Changeset 1999

Timestamp:

13/01/07 15:26:26 (14 years ago)

Author:

pjkersha

Message:

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: added config parser so that params can be set from a configuration file.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.
py and python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg: added config parser + prompt for passwords where not set in config.

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
AA client code - added documentation and changed getAttCert so that an AttCert?
type can be passed in as well as a string for userAttCert arg.

Location:

TI12-security/trunk

Files:

• architecture/uml/ndg2-dews-security-beta.eap (modified) (previous)
• python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py (modified) (7 diffs)
• python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py (modified) (2 diffs)
• python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py (modified) (9 diffs)
• python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg (modified) (1 diff)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

@@ -30 +30 @@
 from AttAuthority_services import AttAuthorityServiceLocator
 from ndg.security.common.wsSecurity import SignatureHandler
-
+from ndg.security.common.AttCert import AttCertParse
 
 #_____________________________________________________________________________
@@ -183 +183 @@
                          doc="Password protecting client private key file")
 
+
     #_________________________________________________________________________
     def __getSrvCert(self):
@@ -211 +212 @@
     #_________________________________________________________________________
     def initService(self, uri=None):
-        """Set the WS proxy for the Attribute Authority"""
+        """Set the WS proxy for the Attribute Authority
+        
+        @type uri: string
+        @param uri: URI for service to invoke"""
         if uri:
             self.__setURI(uri)
@@ -237 +241 @@
                                     
     #_________________________________________________________________________
-    def getHostInfo(self, clntPriKeyPwd=None):
+    def getHostInfo(self):
         """Get host information for the data provider which the 
         Attribute Authority represents
         
+        @rtype dict
+        @return dictionary of host information for the target attribute
+        authority
         """
 
@@ -256 +263 @@
                                     
     #_________________________________________________________________________
-    def getTrustedHostInfo(self, role=None, clntPriKeyPwd=None):
+    def getTrustedHostInfo(self, role=None):
         """Get list of trusted hosts for an Attribute Authority
         
+        @type role: string
+        @param role: get information for trusted hosts that have a mapping to
+        this role
+        
+        @rtype dict
+        @return dictionary of trusted hosts indexed by hostname
         """
 
@@ -275 +288 @@
 
     #_________________________________________________________________________
-    def getAttCert(self, 
-                   proxyCert, 
-                   userAttCert=None, 
-                   clntPriKeyPwd=None):
+    def getAttCert(self, proxyCert, userAttCert=None):
         """Request attribute certificate from NDG Attribute Authority Web 
-        Service."""
+        Service.
+        
+        @type proxyCert: string
+        @param proxyCert: certificate containing Distinguished Name of user
+        to request an Attribute Certificate for
+        
+        @type userAttCert: string / AttCert
+        @param userAttCert: user attribute certificate from which to make a 
+        mapped certificate at the target attribute authority.  userAttCert
+        must have been issued from a trusted host to the target
+        
+        @rtype AttCert
+        @return attribute certificate for user"""
 
 
@@ -286 +308 @@
         self.__getSrvX509Cert()
 
-
+        # Ensure cert is serialized before passing over web service interface
+        if isinstance(userAttCert, AttCert):
+            userAttCert = str(userAttCert)
+            
         try:   
-            resp = self.__srv.getAttCert(proxyCert)
+            attCert = AttCertParse(self.__srv.getAttCert(proxyCert, 
+                                                         userAttCert))
                                       
         except Exception, e:
-            raise AttAuthorityClientError, "Error: " + str(e)
-            
-        return resp
+            raise AttAuthorityClientError, \
+                                "requesting attribute certificate: " + str(e)
+            
+        return attCert
 
                                     
     #_________________________________________________________________________
     def getX509Cert(self):
-        """Retrieve the public key of the Attribute Authority"""
+        """Retrieve the X.509 certificate of the Attribute Authority
+        
+        @rtype: string
+        @return X.509 certificate for Attribute Authority"""
         
         try:   

TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

@@ -15 +15 @@
 
 import unittest
-import os
-import sys
+import os, sys, getpass
+from ConfigParser import SafeConfigParser
 
 from ndg.security.common.AttAuthority import AttAuthorityClient
@@ -23 +23 @@
     
     def setUp(self):
-        # Session Manager WSDL
-        self.uri = 'http://127.0.0.1:5700/AttributeAuthority'
+        
+        configParser = SafeConfigParser()
+        configParser.read("./attAuthorityClientTest.cfg")
+        
+        self.cfg = {}
+        for section in configParser.sections():
+            self.cfg[section] = dict(configParser.items(section))
 
         # Instantiate WS proxy
-        self.clnt = AttAuthorityClient(self.uri, tracefile=sys.stderr)
+        self.clnt = AttAuthorityClient(self.cfg['setUp']['uri'], 
+                                       tracefile=sys.stderr)
    
     

TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

@@ -7 +7 @@
 NERC Data Grid Project
 
-P J Kershaw 23/02/06
+@author P J Kershaw 
+
+23/02/06
 
 Renamed from SessionClientTest.py 27/0/4/06
 Moved and renamed SessionMgrClientTest.py 23/11/06
 
-Copyright (C) 2006 CCLRC & NERC
-
-This software may be distributed under the terms of the Q Public License,
-version 1.0 or later.
+@copyright (C) 2007 CCLRC & NERC
+
+@license This software may be distributed under the terms of the Q Public
+License, version 1.0 or later.
 """
 import unittest
 import os, sys, getpass
- 
+from ConfigParser import SafeConfigParser
+
 from ndg.security.common.SessionMgr import SessionMgrClient
 from ndg.security.common.SessionCookie import SessionCookie
@@ -36 +39 @@
 
         tracefile = sys.stderr
+
+        clntPriKeyPwd = self.cfg['setUp'].get('clntprikeypwd') or \
+            getpass.getpass(prompt="\nsetUp - client private key password: ")
         
         # Initialise the Session Manager client connection
         # Omit traceFile keyword to leave out SOAP debug info
-        self.clnt = SessionMgrClient(uri=self.cfg['setup']['smuri'],
-                smCertFilePath=self.cfg['setup']['smcertfilepath'],
-                clntCertFilePath=self.cfg['setup']['clntcertfilepath'],
-                clntPriKeyFilePath=self.cfg['setup']['clntprikeyfilepath'],
+        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'],
+                smCertFilePath=self.cfg['setUp']['smcertfilepath'],
+                clntCertFilePath=self.cfg['setUp']['clntcertfilepath'],
+                clntPriKeyFilePath=self.cfg['setUp']['clntprikeyfilepath'],
                 clntPriKeyPwd=clntPriKeyPwd,
                 tracefile=tracefile) 
@@ -50 +56 @@
 
 
-    def testAddUser(self):
+    def test1AddUser(self):
         """Add a new user ID to the MyProxy repository"""
         
-        passphrase = self.cfg['testAddUser'].get('passphrase') or \
-            getpass.getpass(prompt="\ntestAddUser pass-phrase for new user: ")
+        passphrase = self.cfg['test1AddUser'].get('passphrase') or \
+            getpass.getpass(prompt="\ntest1AddUser pass-phrase for new user: ")
             
         # Note the pass-phrase is read from the file tmp.  To pass
         # explicitly as a string use the 'pPhrase' keyword instead
-        self.clnt.addUser(self.cfg['testAddUser']['username'], 
+        self.clnt.addUser(self.cfg['test1AddUser']['username'], 
                           pPhrase=passphrase)
-        print "Added user '%s'" % self.cfg['testAddUser']['username']
-        
-
-    def testCookieConnect(self):
-        """testCookieConnect: Connect as if acting as a browser client - 
+        print "Added user '%s'" % self.cfg['test1AddUser']['username']
+        
+
+    def test2CookieConnect(self):
+        """test2CookieConnect: Connect as if acting as a browser client - 
         a cookie is returned"""
 
