustedHostInfo": "test_localAttributeAuthorityGetTrustedHostInfo", 
     56"/test_localAttributeAuthorityGetAllHostsInfo": "test_localAttributeAuthorityGetAllHostsInfo", 
     57"/test_localAttributeAuthorityGetAttCert": "test_localAttributeAuthorityGetAttCert" 
    5258    } 
    5359    httpBasicAuthentication = HTTPBasicAuthentication() 
     
    6874 
    6975    @authorize(httpBasicAuthentication._userIn) 
    70     def test_connect(self, environ, start_response): 
     76    def test_localSessionManagerConnect(self, environ, start_response): 
    7177        start_response('200 OK', [('Content-type', 'text/plain')]) 
    72         return "test_connect succeeded" 
     78        return "test_localSessionManagerConnect succeeded" 
    7379         
    7480    @authorize(httpBasicAuthentication._userIn) 
    75     def test_getSessionStatus(self, environ, start_response): 
     81    def test_localSessionManagerGetSessionStatus(self, environ,start_response): 
    7682        client = WSGISessionManagerClient(environ=environ) 
    7783        stat=client.getSessionStatus(sessID=environ[client.environKey+'.user']) 
    7884        start_response('200 OK', [('Content-type', 'text/xml')]) 
    79         return "test_getSessionStatus succeeded. Response = %s" % stat 
     85        return ("test_localSessionManagerGetSessionStatus succeeded. Response " 
     86                "= %s" % stat) 
    8087 
    8188    @authorize(httpBasicAuthentication._userIn) 
    82     def test_disconnect(self, environ, start_response): 
     89    def test_localSessionManagerDisconnect(self, environ, start_response): 
    8390        client = WSGISessionManagerClient(environ=environ) 
    8491        client.disconnect(sessID=environ[client.environKey+'.user']) 
    8592         
    8693        # Re-initialise user authentication 
    87         InfoApp.httpBasicAuthentication._userIn.users = [] 
     94        CombinedServicesWSGI.httpBasicAuthentication._userIn.users = [] 
    8895        start_response('200 OK', [('Content-type', 'text/plain')]) 
    89         return "test_disconnect succeeded." 
     96        return "test_localSessionManagerDisconnect succeeded." 
    9097 
    9198    @authorize(httpBasicAuthentication._userIn) 
    92     def test_getAttCert(self, environ, start_response): 
     99    def test_localSessionManagerGetAttCert(self, environ, start_response): 
    93100        client = WSGISessionManagerClient(environ=environ) 
    94101        attCert = client.getAttCert(sessID=environ[client.environKey+'.user']) 
    95102        start_response('200 OK', [('Content-type', 'text/xml')]) 
    96103        return str(attCert) 
     104 
     105    def test_localAttributeAuthorityGetHostInfo(self, environ, start_response): 
     106        client = WSGIAttributeAuthorityClient(environ=environ) 
     107        hostInfo = client.getHostInfo() 
     108        start_response('200 OK', [('Content-type', 'text/html')]) 
     109        return ("test_localAttributeAuthorityGetHostInfo succeeded. Response " 
     110                "= %s" % hostInfo) 
     111 
     112    def test_localAttributeAuthorityGetTrustedHostInfo(self,  
     113                                                       environ,  
     114                                                       start_response): 
     115        client = WSGIAttributeAuthorityClient(environ=environ) 
     116        role = environ.get('QUERY_STRING', '').split('=')[-1] or None 
     117        hostInfo = client.getTrustedHostInfo(role=role) 
     118        start_response('200 OK', [('Content-type', 'text/html')]) 
     119        return ("test_localAttributeAuthorityGetTrustedHostInfo succeeded. " 
     120                "Response = %s" % hostInfo) 
     121 
     122    def test_localAttributeAuthorityGetAllHostsInfo(self,  
     123                                                    environ,  
     124                                                    start_response): 
     125        client = WSGIAttributeAuthorityClient(environ=environ) 
     126        hostInfo = client.getAllHostsInfo() 
     127        start_response('200 OK', [('Content-type', 'text/html')]) 
     128        return ("test_localAttributeAuthorityGetAllHostsInfo succeeded. " 
     129                "Response = %s" % hostInfo) 
     130 
     131    @authorize(httpBasicAuthentication._userIn) 
     132    def test_localAttributeAuthorityGetAttCert(self, environ, start_response): 
     133         
     134        client = WSGIAttributeAuthorityClient(environ=environ) 
     135        username=CombinedServicesWSGI.httpBasicAuthentication._userIn.users[-1] 
     136         
     137        attCert = client.getAttCert(userId=username) 
     138        start_response('200 OK', [('Content-type', 'text/xml')]) 
     139        return str(attCert) 
     140         
    97141         
    98142def app_factory(global_config, **local_conf): 
    99     return InfoApp() 
     143    return CombinedServicesWSGI() 
    100144 
    101145 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4520 r4521  
    55# * Session Manager 
    66# * Attribute Authority 
    7 # * OpenID Provider 
    87# 
    98# The %(here)s variable will be replaced with the parent directory of this file 
     
    1817 
    1918[DEFAULT] 
