Ignore:
Timestamp:
16/12/08 16:43:38 (11 years ago)
Author:
pjkersha
Message:
  • Completed Attribute Authority unit test
  • re-issued out of date test certs.
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/siteA/siteA-aa.crt

    r4654 r4667  
    22    Data: 
    33        Version: 3 (0x2) 
    4         Serial Number: 54 (0x36) 
     4        Serial Number: 253 (0xfd) 
    55        Signature Algorithm: md5WithRSAEncryption 
    66        Issuer: O=NDG, OU=BADC, CN=Test CA 
    77        Validity 
    8             Not Before: Dec 12 13:52:16 2007 GMT 
    9             Not After : Dec 11 13:52:16 2008 GMT 
     8            Not Before: Dec 15 16:35:24 2008 GMT 
     9            Not After : Dec 14 16:35:24 2013 GMT 
    1010        Subject: O=NDG Security Test, OU=Site A, CN=AttributeAuthority 
    1111        Subject Public Key Info: 
     
    2424                Exponent: 65537 (0x10001) 
    2525        X509v3 extensions: 
    26             Netscape Cert Type: 
     26            Netscape Cert Type:  
    2727                SSL Client, SSL Server, S/MIME, Object Signing 
    2828    Signature Algorithm: md5WithRSAEncryption 
    29         9e:3d:25:d5:5c:13:b8:ea:8f:f5:8a:79:fc:3d:ab:5f:51:3b: 
    30         48:78:eb:a5:3e:34:3f:48:ee:8c:ad:4a:4e:b6:1d:f7:c1:0b: 
    31         21:de:46:ea:d4:76:0e:03:95:da:47:ec:4a:f4:10:b8:74:5d: 
    32         2c:7d:4b:19:a8:c0:a8:c4:ac:81:5e:3a:a4:64:e3:c9:2b:d6: 
    33         03:77:cc:bb:6a:99:85:90:fe:f8:da:2f:29:37:ab:ac:a7:b3: 
    34         5f:99:2a:52:54:3d:a7:cd:1b:a7:2f:28:e3:e0:91:51:a4:37: 
    35         51:d9:32:ac:3d:cc:17:73:e6:be:f3:4c:d9:77:8e:f1:25:85: 
    36         ed:7c 
     29        58:3d:38:b1:c0:41:f7:59:16:4f:ca:97:29:9c:8d:d8:46:79: 
     30        9c:11:6a:b3:a4:44:5e:d2:3e:75:d3:9a:66:de:d5:b6:26:87: 
     31        60:c5:c0:99:c4:56:fe:40:b0:f1:88:12:f9:49:65:fa:66:69: 
     32        03:0a:56:51:4f:64:47:f0:39:75:b8:88:0c:34:5b:c6:5c:f8: 
     33        04:90:9e:32:09:0e:fc:ec:54:df:5c:e6:be:aa:9a:db:75:32: 
     34        19:73:e1:b5:a4:ee:a3:c0:c6:da:e4:ab:e5:70:e4:e8:69:c9: 
     35        e6:c6:f4:58:1d:d4:82:c4:61:ed:5e:2b:c9:69:12:b4:89:82: 
     36        48:66 
    3737-----BEGIN CERTIFICATE----- 
    38 MIICBDCCAW2gAwIBAgIBNjANBgkqhkiG9w0BAQQFADAvMQwwCgYDVQQKEwNOREcx 
    39 DTALBgNVBAsTBEJBREMxEDAOBgNVBAMTB1Rlc3QgQ0EwHhcNMDcxMjEyMTM1MjE2 
    40 WhcNMDgxMjExMTM1MjE2WjBKMRowGAYDVQQKExFOREcgU2VjdXJpdHkgVGVzdDEP 
    41 MA0GA1UECxMGU2l0ZSBBMRswGQYDVQQDExJBdHRyaWJ1dGVBdXRob3JpdHkwgZ8w 
    42 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKe1/6FTEUpfH8pjctfL9Fhz/KqF8gsz 
    43 yH3lzXif9Z1KqHysrdXGRS7mC6OUSAIdp8jYCM1klmol8obtm5xiZFyddsJfWo8g 
    44 Ypr5OWVshZ2xrnL8gX8OjYCg8wmdM0nZTUgF89Bds7lJ3j0699OLgKV2Tz3zvZEi 
    45 7M+YsgNwXJ2BAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0B 
    46 AQQFAAOBgQCePSXVXBO46o/1inn8PatfUTtIeOulPjQ/SO6MrUpOth33wQsh3kbq 
    47 1HYOA5XaR+xK9BC4dF0sfUsZqMCoxKyBXjqkZOPJK9YDd8y7apmFkP742i8pN6us 
    48 p7NfmSpSVD2nzRunLyjj4JFRpDdR2TKsPcwXc+a+80zZd47xJYXtfA== 
     38MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     39MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy 
     40NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
     41DzANBgNVBAsTBlNpdGUgQTEbMBkGA1UEAxMSQXR0cmlidXRlQXV0aG9yaXR5MIGf 
     42MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCntf+hUxFKXx/KY3LXy/RYc/yqhfIL 
     43M8h95c14n/WdSqh8rK3VxkUu5gujlEgCHafI2AjNZJZqJfKG7ZucYmRcnXbCX1qP 
     44IGKa+TllbIWdsa5y/IF/Do2AoPMJnTNJ2U1IBfPQXbO5Sd49OvfTi4Cldk89872R 
     45IuzPmLIDcFydgQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcN 
     46AQEEBQADgYEAWD04scBB91kWT8qXKZyN2EZ5nBFqs6REXtI+ddOaZt7VtiaHYMXA 
     47mcRW/kCw8YgS+Ull+mZpAwpWUU9kR/A5dbiIDDRbxlz4BJCeMgkO/OxU31zmvqqa 
     4823UyGXPhtaTuo8DG2uSr5XDk6GnJ5sb0WB3UgsRh7V4ryWkStImCSGY= 
    4949-----END CERTIFICATE----- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/siteA/siteAAttAuthority.cfg

