Changeset 6059 for TI12-security


Ignore:
Timestamp:
26/11/09 14:48:49 (10 years ago)
Author:
pjkersha
Message:

Updated ndg.security.server.wsgi.authz module to include AuthorizationMiddleware? classes to support PIP attribute retrieval with either the NDG Attribute Authority interface (SOAP/WSDL + NDG Attribute Certificates) or (SOAP/SAML + SAML Assertions) - NDGAuthorizationMiddleware and SAMLAuthorizationMiddleware respectively. AuthorizationMiddlewareBase? provides an ABC and AuthorizationMiddleware? definition is an alias to NDGAuthorizationMiddleware for backwards compatibility.

Location:
TI12-security/trunk/python
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg_security_common/ndg/security/common/credentialwallet.py

    r6050 r6059  
    289289        @type cfg: basestring /ConfigParser derived type 
    290290        @param cfg: configuration file path or ConfigParser type object 
    291         @rtype: ndg.security.common.credentialWallet.SamlCredentialWallet 
     291        @rtype: ndg.security.common.credentialWallet.SAMLCredentialWallet 
    292292        @return: new instance of this class 
    293293        ''' 
     
    395395 
    396396 
    397 class SamlCredentialWallet(CredentialWalletBase): 
     397class SAMLCredentialWallet(CredentialWalletBase): 
    398398    """CredentialWallet for Earth System Grid supporting caching of SAML  
    399399    Attribute Assertions 
     
    401401    __slots__ = () 
    402402     
    403     CREDENTIAL_REPOSITORY_NOT_SUPPORTED_MSG = ("SamlCredentialWallet doesn't " 
     403    CREDENTIAL_REPOSITORY_NOT_SUPPORTED_MSG = ("SAMLCredentialWallet doesn't " 
    404404                                               "support the " 
    405405                                               "CredentialRepository " 
     
    411411        @type cfg: basestring /ConfigParser derived type 
    412412        @param cfg: configuration file path or ConfigParser type object 
    413         @rtype: ndg.security.common.credentialWallet.SamlCredentialWallet 
     413        @rtype: ndg.security.common.credentialWallet.SAMLCredentialWallet 
    414414        @return: new instance of this class 
    415415        ''' 
     
    521521        expired or are otherwise invalid.""" 
    522522 
    523         log.debug("SamlCredentialWallet.audit ...") 
     523        log.debug("SAMLCredentialWallet.audit ...") 
    524524         
    525525        for issuerName, issuerEntry in self.credentials.items(): 
     
    533533    def updateCredentialRepository(self, auditCred=True): 
    534534        """No Credential Repository support is required""" 
    535         msg = SamlCredentialWallet.CREDENTIAL_REPOSITORY_NOT_SUPPORTED_MSG 
     535        msg = SAMLCredentialWallet.CREDENTIAL_REPOSITORY_NOT_SUPPORTED_MSG 
    536536        log.warning(msg) 
    537537        warnings.warn(msg) 
     
    560560             
    561561    
    562 class NdgCredentialWallet(CredentialWalletBase): 
     562class NDGCredentialWallet(CredentialWalletBase): 
    563563    """Volatile store of user credentials associated with a user session 
    564564     
     
    726726        from 
    727727        @type cfgPrefix: basestring 
    728         @param cfgPrefix: apply a prefix to all NdgCredentialWallet config params  
     728        @param cfgPrefix: apply a prefix to all NDGCredentialWallet config params  
    729729        so that if placed in a file with other parameters they can be  
    730730        distinguished 
     
    732732        @param cfgKw: set parameters as key value pairs.""" 
    733733 
    734         log.debug("Calling NdgCredentialWallet.__init__ ...") 
    735  
    736         super(NdgCredentialWallet, self).__init__() 
     734        log.debug("Calling NDGCredentialWallet.__init__ ...") 
     735 
     736        super(NDGCredentialWallet, self).__init__() 
    737737         
    738738        # Initialise attributes - 1st protected ones 
    739         attr = {}.fromkeys(NdgCredentialWallet._protectedAttrs) 
     739        attr = {}.fromkeys(NDGCredentialWallet._protectedAttrs) 
    740740         
    741741        # ... then properties 
    742         attr.update(NdgCredentialWallet.propertyDefaults) 
     742        attr.update(NDGCredentialWallet.propertyDefaults) 
    743743        for k, v in attr.items(): 
    744744            setattr(self, k, v) 
     
