Ignore:
Timestamp:
02/12/08 14:20:07 (12 years ago)
Author:
pjkersha
Message:

Completed tests running Attribute Authority and Session Manager in the same WSGI stack:

  • ndg.security.server.wsgi.utils.attributeauthorityclient.WSGIAttributeAuthorityClient: completed this class and tested in combinedservices unit tests. This class enables WSGI apps to access an AttributeAuthority? WSGI app running in the same stack or else make a callout to a remote SOAP service.
  • ndg.security.server.wsgi.wssecurity: improved config set-up
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

    r4520 r4521  
    1919from ndg.security.server.wsgi.utils.sessionmanagerclient import \ 
    2020    WSGISessionManagerClient 
     21from ndg.security.server.wsgi.utils.attributeauthorityclient import \ 
     22    WSGIAttributeAuthorityClient 
    2123 
    2224 
     
    4345            return True 
    4446 
    45 class InfoApp(object): 
     47class CombinedServicesWSGI(object): 
    4648    method = { 
    47         "/": 'default', 
    48         "/test_connect": "test_connect", 
    49         "/test_getSessionStatus": "test_getSessionStatus", 
    50         "/test_disconnect": "test_disconnect", 
    51         "/test_getAttCert": "test_getAttCert" 
     49"/": 'default', 
     50"/test_localSessionManagerConnect": "test_localSessionManagerConnect", 
     51"/test_localSessionManagerGetSessionStatus": "test_localSessionManagerGetSessionStatus", 
     52"/test_localSessionManagerDisconnect": "test_localSessionManagerDisconnect", 
     53"/test_localSessionManagerGetAttCert": "test_localSessionManagerGetAttCert", 
     54"/test_localAttributeAuthorityGetHostInfo": "test_localAttributeAuthorityGetHostInfo", 
     55"/test_localAttributeAuthorityGetTrustedHostInfo": "test_localAttributeAuthorityGetTrustedHostInfo", 
     56"/test_localAttributeAuthorityGetAllHostsInfo": "test_localAttributeAuthorityGetAllHostsInfo", 
     57"/test_localAttributeAuthorityGetAttCert": "test_localAttributeAuthorityGetAttCert" 
    5258    } 
    5359    httpBasicAuthentication = HTTPBasicAuthentication() 
     
    6874 
    6975    @authorize(httpBasicAuthentication._userIn) 
    70     def test_connect(self, environ, start_response): 
     76    def test_localSessionManagerConnect(self, environ, start_response): 
    7177        start_response('200 OK', [('Content-type', 'text/plain')]) 
    72         return "test_connect succeeded" 
     78        return "test_localSessionManagerConnect succeeded" 
    7379         
    7480    @authorize(httpBasicAuthentication._userIn) 
    75     def test_getSessionStatus(self, environ, start_response): 
     81    def test_localSessionManagerGetSessionStatus(self, environ,start_response): 
    7682        client = WSGISessionManagerClient(environ=environ) 
    7783        stat=client.getSessionStatus(sessID=environ[client.environKey+'.user']) 
    7884        start_response('200 OK', [('Content-type', 'text/xml')]) 
    79         return "test_getSessionStatus succeeded. Response = %s" % stat 
     85        return ("test_localSessionManagerGetSessionStatus succeeded. Response " 
     86                "= %s" % stat) 
    8087 
    8188    @authorize(httpBasicAuthentication._userIn) 
    82     def test_disconnect(self, environ, start_response): 
     89    def test_localSessionManagerDisconnect(self, environ, start_response): 
    8390        client = WSGISessionManagerClient(environ=environ) 
    8491        client.disconnect(sessID=environ[client.environKey+'.user']) 
    8592         
    8693        # Re-initialise user authentication 
    87         InfoApp.httpBasicAuthentication._userIn.users = [] 
     94        CombinedServicesWSGI.httpBasicAuthentication._userIn.users = [] 
    8895        start_response('200 OK', [('Content-type', 'text/plain')]) 
    89         return "test_disconnect succeeded." 
     96        return "test_localSessionManagerDisconnect succeeded." 
    9097 
    9198    @authorize(httpBasicAuthentication._userIn) 
    92     def test_getAttCert(self, environ, start_response): 
     99    def test_localSessionManagerGetAttCert(self, environ, start_response): 
    93100        client = WSGISessionManagerClient(environ=environ) 
    94101        attCert = client.getAttCert(sessID=environ[client.environKey+'.user']) 
    95102        start_response('200 OK', [('Content-type', 'text/xml')]) 
    96103        return str(attCert) 
     104 
     105    def test_localAttributeAuthorityGetHostInfo(self, environ, start_response): 
     106        client = WSGIAttributeAuthorityClient(environ=environ) 
     107        hostInfo = client.getHostInfo() 
     108        start_response('200 OK', [('Content-type', 'text/html')]) 
     109        return ("test_localAttributeAuthorityGetHostInfo succeeded. Response " 
     110                "= %s" % hostInfo) 
     111 
     112    def test_localAttributeAuthorityGetTrustedHostInfo(self,  
     113                                                       environ,  
     114                                                       start_response): 
     115        client = WSGIAttributeAuthorityClient(environ=environ) 
     116        role = environ.get('QUERY_STRING', '').split('=')[-1] or None 
     117        hostInfo = client.getTrustedHostInfo(role=role) 
     118        start_response('200 OK', [('Content-type', 'text/html')]) 
     119        return ("test_localAttributeAuthorityGetTrustedHostInfo succeeded. " 
     120                "Response = %s" % hostInfo) 
     121 
     122    def test_localAttributeAuthorityGetAllHostsInfo(self,  
     123                                                    environ,  
     124                                                    start_response): 
     125        client = WSGIAttributeAuthorityClient(environ=environ) 
     126        hostInfo = client.getAllHostsInfo() 
     127        start_response('200 OK', [('Content-type', 'text/html')]) 
     128        return ("test_localAttributeAuthorityGetAllHostsInfo succeeded. " 
     129                "Response = %s" % hostInfo) 
     130 
     131    @authorize(httpBasicAuthentication._userIn) 
     132    def test_localAttributeAuthorityGetAttCert(self, environ, start_response): 
     133         
     134        client = WSGIAttributeAuthorityClient(environ=environ) 
     135        username=CombinedServicesWSGI.httpBasicAuthentication._userIn.users[-1] 
     136         
     137        attCert = client.getAttCert(userId=username) 
     138        start_response('200 OK', [('Content-type', 'text/xml')]) 
     139        return str(attCert) 
     140         
    97141         
    98142def app_factory(global_config, **local_conf): 
    99     return InfoApp() 
     143    return CombinedServicesWSGI() 
    100144 
    101145 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4520 r4521  
    55# * Session Manager 
    66# * Attribute Authority 
    7 # * OpenID Provider 
    87# 
    98# The %(here)s variable will be replaced with the parent directory of this file 
     