    r4654 r4667  
    4242# Settings for custom AAUserRoles derived class to get user roles for given  
    4343# user ID 
    44 userRolesModFilePath: $NDGSEC_AA_UNITTEST_DIR 
     44userRolesModFilePath: $NDGSEC_AA_UNITTEST_DIR/siteA 
    4545userRolesModName: siteAUserRoles 
    4646userRolesClassName: TestUserRoles 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/siteB/siteBAttAuthority.cfg

    r4666 r4667  
    1212[DEFAULT] 
    1313# 'name' setting MUST agree with map config file 'thisHost' name attribute 
    14 name: Site A 
    15  
    16 # the port number the service is to run on  
    17 portNum: 5000 
    18  
    19 # Flag for SSL - set to something to stipulate http, leave blank to use http  
    20 useSSL: 
    21  
    22 # X.509 certificate for SSL connections - ignored if useSSL is blank  
    23 sslCertFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    24  
    25 # Private key file for SSL  - ignored if useSSL is blank  
    26 sslKeyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    27  
    28 # Password protecting private SSL key - leave blank if none set 
    29 sslKeyPwd:  
    30  
    31 # Directory containing CA cert.s to verify SSL peer cert against - ignored if  
    32 # useSSL is blank  
    33 sslCACertDir: $NDGSEC_AACLNT_UNITTEST_DIR/ca 
     14name: Site B 
    3415 
    3516# Lifetime is measured in seconds 
     
    3920attCertNotBeforeOff: 0 
    4021# All Attribute Certificates issued are recorded in this dir 
    41 attCertDir: $NDGSEC_AACLNT_UNITTEST_DIR/attCertLog 
     22attCertDir: $NDGSEC_AA_UNITTEST_DIR/siteB/attCertLog 
    4223# Files in attCertDir are stored using a rotating file handler 
    4324# attCertFileLogCnt sets the max number of files created before the first is overwritten 
     
    4627dnSeparator:/ 
    4728 
     29# Attribute Certificate signature 
     30signingPriKeyFilePath: $NDGSEC_AA_UNITTEST_DIR/siteB/siteB-aa.key 
     31signingCertFilePath: $NDGSEC_AA_UNITTEST_DIR/siteB/siteB-aa.crt 
     32caCertFilePathList: $NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt 
     33 
    4834# Location of role mapping file 
    49 mapConfigFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteAMapConfig.xml 
     35mapConfigFile: $NDGSEC_AA_UNITTEST_DIR/siteB/siteBMapConfig.xml 
    5036 
    5137# Settings for custom AAUserRoles derived class to get user roles for given user ID 
    52 userRolesModFilePath: $NDGSEC_AACLNT_UNITTEST_DIR 
    53 userRolesModName: siteAUserRoles 
     38userRolesModFilePath: $NDGSEC_AA_UNITTEST_DIR/siteB 
     39userRolesModName: siteBUserRoles 
    5440userRolesClassName: TestUserRoles 
    5541userRolesPropFile:  
     