    20 # WS-Security settings in THIS file 
    21 wsseCfgFilePath = %(here)s/services.ini 
    22 wsseCfgFileSection = WS-Security 
     19# Settings for WS-Security signature handler 
     20#wsseCfgFilePath = %(here)s/services.ini 
     21#wsseCfgFileSection = WS-Security 
    2322 
    2423#______________________________________________________________________________ 
     
    156155pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter SessionManagerFilter wsseSignatureFilter httpBasicAuthFilter mainApp 
    157156 
    158  
     157#______________________________________________________________________________ 
     158# Attribute Authority WSGI settings 
     159# 
    159160[filter:AttributeAuthorityFilter] 
     161# This filter is a container for a binding to a SOAP based interface to the 
     162# Attribute Authority 
    160163paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     164 
     165# Use this ZSI generated SOAP service interface class to handle i/o for this 
     166# filter 
    161167ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS 
     168 
     169# SOAP Binding Class specific keywords are in this section identified by this 
     170# prefix: 
    162171ServiceSOAPBindingPropPrefix = AttributeAuthority 
     172 
     173# The AttributeAuthority class has settings in the default section above  
     174# identified by this prefix: 
    163175AttributeAuthority.propPrefix = attributeAuthority 
    164176AttributeAuthority.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    165 referencedFilters = wsseSignatureVerificationFilter01 
     177 
     178# Provide an identifier for this filter so that main WSGI app  
     179# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
     180# directly 
     181referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     182 
     183# Path from URL for Attribute Authority in this Paste deployment 
    166184path = /AttributeAuthority 
     185 
     186# Enable ?wsdl query argument to list the WSDL content 
    167187enableWSDLQuery = True 
    168188charset = utf-8 
    169189filterID = ndg.security.server.wsgi.attributeAuthorityFilter 
    170190 
     191#______________________________________________________________________________ 
     192# Session Manager WSGI settings 
     193# 
    171194[filter:SessionManagerFilter] 
     195# This filter is a container for a binding to a SOAP based interface to the 
     196# Session Manager 
    172197paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     198 
     199# Use this ZSI generated SOAP service interface class to handle i/o for this 
     200# filter 
    173201ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
     202 
     203# SOAP Binding Class specific keywords are in this section identified by this 
     204# prefix: 
    174205ServiceSOAPBindingPropPrefix = SessionManager 
     206 
     207# The SessionManager class has settings in the default section above identified 
     208# by this prefix: 
    175209SessionManager.propPrefix = sessionManager 
    176210SessionManager.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    177 SessionManager.attributeAuthorityFilterID = attributeAuthorityFilter 
    178 referencedFilters = wsseSignatureVerificationFilter01 attributeAuthorityFilter 
     211 
     212# This filter references other filters - a local Attribute Authority (optional) 
     213# and a WS-Security signature verification filter (required if using signature 
     214# to authenticate user in requests 
     215SessionManager.attributeAuthorityFilterID = ndg.security.server.wsgi.attributeAuthorityFilter 
     216SessionManager.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     217 
     218# The SessionManagerWS SOAP interface class needs to know about these other  
     219# filters 
     220referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 ndg.security.server.wsgi.attributeAuthorityFilter 
     221 
     222# Path from URL for Session Manager in this Paste deployment 
    179223path = /SessionManager 
     224 
     225# Enable ?wsdl query argument to list the WSDL content 
    180226enableWSDLQuery = True 
    181227charset = utf-8 
     228 
     229# Provide an identifier for this filter so that main WSGI app  
     230# CombinedServicesWSGI can call this Session Manager directly 
    182231filterID = ndg.security.server.wsgi.sessionManagerFilter 
    183232 
     233#______________________________________________________________________________ 
     234# WS-Security Signature Verification 
    184235[filter:wsseSignatureVerificationFilter] 
    185236paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    186 filterID = wsseSignatureVerificationFilter01 
    187  
     237filterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     238 
     239# Settings for WS-Security SignatureHandler class used by this filter 
     240wsseCfgFilePath = %(here)s/services.ini 
     241wsseCfgFileSection = WS-Security 
     242 
     243#______________________________________________________________________________ 
     244# Apply WS-Security Signature  
    188245[filter:wsseSignatureFilter] 
    189246paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
     
    191248# Reference the verification filter in order to be able to apply signature 