    823823        prop = readAndValidate(cfgFilePath, 
    824824                               cfg=self._cfg, 
    825                                validKeys=NdgCredentialWallet.propertyDefaults, 
     825                               validKeys=NDGCredentialWallet.propertyDefaults, 
    826826                               prefix=prefix, 
    827827                               sections=(section,)) 
     
    10791079        if value is not None:      
    10801080            # Re-initialize local instance 
    1081             self._attributeAuthority = NdgCredentialWallet.propertyDefaults[ 
     1081            self._attributeAuthority = NDGCredentialWallet.propertyDefaults[ 
    10821082                                                        'attributeAuthority'] 
    10831083 
     
    11841184            return self._userX509Cert.isValidTime(**x509CertKeys) 
    11851185        else: 
    1186             log.warning("NdgCredentialWallet.isValid: no user certificate set in " 
     1186            log.warning("NDGCredentialWallet.isValid: no user certificate set in " 
    11871187                        "wallet") 
    11881188            return True 
     
    12721272        expired or are otherwise invalid.""" 
    12731273 
    1274         log.debug("NdgCredentialWallet.audit ...") 
     1274        log.debug("NDGCredentialWallet.audit ...") 
    12751275         
    12761276        # Nb. No signature check is carried out.  To do a check, access is 
     
    12911291        removing invalid ones""" 
    12921292 
    1293         log.debug("NdgCredentialWallet.updateCredentialRepository ...") 
     1293        log.debug("NDGCredentialWallet.updateCredentialRepository ...") 
    12941294         
    12951295        if not self.credentialRepository: 
     
    13161316        @return: new Attribute Authority client instance""" 
    13171317 
    1318         log.debug('NdgCredentialWallet._createAttributeAuthorityClnt for ' 
     1318        log.debug('NDGCredentialWallet._createAttributeAuthorityClnt for ' 
    13191319                  'service: "%s"' % attributeAuthorityURI) 
    13201320 
     
    13821382        Attribute Authority""" 
    13831383       
    1384         log.debug("NdgCredentialWallet._getAttCert ...") 
     1384        log.debug("NDGCredentialWallet._getAttCert ...") 
    13851385         
    13861386         
     
    14101410            aaInterface = self._createAttributeAuthorityClnt( 
    14111411                                                        attributeAuthorityURI)                             
    1412             log.debug('NdgCredentialWallet._getAttCert for remote Attribute ' 
     1412            log.debug('NDGCredentialWallet._getAttCert for remote Attribute ' 
    14131413                      'Authority service: "%s" ...' % attributeAuthorityURI) 
    14141414                 
     
    14171417            # configuration file attributeAuthority 
    14181418            aaInterface = attributeAuthority 
    1419             log.debug('NdgCredentialWallet._getAttCert for local Attribute ' 
     1419            log.debug('NDGCredentialWallet._getAttCert for local Attribute ' 
    14201420                      'Authority: "%r" ...' % attributeAuthority) 
    14211421        else: 
     
    14861486            attributeAuthorityURI = self.attributeAuthorityURI 
    14871487         
    1488         log.debug('NdgCredentialWallet._getAAHostInfo for service: "%s" ...' %  
     1488        log.debug('NDGCredentialWallet._getAAHostInfo for service: "%s" ...' %  
    14891489                  attributeAuthorityURI or attributeAuthority) 
    14901490             
     
    15431543            attributeAuthorityURI = self.attributeAuthorityURI 
    15441544         
    1545         log.debug('NdgCredentialWallet._getAATrustedHostInfo for role "%s" and ' 
     1545        log.debug('NDGCredentialWallet._getAATrustedHostInfo for role "%s" and ' 
    15461546                  'service: "%s" ...' % (userRole,  
    15471547                                attributeAuthorityURI or attributeAuthority)) 
     
    16851685        @return: Attribute Certificate retrieved from Attribute Authority""" 
    16861686         
    1687         log.debug("NdgCredentialWallet.getAttCert ...") 
     1687        log.debug("NDGCredentialWallet.getAttCert ...") 
    16881688         
    16891689        # Both these assignments are calling set property methods implicitly! 
     