    6652# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    6753# values should be delimited by a space 
    68 caCertFilePathList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
     54caCertFilePathList: $NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AA_UNITTEST_DIR/ca/cacert.pem 
    6955 
    7056# Signature of an outbound message 
     
    7662 
    7763# PEM encoded cert 
    78 signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     64signingCertFilePath: $NDGSEC_AA_UNITTEST_DIR/siteB-aa.crt 
    7965 
    8066# ... or provide file path to PEM encoded private key file 
    81 signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     67signingPriKeyFilePath: $NDGSEC_AA_UNITTEST_DIR/siteB-aa.key 
    8268 
    8369# Password protecting private key.  Leave blank if there is no password. 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/test_attributeauthority.cfg

    r4654 r4667  
    77# This software may be distributed under the terms of the Q Public License, 
    88# version 1.0 or later. 
     9 
     10[DEFAULT] 
     11siteBPropFilePath=$NDGSEC_AA_UNITTEST_DIR/siteB/siteBAttAuthority.cfg 
    912 
    1013[setUp] 
     
    2629role = blah 
    2730  
    28 [test06GetAttCert] 
    29 # If clntcertfilepath is a proxy set this cert as the one that issued the  
    30 # proxy.  Comment out if clntcertfilepath is a standard X.509 cert. 
    31 #issuingclntcertfilepath = $NDGSEC_AA_UNITTEST_DIR/user-cert.pem 
    32  
    33 # Test with no digital signature applied 
    34 #issuingclntcertfilepath = $NDGSEC_AA_UNITTEST_DIR/proxy-cert.pem 
     31[test05GetAttCert] 
     32issuingClntCertFilePath = $NDGSEC_AA_UNITTEST_DIR/user.crt 
    3533 
    3634# Setup for use by test08GetMappedAttCert test 
    3735attCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml 
    3836 
    39 [test07GetAttCertWithUserIdSet] 
     37[test06GetAttCertWithUserIdSet] 
    4038userId = system 
    4139attCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt-test6.xml 
    4240 
    43 [test08GetMappedAttCert] 
    44 uri = http://localhost:5100/AttributeAuthority 
     41[test07GetMappedAttCert] 
     42issuingClntCertFilePath = $NDGSEC_AA_UNITTEST_DIR/user.crt 
    4543userAttCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml 
    4644mappedAttCertFilePath = $NDGSEC_AA_UNITTEST_DIR/mapped-ac.xml 
    4745 
    48 [test09GetMappedAttCertStressTest] 
    49 uri = http://localhost:5100/AttributeAuthority 
     46[test08GetMappedAttCertStressTest] 
    5047userAttCertFilePathList = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml 
    5148 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/test_attributeauthority.py

    r4654 r4667  
    2121logging.basicConfig() 
    2222 
    23 from ndg.security.common.utils.configfileparsers import \ 
    24     CaseSensitiveConfigParser 
    25 from ndg.security.server.attributeauthority import AttributeAuthority 
    26      
    2723from os.path import expandvars as xpdVars 
    2824from os.path import join as jnPath 
    2925mkPath = lambda file:jnPath(os.environ['NDGSEC_AA_UNITTEST_DIR'], file) 
    3026 
     27from ndg.security.common.utils.configfileparsers import \ 
     28    CaseSensitiveConfigParser 
     29from ndg.security.server.attributeauthority import AttributeAuthority, \ 
     30    AttributeAuthorityNoMatchingRoleInTrustedHosts 
     31 
     32from ndg.security.common.AttCert import AttCert 
     33 
    3134 
    3235class AttributeAuthorityTestCase(unittest.TestCase): 
     
    4851         
    4952        self.cfg = {} 
    50         for section in self.cfgParser.sections(): 
     53        for section in self.cfgParser.sections() + ['DEFAULT']: 
    5154            self.cfg[section] = dict(self.cfgParser.items(section)) 
    5255             
     
