Changeset 6575 for TI12-security/trunk/NDGSecurity

Timestamp:

15/02/10 12:39:45 (11 years ago)

Author:

pjkersha

Message:

Changes for addition of AuthzDecisionQuery? WSGI interface (Authorisation service)

Location:

TI12-security/trunk/NDGSecurity/python

Files:

• ndg_security_server/ndg/security/server/wsgi/authz/__init__.py (modified) (1 diff)
• ndg_security_server/ndg/security/server/wsgi/saml/attributeinterface.py (modified) (1 diff)
• ndg_security_server/ndg/security/server/wsgi/saml/authzinterface.py (modified) (11 diffs)
• ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml (modified) (2 diffs)
• ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/config/attributeauthority/siteb/attributeCertificateLog (modified) (1 prop)
• ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.cfg (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py (modified) (8 diffs)
• ndg_security_test/ndg/security/test/unit/wsgi/myproxy/1t --output-document (deleted)
• ndg_security_test/ndg/security/test/unit/wsgi/saml/__init__.py (modified) (2 diffs)
• ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-decision-interface.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py (modified) (8 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/__init__.py

@@ -753 +753 @@
     Information Point interface.  This retrieves attributes over the SOAP/SAML
     Attribute Authority interface 
-    (ndg.security.server.wsgi.saml.SOAPAttributeInterfaceMiddleware) and caches 
+    (ndg.security.server.wsgi.saml.attributeinterface.SOAPAttributeInterfaceMiddleware) and caches 
     SAML Assertions in a 
     ndg.security.common.credentialWallet.SAMLCredentialWallet

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/attributeinterface.py

@@ -39 +39 @@
   
 class SOAPAttributeInterfaceMiddleware(SOAPMiddleware, NDGSecurityPathFilter):
-    """Implementation of SAML 2.0 SOAP Binding for Assertion Query/Request
-    Profile
+    """Implementation of SAML 2.0 SOAP Binding for Attribute Query
     
     @type PATH_OPTNAME: basestring

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/authzinterface.py

@@ -36 +36 @@
 
   
-class SOAPAuthzDecisionInterfaceMiddleware(SOAPMiddleware, NDGSecurityPathFilter):
-    """Implementation of SAML 2.0 SOAP Binding for Assertion Query/Request
-    Profile
+class SOAPAuthzDecisionInterfaceMiddleware(SOAPMiddleware, 
+                                           NDGSecurityPathFilter):
+    """Implementation of SAML 2.0 SOAP Binding for Authorisation Decision Query
     
     @type PATH_OPTNAME: basestring
@@ -54 +54 @@
     QUERY_INTERFACE_KEYNAME_OPTNAME = "queryInterfaceKeyName"
     DEFAULT_QUERY_INTERFACE_KEYNAME = ("ndg.security.server.wsgi.saml."
-                            "SOAPAuthzDecisionInterfaceMiddleware.queryInterface")
+                                       "SOAPAuthzDecisionInterfaceMiddleware."
+                                       "queryInterface")
     
     def __init__(self, app):
@@ -76 +77 @@
         self.__queryInterfaceKeyName = None
         
-        self.pathMatchList = app_conf.get(
-            prefix + SOAPAuthzDecisionInterfaceMiddleware.PATH_OPTNAME, ['/'])
+        cls = SOAPAuthzDecisionInterfaceMiddleware
+        self.pathMatchList = app_conf.get(prefix + cls.PATH_OPTNAME, ['/'])
                    
-        self.queryInterfaceKeyName = app_conf.get(prefix + \
-            SOAPAuthzDecisionInterfaceMiddleware.QUERY_INTERFACE_KEYNAME_OPTNAME,
-            prefix + \
-            SOAPAuthzDecisionInterfaceMiddleware.DEFAULT_QUERY_INTERFACE_KEYNAME)
+        self.queryInterfaceKeyName = app_conf.get(
+            prefix + cls.QUERY_INTERFACE_KEYNAME_OPTNAME,
+            prefix + cls.DEFAULT_QUERY_INTERFACE_KEYNAME)
         