    1817 
    1918[DEFAULT] 
    20 # WS-Security settings in THIS file 
    21 wsseCfgFilePath = %(here)s/services.ini 
    22 wsseCfgFileSection = WS-Security 
     19# Settings for WS-Security signature handler 
     20#wsseCfgFilePath = %(here)s/services.ini 
     21#wsseCfgFileSection = WS-Security 
    2322 
    2423#______________________________________________________________________________ 
     
    156155pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter SessionManagerFilter wsseSignatureFilter httpBasicAuthFilter mainApp 
    157156 
    158  
     157#______________________________________________________________________________ 
     158# Attribute Authority WSGI settings 
     159# 
    159160[filter:AttributeAuthorityFilter] 
     161# This filter is a container for a binding to a SOAP based interface to the 
     162# Attribute Authority 
    160163paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     164 
     165# Use this ZSI generated SOAP service interface class to handle i/o for this 
     166# filter 
    161167ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS 
     168 
     169# SOAP Binding Class specific keywords are in this section identified by this 
     170# prefix: 
    162171ServiceSOAPBindingPropPrefix = AttributeAuthority 
     172 
     173# The AttributeAuthority class has settings in the default section above  
     174# identified by this prefix: 
    163175AttributeAuthority.propPrefix = attributeAuthority 
    164176AttributeAuthority.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    165 referencedFilters = wsseSignatureVerificationFilter01 
     177 
     178# Provide an identifier for this filter so that main WSGI app  
     179# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
     180# directly 
     181referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     182 
     183# Path from URL for Attribute Authority in this Paste deployment 
    166184path = /AttributeAuthority 
     185 
     186# Enable ?wsdl query argument to list the WSDL content 
    167187enableWSDLQuery = True 
    168188charset = utf-8 
    169189filterID = ndg.security.server.wsgi.attributeAuthorityFilter 
    170190 
     191#______________________________________________________________________________ 
     192# Session Manager WSGI settings 
     193# 
    171194[filter:SessionManagerFilter] 
     195# This filter is a container for a binding to a SOAP based interface to the 
     196# Session Manager 
    172197paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     198 
     199# Use this ZSI generated SOAP service interface class to handle i/o for this 
     200# filter 
    173201ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
     202 
     203# SOAP Binding Class specific keywords are in this section identified by this 
     204# prefix: 
    174205ServiceSOAPBindingPropPrefix = SessionManager 
     206 
     207# The SessionManager class has settings in the default section above identified 
     208# by this prefix: 
    175209SessionManager.propPrefix = sessionManager 
    176210SessionManager.propFilePath = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/services.ini 
    177 SessionManager.attributeAuthorityFilterID = attributeAuthorityFilter 
    178 referencedFilters = wsseSignatureVerificationFilter01 attributeAuthorityFilter 
     211 
     212# This filter references other filters - a local Attribute Authority (optional) 
     213# and a WS-Security signature verification filter (required if using signature 
     214# to authenticate user in requests 
     215SessionManager.attributeAuthorityFilterID = ndg.security.server.wsgi.attributeAuthorityFilter 
     216SessionManager.wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     217 
     218# The SessionManagerWS SOAP interface class needs to know about these other  
     219# filters 
     220referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 ndg.security.server.wsgi.attributeAuthorityFilter 
     221 
     222# Path from URL for Session Manager in this Paste deployment 
    179223path = /SessionManager 
     224 
     225# Enable ?wsdl query argument to list the WSDL content 
    180226enableWSDLQuery = True 
    181227charset = utf-8 
     228 
     229# Provide an identifier for this filter so that main WSGI app  
     230# CombinedServicesWSGI can call this Session Manager directly 
    182231filterID = ndg.security.server.wsgi.sessionManagerFilter 
    183232 
     233#______________________________________________________________________________ 
     234# WS-Security Signature Verification 
    184235[filter:wsseSignatureVerificationFilter] 
    185236paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    186 filterID = wsseSignatureVerificationFilter01 
    187  
     237filterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     238 
     239# Settings for WS-Security SignatureHandler class used by this filter 
     240wsseCfgFilePath = %(here)s/services.ini 
     241wsseCfgFileSection = WS-Security 
     242 
     243#______________________________________________________________________________ 
     244# Apply WS-Security Signature  
    188245[filter:wsseSignatureFilter] 
    189246paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
     