    192249# confirmation 
    193 referencedFilters = wsseSignatureVerificationFilter01 
     250referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     251wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
    194252 
    195253# Last filter in chain SOAP handlers writes the response 
    196254writeResponse = True 
    197255 
     256# Settings for WS-Security SignatureHandler class used by this filter 
     257wsseCfgFilePath = %(here)s/services.ini 
     258wsseCfgFileSection = WS-Security 
     259 
     260#______________________________________________________________________________ 
     261# Apply HTTP Basic Authentication using AuthKit to enable a convenient no SOAP 
     262# based call to Session Manager connect method 
    198263[filter:httpBasicAuthFilter] 
    199264paste.filter_app_factory = authkit.authenticate:middleware 
    200265setup_method=basic 
    201 basic_realm=Test Realm 
    202 basic_authenticate_function=ndg.security.test.combinedservices.serverapp:InfoApp.httpBasicAuthentication 
    203  
    204  
     266basic_realm=NDG Security Combined Services Tests 
     267basic_authenticate_function=ndg.security.test.combinedservices.serverapp:CombinedServicesWSGI.httpBasicAuthentication 
     268 
     269 
     270#______________________________________________________________________________ 
     271# Common WS-Security settings for wsseSignatureFilter and  
     272# wsseSignatureVerificationFilter 
    205273[WS-Security] 
    206274# 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

    r4520 r4521  
    1010# $Id:$ 
    1111[setUp] 
    12 uri = http://localhost:8000/SessionManager 
     12uri = http://localhost:7999/SessionManager 
    1313 
    1414# For https connections only.  !Omit ssl* settings if using http! 
     
    2121sslCACertFilePathList = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
    2222 
    23 [test01Connect]  
     23[test01Connect] 
    2424username = testuser 
    2525passphrase = testpassword 
     
    3636aaURI = http://localhost:8000/AttributeAuthority 
    3737 
    38 [test09WSGILocalInstanceConnect] 
    39 url = http://localhost:8000/test_connect 
     38[test09WSGILocalSessionManagerInstanceConnect] 
     39url = http://localhost:8000/test_localSessionManagerConnect 
    4040username = testuser 
    4141passphrase = testpassword 
    4242 
    43 [test10WSGILocalInstanceGetSessionStatus] 
    44 url = http://localhost:8000/test_getSessionStatus 
     43[test10WSGILocalSessionManagerInstanceGetSessionStatus] 
     44url = http://localhost:8000/test_localSessionManagerGetSessionStatus 
    4545username = testuser 
    4646passphrase = testpassword 
    4747 
    48 [test11WSGILocalInstanceDisconnect] 
    49 url = http://localhost:8000/test_disconnect 
     48[test11WSGILocalSessionManagerInstanceDisconnect] 
     49url = http://localhost:8000/test_localSessionManagerDisconnect 
    5050username = testuser 
    5151passphrase = testpassword 
    5252 
    53 [test12WSGILocalInstanceGetAttCert] 
    54 url = http://localhost:8000/test_getAttCert 
     53[test12WSGILocalSessionManagerInstanceGetAttCert] 
     54url = http://localhost:8000/test_localSessionManagerGetAttCert 
     55username = testuser 
     56passphrase = testpassword 
     57 
     58[test13WSGILocalAttributeAuthorityInstanceGetHostInfo] 
     59url = http://localhost:8000/test_localAttributeAuthorityGetHostInfo 
     60 
     61[test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo] 
     62url = http://localhost:8000/test_localAttributeAuthorityGetTrustedHostInfo 
     63role = postgrad 
     64 
     65[test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo] 
     66url = http://localhost:8000/test_localAttributeAuthorityGetAllHostsInfo 
     67 
     68[test16WSGILocalAttributeAuthorityInstanceGetAttCert] 
     69url = http://localhost:8000/test_localAttributeAuthorityGetAttCert 
    5570username = testuser 
    5671passphrase = testpassword 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

    r4520 r4521  
    6464        return signingCertChain 
    6565 
    66     def _httpBasicAuthReq(self, url, username, password): 
     66    def _httpBasicAuthReq(self, *args): 
    6767        """Utility for making a client request to the WSGI test application 
    6868        using HTTP Basic Authentication""" 
    69         req = urllib2.Request(url) 
    70         base64String = base64.encodestring('%s:%s' % (username, password))[:-1] 
    71         authHeader =  "Basic %s" % base64String 
    72         req.add_header("Authorization", authHeader) 
     69        req = urllib2.Request(args[0]) 
     70         
     71        # username and password are optional args 2 and 3 
     72        if len(args) == 3: 
     73            base64String = base64.encodestring('%s:%s'%(args[1:]))[:-1] 
     74            authHeader =  "Basic %s" % base64String 
     75            req.add_header("Authorization", authHeader) 
     76             
    7377        handle = urllib2.urlopen(req) 
    7478             
     
    114118         
    115119 
    116 #    def test01Connect(self): 
    117 #        """test01Connect: Connect as if acting as a browser client -  
    118 #        a session ID is returned""" 
    119 #         
    120 #        username = self.cfg['test01Connect']['username'] 
