Ignore:
Timestamp:
08/02/10 17:12:29 (11 years ago)
Author:
pjkersha
Message:

Patches to CredentialWallet?, SAML interfaces and authz middleware for WPS testing.

Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/policy-1.1.xml

    r6022 r6512  
    2525        </Attributes> 
    2626    </Target> 
     27    <!-- Test inclusion of ampersand --> 
     28    <Target> 
     29        <URIPattern>^/test_securedURI[?&amp;]MyQueryParam=100</URIPattern> 
     30        <Attributes> 
     31            <Attribute> 
     32                <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 
     33                <AttributeAuthorityURI>http://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 
     34            </Attribute> 
     35        </Attributes>         
     36    </Target> 
    2737</Policy> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py

    r6069 r6512  
    5959                assert(attribute.attributeAuthorityURI) 
    6060 
     61                         
    6162 
    6263class PIPPlaceholder(PIPBase): 
     
    8182    PERMITTED_RESOURCE_URI = '/test_securedURI' 
    8283    DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI' 
     84    WITH_ESCAPE_CHARS_RESOURCE_URI = '/test_securedURI?MyQueryParam=100' 
    8385     
    8486    def setUp(self): 
     
    104106        self.assert_(response.status == Response.DECISION_DENY) 
    105107 
     108    def test03WithEscapeCharsInPolicy(self): 
     109        self.request.resource[Resource.URI_NS 
     110                              ] = PDPTestCase.WITH_ESCAPE_CHARS_RESOURCE_URI       
     111        response = self.pdp.evaluate(self.request) 
     112         
     113        self.assert_(response.status == Response.DECISION_PERMIT) 
     114 
    106115         
    107116if __name__ == "__main__": 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

    r6069 r6512  
    248248         
    249249    def setUp(self): 
    250         self.assertion =self._createAssertion() 
     250        self.assertion = self._createAssertion() 
    251251         
    252252    def _createAssertion(self, timeNow=None, validityDuration=60*60*8, 
     
    322322        self.assert_(len(wallet.credentials) == 0) 
    323323 
    324     def test04ReplaceCredential(self): 
     324    def test04ClockSkewTolerance(self): 
     325        # Add a short lived credential but with the wallet set to allow for 
     326        # a clock skew of  
     327        shortExpiryAssertion = self._createAssertion(validityDuration=1) 
     328        wallet = SAMLCredentialWallet() 
     329         
     330        # Set a tolerance of five seconds 
     331        wallet.clockSkewTolerance = 5.*60*60 
     332        wallet.addCredential(shortExpiryAssertion) 
     333         
     334        self.assert_(len(wallet.credentials) == 1) 
     335        sleep(2) 
     336        wallet.audit() 
     337        self.assert_(len(wallet.credentials) == 1) 
     338         
     339    def test05ReplaceCredential(self): 
    325340        # Replace an existing credential from a given institution with a more 
    326341        # up to date one 
     
    332347        wallet.addCredential(newAssertion) 
    333348        self.assert_(len(wallet.credentials) == 1) 
    334         self.assert_(newAssertion.conditions.notOnOrAfter==\ 
     349        self.assert_(newAssertion.conditions.notOnOrAfter == \ 
    335350                     wallet.credentials[ 
    336351                        SAMLCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME 
    337352                    ].credential.conditions.notOnOrAfter) 
    338353         
    339     def test05CredentialsFromSeparateSites(self): 
     354    def test06CredentialsFromSeparateSites(self): 
    340355        wallet = self._addCredential() 
    341356        wallet.addCredential(self._createAssertion(issuerName="MySite")) 
    342357        self.assert_(len(wallet.credentials) == 2) 
    343358 
    344     def test06Pickle(self): 
     359    def test07Pickle(self): 
    345360        wallet = self._addCredential() 
    346361        outFile = open(SAMLCredentialWalletTestCase.PICKLE_FILEPATH, 'w') 
     
    353368            SAMLCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI)) 
    354369         
     370        self.assert_(unpickledWallet.credentials.items()[0][1].issuerName == \ 
     371                     BaseTestCase.SITEA_SAML_ISSUER_NAME) 
     372 
     373    def test08CreateFromConfig(self): 
     374        wallet = SAMLCredentialWallet.fromConfig( 
     375                                SAMLCredentialWalletTestCase.CONFIG_FILEPATH) 
     376        self.assert_(wallet.clockSkewTolerance == timedelta(seconds=0.01)) 
     377        self.assert_(wallet.userId == 'https://openid.localhost/philip.kershaw') 
    355378         
    356379if __name__ == "__main__": 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_samlcredentialwallet.cfg

    r6040 r6512  
    99# $Id:$ 
    1010[DEFAULT] 
    11 clockSkew = 0. 
     11clockSkewTolerance = 0.01 
    1212userId = https://openid.localhost/philip.kershaw 
    13 issuerDN = /O=Site A/CN=Authorisation Service 
    14 attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml 
    15 queryAttributes.0 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string 
    16 queryAttributes.roles = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
    17  
    18 # SSL Context Proxy settings 
    19 sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
    20 sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt 
    21 sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key 
    22 sslValidDNs = /C=UK/ST=Oxfordshire/O=BADC/OU=Security/CN=localhost, /O=Site A/CN=Attribute Authority 
Note: See TracChangeset for help on using the changeset viewer.