    191248# Reference the verification filter in order to be able to apply signature 
    192249# confirmation 
    193 referencedFilters = wsseSignatureVerificationFilter01 
     250referencedFilters = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
     251wsseSignatureVerificationFilterID = ndg.security.server.wsgi.wsseSignatureVerificationFilter01 
    194252 
    195253# Last filter in chain SOAP handlers writes the response 
    196254writeResponse = True 
    197255 
     256# Settings for WS-Security SignatureHandler class used by this filter 
     257wsseCfgFilePath = %(here)s/services.ini 
     258wsseCfgFileSection = WS-Security 
     259 
     260#______________________________________________________________________________ 
     261# Apply HTTP Basic Authentication using AuthKit to enable a convenient no SOAP 
     262# based call to Session Manager connect method 
    198263[filter:httpBasicAuthFilter] 
    199264paste.filter_app_factory = authkit.authenticate:middleware 
    200265setup_method=basic 
    201 basic_realm=Test Realm 
    202 basic_authenticate_function=ndg.security.test.combinedservices.serverapp:InfoApp.httpBasicAuthentication 
    203  
    204  
     266basic_realm=NDG Security Combined Services Tests 
     267basic_authenticate_function=ndg.security.test.combinedservices.serverapp:CombinedServicesWSGI.httpBasicAuthentication 
     268 
     269 
     270#______________________________________________________________________________ 
     271# Common WS-Security settings for wsseSignatureFilter and  
     272# wsseSignatureVerificationFilter 
    205273[WS-Security] 
    206274# 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.cfg

    r4520 r4521  
    1010# $Id:$ 
    1111[setUp] 
    12 uri = http://localhost:8000/SessionManager 
     12uri = http://localhost:7999/SessionManager 
    1313 
    1414# For https connections only.  !Omit ssl* settings if using http! 
     
    2121sslCACertFilePathList = $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
    2222 
    23 [test01Connect]  
     23[test01Connect] 
    2424username = testuser 
    2525passphrase = testpassword 
     
    3636aaURI = http://localhost:8000/AttributeAuthority 
    3737 
    38 [test09WSGILocalInstanceConnect] 
    39 url = http://localhost:8000/test_connect 
     38[test09WSGILocalSessionManagerInstanceConnect] 
     39url = http://localhost:8000/test_localSessionManagerConnect 
    4040username = testuser 
    4141passphrase = testpassword 
    4242 
    43 [test10WSGILocalInstanceGetSessionStatus] 
    44 url = http://localhost:8000/test_getSessionStatus 
     43[test10WSGILocalSessionManagerInstanceGetSessionStatus] 
     44url = http://localhost:8000/test_localSessionManagerGetSessionStatus 
    4545username = testuser 
    4646passphrase = testpassword 
    4747 
    48 [test11WSGILocalInstanceDisconnect] 
    49 url = http://localhost:8000/test_disconnect 
     48[test11WSGILocalSessionManagerInstanceDisconnect] 
     49url = http://localhost:8000/test_localSessionManagerDisconnect 
    5050username = testuser 
    5151passphrase = testpassword 
    5252 
    53 [test12WSGILocalInstanceGetAttCert] 
    54 url = http://localhost:8000/test_getAttCert 
     53[test12WSGILocalSessionManagerInstanceGetAttCert] 
     54url = http://localhost:8000/test_localSessionManagerGetAttCert 
     55username = testuser 
     56passphrase = testpassword 
     57 
     58[test13WSGILocalAttributeAuthorityInstanceGetHostInfo] 
     59url = http://localhost:8000/test_localAttributeAuthorityGetHostInfo 
     60 
     61[test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo] 
     62url = http://localhost:8000/test_localAttributeAuthorityGetTrustedHostInfo 
     63role = postgrad 
     64 
     65[test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo] 
     66url = http://localhost:8000/test_localAttributeAuthorityGetAllHostsInfo 
     67 
     68[test16WSGILocalAttributeAuthorityInstanceGetAttCert] 
     69url = http://localhost:8000/test_localAttributeAuthorityGetAttCert 
    5570username = testuser 
    5671passphrase = testpassword 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py