    121 #         
    122 #        if CombinedServicesTestCase.test01Passphrase is None: 
    123 #            CombinedServicesTestCase.test01Passphrase = \ 
    124 #                                    self.cfg['test01Connect'].get('passphrase') 
    125 #         
    126 #        if not CombinedServicesTestCase.test01Passphrase: 
    127 #            CombinedServicesTestCase.test01Passphrase = getpass.getpass(\ 
    128 #                prompt="\ntest01Connect pass-phrase for user %s: " % username) 
    129 # 
    130 #        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
    131 #            self.clnt.connect(self.cfg['test01Connect']['username'],  
    132 #                    passphrase=CombinedServicesTestCase.test01Passphrase) 
    133 # 
    134 #        print("User '%s' connected to Session Manager:\n%s" % (username,  
    135 #                                                               self.sessID)) 
    136 #             
    137 #             
    138 #    def test02GetSessionStatus(self): 
    139 #        """test02GetSessionStatus: check a session is alive""" 
    140 #        print "\n\t" + self.test02GetSessionStatus.__doc__ 
    141 #         
    142 #        self.test01Connect() 
    143 #        assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead" 
    144 #                 
    145 #        print("User connected to Session Manager with sessID=%s" % self.sessID) 
    146 # 
    147 #        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
    148 #                                                "sessID=abc shouldn't exist!" 
    149 #             
    150 #        print "CORRECT: sessID=abc doesn't exist" 
    151 # 
    152 # 
    153 #    def test03ConnectNoCreateServerSess(self): 
    154 #        """test03ConnectNoCreateServerSess: Connect without creating a session -  
    155 #        sessID should be None.  This only indicates that the username/password 
    156 #        are correct.  To be of practical use the AuthNService plugin at 
    157 #        the Session Manager needs to return X.509 credentials e.g. 
    158 #        with MyProxy plugin.""" 
    159 # 
    160 #        username = self.cfg['test03ConnectNoCreateServerSess']['username'] 
    161 #         
    162 #        if CombinedServicesTestCase.test03Passphrase is None: 
    163 #            CombinedServicesTestCase.test03Passphrase = \ 
    164 #                self.cfg['test03ConnectNoCreateServerSess'].get('passphrase') 
    165 #                 
    166 #        if not CombinedServicesTestCase.test03Passphrase: 
    167 #            prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: " 
    168 #            CombinedServicesTestCase.test03Passphrase = getpass.getpass(\ 
    169 #                                                    prompt=prompt % username) 
    170 #             
    171 #        userX509Cert, userPriKey,issuingCert, sessID = \ 
    172 #            self.clnt.connect(username,  
    173 #                      passphrase=CombinedServicesTestCase.test03Passphrase, 
    174 #                      createServerSess=False) 
    175 #         
    176 #        # Expect null session ID 
    177 #        assert(not sessID) 
    178 #           
    179 #        print("Successfully authenticated") 
    180 #             
    181 # 
    182 #    def test04DisconnectWithSessID(self): 
    183 #        """test04DisconnectWithSessID: disconnect as if acting as a browser  
    184 #        client  
    185 #        """ 
    186 #         
    187 #        print "\n\t" + self.test04DisconnectWithSessID.__doc__ 
    188 #        self.test01Connect() 
    189 #         
    190 #        self.clnt.disconnect(sessID=self.sessID) 
    191 #         
    192 #        print("User disconnected from Session Manager:\n%s" % self.sessID) 
    193 #             
    194 # 
    195 #    def test05DisconnectWithUserX509Cert(self): 
    196 #        """test05DisconnectWithUserX509Cert: Disconnect as a command line client  
    197 #        """ 
    198 #         
    199 #        print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__ 
    200 #        self.test01Connect() 
    201 #         
    202 #        # Use user cert / private key just obtained from connect call for 
    203 #        # signature generation 
    204 #        if self.issuingCert: 
    205 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    206 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    207 #            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    208 #                                                           self.userX509Cert) 
    209 #            self.clnt.signatureHandler.signingCert = None 
    210 #        else: 
    211 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
    212 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    213 #                CombinedServicesTestCase.test01Passphrase 
    214 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    215 #            self.clnt.signatureHandler.signingCertChain = () 
    216 #            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    217 #             
    218 #        # user X.509 cert in signature determines ID of session to delete 
    219 #        self.clnt.disconnect() 
    220 #        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
