Changeset 4158

Timestamp:

01/09/08 14:37:03 (13 years ago)

Author:

cbyrom

Message:

Create new utility module, ClassFactory? - to allow generic instantiation
of classes dynamically.

Implement use of this in the AttAuth? and SessionMgr? services + adjust
the config files for these accordingly + abstract use of MyProxy? in
SessionMgr? to generic authNService - and create packages with real
and test authN services. Adjust the SessionMgr? tests to use the
test authN service.

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/utils/ClassFactory.py (added)
• ndg.security.server/ndg/security/server/AttAuthority/__init__.py (modified) (5 diffs)
• ndg.security.server/ndg/security/server/SessionMgr/__init__.py (modified) (15 diffs)
• ndg.security.server/ndg/security/server/conf/sessionMgr.cfg (modified) (1 diff)
• ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml (modified) (2 diffs)
• ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml (modified) (1 diff)
• ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml (modified) (1 diff)
• ndg.security.test/ndg/security/test/authenservice (added)
• ndg.security.test/ndg/security/test/authenservice/__init__.py (added)
• ndg.security.test/ndg/security/test/authenservice/ndg-test-ca.crt (added)
• ndg.security.test/ndg/security/test/authenservice/sm.crt (added)
• ndg.security.test/ndg/security/test/authenservice/sm.key (added)
• ndg.security.test/ndg/security/test/authenservice/test_authen_service.py (added)
• ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml (modified) (2 diffs)
• ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg (modified) (2 diffs)
• ndg.security.test/ndg/security/test/sessionMgr/test.py (modified) (12 diffs)
• ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgr.cfg (added)
• ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml (modified) (2 diffs)
• ndg.security.test/ndg/security/test/utils/sessionMgr.cfg (modified) (1 diff)
• ndg.security.test/ndg/security/test/utils/sessionMgrProperties.xml (modified) (2 diffs)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

@@ -41 +41 @@
 
 from ndg.security.common.utils.ConfigFileParsers import readAndValidateProperties
+from ndg.security.common.utils.ClassFactory import instantiateClass
 
 #_____________________________________________________________________________
@@ -130 +131 @@
         read.  Set this flag to False to override.
         """
-        log.info("Initialising service ... ")
+        log.info("Initialising service ...")
         
         # Base class initialisation
@@ -182 +183 @@
         self.__issuerSerialNumber = self.__cert.serialNumber
         
-        
         # Load host sites custom user roles interface to enable the AA to
         # assign roles in an attribute certificate on a getAttCert request
-        self.loadUserRolesInterface()
-
+        self.__userRoles = instantiateClass(self.__prop['userRolesModName'],\
+                                                 self.__prop['userRolesClassName'],\
+                                                 moduleFilePath=self.__prop.get('userRolesModFilePath'),\
+                                                 objectType=AAUserRoles, \
+                                                 classProperties=self.__prop.get('userRolesPropFile'))
 
         attCertFilePath = os.path.join(self.__prop['attCertDir'],
@@ -201 +204 @@
         '''
         # Configuration file properties are held together in a dictionary
-        self.__prop = readAndValidateProperties(self.propFilePath, validKeys=AttAuthority.__validKeys)
+        self.__prop = readAndValidateProperties(self.propFilePath, \
+                                                validKeys=AttAuthority.__validKeys)
         
