source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sslclientauthnmiddleware/test_sslclientauthn.py @ 6440

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sslclientauthnmiddleware/test_sslclientauthn.py@6440
Revision 6440, 3.6 KB checked in by pjkersha, 11 years ago (diff)
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2"""Unit tests for SSLClientAuthNMiddleware class
3
4NERC Data Grid Project
5"""
6__author__ = "P J Kershaw"
7__date__ = "12/12/08"
8__copyright__ = "(C) 2009 Science and Technology Facilities Council"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = '$Id: $'
12import logging
13logging.basicConfig(level=logging.DEBUG)
14
15import unittest
16import os
17
18from urlparse import urlparse
19from os.path import expandvars as xpdVars
20from os.path import join as jnPath
21mkPath = lambda file: jnPath(os.environ['NDGSEC_SSLCLNTAUTHN_UNITTEST_DIR'],
22                             file)
23
24from ndg.security.test.unit import BaseTestCase
25from ndg.security.common.utils.configfileparsers import \
26                                                    CaseSensitiveConfigParser
27from ndg.security.common.utils.m2crypto import HTTPSConnection
28
29
30class SSLClientAuthNMiddlewareTestCase(BaseTestCase):
31    """Unit test case for
32    ndg.security.server.wsgi.sslclientauthn.SSLClientAuthNMiddleware class.
33    """
34   
35    def setUp(self):
36        super(SSLClientAuthNMiddlewareTestCase, self).setUp()
37       
38        if 'NDGSEC_INT_DEBUG' in os.environ:
39            import pdb
40            pdb.set_trace()
41       
42        if 'NDGSEC_SSLCLNTAUTHN_UNITTEST_DIR' not in os.environ:
43            os.environ['NDGSEC_SSLCLNTAUTHN_UNITTEST_DIR'] = \
44                os.path.abspath(os.path.dirname(__file__))
45       
46        self.cfg = CaseSensitiveConfigParser()
47        configFilePath = mkPath("sslClientAuthN.cfg")
48        self.cfg.read(configFilePath)
49        url = urlparse(self.cfg.get('DEFAULT', 'url'))
50        self.hostname = url.netloc
51        assert url.scheme=='https', "Expecting https transport for target URL"
52           
53    def test01CheckAccessSecuredURLSucceeds(self):
54        thisSection = 'test01CheckAccessSecuredURLSucceeds'
55       
56        clntCertFilePath = xpdVars(os.path.join('$NDGSEC_TEST_CONFIG_DIR',
57                                                'pki', 
58                                                'test.crt'))
59        clntPriKeyFilePath=xpdVars(os.path.join('$NDGSEC_TEST_CONFIG_DIR',
60                                                'pki', 
61                                                'test.key'))
62        con = HTTPSConnection(self.hostname, 
63                              clntCertFilePath=clntCertFilePath,
64                              clntPriKeyFilePath=clntPriKeyFilePath)
65        con.putrequest('GET', self.cfg.get(thisSection, 'path'))
66        con.endheaders()
67        resp = con.getresponse()
68        print("\nResponse from server: \n%s\n%s" % ('_'*80, resp.read()))
69        self.assert_(resp.status == 200)
70           
71    def test02CheckAccessSecuredURLFails(self):
72        thisSection = 'test02CheckAccessSecuredURLFails'
73       
74        # Omit client cert and private key and check that the server rejects
75        # the request
76        con = HTTPSConnection(self.hostname)
77        con.putrequest('GET', self.cfg.get(thisSection, 'path'))
78        con.endheaders()
79        resp = con.getresponse()
80        print("\nResponse from server: \n%s\n%s" % ('_'*80, resp.read()))
81        self.assert_(resp.status == 401)
82
83    def test03CheckAccessNonSecuredURLSucceeds(self):
84        thisSection = 'test03CheckAccessNonSecuredURLSucceeds'
85        con = HTTPSConnection(self.hostname)
86        con.putrequest('GET', self.cfg.get(thisSection, 'path'))
87        con.endheaders()
88        resp = con.getresponse()
89        print("\nResponse from server: \n%s\n%s" % ('_'*80, resp.read()))
90        self.assert_(resp.status == 200)
91       
92                                                         
93if __name__ == "__main__":
94    unittest.main()       
Note: See TracBrowser for help on using the repository browser.