Changeset 6512 for TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Timestamp:

08/02/10 17:12:29 (11 years ago)

Author:

pjkersha

Message:

Patches to CredentialWallet?, SAML interfaces and authz middleware for WPS testing.

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit

Files:

• authz/msi/policy-1.1.xml (modified) (1 diff)
• authz/msi/test_msi.py (modified) (3 diffs)
• credentialwallet/test_credentialwallet.py (modified) (4 diffs)
• credentialwallet/test_samlcredentialwallet.cfg (modified) (1 diff)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/policy-1.1.xml

@@ -25 +25 @@
         </Attributes>
     </Target>
+    <!-- Test inclusion of ampersand -->
+    <Target>
+        <URIPattern>^/test_securedURI[?&amp;]MyQueryParam=100</URIPattern>
+        <Attributes>
+            <Attribute>
+                <Name>urn:siteA:security:authz:1.0:attr:staff</Name>
+                <AttributeAuthorityURI>http://localhost:7443/AttributeAuthority</AttributeAuthorityURI>
+            </Attribute>
+        </Attributes>        
+    </Target>
 </Policy>

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/msi/test_msi.py

@@ -59 +59 @@
                 assert(attribute.attributeAuthorityURI)
 
+                        
 
 class PIPPlaceholder(PIPBase):
@@ -81 +82 @@
     PERMITTED_RESOURCE_URI = '/test_securedURI'
     DENIED_RESOURCE_URI = '/test_accessDeniedToSecuredURI'
+    WITH_ESCAPE_CHARS_RESOURCE_URI = '/test_securedURI?MyQueryParam=100'
     
     def setUp(self):
@@ -104 +106 @@
         self.assert_(response.status == Response.DECISION_DENY)
 
+    def test03WithEscapeCharsInPolicy(self):
+        self.request.resource[Resource.URI_NS
+                              ] = PDPTestCase.WITH_ESCAPE_CHARS_RESOURCE_URI      
+        response = self.pdp.evaluate(self.request)
+        
+        self.assert_(response.status == Response.DECISION_PERMIT)
+
         
 if __name__ == "__main__":

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

@@ -248 +248 @@
         
     def setUp(self):
-        self.assertion =self._createAssertion()
+        self.assertion = self._createAssertion()
         
     def _createAssertion(self, timeNow=None, validityDuration=60*60*8,
@@ -322 +322 @@
         self.assert_(len(wallet.credentials) == 0)
 
-    def test04ReplaceCredential(self):
+    def test04ClockSkewTolerance(self):
+        # Add a short lived credential but with the wallet set to allow for
+        # a clock skew of 
+        shortExpiryAssertion = self._createAssertion(validityDuration=1)
+        wallet = SAMLCredentialWallet()
+        
+        # Set a tolerance of five seconds
+        wallet.clockSkewTolerance = 5.*60*60
+        wallet.addCredential(shortExpiryAssertion)
+        
+        self.assert_(len(wallet.credentials) == 1)
+        sleep(2)
+        wallet.audit()
+        self.assert_(len(wallet.credentials) == 1)
+        
+    def test05ReplaceCredential(self):
         # Replace an existing credential from a given institution with a more
         # up to date one
@@ -332 +347 @@
         wallet.addCredential(newAssertion)
         self.assert_(len(wallet.credentials) == 1)
-        self.assert_(newAssertion.conditions.notOnOrAfter==\
+        self.assert_(newAssertion.conditions.notOnOrAfter == \
                      wallet.credentials[
                         SAMLCredentialWalletTestCase.SITEA_SAML_ISSUER_NAME
                     ].credential.conditions.notOnOrAfter)
         
-    def test05CredentialsFromSeparateSites(self):
+    def test06CredentialsFromSeparateSites(self):
         wallet = self._addCredential()
         wallet.addCredential(self._createAssertion(issuerName="MySite"))
         self.assert_(len(wallet.credentials) == 2)
 
-    def test06Pickle(self):
+    def test07Pickle(self):
         wallet = self._addCredential()
         outFile = open(SAMLCredentialWalletTestCase.PICKLE_FILEPATH, 'w')
@@ -353 +368 @@
             SAMLCredentialWalletTestCase.SITEA_ATTRIBUTEAUTHORITY_SAML_URI))
         
+        self.assert_(unpickledWallet.credentials.items()[0][1].issuerName == \
+                     BaseTestCase.SITEA_SAML_ISSUER_NAME)
+
+    def test08CreateFromConfig(self):
+        wallet = SAMLCredentialWallet.fromConfig(
+                                SAMLCredentialWalletTestCase.CONFIG_FILEPATH)
+        self.assert_(wallet.clockSkewTolerance == timedelta(seconds=0.01))
+        self.assert_(wallet.userId == 'https://openid.localhost/philip.kershaw')
         
 if __name__ == "__main__":

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_samlcredentialwallet.cfg

@@ -9 +9 @@
 # $Id:$
 [DEFAULT]
-clockSkew = 0.
+clockSkewTolerance = 0.01
 userId = https://openid.localhost/philip.kershaw
-issuerDN = /O=Site A/CN=Authorisation Service
-attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml
-queryAttributes.0 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string
-queryAttributes.roles = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
-
-# SSL Context Proxy settings
-sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca
-sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt
-sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key
-sslValidDNs = /C=UK/ST=Oxfordshire/O=BADC/OU=Security/CN=localhost, /O=Site A/CN=Attribute Authority