         # add the WS-security properties to the main properties
@@ -220 +224 @@
             'Invalid directory path Attribute Certificates store "%s": %s' % \
                 (self.__prop['attCertDir'], osError.strerror)
-
-    #_________________________________________________________________________
-    def loadUserRolesInterface(self):
-        """Set-up user roles interface - load host sites custom AAUserRoles
-        derived class.  This class interfaces with the sites mechanism for
-        mapping user ID to the roles to which they are entitled.  This
-        could be via a user database"""
-
-        log.debug("Loading User roles interface ...")
-        try:
-            try:
-                # Module file path may be None if the new module to be loaded
-                # can be found in the existing system path            
-                if self.__prop['userRolesModFilePath'] is not None:
-                    if not os.path.exists(\
-                              self.__prop['userRolesModFilePath']):
-                        raise Exception, "File path '%s' doesn't exist" % \
-                              self.__prop['userRolesModFilePath']
-                              
-                    # Temporarily extend system path ready for import
-                    sysPathBak = sys.path[:]
-                              
-                    sys.path.append(self.__prop['userRolesModFilePath'])
-                
-                # Import module name specified in properties file
-                userRolesMod = __import__(self.__prop['userRolesModName'],
-                                          globals(),
-                                          locals(),
-                                          [self.__prop['userRolesClassName']])
-    
-                userRolesClass = eval('userRolesMod.' + \
-                                     self.__prop['userRolesClassName'])
-            finally:
-                try:
-                    sys.path[:] = sysPathBak
-                except NameError:
-                    # sysPathBak may not have been defined
-                    pass
-                                
-        except Exception, e:
-            raise AttAuthorityError,'Importing User Roles module: %s' % str(e)
-
-        # Check class inherits from AAUserRoles abstract base class
-        if not issubclass(userRolesClass, AAUserRoles):
-            raise AttAuthorityError, \
-                "User Roles class %s must be derived from AAUserRoles" % \
-                self.__prop['userRolesClassName']
-
-
-        # Instantiate custom class
-        try:
-            self.__userRoles=userRolesClass(self.__prop['userRolesPropFile'])
-            
-        except Exception, e:
-            raise AttAuthorityError, \
-                "Error instantiating User Roles interface: " + str(e)
-                
-        log.info(\
-             'Instantiated "%s" class from user roles module: "%s" in "%s"' %\
-                 (self.__prop['userRolesClassName'],
-                  self.__prop['userRolesModName'],
-                  self.__prop['userRolesModFilePath']))
 
         

TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

@@ -14 +14 @@
 
 # Modify sys.path when carrying out dynamic import for Credential Repository
-import sys
+import sys, os
 
 # Time module for use with cookie expiry
@@ -44 +44 @@
                                 X509CertExpired, X509CertInvalidNotBeforeTime 
 
-# MyProxy server interface
-from ndg.security.server.MyProxy import *
-
 # Use client package to allow redirection of authorisation requests and 
 # to retrieve Attribute Authority public key
@@ -57 +54 @@
 from ndg.security.common.utils.ConfigFileParsers import readAndValidateProperties
 
+# utility to instantiate classes dynamically
+from ndg.security.common.utils.ClassFactory import instantiateClass
 # Use in SessionMgr __redirectAttCertReq to retrieve and store Public 
 # key
@@ -343 +342 @@
 
     # valid configuration property keywords
+    WS_SETTINGS_KEY = 'WS-Security'
+    AUTHN_KEY_NAME = 'authNServiceProp'
+    CRED_REPOS_KEY_NAME = 'credReposProp'
+
     __validElem = \
     {
@@ -353 +356 @@
         'sessMgrURI':             None,
         'cookieDomain':           None, 
-        'myProxyProp':            None, 
-        'credReposProp':          ('modFilePath', 'modName', 'className', 
+        'authNServiceProp':        None, 
+        CRED_REPOS_KEY_NAME:          ('modFilePath', 'modName', 'className', 
                                    'propFile'),
         'simpleCACltProp':        ('uri', 'xmlSigKeyFile', 'xmlSigCertFile', 
@@ -362 +365 @@
     __confDir = "conf"
     __propFileName = "sessionMgrProperties.xml"
-     
-    WS_SETTINGS_KEY = 'WS-Security'
     
     #_________________________________________________________________________
@@ -390 +391 @@
         # setProperties/readProperties and then loadCredReposInterface
         self.__credRepos = None
-        
-        # MyProxy interface
-        try:
-            self.__myPx = MyProxyClient()
-            
-        except Exception, e:
-            raise SessionMgrError("Creating MyProxy interface: %s" % e)
     