    r4520 r4521  
    6464        return signingCertChain 
    6565 
    66     def _httpBasicAuthReq(self, url, username, password): 
     66    def _httpBasicAuthReq(self, *args): 
    6767        """Utility for making a client request to the WSGI test application 
    6868        using HTTP Basic Authentication""" 
    69         req = urllib2.Request(url) 
    70         base64String = base64.encodestring('%s:%s' % (username, password))[:-1] 
    71         authHeader =  "Basic %s" % base64String 
    72         req.add_header("Authorization", authHeader) 
     69        req = urllib2.Request(args[0]) 
     70         
     71        # username and password are optional args 2 and 3 
     72        if len(args) == 3: 
     73            base64String = base64.encodestring('%s:%s'%(args[1:]))[:-1] 
     74            authHeader =  "Basic %s" % base64String 
     75            req.add_header("Authorization", authHeader) 
     76             
    7377        handle = urllib2.urlopen(req) 
    7478             
     
    114118         
    115119 
    116 #    def test01Connect(self): 
    117 #        """test01Connect: Connect as if acting as a browser client -  
    118 #        a session ID is returned""" 
    119 #         
    120 #        username = self.cfg['test01Connect']['username'] 
    121 #         
    122 #        if CombinedServicesTestCase.test01Passphrase is None: 
    123 #            CombinedServicesTestCase.test01Passphrase = \ 
    124 #                                    self.cfg['test01Connect'].get('passphrase') 
    125 #         
    126 #        if not CombinedServicesTestCase.test01Passphrase: 
    127 #            CombinedServicesTestCase.test01Passphrase = getpass.getpass(\ 
    128 #                prompt="\ntest01Connect pass-phrase for user %s: " % username) 
    129 # 
    130 #        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
    131 #            self.clnt.connect(self.cfg['test01Connect']['username'],  
    132 #                    passphrase=CombinedServicesTestCase.test01Passphrase) 
    133 # 
    134 #        print("User '%s' connected to Session Manager:\n%s" % (username,  
    135 #                                                               self.sessID)) 
    136 #             
    137 #             
    138 #    def test02GetSessionStatus(self): 
    139 #        """test02GetSessionStatus: check a session is alive""" 
    140 #        print "\n\t" + self.test02GetSessionStatus.__doc__ 
    141 #         
    142 #        self.test01Connect() 
    143 #        assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead" 
    144 #                 
    145 #        print("User connected to Session Manager with sessID=%s" % self.sessID) 
    146 # 
    147 #        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
    148 #                                                "sessID=abc shouldn't exist!" 
    149 #             
    150 #        print "CORRECT: sessID=abc doesn't exist" 
    151 # 
    152 # 
    153 #    def test03ConnectNoCreateServerSess(self): 
    154 #        """test03ConnectNoCreateServerSess: Connect without creating a session -  
    155 #        sessID should be None.  This only indicates that the username/password 
    156 #        are correct.  To be of practical use the AuthNService plugin at 
    157 #        the Session Manager needs to return X.509 credentials e.g. 
    158 #        with MyProxy plugin.""" 
    159 # 
    160 #        username = self.cfg['test03ConnectNoCreateServerSess']['username'] 
    161 #         
    162 #        if CombinedServicesTestCase.test03Passphrase is None: 
    163 #            CombinedServicesTestCase.test03Passphrase = \ 
    164 #                self.cfg['test03ConnectNoCreateServerSess'].get('passphrase') 
    165 #                 
    166 #        if not CombinedServicesTestCase.test03Passphrase: 
    167 #            prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: " 
    168 #            CombinedServicesTestCase.test03Passphrase = getpass.getpass(\ 
    169 #                                                    prompt=prompt % username) 
    170 #             
    171 #        userX509Cert, userPriKey,issuingCert, sessID = \ 
    172 #            self.clnt.connect(username,  
    173 #                      passphrase=CombinedServicesTestCase.test03Passphrase, 
    174 #                      createServerSess=False) 
    175 #         
    176 #        # Expect null session ID 
    177 #        assert(not sessID) 
    178 #           
    179 #        print("Successfully authenticated") 
    180 #             
    181 # 
    182 #    def test04DisconnectWithSessID(self): 
    183 #        """test04DisconnectWithSessID: disconnect as if acting as a browser  
    184 #        client  
    185 #        """ 
    186 #         
    187 #        print "\n\t" + self.test04DisconnectWithSessID.__doc__ 
    188 #        self.test01Connect() 
    189 #         
    190 #        self.clnt.disconnect(sessID=self.sessID) 
    191 #         
    192 #        print("User disconnected from Session Manager:\n%s" % self.sessID) 
    193 #             
    194 # 
    195 #    def test05DisconnectWithUserX509Cert(self): 
    196 #        """test05DisconnectWithUserX509Cert: Disconnect as a command line client  
    197 #        """ 
    198 #         
    199 #        print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__ 
    200 #        self.test01Connect() 
    201 #         
    202 #        # Use user cert / private key just obtained from connect call for 
    203 #        # signature generation 
    204 #        if self.issuingCert: 
    205 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    206 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    207 #            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    208 #                                                           self.userX509Cert) 
    209 #            self.clnt.signatureHandler.signingCert = None 
    210 #        else: 
    211 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
    212 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    213 #                CombinedServicesTestCase.test01Passphrase 
    214 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    215 #            self.clnt.signatureHandler.signingCertChain = () 
    216 #            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    217 #             
    218 #        # user X.509 cert in signature determines ID of session to delete 
    219 #        self.clnt.disconnect() 