    5457                                propFilePath=self.cfg['setUp']['propFilePath'])             
    5558 
     59    _mkSiteBAttributeAuthority = lambda self: AttributeAuthority(\ 
     60                        propFilePath=self.cfg['DEFAULT']['siteBPropFilePath']) 
     61     
    5662    def test01GetHostInfo(self): 
    5763        """test01GetHostInfo: retrieve info for AA host""" 
    58         hostInfo = self.aa.getHostInfo() 
     64        hostInfo = self.aa.hostInfo 
    5965        print("Host Info:\n %s" % hostInfo)      
    6066 
    61 #    def test02GetTrustedHostInfo(self): 
    62 #        """test02GetTrustedHostInfo: retrieve trusted host info matching a 
    63 #        given role""" 
    64 #        trustedHostInfo = self.siteAClnt.getTrustedHostInfo(\ 
    65 #                                 self.cfg['test02GetTrustedHostInfo']['role']) 
    66 #        for hostname, hostInfo in trustedHostInfo.items(): 
    67 #            assert hostname, "Hostname not set" 
    68 #            for k, v in hostInfo.items(): 
    69 #                assert k, "hostInfo value key unset" 
    70 # 
    71 #        print "Trusted Host Info:\n %s" % trustedHostInfo 
    72 # 
    73 #    def test03GetTrustedHostInfoWithNoMatchingRoleFound(self): 
    74 #        """test03GetTrustedHostInfoWithNoMatchingRoleFound: test the case  
    75 #        where the input role doesn't match any roles in the target AA's map  
    76 #        config file""" 
    77 #        _cfg = self.cfg['test03GetTrustedHostInfoWithNoMatchingRoleFound'] 
    78 #        try: 
    79 #            trustedHostInfo = self.siteAClnt.getTrustedHostInfo(_cfg['role']) 
    80 #            self.fail("Expecting NoMatchingRoleInTrustedHosts exception") 
    81 #             
    82 #        except NoMatchingRoleInTrustedHosts, e: 
    83 #            print 'As expected - no match for role "%s": %s' % \ 
    84 #                (_cfg['role'], e) 
    85 # 
    86 # 
    87 #    def test04GetTrustedHostInfoWithNoRole(self): 
    88 #        """test04GetTrustedHostInfoWithNoRole: retrieve trusted host info  
    89 #        irrespective of role""" 
    90 #        trustedHostInfo = self.siteAClnt.getTrustedHostInfo() 
    91 #        for hostname, hostInfo in trustedHostInfo.items(): 
    92 #            assert hostname, "Hostname not set" 
    93 #            for k, v in hostInfo.items(): 
    94 #                assert k, "hostInfo value key unset" 
    95 #                assert v, ("%s value not set" % k) 
    96 #                    
    97 #        print "Trusted Host Info:\n %s" % trustedHostInfo 
    98 #         
    99 # 
    100 #    def test05GetAllHostsInfo(self): 
    101 #        """test05GetAllHostsInfo: retrieve info for all hosts""" 
    102 #        allHostInfo = self.siteAClnt.getAllHostsInfo() 
    103 #        for hostname, hostInfo in allHostInfo.items(): 
    104 #            assert hostname, "Hostname not set" 
    105 #            for k, v in hostInfo.items(): 
    106 #                assert k, "hostInfo value key unset" 
    107 #                    
    108 #        print "All Hosts Info:\n %s" % allHostInfo 
    109 # 
    110 # 
    111 #    def test06GetAttCert(self):         
    112 #        """test06GetAttCert: Request attribute certificate from NDG Attribute  
    113 #        Authority Web Service.""" 
    114 #        _cfg = self.cfg['test06GetAttCert'] 
    115 #         
    116 #        # Read user Certificate into a string ready for passing via WS 
    117 #        try: 
    118 #            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    119 #            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    120 #         
    121 #        except TypeError: 
    122 #            # No issuing cert set 
    123 #            userX509CertTxt = None 
    124 #                 
    125 #        except IOError, ioErr: 
    126 #            raise Exception("Error reading certificate file \"%s\": %s" % \ 
    127 #                                    (ioErr.filename, ioErr.strerror)) 
    128 # 
    129 #        # Make attribute certificate request 
    130 #        attCert = self.siteAClnt.getAttCert(userX509Cert=userX509CertTxt) 
    131 #         
    132 #        print "Attribute Certificate: \n\n:" + str(attCert) 
    133 #         
    134 #        attCert.filePath = xpdVars(_cfg['attCertFilePath']) 
    135 #        attCert.write() 
    136 #         
    137 #         
    138 #    def test07GetAttCertWithUserIdSet(self):         
    139 #        """test07GetAttCertWithUserIdSet: Request attribute certificate from  
    140 #        NDG Attribute Authority Web Service setting a specific user Id  
    141 #        independent of the signer of the SOAP request.""" 
    142 #        _cfg = self.cfg['test07GetAttCertWithUserIdSet'] 