         # Set from input or use defaults based or environment variables
@@ -404 +398 @@
         self.readProperties()
 
+        # Instantiate the authentication service to use with the session manager
+        self.__authNService = instantiateClass(
+                self.__prop[self.AUTHN_KEY_NAME].get('moduleName'),\
+                self.__prop[self.AUTHN_KEY_NAME].get('className'),\
+                moduleFilePath=self.__prop[self.AUTHN_KEY_NAME].get('moduleFilePath'),\
+                objectType=AbstractAutheNService, \
+                classProperties=self.__prop[self.AUTHN_KEY_NAME])
+
+
         # Call here as we can safely expect that all Credential Repository
         # parameters have been set above
-        self.loadCredReposInterface()
-
+        self.__credRepos = instantiateClass(
+                self.__prop[self.CRED_REPOS_KEY_NAME].get('modName'),\
+                self.__prop[self.CRED_REPOS_KEY_NAME].get('className'),\
+                moduleFilePath=self.__prop[self.CRED_REPOS_KEY_NAME].get('modFilePath'),\
+                objectType=CredRepos, \
+                classProperties=self.__prop[self.CRED_REPOS_KEY_NAME])
+        
         # Set any properties that were provided by keyword input
-        #
-        # Nb. If any are duplicated with tags in the properties file they
+        # NB If any are duplicated with tags in the properties file they
         # will overwrite the latter
-        #
-        # loadCredReposInterface must be called explicitly if propFilePath
-        # wasn't set.  This is because if properties are passed by keyword 
-        # alone there is no guarantee that those needed to load the interface
-        # will be present.  readProperties however, requires that all the
-        # required parameters are present in the properties file.
         self.setProperties(**prop)
-        
-        
-    #_________________________________________________________________________
-    def loadCredReposInterface(self, credReposPPhrase=None, Force=False):
-        """
-        Pick up and instantiate Credential Repository interface class from 
-        properties file settings/keywords set by setProperties/__init__
-        
-        @type credReposPPhrase: string
-        @param credReposPPhrase: password for CredentialRepository database
-        This is passed into the Credential Repository object but may not
-        be needed.  e.g. the custom class could pick up a password from
-        the properties file for it - ['credRepos']['propFilePath']
-        
-        @type Force: boolean
-        @param Force: flag to force reload of Credential Repository instance
-        """
-        
-        log.debug("Loading Credential Repository interface ...")
-        
-        # Don't bother if object has already been created.  Use Force=True
-        # to override and force reload
-        if Force is False and self.__credRepos is not None:
-            return
-        
-        # Credentials repository - permanent store of user credentials
-        try:
-            try:
-                # Module file path may be None if the new module to be loaded
-                # can be found in the existing system path            
-                if self.__prop['credReposProp']['modFilePath'] is not None:
-                    # Temporarily extend system path ready for import
-                    sysPathBak = sys.path[:]
-
-                    if not os.path.exists(\
-                              self.__prop['credReposProp']['modFilePath']):
-                        raise Exception, "File path '%s' doesn't exist" % \
-                              self.__prop['credReposProp']['modFilePath']
-                              
-                    sys.path.append(\
-                                self.__prop['credReposProp']['modFilePath'])
-                
-                # Import module name specified in properties file
-                credReposMod = \
-                    __import__(self.__prop['credReposProp']['modName'],
-                               globals(),
-                               locals(),
-                               [self.__prop['credReposProp']['className']])
-    
-                credReposClass = eval(\
-                'credReposMod.' + self.__prop['credReposProp']['className'])
-            finally:
-                try:
-                    sys.path[:] = sysPathBak
-                except NameError:
-                    # sysPathBak may not have been defined
-                    pass
-                
-        except KeyError, e:
-            raise SessionMgrError('Missing %s element for credential '
-                                  'repository module import' % str(e))
-                        
-        except Exception, e:
-            raise SessionMgrError('Importing credential repository module: %s'\
-                                  % str(e))
-
-        # Check class inherits from CredWallet.CredRepos abstract base class
-        if not issubclass(credReposClass, CredRepos):
-            raise SessionMgrError("Credential Repository class %s must be "
-                                  "inherited from %s" % \
-                                  (credReposClass, CredRepos))
-
-        # Instantiate custom class
-        try:
-            self.__credRepos = credReposClass(\
-                      propFilePath=self.__prop['credReposProp']['propFile'],
-                      dbPPhrase=credReposPPhrase)
-            
-        except Exception, e:
-            raise SessionMgrError(
-            "Error instantiating Credential Repository interface: " + str(e))
-     
-        log.info(\
-'Instantiated "%s" class from Credential Repository module: "%s" file path %s' % \
-         (self.__prop['credReposProp']['className'],
-          self.__prop['credReposProp']['modName'],
-          self.__prop['credReposProp']['modFilePath'] or "from PYTHONPATH"))
-
         