    220 #        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
    221 # 
    222 # 
    223 #    def test06GetAttCertWithSessID(self): 
    224 #        """test06GetAttCertWithSessID: make an attribute request using 
    225 #        a session ID as authentication credential""" 
    226 # 
    227 #        print "\n\t" + self.test06GetAttCertWithSessID.__doc__ 
    228 #        thisSection = self.cfg['test06GetAttCertWithSessID']       
    229 #        self.test01Connect() 
    230 #         
    231 #        attCert = self.clnt.getAttCert(sessID=self.sessID,  
    232 #                                       attAuthorityURI=thisSection['aaURI']) 
    233 #         
    234 #        print "Attribute Certificate:\n%s" % attCert  
    235 #        attCert.filePath = xpdVars(thisSection['acOutFilePath'])  
    236 #        attCert.write()  
    237 # 
    238 # 
    239 #    def test07GetAttCertWithUserX509Cert(self): 
    240 #        """test07GetAttCertWithUserX509Cert: make an attribute request using 
    241 #        a user cert as authentication credential""" 
    242 #        print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__ 
    243 #        self.test01Connect() 
    244 # 
    245 #        if self.issuingCert: 
    246 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
    247 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    248 #                                CombinedServicesTestCase.test01Passphrase 
    249 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    250 #            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
    251 #                                                           self.userX509Cert) 
    252 #            self.clnt.signatureHandler.signingCert = None 
    253 #        else: 
    254 #            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
    255 #            self.clnt.signatureHandler.signingPriKeyPwd = \ 
    256 #                                CombinedServicesTestCase.test01Passphrase 
    257 #            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
    258 #            self.clnt.signatureHandler.signingCertChain = () 
    259 #            self.clnt.signatureHandler.signingCert = self.userX509Cert 
    260 #         
    261 #        # Request an attribute certificate from an Attribute Authority  
    262 #        # using the userX509Cert returned from connect() 
    263 #         
    264 #        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
    265 #        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
    266 #           
    267 #        print("Attribute Certificate:\n%s" % attCert)   
    268 # 
    269 # 
    270 #    def test08GetAttCertFromLocalAttributeAuthority(self): 
    271 #        """test08GetAttCertFromLocalAttributeAuthority: query the Attribute 
    272 #        Authority running in the same server instance as the Session Manager""" 
    273 # 
    274 #        print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__ 
    275 #        self.test01Connect() 
    276 #         
    277 #        attCert = self.clnt.getAttCert(sessID=self.sessID) 
    278 #         
    279 #        print "Attribute Certificate:\n%s" % attCert  
    280  
    281  
    282     def test09WSGILocalInstanceConnect(self): 
    283         """test09WSGILocalInstanceConnect: test a WSGI app calling a Session 
    284         Manager WSGI local instance""" 
    285          
    286         # Make a client connection to the WSGI app - authenticate with WSGI 
    287         # basic auth 
    288         thisSection = self.cfg['test09WSGILocalInstanceConnect'] 
     120    def test01Connect(self): 
     121        """test01Connect: Connect as if acting as a browser client -  
     122        a session ID is returned""" 
     123         
     124        username = self.cfg['test01Connect']['username'] 
     125         
     126        if CombinedServicesTestCase.test01Passphrase is None: 
     127            CombinedServicesTestCase.test01Passphrase = \ 
     128                                    self.cfg['test01Connect'].get('passphrase') 
     129         
     130        if not CombinedServicesTestCase.test01Passphrase: 
     131            CombinedServicesTestCase.test01Passphrase = getpass.getpass(\ 
     132                prompt="\ntest01Connect pass-phrase for user %s: " % username) 
     133 
     134        self.userX509Cert, self.userPriKey, self.issuingCert, self.sessID = \ 
     135            self.clnt.connect(self.cfg['test01Connect']['username'],  
     136                    passphrase=CombinedServicesTestCase.test01Passphrase) 
     137 
     138        print("User '%s' connected to Session Manager:\n%s" % (username,  
     139                                                               self.sessID)) 
     140             
     141             
     142    def test02GetSessionStatus(self): 
     143        """test02GetSessionStatus: check a session is alive""" 
     144        print "\n\t" + self.test02GetSessionStatus.__doc__ 
     145         
     146        self.test01Connect() 
     147        assert self.clnt.getSessionStatus(sessID=self.sessID),"Session is dead" 
     148                 
     149        print("User connected to Session Manager with sessID=%s" % self.sessID) 
     150 
     151        assert not self.clnt.getSessionStatus(sessID='abc'), \ 
     152                                                "sessID=abc shouldn't exist!" 
     153             
     154        print "CORRECT: sessID=abc doesn't exist" 
     155 
     156 
     157    def test03ConnectNoCreateServerSess(self): 
     158        """test03ConnectNoCreateServerSess: Connect without creating a session -  
     159        sessID should be None.  This only indicates that the username/password 
     160        are correct.  To be of practical use the AuthNService plugin at 
     161        the Session Manager needs to return X.509 credentials e.g. 
     162        with MyProxy plugin.""" 
     163 
     164        username = self.cfg['test03ConnectNoCreateServerSess']['username'] 
     165         
     166        if CombinedServicesTestCase.test03Passphrase is None: 
     167            CombinedServicesTestCase.test03Passphrase = \ 
     168                self.cfg['test03ConnectNoCreateServerSess'].get('passphrase') 
     169                 
     170        if not CombinedServicesTestCase.test03Passphrase: 
     171            prompt="\ntest03ConnectNoCreateServerSess pass-phrase for user %s: " 