    143 #         
    144 #        # Read user Certificate into a string ready for passing via WS 
    145 #        try: 
    146 #            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    147 #            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    148 #         
    149 #        except TypeError: 
    150 #            # No issuing cert set 
    151 #            userX509CertTxt = None 
    152 #                 
    153 #        except IOError, ioErr: 
    154 #            raise Exception("Error reading certificate file \"%s\": %s" % \ 
    155 #                                    (ioErr.filename, ioErr.strerror)) 
    156 # 
    157 #        # Make attribute certificate request 
    158 #        userId = _cfg['userId'] 
    159 #        attCert = self.siteAClnt.getAttCert(userId=userId, 
    160 #                                            userX509Cert=userX509CertTxt) 
    161 #         
    162 #        print "Attribute Certificate: \n\n:" + str(attCert) 
    163 #         
    164 #        attCert.filePath = xpdVars(_cfg['attCertFilePath']) 
    165 #        attCert.write() 
    166 # 
    167 # 
    168 #    def test08GetMappedAttCert(self):         
    169 #        """test08GetMappedAttCert: Request mapped attribute certificate from  
    170 #        NDG Attribute Authority Web Service.""" 
    171 #        _cfg = self.cfg['test08GetMappedAttCert'] 
    172 #         
    173 #        # Read user Certificate into a string ready for passing via WS 
    174 #        try: 
    175 #            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    176 #            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    177 #         
    178 #        except TypeError: 
    179 #            # No issuing cert set 
    180 #            userX509CertTxt = None 
    181 #                 
    182 #        except IOError, ioErr: 
    183 #            raise Exception("Error reading certificate file \"%s\": %s" % \ 
    184 #                                    (ioErr.filename, ioErr.strerror)) 
    185 #     
    186 #        # Simlarly for Attribute Certificate  
    187 #        try: 
    188 #            userAttCert = AttCertRead(xpdVars(_cfg['userAttCertFilePath'])) 
    189 #             
    190 #        except IOError, ioErr: 
    191 #            raise Exception("Error reading attribute certificate file \"%s\": " 
    192 #                            "%s" % (ioErr.filename, ioErr.strerror)) 
    193 #         
    194 #        # Make client to site B Attribute Authority 
    195 #        siteBClnt = AttributeAuthority(uri=_cfg['uri'],  
    196 #                                       cfgFileSection='wsse', 
    197 #                                       cfg=self.cfgParser) 
    198 #     
    199 #        # Make attribute certificate request 
    200 #        attCert = siteBClnt.getAttCert(userX509Cert=userX509CertTxt, 
    201 #                                       userAttCert=userAttCert) 
    202 #        print "Attribute Certificate: \n\n:" + str(attCert) 
    203 #         
    204 #        attCert.filePath = xpdVars(_cfg['mappedAttCertFilePath']) 
    205 #        attCert.write() 
    206 #         
    207 #         
    208 #    def test09GetMappedAttCertStressTest(self):         
    209 #        """test09GetMappedAttCertStressTest: Request mapped attribute  
    210 #        certificate from NDG Attribute Authority Web Service.""" 
    211 #        _cfg = self.cfg['test09GetMappedAttCertStressTest'] 
    212 #         
    213 #        # Read user Certificate into a string ready for passing via WS 
    214 #        try: 
    215 #            userX509CertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    216 #            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
    217 #         
    218 #        except TypeError: 
    219 #            # No issuing cert set 
    220 #            userX509CertTxt = None 
    221 #                 
    222 #        except IOError, ioErr: 
    223 #            raise Exception("Error reading certificate file \"%s\": %s" %  
    224 #                                    (ioErr.filename, ioErr.strerror)) 
    225 # 
    226 #        # Make client to site B Attribute Authority 
    227 #        siteBClnt = AttributeAuthority(uri=_cfg['uri'],  
    228 #                                       cfgFileSection='wsse', 
    229 #                                       cfg=self.cfgParser) 
    230 # 
    231 #        acFilePathList = [xpdVars(file) for file in \ 
    232 #                          _cfg['userAttCertFilePathList'].split()] 
    233 # 
    234 #        for acFilePath in acFilePathList: 
    235 #            try: 
    236 #                userAttCert = AttCertRead(acFilePath) 
    237 #                 