     #_________________________________________________________________________        
@@ -624 +537 @@
                 continue
             
-            if key == 'myProxyProp':
-                self.__myPx.setProperties(**val)
-                
-            elif key == 'credReposProp':
+            if key == self.CRED_REPOS_KEY_NAME:
                 # Check for missing elements
                 missingElem.extend(getMissingElem(\
-                                           self.__validElem['credReposProp'],
-                                           self.__prop['credReposProp']))
+                                           self.__validElem[self.CRED_REPOS_KEY_NAME],
+                                           self.__prop[self.CRED_REPOS_KEY_NAME]))
                     
             elif key == 'simpleCACltProp':
@@ -640 +550 @@
                     
 
-        missingElem.extend(getMissingElem(self.__prop, self.__validElem))
+        missingElem.extend(getMissingElem(self.__validElem, self.__prop))
         errMsg = ''
         
@@ -665 +575 @@
         for key, value in prop.items():
                        
-            if key == 'myProxyProp':
-                self.__myPx.setProperties(prop[key])
-    
-            elif key == 'credReposProp':
-                self.__prop['credReposProp'] = prop[key].copy()
+            if key == 'authNProp':
+                self.__authNService.setProperties(prop[key])
+    
+            elif key == self.CRED_REPOS_KEY_NAME:
+                self.__prop[self.CRED_REPOS_KEY_NAME] = prop[key].copy()
 
             elif key in self.__validElem:
@@ -681 +591 @@
                 raise SessionMgrError(\
                     "Key \"%s\" is not a valid Session Manager property" % key)
-        
-        
-    #_________________________________________________________________________
-    def addUser(self, username, passphrase=None):        
-        """Register a new user with an NDG data centre
-        
-        addUser([caConfigFilePath, ]|[, caPassPhrase]
-                |[, userName=u, pPhrase=p])
-
-        returns XML formatted response message
-        
-        caConfigFilePath|caPassPhrase:  pass phrase for SimpleCA's
-                                        certificate.  Set via file or direct
-                                        string input respectively.  Set here
-                                        to override setting [if any] made at
-                                        object creation.
-        
-                                        Passphrase is only required if
-                                        SimpleCA is instantiated on the local
-                                        machine.  If SimpleCA WS is called no
-                                        passphrase is required.
-                                        
-        **kw:                      use as alternative to 
-                                        reqXMLtxt keyword - pass in 
-                                        username and pass-phrase for new user 
-                                        unencrypted as keywords username
-                                        and pPhrase respectively."""
-
-        log.debug("Calling SessionMgr.addUser ...")
-        
-        # Ask CA to sign certificate
-        
-        # Add new user certificate to MyProxy Repository
-        self.__myPx.store(username, 
-                          certFile,
-                          keyFile,
-                          ownerCertFile=None,
-                          ownerKeyFile=None,
-                          ownerPassphrase=None,
-                          lifetime=None,
-                          force=True)
-
-        return userDN           
     
     
@@ -833 +700 @@
                 # Get a proxy certificate to represent users ID for the new
                 # session
-                userCreds = self.__myPx.logon(username, passphrase)
+                userCreds = self.__authNService.logon(username, passphrase)
                 
                 # unpack 
@@ -902 +769 @@
                              *creds)      
             except Exception, e:
-                raise SessionMgrError("Creating User Session: %s" % e)
+                raise SessionMgrError(
+                        "Error occurred whilst creating User Session: %s" % e)
 