     172            CombinedServicesTestCase.test03Passphrase = getpass.getpass(\ 
     173                                                    prompt=prompt % username) 
     174             
     175        userX509Cert, userPriKey,issuingCert, sessID = \ 
     176            self.clnt.connect(username,  
     177                      passphrase=CombinedServicesTestCase.test03Passphrase, 
     178                      createServerSess=False) 
     179         
     180        # Expect null session ID 
     181        assert(not sessID) 
     182           
     183        print("Successfully authenticated") 
     184             
     185 
     186    def test04DisconnectWithSessID(self): 
     187        """test04DisconnectWithSessID: disconnect as if acting as a browser  
     188        client  
     189        """ 
     190         
     191        print "\n\t" + self.test04DisconnectWithSessID.__doc__ 
     192        self.test01Connect() 
     193         
     194        self.clnt.disconnect(sessID=self.sessID) 
     195         
     196        print("User disconnected from Session Manager:\n%s" % self.sessID) 
     197             
     198 
     199    def test05DisconnectWithUserX509Cert(self): 
     200        """test05DisconnectWithUserX509Cert: Disconnect as a command line client  
     201        """ 
     202         
     203        print "\n\t" + self.test05DisconnectWithUserX509Cert.__doc__ 
     204        self.test01Connect() 
     205         
     206        # Use user cert / private key just obtained from connect call for 
     207        # signature generation 
     208        if self.issuingCert: 
     209            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     210            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     211            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     212                                                           self.userX509Cert) 
     213            self.clnt.signatureHandler.signingCert = None 
     214        else: 
     215            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     216            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     217                CombinedServicesTestCase.test01Passphrase 
     218            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     219            self.clnt.signatureHandler.signingCertChain = () 
     220            self.clnt.signatureHandler.signingCert = self.userX509Cert 
     221             
     222        # user X.509 cert in signature determines ID of session to delete 
     223        self.clnt.disconnect() 
     224        print("User disconnected from Session Manager:\n%s"%self.userX509Cert) 
     225 
     226 
     227    def test06GetAttCertWithSessID(self): 
     228        """test06GetAttCertWithSessID: make an attribute request using 
     229        a session ID as authentication credential""" 
     230 
     231        print "\n\t" + self.test06GetAttCertWithSessID.__doc__ 
     232        thisSection = self.cfg['test06GetAttCertWithSessID']       
     233        self.test01Connect() 
     234         
     235        attCert = self.clnt.getAttCert(sessID=self.sessID,  
     236                                       attAuthorityURI=thisSection['aaURI']) 
     237         
     238        print "Attribute Certificate:\n%s" % attCert  
     239        attCert.filePath = xpdVars(thisSection['acOutFilePath'])  
     240        attCert.write()  
     241 
     242 
     243    def test07GetAttCertWithUserX509Cert(self): 
     244        """test07GetAttCertWithUserX509Cert: make an attribute request using 
     245        a user cert as authentication credential""" 
     246        print "\n\t" + self.test07GetAttCertWithUserX509Cert.__doc__ 
     247        self.test01Connect() 
     248 
     249        if self.issuingCert: 
     250            self.clnt.signatureHandler.reqBinSecTokValType = 'X509PKIPathv1' 
     251            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     252                                CombinedServicesTestCase.test01Passphrase 
     253            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     254            self.clnt.signatureHandler.signingCertChain = (self.issuingCert, 
     255                                                           self.userX509Cert) 
     256            self.clnt.signatureHandler.signingCert = None 
     257        else: 
     258            self.clnt.signatureHandler.reqBinSecTokValType = 'X509v3' 
     259            self.clnt.signatureHandler.signingPriKeyPwd = \ 
     260                                CombinedServicesTestCase.test01Passphrase 
     261            self.clnt.signatureHandler.signingPriKey = self.userPriKey         
     262            self.clnt.signatureHandler.signingCertChain = () 
     263            self.clnt.signatureHandler.signingCert = self.userX509Cert 
     264         
     265        # Request an attribute certificate from an Attribute Authority  
     266        # using the userX509Cert returned from connect() 
     267         
     268        aaURI = self.cfg['test07GetAttCertWithUserX509Cert']['aaURI'] 
     269        attCert = self.clnt.getAttCert(attAuthorityURI=aaURI) 
     270           
     271        print("Attribute Certificate:\n%s" % attCert)   
     272 
     273 
     274    def test08GetAttCertFromLocalAttributeAuthority(self): 
     275        """test08GetAttCertFromLocalAttributeAuthority: query the Attribute 
     276        Authority running in the same server instance as the Session Manager""" 
     277 
     278        print "\n\t" + self.test08GetAttCertFromLocalAttributeAuthority.__doc__ 
     279        self.test01Connect() 
     280         
     281        attCert = self.clnt.getAttCert(sessID=self.sessID) 
     282         
     283        print "Attribute Certificate:\n%s" % attCert  
     284 
     285 
     286    def test09WSGILocalSessionManagerInstanceConnect(self): 
     287        """test09WSGILocalSessionManagerInstanceConnect: test a WSGI app  
     288        calling a Session Manager WSGI instance local to the server""" 
     289         
     290        # Make a client connection to the WSGI app - authenticate with WSGI 
     291        # basic auth.  The WSGI app calls a Session Manager WSGI running in 
     292        # the same code stack 
     293        thisSection = self.cfg['test09WSGILocalSessionManagerInstanceConnect'] 
    289294        url = thisSection['url'] 
    290295        username = thisSection['username'] 
     