    17011701            # Find out the site ID for the target AA by calling AA's host 
    17021702            # info WS method 
    1703             log.debug("NdgCredentialWallet.getAttCert - check AA site ID ...") 
     1703            log.debug("NDGCredentialWallet.getAttCert - check AA site ID ...") 
    17041704            try: 
    17051705                hostInfo = self._getAAHostInfo() 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/sessionmanager.py

    r6050 r6059  
    2323 
    2424# Credential Wallet 
    25 from ndg.security.common.credentialwallet import (NdgCredentialWallet,  
     25from ndg.security.common.credentialwallet import (NDGCredentialWallet,  
    2626    CredentialRepository, CredentialWalletError,  
    2727    CredentialWalletAttributeRequestDenied, NullCredentialRepository) 
     
    6767     
    6868    def __init__(self, lifetime=28800, **credentialWalletKeys): 
    69         """Initialise UserSession with keywords to NdgCredentialWallet 
     69        """Initialise UserSession with keywords to NDGCredentialWallet 
    7070         
    7171        @type lifetime: int / float 
     
    7878        # Set time stamp to enable auditing to remove stale sessions.  The 
    7979        # user's credential wallet may contain a user certificate which may 
    80         # also be checked for expiry using NdgCredentialWallet.isValid() but there 
     80        # also be checked for expiry using NDGCredentialWallet.isValid() but there 
    8181        # may be no user certificate set.  This code is an extra provision to 
    8282        # to allow for this 
     
    8888        self.__sessIdList = [] 
    8989        self.addNewSessID() 
    90         self.__credentialWallet = NdgCredentialWallet(**credentialWalletKeys) 
     90        self.__credentialWallet = NDGCredentialWallet(**credentialWalletKeys) 
    9191 
    9292        log.info("Created a session with ID = %s" % self.__sessIdList[-1]) 
     
    154154        @raise UserSessionExpired: session has expired 
    155155        @raise X509CertInvalidNotBeforeTime: X.509 certificate held by the 
    156         NdgCredentialWallet is set after the current time 
     156        NDGCredentialWallet is set after the current time 
    157157        @raise X509CertExpired: X.509 certificate held by the 
    158         NdgCredentialWallet has expired 
     158        NDGCredentialWallet has expired 
    159159        """ 
    160160        if not self.isValidTime(raiseExcep=raiseExcep): 
     
    172172     
    173173    credentialWallet = property(fget=__getCredentialWallet, 
    174                                 doc="Read-only access to NdgCredentialWallet " 
     174                                doc="Read-only access to NDGCredentialWallet " 
    175175                                    "instance") 
    176176 
     
    538538                                    sections=(section,)) 
    539539         
    540         # Keep a copy of the config file for the NdgCredentialWallet to reference  
     540        # Keep a copy of the config file for the NDGCredentialWallet to reference  
    541541        # so that it can retrieve WS-Security settings 
    542542        self._cfg = readPropertiesFile.cfg 
     
    10651065         
    10661066        @type credentialWalletKw: dict 
    1067         @param **credentialWalletKw: keywords to NdgCredentialWallet.getAttCert 
     1067        @param **credentialWalletKw: keywords to NDGCredentialWallet.getAttCert 
    10681068        """ 
    10691069         
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/authz.py

    r6050 r6059  
    88__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    99__revision__ = "$Id$" 
    10 __license__ = "BSD - see LICENSE file in top-levle directory" 
     10__license__ = "BSD - see LICENSE file in top-level directory" 
    1111import logging 
    1212log = logging.getLogger(__name__) 
     13 
     14import warnings 
    1315from time import time 
    1416from urlparse import urlunsplit 
     
    1921from ndg.security.common.utils.m2crypto import SSLContextProxy 
    2022 
    21 from ndg.security.common.credentialwallet import (CredentialWallet, 
    22                                                   SamlCredentialWallet) 
     23from ndg.security.common.credentialwallet import (NDGCredentialWallet, 
     24                                                  SAMLCredentialWallet) 
    2325from ndg.security.server.wsgi import (NDGSecurityMiddlewareBase,  
    2426                                      NDGSecurityMiddlewareConfigError) 
     