    221 # 
    222 # 
    223 #    def test06GetAttCertWithSessID(self): 
    224 #        """test06GetAttCertWithSessID: make an attribute request using 
    225 #        a session ID as authentication credential""" 
    226 # 
    227 #        print "\n\t" + self.test06GetAttCertWithSessID.__doc__ 
    228 #        thisSection = self.cfg['test06GetAttCertWithSessID']       
    229 #        self.test01Connect() 
    230 #         
    231 #        attCert = self.clnt.getAttCert(sessID=self.sessID,  
    232 #                                       attAuthorityURI=thisSection['aaURI']) 
    233 #         
    234 #        print "Attribute Certificate:\n%s" % attCert  
    235 #        attCert.filePath = xpdVars(thisSection['acOutFilePath'])  
    236 #        attCert.write()  
    237 # 
    238 # 
    239 #    def test07GetAttCertWithUserX509Cert(self): 
    240 #        """test07GetAttCertWithUserX509Cert: make an attribute request using 
    241 #        a user cert as authentication credential""" 
    242 #        print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__ 
    243 #        self.test01Connect() 
    244 # 
    245 #        if self.issuingCert: 
    246 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    247 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    248 #                                CombinedServicesTestCase.test01Passphrase 
    249 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    250 #            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    251 #                                                           self.userX509Cert) 
    252 #            self.clnt.signatureHandler.signingCert = None 
    253 #        else: 
    254 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
    255 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    256 #                                CombinedServicesTestCase.test01Passphrase 
    257 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    258 #            self.clnt.signatureHandler.signingCertChain = () 
    259 #            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    260 #         
    261 #        # Request an attribute certificate from an Attribute Authority  
    262 #        # using the userX509Cert returned from connect() 
    263 #         
    264 #        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
    265 #        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    266 #           
    267 #        print("Attribute Certificate:\n%s" % attCert)   
    268 # 
    269 # 
    270 #    def test08GetAttCertFromLocalAttributeAuthority(self): 
    271 #        """test08GetAttCertFromLocalAttributeAuthority: query the Attribute 
    272 #        Authority running in the same server instance as the Session Manager""" 
    273 # 
    274 #        print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__ 
    275 #        self.test01Connect() 
    276 #         
    277 #        attCert = self.clnt.getAttCert(sessID=self.sessID) 
    278 #         
    279 #        print "Attribute Certificate:\n%s" % attCert  
    280  
    281  
    282     def test09WSGILocalInstanceConnect(self): 
    283         """test09WSGILocalInstanceConnect: test a WSGI app calling a Session 
    284         Manager WSGI local instance""" 
    285          
    286         # Make a client connection to the WSGI app - authenticate with WSGI 
    287         # basic auth 
    288         thisSection = self.cfg['test09WSGILocalInstanceConnect'] 
     120    def test01Connect(self): 
     121        """test01Connect: Connect as if acting as a browser client -  
     122        a session ID is returned""" 
     123         
     124        username = self.cfg['test01Connect']['username'] 
     125         
     126        if CombinedServicesTestCase.test01Passphrase is None: 
     127            CombinedServicesTestCase.test01Passphrase = \ 
     128                                    self.cfg['test01Connect'].get('passphrase') 
     129         
     130        if not CombinedServicesTestCase.test01Passphrase: 
     131            CombinedServicesTestCase.test01Passphrase = getpass.getpass(\ 
     132                prompt="\ntest01Connect pass-phrase for user %s: " % username) 
     133 
     134        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
     135            self.clnt.connect(self.cfg['test01Connect']['username'],  
     136                    passphrase=CombinedServicesTestCase.test01Passphrase) 
     137 
     138        print("User '%s' connected to Session Manager:\n%s" % (username,  
     139                                                               self.sessID)) 
     140             
     141             
     142    def test02GetSessionStatus(self): 
     143        """test02GetSessionStatus: check a session is alive""" 
     144        print "\n\t" + self.test02GetSessionStatus.__doc__ 
     145         
     146        self.test01Connect() 
     147        assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead" 
     148                 
     149        print("User connected to Session Manager with sessID=%s" % self.sessID) 
     150 
     151        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
     152                                                "sessID=abc shouldn't exist!" 