    294299 
    295300 
    296     def test10WSGILocalInstanceGetSessionStatus(self): 
    297         """test10WSGILocalInstanceGetSessionStatus: test a WSGI app calling a  
    298         Session Manager WSGI local instance""" 
    299          
    300         # Make a client connection to the WSGI app - authenticate with WSGI 
    301         # basic auth 
    302         thisSection = self.cfg['test10WSGILocalInstanceGetSessionStatus'] 
     301    def test10WSGILocalSessionManagerInstanceGetSessionStatus(self): 
     302        """test10WSGILocalSessionManagerInstanceGetSessionStatus: test a WSGI  
     303        app calling a Session Manager WSGI instance local to the server""" 
     304         
     305        # Make a client connection to the WSGI app - authenticate with WSGI 
     306        # basic auth 
     307        thisSection = self.cfg[ 
     308                    'test10WSGILocalSessionManagerInstanceGetSessionStatus'] 
    303309        url = thisSection['url'] 
    304310        username = thisSection['username'] 
     
    308314 
    309315 
    310     def test11WSGILocalInstanceDisconnect(self): 
    311         """test11WSGILocalInstanceDisconnect: test a WSGI app calling a  
    312         Session Manager WSGI local instance""" 
    313          
    314         # Make a client connection to the WSGI app - authenticate with WSGI 
    315         # basic auth 
    316         thisSection = self.cfg['test11WSGILocalInstanceDisconnect'] 
     316    def test11WSGILocalSessionManagerInstanceDisconnect(self): 
     317        """test11WSGILocalSessionManagerInstanceDisconnect: test a WSGI app  
     318        calling a Session Manager WSGI instance local to the server""" 
     319         
     320        # Make a client connection to the WSGI app - authenticate with WSGI 
     321        # basic auth 
     322        thisSection=self.cfg['test11WSGILocalSessionManagerInstanceDisconnect'] 
    317323        url = thisSection['url'] 
    318324        username = thisSection['username'] 
     