-        passphrase = self.cfg['testCookieConnect'].get('passphrase') or \
-        getpass.getpass(prompt="\ntestCookieConnect pass-phrase for user: ")
+        passphrase = self.cfg['test2CookieConnect'].get('passphrase') or \
+        getpass.getpass(prompt="\ntest2CookieConnect pass-phrase for user: ")
 
         sSessCookie = self.clnt.connect(\
-                                    self.cfg['testCookieConnect']['username'], 
+                                    self.cfg['test2CookieConnect']['username'], 
                                     pPhrase=passphrase)
 
         self.sessCookie = SessionCookie(sSessCookie)
         print "User '%s' connected to Session Manager:\n%s" % \
-            (self.cfg['testCookieConnect']['username'], sSessCookie)
-            
-
-    def testProxyCertConnect(self):
-        """testProxyCertConnect: Connect as a command line client - 
+            (self.cfg['test2CookieConnect']['username'], sSessCookie)
+            
+
+    def test3ProxyCertConnect(self):
+        """test3ProxyCertConnect: Connect as a command line client - 
         a proxyCert is returned"""
 
-        passphrase = self.cfg['testProxyCertConnect'].get('passphrase') or \
+        passphrase = self.cfg['test3ProxyCertConnect'].get('passphrase') or \
             getpass.getpass(\
-                    prompt="\ntestProxyCertConnect pass-phrase for user: ")
+                    prompt="\ntest3ProxyCertConnect pass-phrase for user: ")
 
         self.proxyCert = self.clnt.connect(\
-                               self.cfg['testProxyCertConnect']['username'], 
+                               self.cfg['test3ProxyCertConnect']['username'], 
                                pPhrase=passphrase,
                                createServerSess=True,
                                getCookie=False)
         print "User '%s' connected to Session Manager:\n%s" % \
-            (self.cfg['testProxyCertConnect']['username'], self.proxyCert)
-            
-
-    def testCookieDisconnect(self):
-        """testCookieDisconnect: disconnect as if acting as a browser client - 
+            (self.cfg['test3ProxyCertConnect']['username'], self.proxyCert)
+            
+
+    def test4CookieDisconnect(self):
+        """test4CookieDisconnect: disconnect as if acting as a browser client - 
         a cookie is returned"""
         
-        self.testCookieConnect()
+        print "\n\t" + self.test4CookieDisconnect.__doc__
+        self.test2CookieConnect()
         
         self.clnt.disconnect(sessCookie=str(self.sessCookie))
@@ -106 +113 @@
             
 
-    def testProxyCertDisconnect(self):
-        """testProxyCertDisconnect: Connect as a command line client - 
+    def test5ProxyCertDisconnect(self):
+        """test5ProxyCertDisconnect: Connect as a command line client - 
         a proxyCert is returned"""
         
-        self.testProxyCertConnect()
+        print "\n\t" + self.test5ProxyCertDisconnect.__doc__
+        self.test3ProxyCertConnect()
            
         self.clnt.disconnect(proxyCert=self.proxyCert)
@@ -116 +124 @@
 
 
-    def testCookieReqAuthorisation(self):
-        """testCookieReqAuthorisation: make an authorisation request using
+    def test6CookieReqAuthorisation(self):
+        """test6CookieReqAuthorisation: make an authorisation request using
         a cookie as authentication credential"""
-        
-        self.testCookieConnect()
+
+        print "\n\t" + self.test6CookieReqAuthorisation.__doc__        
+        self.test2CookieConnect()
         attCert, statusCode, extAttCertList = self.clnt.reqAuthorisation(\
             sessID=self.sessCookie.sessionID, 
-            attAuthorityURI=self.cfg['testCookieReqAuthorisation']['aauri'],
+            attAuthorityURI=self.cfg['test6CookieReqAuthorisation']['aauri'],
             encrSessionMgrURI=self.sessCookie.encrSessionMgrURI)
         