     153             
     154        print "CORRECT: sessID=abc doesn't exist" 
     155 
     156 
     157    def test03ConnectNoCreateServerSess(self): 
     158        """test03ConnectNoCreateServerSess: Connect without creating a session -  
     159        sessID should be None.  This only indicates that the username/password 
     160        are correct.  To be of practical use the AuthNService plugin at 
     161        the Session Manager needs to return X.509 credentials e.g. 
     162        with MyProxy plugin.""" 
     163 
     164        username = self.cfg['test03ConnectNoCreateServerSess']['username'] 
     165         
     166        if CombinedServicesTestCase.test03Passphrase is None: 
     167            CombinedServicesTestCase.test03Passphrase = \ 
     168                self.cfg['test03ConnectNoCreateServerSess'].get('passphrase') 
     169                 
     170        if not CombinedServicesTestCase.test03Passphrase: 
     171            prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: " 
     172            CombinedServicesTestCase.test03Passphrase = getpass.getpass(\ 
     173                                                    prompt=prompt % username) 
     174             
     175        userX509Cert, userPriKey,issuingCert, sessID = \ 
     176            self.clnt.connect(username,  
     177                      passphrase=CombinedServicesTestCase.test03Passphrase, 
     178                      createServerSess=False) 
     179         
     180        # Expect null session ID 
     181        assert(not sessID) 
     182           
     183        print("Successfully authenticated") 
     184             
     185 
     186    def test04DisconnectWithSessID(self): 
     187        """test04DisconnectWithSessID: disconnect as if acting as a browser  
     188        client  
     189        """ 
     190         
     191        print "\n\t" + self.test04DisconnectWithSessID.__doc__ 
     192        self.test01Connect() 
     193         
     194        self.clnt.disconnect(sessID=self.sessID) 
     195         
     196        print("User disconnected from Session Manager:\n%s" % self.sessID) 
     197             
     198 
     199    def test05DisconnectWithUserX509Cert(self): 
     200        """test05DisconnectWithUserX509Cert: Disconnect as a command line client  
     201        """ 
     202         
     203        print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__ 
     204        self.test01Connect() 
     205         
     206        # Use user cert / private key just obtained from connect call for 
     207        # signature generation 
     208        if self.issuingCert: 
     209            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     210            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     211            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     212                                                           self.userX509Cert) 
     213            self.clnt.signatureHandler.signingCert = None 
     214        else: 
     215            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     216            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     217                CombinedServicesTestCase.test01Passphrase 
     218            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     219            self.clnt.signatureHandler.signingCertChain = () 
     220            self.clnt.signatureHandler.signingCert = self.userX509Cert 
     221             
     222        # user X.509 cert in signature determines ID of session to delete 
     223        self.clnt.disconnect() 
     224        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
     225 
     226 
     227    def test06GetAttCertWithSessID(self): 
     228        """test06GetAttCertWithSessID: make an attribute request using 
     229        a session ID as authentication credential""" 
     230 
     231        print "\n\t" + self.test06GetAttCertWithSessID.__doc__ 
     232        thisSection = self.cfg['test06GetAttCertWithSessID']       
     233        self.test01Connect() 
     234         
     235        attCert = self.clnt.getAttCert(sessID=self.sessID,  
     236                                       attAuthorityURI=thisSection['aaURI']) 
     237         
     238        print "Attribute Certificate:\n%s" % attCert  
     239        attCert.filePath = xpdVars(thisSection['acOutFilePath'])  
     240        attCert.write()  
     241 
     242 
     243    def test07GetAttCertWithUserX509Cert(self): 
     244        """test07GetAttCertWithUserX509Cert: make an attribute request using 
     245        a user cert as authentication credential""" 
     246        print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__ 
     247        self.test01Connect() 
     248 
     249        if self.issuingCert: 
     250            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     251            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     252                                CombinedServicesTestCase.test01Passphrase 
     253            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     254            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     255                                                           self.userX509Cert) 