    3840    """This middleware is invoked if access is denied to a given resource.  It 
    3941    is incorporated into the call stack by passing it in to a MultiHandler  
    40     instance.  The MultiHandler is configured in the AuthorizationMiddleware  
     42    instance.  The MultiHandler is configured in the AuthorizationMiddlewareBase  
    4143    class below.  The MultiHandler is passed a checker method which determines 
    4244    whether to allow access, or call this interface.   The checker is 
     
    4648    denied response e.g. include an interface to enable users to register for 
    4749    the dataset from which they have been denied access.  See  
    48     AuthorizationMiddleware pepResultHandler keyword. 
     50    AuthorizationMiddlewareBase pepResultHandler keyword. 
    4951     
    5052    SessionMiddlewareBase base class defines user session key and  
     
    142144         
    143145        # Initialise the Policy Information Point to None.  This object is 
    144         # created and set later.  See AuthorizationMiddleware. 
     146        # created and set later.  See AuthorizationMiddlewareBase. 
    145147        self.pdp = PDP(policy, None) 
    146148         
     
    328330class NdgPIPMiddlewareConfigError(NdgPIPMiddlewareError): 
    329331    """Configuration related error for Policy Information Point WSGI middleware 
    330     """ 
    331      
     332    """     
    332333     
    333334class NdgPIPMiddleware(PIP, NDGSecurityMiddlewareBase): 
    334335    '''Extend Policy Information Point to enable caching of credentials in 
    335     a CredentialWallet object held in beaker.session 
     336    a NDGCredentialWallet object held in beaker.session 
    336337    ''' 
    337338    ENVIRON_KEYNAME = 'ndg.security.server.wsgi.authz.NdgPIPMiddleware' 
     
    400401                
    401402    def _getAttributeCertificate(self, attributeAuthorityURI, **kw): 
    402         '''Extend base class implementation to make use of the CredentialWallet 
    403         Attribute Certificate cache held in the beaker session.  If no suitable 
    404         certificate is present invoke default behaviour and retrieve an  
    405         Attribute Certificate from the Attribute Authority or Session Manager 
    406         specified 
     403        '''Extend base class implementation to make use of the  
     404        NDGCredentialWallet Attribute Certificate cache held in the beaker  
     405        session.  If no suitable certificate is present invoke default behaviour  
     406        and retrieve an Attribute Certificate from the Attribute Authority or  
     407        Session Manager specified 
    407408 
    408409        @type attributeAuthorityURI: basestring 
     
    426427                      self.session['username']) 
    427428             
    428             self.session['credentialWallet'] = CredentialWallet( 
     429            self.session['credentialWallet'] = NDGCredentialWallet( 
    429430                                            userId=self.session['username']) 
    430431            self.session.save() 
     
    478479class SamlPIPMiddleware(PIPBase, NDGSecurityMiddlewareBase): 
    479480    '''Extend Policy Information Point to enable caching of SAML credentials in 
    480     a CredentialWallet object held in beaker.session 
     481    a SAMLCredentialWallet object held in beaker.session 
    481482    ''' 
    482483    ENVIRON_KEYNAME = 'ndg.security.server.wsgi.authz.SamlPIPMiddleware' 
     
    577578                      self.session[usernameKeyName]) 
    578579             
    579             credentialWallet = SamlCredentialWallet() 
     580            credentialWallet = SAMLCredentialWallet() 
    580581            credentialWallet.userId = self.session[usernameKeyName] 
    581582            credentialWallet.sslCtxProxy.copy(self.sslCtxProxy) 
     
    622623 
    623624class AuthorizationMiddlewareError(Exception): 
    624     """Base class for AuthorizationMiddleware exceptions""" 
     625    """Base class for AuthorizationMiddlewareBase exceptions""" 
    625626     
    626627class AuthorizationMiddlewareConfigError(Exception): 
    627     """AuthorizationMiddleware configuration related exceptions""" 
    628      
    629 class AuthorizationMiddleware(NDGSecurityMiddlewareBase): 
    630     '''Handler to call Policy Enforcement Point middleware to intercept  
    631     requests and enforce access control decisions.  Add THIS class to any  
    632     WSGI middleware chain ahead of the application(s) which it is to  
    633     protect.  Use in conjunction with  
     628    """AuthorizationMiddlewareBase configuration related exceptions""" 
     629  
     630    
     631class AuthorizationMiddlewareBase(NDGSecurityMiddlewareBase): 
     632    '''Virtual class - A base Handler to call Policy Enforcement Point  
     633    middleware to intercept requests and enforce access control decisions.   
     634     
     635    Extend THIS class adding the new type to any WSGI middleware chain ahead of  
     636    the application(s) which it is to protect.  To make an implementation for  
     637    this virtual class, set PIP_MIDDLEWARE_CLASS in the derived type to a  
     638    valid Policy Information Point Class.  Use in conjunction with  
    634639    ndg.security.server.wsgi.authn.AuthenticationMiddleware 
    635640    ''' 
     