    322328 
    323329 
    324     def test12WSGILocalInstanceGetAttCert(self): 
    325         """test12WSGILocalInstanceGetAttCert: test a WSGI app calling a  
    326         Session Manager WSGI local instance""" 
    327          
    328         # Make a client connection to the WSGI app - authenticate with WSGI 
    329         # basic auth 
    330         thisSection = self.cfg['test12WSGILocalInstanceGetAttCert'] 
    331         url = thisSection['url'] 
    332         username = thisSection['username'] 
    333         password = thisSection['passphrase'] 
     330    def test12WSGILocalSessionManagerInstanceGetAttCert(self): 
     331        """test12WSGILocalSessionManagerInstanceGetAttCert: test a WSGI app  
     332        calling a Session Manager WSGI instance local to the server""" 
     333         
     334        # Make a client connection to the WSGI app - authenticate with WSGI 
     335        # basic auth 
     336        thisSection=self.cfg['test12WSGILocalSessionManagerInstanceGetAttCert'] 
     337        args = (thisSection['url'], thisSection['username'], 
     338                thisSection['passphrase']) 
     339         
    334340        print("WSGI app connecting to local Session Manager instance: %s" % 
    335               self._httpBasicAuthReq(url, username, password))        
    336         
     341              self._httpBasicAuthReq(*args))        
     342         
     343 
     344    def test13WSGILocalAttributeAuthorityInstanceGetHostInfo(self): 
     345        """test13WSGILocalAttributeAuthorityInstanceGetHostInfo: test a WSGI  
     346        app calling a Attribute Authority WSGI instance local to the server""" 
     347         
     348        # Make a client connection to the WSGI app - authenticate with WSGI 
     349        # basic auth 
     350        thisSection = self.cfg[ 
     351                        'test13WSGILocalAttributeAuthorityInstanceGetHostInfo'] 
     352         
     353        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     354              self._httpBasicAuthReq(thisSection['url']))        
     355         
     356 
     357    def test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo(self): 
     358        """test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo: test a  
     359        WSGI app calling a Attribute Authority WSGI instance local to the  
     360        server""" 
     361         
     362        # Make a client connection to the WSGI app - authenticate with WSGI 
     363        # basic auth 
     364        thisSection = self.cfg[ 
     365                'test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo'] 
     366         
     367        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     368            self._httpBasicAuthReq(thisSection['url']+'?'+thisSection['role']))        
     369         
     370 
     371    def test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo(self): 
     372        """test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo: test a  
     373        WSGI app calling a Attribute Authority WSGI instance local to the  
     374        server""" 
     375         
     376        # Make a client connection to the WSGI app - authenticate with WSGI 
     377        # basic auth 
     378        thisSection = self.cfg[ 
     379                    'test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo'] 
     380         
     381        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     382              self._httpBasicAuthReq(thisSection['url']))        
     383 
     384 
     385    def test16WSGILocalAttributeAuthorityInstanceGetAttCert(self): 
     386        """test16WSGILocalAttributeAuthorityInstanceGetAttCert: test a WSGI app  
     387        calling a Attribute Authority WSGI instance local to the server""" 
     388         
     389        # Make a client connection to the WSGI app - authenticate with WSGI 
     390        # basic auth 
     391        thisSection = self.cfg[ 
     392                        'test16WSGILocalAttributeAuthorityInstanceGetAttCert'] 
     393        args = (thisSection['url'], thisSection['username'], 
     394                thisSection['passphrase']) 
     395         
     396        print("WSGI app connecting to local Attribute Authority instance: %s" % 
     397              self._httpBasicAuthReq(*args))         
     398 
     399 
    337400class CombinedServicesTestSuite(unittest.TestSuite): 
    338401     
    339402    def __init__(self): 
    340403        map = map(CombinedServicesTestCase, 
    341                   ( 
    342                     "test01Connect", 
    343                     "test02GetSessionStatus", 
    344                     "test03ConnectNoCreateServerSess", 
    345                     "test04DisconnectWithSessID", 
    346                     "test05DisconnectWithUserX509Cert", 
    347                     "test06GetAttCertWithSessID", 
    348                     "test07GetAttCertWithUserX509Cert", 
    349                     "test08GetAttCertFromLocalAttributeAuthority", 
    350                     "test09WSGILocalInstanceConnect", 
    351                     "test10WSGILocalInstanceGetSessionStatus", 
    352                     "test11WSGILocalInstanceDisconnect" 
    353                   )) 
     404            ( 
     405            "test01Connect", 
     406            "test02GetSessionStatus", 
     407            "test03ConnectNoCreateServerSess", 
     408            "test04DisconnectWithSessID", 
     409            "test05DisconnectWithUserX509Cert", 
     410            "test06GetAttCertWithSessID", 
     411            "test07GetAttCertWithUserX509Cert", 
     412            "test08GetAttCertFromLocalAttributeAuthority", 
     413            "test09WSGILocalSessionManagerInstanceConnect", 
     414            "test10WSGILocalSessionManagerInstanceGetSessionStatus", 
     415            "test11WSGILocalSessionManagerInstanceDisconnect", 
     416            "test12WSGILocalSessionManagerInstanceGetAttCert", 
     417            "test13WSGILocalAttributeAuthorityInstanceGetHostInfo", 
     418            "test14WSGILocalAttributeAuthorityInstanceGetTrustedHostInfo", 
     419            "test15WSGILocalAttributeAuthorityInstanceGetAllHostsInfo" 
     420            )) 
    354421        unittest.TestSuite.__init__(self, map) 
    355422             
Note: See TracChangeset for help on using the changeset viewer.