     256            self.clnt.signatureHandler.signingCert = None 
     257        else: 
     258            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     259            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     260                                CombinedServicesTestCase.test01Passphrase 
     261            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     262            self.clnt.signatureHandler.signingCertChain = () 
     263            self.clnt.signatureHandler.signingCert = self.userX509Cert 
     264         
     265        # Request an attribute certificate from an Attribute Authority  
     266        # using the userX509Cert returned from connect() 
     267         
     268        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
     269        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
     270           
     271        print("Attribute Certificate:\n%s" % attCert)   
     272 
     273 
     274    def test08GetAttCertFromLocalAttributeAuthority(self): 
     275        """test08GetAttCertFromLocalAttributeAuthority: query the Attribute 
     276        Authority running in the same server instance as the Session Manager""" 
     277 
     278        print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__ 
     279        self.test01Connect() 
     280         
     281        attCert = self.clnt.getAttCert(sessID=self.sessID) 
     282         
     283        print "Attribute Certificate:\n%s" % attCert  
     284 
     285 
     286    def test09WSGILocalSessionManagerInstanceConnect(self): 
     287        """test09WSGILocalSessionManagerInstanceConnect: test a WSGI app  
     288        calling a Session Manager WSGI instance local to the server""" 
     289         
     290        # Make a client connection to the WSGI app - authenticate with WSGI 
     291        # basic auth.  The WSGI app calls a Session Manager WSGI running in 
     292        # the same code stack 
     293        thisSection = self.cfg['test09WSGILocalSessionManagerInstanceConnect'] 
    289294        url = thisSection['url'] 
    290295        username = thisSection['username'] 
     
    294299 
    295300 
    296     def test10WSGILocalInstanceGetSessionStatus(self): 
    297         """test10WSGILocalInstanceGetSessionStatus: test a WSGI app calling a  
    298         Session Manager WSGI local instance""" 
    299          
    300         # Make a client connection to the WSGI app - authenticate with WSGI 
    301         # basic auth 
    302         thisSection = self.cfg['test10WSGILocalInstanceGetSessionStatus'] 
     301    def test10WSGILocalSessionManagerInstanceGetSessionStatus(self): 
     302        """test10WSGILocalSessionManagerInstanceGetSessionStatus: test a WSGI  
     303        app calling a Session Manager WSGI instance local to the server""" 
     304         
     305        # Make a client connection to the WSGI app - authenticate with WSGI 
     306        # basic auth 
     307        thisSection = self.cfg[ 
     308                    'test10WSGILocalSessionManagerInstanceGetSessionStatus'] 
    303309        url = thisSection['url'] 
    304310        username = thisSection['username'] 
     
    308314 
    309315 
    310     def test11WSGILocalInstanceDisconnect(self): 
    311         """test11WSGILocalInstanceDisconnect: test a WSGI app calling a  
    312         Session Manager WSGI local instance""" 
    313          
    314         # Make a client connection to the WSGI app - authenticate with WSGI 
    315         # basic auth 
    316         thisSection = self.cfg['test11WSGILocalInstanceDisconnect'] 
     316    def test11WSGILocalSessionManagerInstanceDisconnect(self): 
     317        """test11WSGILocalSessionManagerInstanceDisconnect: test a WSGI app  
     318        calling a Session Manager WSGI instance local to the server""" 
     319         
     320        # Make a client connection to the WSGI app - authenticate with WSGI 
     321        # basic auth 
     322        thisSection=self.cfg['test11WSGILocalSessionManagerInstanceDisconnect'] 
    317323        url = thisSection['url'] 
    318324        username = thisSection['username'] 
     
    322328 
    323329 
    324     def test12WSGILocalInstanceGetAttCert(self): 
    325         """test12WSGILocalInstanceGetAttCert: test a WSGI app calling a  
    326         Session Manager WSGI local instance""" 
    327          
    328         # Make a client connection to the WSGI app - authenticate with WSGI 
    329         # basic auth 
    330         thisSection = self.cfg['test12WSGILocalInstanceGetAttCert'] 
    331         url = thisSection['url'] 
    332         username = thisSection['username'] 
    333         password = thisSection['passphrase'] 
     330    def test12WSGILocalSessionManagerInstanceGetAttCert(self): 
     331        """test12WSGILocalSessionManagerInstanceGetAttCert: test a WSGI app  
     332        calling a Session Manager WSGI instance local to the server""" 
     333         
     334        # Make a client connection to the WSGI app - authenticate with WSGI 
     335        # basic auth 
     336        thisSection=self.cfg['test12WSGILocalSessionManagerInstanceGetAttCert'] 
     337        args = (thisSection['url'], thisSection['username'], 
     338                thisSection['passphrase']) 