@@ -131 +140 @@
 
 
-    def testCookieReqAuthorisationWithExtAttCertList(self):
-        """testCookieReqAuthorisation: make an authorisation request using
+    def test6aCookieReqAuthorisationWithExtAttCertList(self):
+        """test6CookieReqAuthorisation: make an authorisation request using
         a cookie as authentication credential"""
         
-        self.testCookieConnect()
+        print "\n\t" + self.test6aCookieReqAuthorisationWithExtAttCertList.__doc__        
+        self.test2CookieConnect()
         
         aaURI = \
-            self.cfg['testCookieReqAuthorisationWithExtAttCertList']['aauri']
+            self.cfg['test6aCookieReqAuthorisationWithExtAttCertList']['aauri']
             
         attCert, statusCode, extAttCertList = self.clnt.reqAuthorisation(\
@@ -151 +161 @@
 
 
-    def testProxyCertReqAuthorisation(self):
-        """testProxyCertReqAuthorisation: make an authorisation request using
+    def test7ProxyCertReqAuthorisation(self):
+        """test7ProxyCertReqAuthorisation: make an authorisation request using
         a proxy cert as authentication credential"""
-        self.testProxyCertConnect()
+        print "\n\t" + self.test7ProxyCertReqAuthorisation.__doc__
+        self.test3ProxyCertConnect()
         
         # Request an attribute certificate from an Attribute Authority 
         # using the proxyCert returned from connect()
         
-        aaURI = self.cfg['testProxyCertReqAuthorisation']['aauri']
+        aaURI = self.cfg['test7ProxyCertReqAuthorisation']['aauri']
         attCert, statusCode, extAttCertList = self.clnt.reqAuthorisation(\
                                                  proxyCert=self.proxyCert,
@@ -169 +180 @@
 
 
-    def testGetX509Cert(self):
-        "testGetX509Cert: return the Session Manager's X.509 Cert."
+    def test8GetX509Cert(self):
+        "test8GetX509Cert: return the Session Manager's X.509 Cert."
         cert = self.clnt.getX509Cert()
                                              
@@ -182 +193 @@
         map = map(SessionMgrClientTestCase,
                   (
-                    "testAddUser",
-                    "testCookieConnect",
-                    "testProxyCertConnect",
-                    "testCookieDisconnect",
-                    "testProxyCertDisconnect",
-                    "testCookieReqAuthorisation",
-                    "testProxyCertReqAuthorisation",
-                    "testGetX509Cert",
+                    "test1AddUser",
+                    "test2CookieConnect",
+                    "test3ProxyCertConnect",
+                    "test4CookieDisconnect",
+                    "test5ProxyCertDisconnect",
+                    "test6CookieReqAuthorisation",
+                    "test6aCookieReqAuthorisationWithExtAttCertList",
+                    "test7ProxyCertReqAuthorisation",
+                    "test8GetX509Cert",
                   ))
         unittest.TestSuite.__init__(self, map)

TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

@@ -22 +22 @@
 # Password protecting client private key - if omitted it will be prompted for
 # from tty
-#clntprikeypwd = 
+clntprikeypwd = x
 
 clntcertfilepath = ./clntCert.pem
 clntprikeyfilepath = ./clntKey.pem
 
-[testAddUser]
+[test1AddUser]
 username = BugsBunny 
 # Comment out to prompt for on tty.
 #passphrase =
  
-[testCookieConnect]         
+[test2CookieConnect]         
 username = gabriel
 #passphrase = 
 
-[testProxyCertConnect]         
+[test3ProxyCertConnect]         
 username = gabriel
 #passphrase = 
 
-[testCookieReqAuthorisation]
+[test6CookieReqAuthorisation]
 aaURI = https://localhost:5000/AttributeAuthority
 
-[testCookieReqAuthorisationWithExtAttCertList]
+[test6aCookieReqAuthorisationWithExtAttCertList]
 aaURI = https://localhost:5000/AttributeAuthority
 
-[testProxyCertReqAuthorisation]
+[test7ProxyCertReqAuthorisation]
 aaURI = https://localhost:5000/AttributeAuthority