    238 #            except IOError, ioErr: 
    239 #                raise Exception("Error reading attribute certificate file " 
    240 #                                '"%s": %s' % (ioErr.filename, ioErr.strerror)) 
    241 #         
    242 #            # Make attribute certificate request 
    243 #            try: 
    244 #                attCert = siteBClnt.getAttCert(userX509Cert=userX509CertTxt, 
    245 #                                               userAttCert=userAttCert) 
    246 #            except Exception, e: 
    247 #                outFilePfx = 'test09GetMappedAttCertStressTest-%s' % \ 
    248 #                        os.path.basename(acFilePath)     
    249 #                msgFile = open(outFilePfx+".msg", 'w') 
    250 #                msgFile.write('Failed for "%s": %s\n' % (acFilePath, e)) 
    251  
     67    def test02GetTrustedHostInfo(self): 
     68        """test02GetTrustedHostInfo: retrieve trusted host info matching a 
     69        given role""" 
     70        thisSection = self.cfg['test02GetTrustedHostInfo'] 
     71         
     72        trustedHostInfo = self.aa.getTrustedHostInfo(thisSection['role']) 
     73        for hostname, hostInfo in trustedHostInfo.items(): 
     74            self.assert_(hostname, "Hostname not set") 
     75            for k, v in hostInfo.items(): 
     76                self.assert_(k, "hostInfo value key unset") 
     77 
     78        print("Trusted Host Info:\n %s" % trustedHostInfo) 
     79 
     80    def test03GetTrustedHostInfoWithNoMatchingRoleFound(self): 
     81        """test03GetTrustedHostInfoWithNoMatchingRoleFound: test the case  
     82        where the input role doesn't match any roles in the target AA's map  
     83        config file""" 
     84        thisSection=self.cfg['test03GetTrustedHostInfoWithNoMatchingRoleFound'] 
     85        try: 
     86            trustedHostInfo = self.aa.getTrustedHostInfo(thisSection['role']) 
     87            self.fail("Expecting NoMatchingRoleInTrustedHosts exception") 
     88             
     89        except AttributeAuthorityNoMatchingRoleInTrustedHosts, e: 
     90            print('PASSED - no match for role "%s": %s' % (thisSection['role'], 
     91                                                           e)) 
     92 
     93 
     94    def test04GetTrustedHostInfoWithNoRole(self): 
     95        """test04GetTrustedHostInfoWithNoRole: retrieve trusted host info  
     96        irrespective of role""" 
     97        trustedHostInfo = self.aa.getTrustedHostInfo() 
     98        for hostname, hostInfo in trustedHostInfo.items(): 
     99            self.assert_(hostname, "Hostname not set") 
     100            for k, v in hostInfo.items(): 
     101                self.assert_(k, "hostInfo value key unset") 
     102                self.assert_(v, "%s value not set" % k) 
     103                    
     104        print("Trusted Host Info:\n %s" % trustedHostInfo) 
     105 
     106    def test05GetAttCert(self):         
     107        """test05GetAttCert: Request attribute certificate from NDG Attribute  
     108        Authority Web Service.""" 
     109        thisSection = self.cfg['test05GetAttCert'] 
     110         
     111        # Read user Certificate into a string ready for passing via WS 
     112        try: 
     113            userX509CertFilePath = xpdVars(thisSection.get( 
     114                                                    'issuingClntCertFilePath')) 
     115            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
     116         
     117        except TypeError: 
     118            # No issuing cert set 
     119            userX509CertTxt = None 
     120                 
     121        except IOError, ioErr: 
     122            raise Exception("Error reading certificate file \"%s\": %s" % 
     123                                    (ioErr.filename, ioErr.strerror)) 
     124 
     125        # Make attribute certificate request 
     126        attCert = self.aa.getAttCert(holderX509Cert=userX509CertTxt) 
     127         
     128        print("Attribute Certificate: \n\n:" + str(attCert)) 
     129         
     130        attCert.filePath = xpdVars(thisSection['attCertFilePath']) 
     131        attCert.write() 
     132         
     133         
     134    def test06GetAttCertWithUserIdSet(self):         
     135        """test06GetAttCertWithUserIdSet: Request attribute certificate from  
     136        NDG Attribute Authority Web Service setting a specific user Id  
     137        independent of the signer of the SOAP request.""" 
     138        thisSection = self.cfg['test06GetAttCertWithUserIdSet'] 
     139         
     140        # Make attribute certificate request 
     141        userId = thisSection['userId'] 