     339         
    334340        print("WSGI app connecting to local Session Manager instance: %s" % 
    335               self._httpBasicAuthReq(url, username, password))        
    336         
     341              self._httpBasicAuthReq(*args))        
     342         
     343 
     344    def test13WSGILocalAttributeAuthorityInstanceGetHostInfo(self): 
     345        """test13WSGILocalAttributeAuthorityInstanceGetHostInfo: test a WSGI  
     346        app calling a Attribute Authority WSGI instance local to the server""" 
     347         
     348        # Make a client connection to the WSGI app - authenticate with WSGI 
     349        # basic auth 
     350        thisSection = self.cfg[ 
     351                        'test13WSGILocalAttributeAuthorityInstanceGetHostInfo'] 
     352         
     353        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     354              self._httpBasicAuthReq(thisSection['url']))        
     355         
     356 
     357    def test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo(self): 
     358        """test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo: test a  
     359        WSGI app calling a Attribute Authority WSGI instance local to the  
     360        server""" 
     361         
     362        # Make a client connection to the WSGI app - authenticate with WSGI 
     363        # basic auth 
     364        thisSection = self.cfg[ 
     365                'test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo'] 
     366         
     367        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     368            self._httpBasicAuthReq(thisSection['url']+'?'+thisSection['role']))        
     369         
     370 
     371    def test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo(self): 
     372        """test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo: test a  
     373        WSGI app calling a Attribute Authority WSGI instance local to the  
     374        server""" 
     375         
     376        # Make a client connection to the WSGI app - authenticate with WSGI 
     377        # basic auth 
     378        thisSection = self.cfg[ 
     379                    'test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo'] 
     380         
     381        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     382              self._httpBasicAuthReq(thisSection['url']))        
     383 
     384 
     385    def test16WSGILocalAttributeAuthorityInstanceGetAttCert(self): 
     386        """test16WSGILocalAttributeAuthorityInstanceGetAttCert: test a WSGI app  
     387        calling a Attribute Authority WSGI instance local to the server""" 
     388         
     389        # Make a client connection to the WSGI app - authenticate with WSGI 
     390        # basic auth 
     391        thisSection = self.cfg[ 
     392                        'test16WSGILocalAttributeAuthorityInstanceGetAttCert'] 
     393        args = (thisSection['url'], thisSection['username'], 
     394                thisSection['passphrase']) 
     395         
     396        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     397              self._httpBasicAuthReq(*args))         
     398 
     399 
    337400class CombinedServicesTestSuite(unittest.TestSuite): 
    338401     
    339402    def __init__(self): 
    340403        map = map(CombinedServicesTestCase, 
    341                   ( 
    342                     "test01Connect", 
    343                     "test02GetSessionStatus", 
    344                     "test03ConnectNoCreateServerSess", 
    345                     "test04DisconnectWithSessID", 
    346                     "test05DisconnectWithUserX509Cert", 
    347                     "test06GetAttCertWithSessID", 
    348                     "test07GetAttCertWithUserX509Cert", 
    349                     "test08GetAttCertFromLocalAttributeAuthority", 
    350                     "test09WSGILocalInstanceConnect", 
    351                     "test10WSGILocalInstanceGetSessionStatus", 
    352                     "test11WSGILocalInstanceDisconnect" 
    353                   )) 
     404            ( 
     405            "test01Connect", 
     406            "test02GetSessionStatus", 
     407            "test03ConnectNoCreateServerSess", 
     408            "test04DisconnectWithSessID", 
     409            "test05DisconnectWithUserX509Cert", 
     410            "test06GetAttCertWithSessID", 
     411            "test07GetAttCertWithUserX509Cert", 
     412            "test08GetAttCertFromLocalAttributeAuthority", 
     413            "test09WSGILocalSessionManagerInstanceConnect", 
     414            "test10WSGILocalSessionManagerInstanceGetSessionStatus", 
     415            "test11WSGILocalSessionManagerInstanceDisconnect", 
     416            "test12WSGILocalSessionManagerInstanceGetAttCert", 
     417            "test13WSGILocalAttributeAuthorityInstanceGetHostInfo", 
     418            "test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo", 
     419            "test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo" 
     420            )) 
    354421        unittest.TestSuite.__init__(self, map) 
    355422             
Note: See TracChangeset for help on using the changeset viewer.