             # Also allow access by user DN
@@ -1211 +1079 @@
         log.debug("Calling SessionMgr.auditCredRepos ...")
         self.__credRepos.auditCredentials()
+
+
+class AbstractAutheNService:
+    """
+    An abstract base class to define the authentication service interface for use
+    with a SessionMgr service
+    """
+
+    # valid configuration property keywords
+    __validKeys = ('hostname',
+                   'port',
+                   'serverDN',
+                   'serverCNprefix',
+                   'gridSecurityDir',
+                   'openSSLConfFilePath',
+                   'tmpDir',
+                   'proxyCertMaxLifetime',
+                   'proxyCertLifetime',
+                   'caCertFile')
+
+    def __init__(self, propFilePath=None, **prop):
+        """Make an initial settings for client connections to MyProxy
+        
+        Settings are held in a dictionary which can be set from **prop,
+        a call to setProperties() or by passing settings in an XML file
+        given by propFilePath
+        
+        @param propFilePath:   set properties via a configuration file
+        @param **prop:         set properties via keywords - see __validKeys
+        class variable for a list of these
+        """
+        pass
+
+
+    def setProperties(self, **prop):
+        """Update existing properties from an input dictionary
+        Check input keys are valid names"""
+        raise NotImplementedError, \
+            self.getRoles.__doc__.replace('\n       ','')
+
+
+    def logon(self, username, passphrase, lifetime=None):
+        """
+        Retrieve a proxy credential from a proxy server
+        
+        @type username: basestring
+        @param username: username of credential
+        
+        @type passphrase: basestring
+        @param passphrase: pass-phrase for private key of credential held on
+        server
+        
+        @type lifetime: int
+        @param lifetime: lifetime for generated certificate
+        
+        @raise GetError:
+        @raise RetrieveError:
+        @rtype: tuple
+        @return credentials as strings in PEM format: the
+        user certificate, its private key and the issuing certificate.  The
+        issuing certificate is only set if the user certificate is a proxy
+        """
+        raise NotImplementedError, \
+            self.getRoles.__doc__.replace('\n       ','')
+            

TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.cfg

@@ -109 +109 @@
 
 
-# MyProxy Client properties 
-[myProxyProp]
+# Authentication service properties 
+[authNServiceProp]
 # Delete this element and take setting from MYPROXY_SERVER environment 
 # variable if required

TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml

@@ -61 +61 @@
     -->
     <cookieDomain></cookieDomain>
-    <!-- MyProxy Client properties -->
-    <myProxyProp>
+    <!-- Proxy Client properties -->
+    <authNServiceProp>
+            <moduleFilePath></moduleFilePath>
+            <moduleName>ndg.security.server.authenservice.session_mgr_my_proxy_client</moduleName>
+            <className>SessionMgrMyProxyClient</className>
+            <!-- If properties file specified, the contents will augment/override any
+            other properties set here -->
+            <propertiesFile></propertiesFile>
         <!-- 
         Delete this element and take setting from MYPROXY_SERVER environment 
@@ -109 +115 @@
         -->
         <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile>
-    </myProxyProp>
+    </authNServiceProp>
     <!-- 
     Properties for a Session Manager client to a Simple CA.

TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml

@@ -22 +22 @@
             <caCertFilePathList>
             <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
-                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile>
                 <!-- 
             To also trust certificates issued from your MyProxy CA, replace 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml

@@ -21 +21 @@
             <caCertFilePathList>
             <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
-                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile>
                 <!-- 
             To also trust certificates issued from your MyProxy CA, replace 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml

@@ -42 +42 @@
     <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
     <cookieDomain></cookieDomain>
-        <myProxyProp>
+        <authNServiceProp>
+            <moduleFilePath></moduleFilePath>
+            <moduleName>ndg.security.test.authenservice.test_authen_service</moduleName>
+            <className>TestAutheNService</className>
+            <!-- If properties file specified, the contents will augment/override any
+            other properties set here -->
+            <propertiesFile></propertiesFile>
                 <!-- 
                 Delete this element and take setting from MYPROXY_SERVER environment 
@@ -85 +91 @@
                         -->
                 <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
-                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ndg-test-ca.crt</caCertFile>
-        </myProxyProp>
+                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
+        </authNServiceProp>
         <simpleCACltProp>
             <uri></uri>

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrTest.cfg

@@ -17 +17 @@
 # Note also setting for test3ConnectNoCreateServerSess test below.  
 username = testuser
-#passphrase = testpassword
+passphrase = testpassword
 