     142        attCert = self.aa.getAttCert(userId=userId) 
     143         
     144        print("Attribute Certificate: \n\n:" + str(attCert)) 
     145         
     146        attCert.filePath = xpdVars(thisSection['attCertFilePath']) 
     147        attCert.write() 
     148 
     149 
     150    def test07GetMappedAttCert(self):         
     151        """test07GetMappedAttCert: Request mapped attribute certificate from  
     152        NDG Attribute Authority Web Service.""" 
     153        thisSection = self.cfg['test07GetMappedAttCert'] 
     154         
     155        # Read user Certificate into a string ready for passing via WS 
     156        try: 
     157            userX509CertFilePath = xpdVars(thisSection.get( 
     158                                                    'issuingClntCertFilePath')) 
     159            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
     160         
     161        except TypeError: 
     162            # No issuing cert set 
     163            userX509CertTxt = None 
     164                 
     165        except IOError, ioErr: 
     166            raise Exception("Error reading certificate file \"%s\": %s" %  
     167                                    (ioErr.filename, ioErr.strerror)) 
     168     
     169        # Simlarly for Attribute Certificate  
     170        try: 
     171            userAttCert = AttCert.Read( 
     172                                xpdVars(thisSection['userAttCertFilePath'])) 
     173             
     174        except IOError, ioErr: 
     175            raise Exception("Error reading attribute certificate file \"%s\": " 
     176                            "%s" % (ioErr.filename, ioErr.strerror)) 
     177         
     178        # Make client to site B Attribute Authority 
     179        siteBAA = self._mkSiteBAttributeAuthority() 
     180     
     181        # Make attribute certificate request 
     182        attCert = siteBAA.getAttCert(holderX509Cert=userX509CertTxt, 
     183                                     userAttCert=userAttCert) 
     184        print("Attribute Certificate: \n\n:" + str(attCert)) 
     185         
     186        attCert.filePath = xpdVars(thisSection['mappedAttCertFilePath']) 
     187        attCert.write() 
     188         
     189         
     190    def test08GetMappedAttCertStressTest(self):         
     191        """test08GetMappedAttCertStressTest: Request mapped attribute  
     192        certificate from NDG Attribute Authority Web Service.""" 
     193        thisSection = self.cfg['test08GetMappedAttCertStressTest'] 
     194         
     195        # Read user Certificate into a string ready for passing via WS 
     196        try: 
     197            userX509CertFilePath = xpdVars(thisSection.get( 
     198                                                    'issuingClntCertFilePath')) 
     199            userX509CertTxt = open(userX509CertFilePath, 'r').read() 
     200         
     201        except TypeError: 
     202            # No issuing cert set 
     203            userX509CertTxt = None 
     204                 
     205        except IOError, ioErr: 
     206            raise Exception("Error reading certificate file \"%s\": %s" %  
     207                                    (ioErr.filename, ioErr.strerror)) 
     208 
     209        # Make client to site B Attribute Authority 
     210        siteBAA = self._mkSiteBAttributeAuthority() 
     211 
     212        acFilePathList = [xpdVars(file) for file in \ 
     213                          thisSection['userAttCertFilePathList'].split()] 
     214 
     215        for acFilePath in acFilePathList: 
     216            try: 
     217                userAttCert = AttCert.Read(acFilePath) 
     218                 
     219            except IOError, ioErr: 
     220                raise Exception("Error reading attribute certificate file " 
     221                                '"%s": %s' % (ioErr.filename, ioErr.strerror)) 
     222         
     223            # Make attribute certificate request 
     224            try: 
     225                attCert = siteBAA.getAttCert(holderX509Cert=userX509CertTxt, 
     226                                             userAttCert=userAttCert) 
     227            except Exception, e: 
     228                outFilePfx = 'test08GetMappedAttCertStressTest-%s' % \ 
     229                        os.path.basename(acFilePath)     
     230                msgFile = open(outFilePfx+".msg", 'w') 
     231                msgFile.write('Failed for "%s": %s\n' % (acFilePath, e)) 
    252232                                         
    253233if __name__ == "__main__": 
Note: See TracChangeset for help on using the changeset viewer.