source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py @ 7077

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py@7077
Revision 7077, 4.2 KB checked in by pjkersha, 11 years ago (diff)
  • Property svn:keywords set to Id
Line 
1"""MSI (Medium Sized Initiative aka NDG3) authorisation unit test module
2
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "18/11/09"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id$'
11from os import path
12from ndg.security.test.unit import BaseTestCase
13from ndg.security.common.authz.msi import (Policy, PDP, PIPBase, Subject,
14                                           Request, Resource, Response,
15                                           PIPAttributeQuery,
16                                           PIPAttributeResponse)
17
18
19class MsiBaseTestCase(BaseTestCase):
20    """Base class for passing common class variables between unit test classes
21    in this module"""
22    THIS_DIR = path.dirname(__file__)
23    POLICY_1_1_FILENAME = 'policy-1.1.xml'
24    POLICY_1_1_FILEPATH = path.join(THIS_DIR, POLICY_1_1_FILENAME)
25   
26   
27class PolicyTestCase(MsiBaseTestCase):
28    """Unit tests for the MSI Policy"""
29    POLICY_1_0_FILENAME = 'policy-1.0.xml'
30    POLICY_1_0_FILEPATH = path.join(MsiBaseTestCase.THIS_DIR, 
31                                    POLICY_1_0_FILENAME)
32    ATTRIBUTE_AUTHORITY_URI = 'http://localhost:7443/AttributeAuthority'
33   
34    def test01ParseVersion1_0PolicyFile(self):
35        policy = Policy.Parse(PolicyTestCase.POLICY_1_0_FILEPATH)
36       
37        assert(policy)
38        assert(len(policy.targets) > 0)
39       
40        for target in policy.targets:
41            assert(len(target.attributes) > 0)
42           
43            for attribute in target.attributes:
44                assert(attribute.name)
45                assert(attribute.attributeAuthorityURI == \
46                       PolicyTestCase.ATTRIBUTE_AUTHORITY_URI)
47       
48    def test02ParseVersion1_1PolicyFile(self):
49        policy = Policy.Parse(PolicyTestCase.POLICY_1_1_FILEPATH)
50       
51        assert(policy)
52        assert(len(policy.targets) > 0)
53       
54        for target in policy.targets:
55            assert(len(target.attributes) > 0)
56           
57            for attribute in target.attributes:
58                assert(attribute.name)
59                assert(attribute.attributeAuthorityURI)
60
61                       
62
63class PIPPlaceholder(PIPBase):
64    """Policy Information Point for Testing the PDP"""
65    def __init__(self):
66        pass
67   
68    def attributeQuery(self, attributeQuery):
69        subject = attributeQuery[PIPAttributeQuery.SUBJECT_NS]
70        username = subject[Subject.USERID_NS]
71       
72        attributeResponse = PIPAttributeResponse()
73       
74        if username == BaseTestCase.OPENID_URI:
75            attributeResponse[Subject.ROLES_NS] = BaseTestCase.ATTRIBUTE_VALUES
76           
77        return attributeResponse
78
79   
80class PDPTestCase(MsiBaseTestCase):
81    """Unit tests for the Policy Decision Point"""
82    PERMITTED_RESOURCE_URI = '/test_securedURI'
83    DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI'
84    WITH_ESCAPE_CHARS_RESOURCE_URI = '/test_securedURI?MyQueryParam=100'
85   
86    def setUp(self):
87        pip = PIPPlaceholder()
88        policy = Policy.Parse(PDPTestCase.POLICY_1_1_FILEPATH)
89        self.pdp = PDP(policy, pip)
90       
91        # Make a request object to pass to the PDP
92        self.request = Request()
93        self.request.subject[Subject.USERID_NS] = PDPTestCase.OPENID_URI
94   
95    def test01AccessPermitted(self):
96        self.request.resource[Resource.URI_NS
97                              ] = PDPTestCase.PERMITTED_RESOURCE_URI
98        response = self.pdp.evaluate(self.request)
99       
100        self.assert_(response.status == Response.DECISION_PERMIT)
101
102    def test02AccessDenied(self):
103        self.request.resource[Resource.URI_NS] = PDPTestCase.DENIED_RESOURCE_URI     
104        response = self.pdp.evaluate(self.request)
105       
106        self.assert_(response.status == Response.DECISION_DENY)
107
108    def test03WithEscapeCharsInPolicy(self):
109        self.request.resource[Resource.URI_NS
110                              ] = PDPTestCase.WITH_ESCAPE_CHARS_RESOURCE_URI     
111        response = self.pdp.evaluate(self.request)
112       
113        self.assert_(response.status == Response.DECISION_PERMIT)
114
115       
116if __name__ == "__main__":
117    import unittest
118    unittest.main()
Note: See TracBrowser for help on using the repository browser.