 [test2GetSessionStatus]
@@ -23 +23 @@
 [test3ConnectNoCreateServerSess]         
 username = testuser
-#passphrase = testpassword
+passphrase = testpassword
 
 [test6GetAttCertWithSessID]
-aaURI = http://localhost:5000/AttributeAuthority
+aaURI = http://localhost:4900/AttributeAuthority
 acOutFilePath = $NDGSEC_SM_UNITTEST_DIR/ac-out.xml
 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/test.py

@@ -29 +29 @@
 
 import logging
-logging.basicConfig(level=logging.ERROR)
+logging.basicConfig(level=logging.DEBUG)
 
 
@@ -59 +59 @@
         propFilePath = xpdVars(self.cfg.get('setUp', 'propFilePath'))
         self.sm = SessionMgr(propFilePath=propFilePath)
-        
-                                  
-    def test1Connect(self):
-        """test1Connect: make a new session"""
-        
-        print "\n\t" + self.test1Connect.__doc__
-        
+
+    def sessionMgrConnect(self):
+        print "Connecting to session manager..."
         username = self.cfg.get('test1Connect', 'username')
-        
         if SessionMgrTestCase.test1Passphrase is None and \
            self.cfg.has_option('test1Connect', 'passphrase'):
@@ -77 +72 @@
                 prompt="\ntest1Connect pass-phrase for user %s: " % username)
 
+        print "Connecting to session manager as user: %s..." %username
         userCert, self.userPriKey, self.issuingCert, self.sessID = \
             self.sm.connect(username=username, 
@@ -88 +84 @@
                          self.userPriKey))
         open(mkPath("user.creds"), "w").write(creds)
+        print "Finished setting up connection"
+        
+                                  
+    def test1Connect(self):
+        """test1Connect: make a new session"""
+        
+        username = self.cfg.get('test1Connect', 'username')
+        if SessionMgrTestCase.test1Passphrase is None and \
+           self.cfg.has_option('test1Connect', 'passphrase'):
+            SessionMgrTestCase.test1Passphrase = \
+                                    self.cfg.get('test1Connect', 'passphrase')
+        
+        if not SessionMgrTestCase.test1Passphrase:
+            SessionMgrTestCase.test1Passphrase = getpass.getpass(\
+                prompt="\ntest1Connect pass-phrase for user %s: " % username)
+
+        print "Connecting to session manager as user: %s..." %username
+        userCert, self.userPriKey, self.issuingCert, self.sessID = \
+            self.sm.connect(username=username, 
+                            passphrase=SessionMgrTestCase.test1Passphrase)
+        self.userCert = X509CertParse(userCert)
+        
+        print "User '%s' connected to Session Manager:\n%s" % \
+                                                        (username, self.sessID)
+        creds='\n'.join((self.issuingCert or '',
+                         self.userCert.asPEM().strip(),
+                         self.userPriKey))
+        open(mkPath("user.creds"), "w").write(creds)
     
             
     def test2GetSessionStatus(self):
         """test2GetSessionStatus: check a session is alive"""
-        print "\n\t" + self.test2GetSessionStatus.__doc__
-        
-        self.test1Connect()
+        
+        self.sessionMgrConnect()
         assert self.sm.getSessionStatus(sessID=self.sessID), "Session is dead"
         print "User connected to Session Manager with sessID=%s" % self.sessID
@@ -107 +130 @@
         sessID should be None"""
 
-        print "\n\t" + self.test3ConnectNoCreateServerSess.__doc__
-        
         username = self.cfg.get('test3ConnectNoCreateServerSess', 'username')
 
@@ -138 +159 @@
         """
         
-        print "\n\t" + self.test4DisconnectWithSessID.__doc__
-        self.test1Connect()        
+        self.sessionMgrConnect()        
         self.sm.deleteUserSession(sessID=self.sessID)
         
@@ -149 +169 @@
         """
         
-        print "\n\t" + self.test5DisconnectWithUserCert.__doc__
-        self.test1Connect()
+        self.sessionMgrConnect()
         
         # Proxy cert in signature determines ID of session to
@@ -162 +181 @@
         a session ID as authentication credential"""
 