    637642    PIP_PARAM_PREFIX = 'pip.' 
    638643    PEP_RESULT_HANDLER_PARAMNAME = "pepResultHandler" 
     644     
     645         
     646    class PIP_MIDDLEWARE_CLASS(object): 
     647        """Policy Information Point WSGI middleware abstract base,  
     648        implementations should retrieve user credentials to enable the PDP to  
     649        make access control decisions 
     650        """ 
     651        def __init__(self, app, global_conf, prefix='', **local_conf):   
     652            raise NotImplementedError(' '.join( 
     653                AuthorizationMiddlewareBase.PIP_MIDDLEWARE_CLASS.__doc__.split()) 
     654            ) 
    639655     
    640656    def __init__(self, app, global_conf, prefix='', **app_conf): 
     
    654670        dictionary 
    655671        """ 
    656         authzPrefix = prefix + AuthorizationMiddleware.PEP_PARAM_PREFIX 
     672        authzPrefix = prefix + AuthorizationMiddlewareBase.PEP_PARAM_PREFIX 
    657673        pepFilter = PEPFilter(app, 
    658674                              global_conf, 
     
    664680        # so that it can take a copy of the beaker session object from environ 
    665681        # ahead of the PDP's request to it for an Attribute Certificate 
    666         pipPrefix = AuthorizationMiddleware.PIP_PARAM_PREFIX 
    667         pipFilter = SamlPIPMiddleware(pepFilter, 
    668                                       global_conf, 
    669                                       prefix=pipPrefix, 
    670                                       **app_conf) 
     682        pipPrefix = AuthorizationMiddlewareBase.PIP_PARAM_PREFIX 
     683        pipFilter = self.__class__.PIP_MIDDLEWARE_CLASS(pepFilter, 
     684                                                        global_conf, 
     685                                                        prefix=pipPrefix, 
     686                                                        **app_conf) 
    671687        pepFilter.pdp.pip = pipFilter 
    672688         
     
    674690 
    675691        pepResultHandlerClassName = app_conf.pop( 
    676                 prefix+AuthorizationMiddleware.PEP_RESULT_HANDLER_PARAMNAME,  
     692                prefix+AuthorizationMiddlewareBase.PEP_RESULT_HANDLER_PARAMNAME,  
    677693                None) 
    678694        if pepResultHandlerClassName is None: 
     
    690706        app.add_checker(PEPFilter.MIDDLEWARE_ID, pepInterceptFunc)                 
    691707         
    692         super(AuthorizationMiddleware, self).__init__(app, 
     708        super(AuthorizationMiddlewareBase, self).__init__(app, 
    693709                                                      global_conf, 
    694710                                                      prefix=prefix, 
    695711                                                      **app_conf) 
    696                  
     712  
     713 
     714class NDGAuthorizationMiddleware(AuthorizationMiddlewareBase): 
     715    """Implementation of AuthorizationMiddlewareBase using the NDG Policy 
     716    Information Point interface.  This retrieves attributes over the SOAP/WSDL 
     717    Attribute Authority interface  
     718    (ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware) 
     719    and caches NDG Attribute Certificates in an  
     720    ndg.security.common.credentialWallet.NDGCredentialWallet 
     721    """       
     722    PIP_MIDDLEWARE_CLASS = NdgPIPMiddleware    
     723 
     724 
     725class AuthorizationMiddleware(NDGAuthorizationMiddleware): 
     726    """Include this class for backwards compatibility - see warning message 
     727    in FUTURE_DEPRECATION_WARNING_MSG class variable""" 
     728    FUTURE_DEPRECATION_WARNING_MSG = ( 
     729        "AuthorizationMiddleware will be deprecated in future releases.  " 
     730        "NDGAuthorizationMiddleware is a drop in replacement but should be " 
     731        "replaced with SAMLAuthorizationMiddleware instead") 
     732     
     733    def __init__(self, *arg, **kw): 
     734        warnings.warn(AuthorizationMiddleware.FUTURE_DEPRECATION_WARNING_MSG, 
     735                      PendingDeprecationWarning) 
     736        log.warning(AuthorizationMiddleware.FUTURE_DEPRECATION_WARNING_MSG)  
     737        super(AuthorizationMiddleware, self).__init__(*arg, **kw) 
     738 
     739 
     740class SAMLAuthorizationMiddleware(AuthorizationMiddlewareBase): 
     741    """Implementation of AuthorizationMiddlewareBase using the SAML Policy 
     742    Information Point interface.  This retrieves attributes over the SOAP/SAML 
     743    Attribute Authority interface  
     744    (ndg.security.server.wsgi.saml.SOAPAttributeInterfaceMiddleware) and caches  
     745    SAML Assertions in a  
     746    ndg.security.common.credentialWallet.SAMLCredentialWallet 
     747    """       
     748    PIP_MIDDLEWARE_CLASS = SamlPIPMiddleware 
     749     
  • TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini

    r5788 r6059  
    144144 
    145145[formatter_generic] 
    146 format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s 
    147 datefmt = %H:%M:%S 
     146format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s 
     147datefmt = %Y-%m-%d-%H:%M:%S 
    148148 
  • TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

    r6050 r6059  
    3030from ndg.security.common.utils.etree import prettyPrint 
    3131from ndg.security.common.X509 import X509CertParse 
    32 from ndg.security.common.credentialwallet import (NdgCredentialWallet,  
    33     CredentialWalletAttributeRequestDenied, SamlCredentialWallet) 
     32from ndg.security.common.credentialwallet import (NDGCredentialWallet,  
     33    CredentialWalletAttributeRequestDenied, SAMLCredentialWallet) 
    3434from ndg.security.server.attributeauthority import AttributeAuthority 
    3535 
     
    4242 
    4343 
    44 class NdgCredentialWalletTestCase(BaseTestCase): 
     44class NDGCredentialWalletTestCase(BaseTestCase): 
    4545    """Unit test case for  
    46     ndg.security.common.credentialwallet.NdgCredentialWallet class. 
     46    ndg.security.common.credentialwallet.NDGCredentialWallet class. 
    4747    """ 
    4848    def __init__(self, *arg, **kw): 
    49         super(NdgCredentialWalletTestCase, self).__init__(*arg, **kw) 
     49        super(NDGCredentialWalletTestCase, self).__init__(*arg, **kw) 
    5050        self.startAttributeAuthorities() 
    5151     
    5252    def setUp(self): 
    53         super(NdgCredentialWalletTestCase, self).setUp() 
     53        super(NDGCredentialWalletTestCase, self).setUp() 
    5454         
    5555        if 'NDGSEC_INT_DEBUG' in os.environ: 
     
    7373         
    7474        try: 
    75             NdgCredentialWallet.accessDenied = 'yes' 
     75            NDGCredentialWallet.accessDenied = 'yes' 
    7676            self.fail("accessDenied class variable should be read-only") 
    7777        except Exception, e: 
     
    7979 
    8080        try: 
    81             NdgCredentialWallet.accessGranted = False 
     81            NDGCredentialWallet.accessGranted = False 
    8282            self.fail("accessGranted class variable should be read-only") 
    8383        except Exception, e: 
    8484            print("PASS - accessGranted class variable is read-only") 
    8585             
    86         assert(not NdgCredentialWallet.accessDenied) 
    87         assert(NdgCredentialWallet.accessGranted) 
     86        assert(not NDGCredentialWallet.accessDenied) 
     87        assert(NDGCredentialWallet.accessGranted) 
    8888         
    8989         
    9090    def test02SetAttributes(self): 
    9191         
    92         credWallet = NdgCredentialWallet() 
     92        credWallet = NDGCredentialWallet() 
    9393        credWallet.userX509Cert=open(xpdVars(self.userX509CertFilePath)).read() 
    9494        print("userX509Cert=%s" % credWallet.userX509Cert) 
     