-        print "\n\t" + self.test6GetAttCertWithSessID.__doc__        
-        self.test1Connect()
+        self.sessionMgrConnect()
         
         attCert, errMsg, extAttCertList = self.sm.getAttCert(\
@@ -184 +202 @@
         Attribute Authority where the user is NOT registered"""
 
-        print "\n\t" + self.test6aGetAttCertRefusedWithSessID.__doc__        
-        self.test1Connect()
+        self.sessionMgrConnect()
         
         aaURI = self.cfg.get('test6aGetAttCertRefusedWithSessID', 'aauri')
@@ -203 +220 @@
         a session ID as authentication credential"""
 
-        print "\n\t" + self.test6bGetMappedAttCertWithSessID.__doc__        
-        self.test1Connect()
+        self.sessionMgrConnect()
         
         # Attribute Certificate cached in test 6 can be used to get a mapped
@@ -225 +241 @@
         a session ID as authentication credential"""
         
-        print "\n\t" + \
-            self.test6cGetAttCertWithExtAttCertListWithSessID.__doc__        
-        self.test1Connect()
+        self.sessionMgrConnect()
         
         aaURI = \
@@ -251 +265 @@
         """test7GetAttCertWithUserCert: make an attribute request using
         a user cert as authentication credential"""
-        print "\n\t" + self.test7GetAttCertWithUserCert.__doc__
-        self.test1Connect()
+        self.sessionMgrConnect()
 
         # Request an attribute certificate from an Attribute Authority 

TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

@@ -48 +48 @@
     <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
     <cookieDomain></cookieDomain>
-        <myProxyProp>
+        <simpleCACltProp>
+            <uri></uri>
+        <xmlSigKeyFile></xmlSigKeyFile>
+        <xmlSigCertFile></xmlSigCertFile>
+        <xmlSigCertPwd></xmlSigCertPwd>
+    </simpleCACltProp>
+    <credReposProp>
+            <modFilePath></modFilePath>
+            <modName>ndg.security.common.CredWallet</modName>
+            <className>NullCredRepos</className>
+            <propFile></propFile>
+    </credReposProp>
+    <authNServiceProp>
+            <moduleFilePath>$NDGSEC_AACLNT_UNITTEST_DIR</moduleFilePath>
+            <moduleName>ndg.security.server.authenservice.session_mgr_my_proxy_client</moduleName>
+            <className>SessionMgrMyProxyClient</className>
+            <!-- If properties file specified, the contents will augment/override any
+            other properties set here -->
+            <propertiesFile></propertiesFile>
                 <!-- 
                 Delete this element and take setting from MYPROXY_SERVER environment 
@@ -92 +110 @@
                 <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
                 <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile>
-        </myProxyProp>
-        <simpleCACltProp>
-            <uri></uri>
-        <xmlSigKeyFile></xmlSigKeyFile>
-        <xmlSigCertFile></xmlSigCertFile>
-        <xmlSigCertPwd></xmlSigCertPwd>
-    </simpleCACltProp>
-    <credReposProp>
-            <modFilePath></modFilePath>
-            <modName>ndg.security.common.CredWallet</modName>
-            <className>NullCredRepos</className>
-            <propFile></propFile>
-    </credReposProp>
+        </authNServiceProp>
+    
 </sessMgrProp>

TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg

@@ -109 +109 @@
 
 
-# MyProxy Client properties 
-[myProxyProp]
+# Authentication service properties 
+[authNServiceProp]
+moduleFilePath: 
+moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client
+className: SessionMgrMyProxyClient
+propertiesFile:
 # Delete this element and take setting from MYPROXY_SERVER environment 
 # variable if required

TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgrProperties.xml

@@ -62 +62 @@
     <cookieDomain></cookieDomain>
     <!-- MyProxy Client properties -->
-    <myProxyProp>
+    <authNServiceProp>
         <!-- 
         Delete this element and take setting from MYPROXY_SERVER environment 
@@ -109 +109 @@
         -->
         <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile>
-    </myProxyProp>
+    </authNServiceProp>
     <!-- 
     Properties for a Session Manager client to a Simple CA.