    116116    def test03GetAttCertWithUserId(self): 
    117117                     
    118         credWallet = NdgCredentialWallet(cfg=self.cfg.get('setUp',  
     118        credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    119119                                                          'cfgFilePath')) 
    120120        attCert = credWallet.getAttCert() 
     
    127127    def test04GetAttCertWithUserX509Cert(self): 
    128128                     
    129         credWallet = NdgCredentialWallet(cfg=self.cfg.get('setUp',  
     129        credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    130130                                                          'cfgFilePath')) 
    131131         
     
    146146        # This flag prevents role mapping from a trusted AA and so in this case 
    147147        # forces refusal of the request 
    148         credWallet = NdgCredentialWallet(cfg=self.cfg.get('setUp',  
     148        credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    149149                                                          'cfgFilePath'), 
    150150                                         mapFromTrustedHosts=False)     
     
    168168         
    169169        # Call Site A Attribute Authority where user is registered 
    170         credWallet = NdgCredentialWallet(cfg=self.cfg.get('setUp',  
     170        credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    171171                                                          'cfgFilePath')) 
    172172        attCert = credWallet.getAttCert() 
     
    185185                                      'attributeAuthorityPropFilePath')  
    186186                   
    187         credWallet = NdgCredentialWallet(cfg=self.cfg.get('setUp',  
     187        credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    188188                                                          'cfgFilePath')) 
    189189        credWallet.attributeAuthority = AttributeAuthority.fromPropertyFile( 
     
    197197 
    198198 
    199 class SamlCredentialWalletTestCase(BaseTestCase): 
     199class SAMLCredentialWalletTestCase(BaseTestCase): 
    200200    THIS_DIR = os.path.dirname(__file__) 
    201201    CONFIG_FILENAME = 'test_samlcredentialwallet.cfg' 
     
    225225     
    226226    def __init__(self, *arg, **kw): 
    227         super(SamlCredentialWalletTestCase, self).__init__(*arg, **kw) 
     227        super(SAMLCredentialWalletTestCase, self).__init__(*arg, **kw) 
    228228         
    229229    def setUp(self): 
     
    237237        timeExpires = timeNow + timedelta(seconds=validityDuration) 
    238238        assertionStr = Template( 
    239             SamlCredentialWalletTestCase.ASSERTION_STR).substitute( 
     239            SAMLCredentialWalletTestCase.ASSERTION_STR).substitute( 
    240240                dict( 
    241241                 issuerName=issuerName, 
     
    252252 
    253253    def _addCredential(self): 
    254         wallet = SamlCredentialWallet()    
     254        wallet = SAMLCredentialWallet()    
    255255        wallet.addCredential( 
    256256            self.assertion,  
    257257            attributeAuthorityURI=\ 
    258                 SamlCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI) 
     258                SAMLCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI) 
    259259        return wallet 
    260260     
     
    264264        self.assert_(len(wallet.credentials) == 1) 
    265265        self.assert_( 
    266             SamlCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI in \ 
     266            SAMLCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI in \ 
    267267            wallet.credentialsKeyedByURI) 
    268         self.assert_(SamlCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME in \ 
     268        self.assert_(SAMLCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME in \ 
    269269                     wallet.credentials) 
    270270         
    271271        assertion = wallet.credentials[ 
    272             SamlCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME 
     272            SAMLCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME 
    273273        ].credential 
    274274         
     
    277277     
    278278    def test02VerifyCredential(self): 
    279         wallet = SamlCredentialWallet() 
     279        wallet = SAMLCredentialWallet() 
    280280        self.assert_(wallet.isValidCredential(self.assertion)) 
    281281         
     
    294294        # is carried to prune expired credentials 
    295295        shortExpiryAssertion = self._createAssertion(validityDuration=1) 
    296         wallet = SamlCredentialWallet() 
     296        wallet = SAMLCredentialWallet() 
    297297        wallet.addCredential(shortExpiryAssertion) 
    298298         
     
    314314        self.assert_(newAssertion.conditions.notOnOrAfter==\ 
    315315                     wallet.credentials[ 
    316                         SamlCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME 
     316                        SAMLCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME 
    317317                    ].credential.conditions.notOnOrAfter) 
    318318         
Note: See TracChangeset for help on using the changeset viewer.