     @classmethod
@@ -109 +109 @@
     def _setQueryInterfaceKeyName(self, value):
         if not isinstance(value, basestring):
-            raise TypeError('Expecting string type for "queryInterfaceKeyName"'
-                            ' got %r' % value)
+            raise TypeError('Expecting string type for "queryInterfaceKeyName" '
+                            'got %r' % value)
             
         self.__queryInterfaceKeyName = value
@@ -116 +116 @@
     queryInterfaceKeyName = property(fget=_getQueryInterfaceKeyName, 
                                      fset=_setQueryInterfaceKeyName, 
-                                     doc="environ keyname for Attribute Query "
-                                         "interface")
+                                     doc="environ keyname for Authorisation "
+                                         "Decision Query interface")
 
     def _getIssuerName(self):
@@ -150 +150 @@
         soapRequestStream = environ.get('wsgi.input')
         if soapRequestStream is None:
-            raise SOAPAuthzDecisionInterfaceMiddlewareError('No "wsgi.input" in '
-                                                        'environ')
+            raise SOAPAuthzDecisionInterfaceMiddlewareError('No "wsgi.input" '
+                                                            'in environ')
         
         # TODO: allow for chunked data
         contentLength = environ.get('CONTENT_LENGTH')
         if contentLength is None:
-            raise SOAPAuthzDecisionInterfaceMiddlewareError('No "CONTENT_LENGTH" '
-                                                        'in environ')
+            raise SOAPAuthzDecisionInterfaceMiddlewareError(
+                                            'No "CONTENT_LENGTH" in environ')
 
         contentLength = int(contentLength)        
@@ -166 +166 @@
         soapRequest.parse(StringIO(soapRequestTxt))
         
-        # Filter based on SOAP Body content - expecting an AttributeQuery
+        # Filter based on SOAP Body content - expecting an AuthzDecisionQuery
         # element
-        if not SOAPAuthzDecisionInterfaceMiddleware.isAttributeQuery(
+        if not SOAPAuthzDecisionInterfaceMiddleware.isAuthzDecisionQuery(
                                                             soapRequest.body):
             # Reset wsgi.input for middleware and app downstream
@@ -174 +174 @@
             return self._app(environ, start_response)
         
-        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: received SAML "
-                  "SOAP AttributeQuery ...")
+        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: received "
+                  "SAML SOAP AuthzDecisionQuery ...")
        
-        attributeQueryElem = soapRequest.body.elem[0]
+        authzDecisionQueryElem = soapRequest.body.elem[0]
         
         try:
-            attributeQuery = AttributeQueryElementTree.fromXML(
-                                                            attributeQueryElem)
+            authzDecisionQuery = AuthzDecisionQueryElementTree.fromXML(
+                                                        authzDecisionQueryElem)
         except UnknownAttrProfile, e:
-            log.exception("Parsing incoming attribute query: " % e)
+            log.exception("Parsing incoming authorisation decision query: " % e)
             samlResponse = self._makeErrorResponse(
                                         StatusCode.UNKNOWN_ATTR_PROFILE_URI)
@@ -195 +195 @@
             
             # Call query interface        
-            samlResponse = queryInterface(attributeQuery)
+            samlResponse = queryInterface(authzDecisionQuery)
         
         # Add mapping for ESG Group/Role Attribute Value to enable ElementTree
@@ -216 +216 @@
         response = soapResponse.serialize()
         
-        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: sending response "
-                  "...\n\n%s",
+        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: "
+                  "sending response ...\n\n%s",
                   response)
         start_response("200 OK",
@@ -225 +225 @@
     
     @classmethod
-    def isAttributeQuery(cls, soapBody):
-        """Check for AttributeQuery in the SOAP Body"""
+    def isAuthzDecisionQuery(cls, soapBody):
+        """Check for AuthzDecisionQuery in the SOAP Body"""
         
         if len(soapBody.elem) != 1:
             # TODO: Change to a SOAP Fault?
-            raise SOAPAuthzDecisionInterfaceMiddlewareError("Expecting single "
-                                                        "child element in the "
-                                                        "request SOAP "
-                                                        "Envelope body")
+            raise SOAPAuthzDecisionInterfaceMiddlewareError(
+                    "Expecting single child element in the request SOAP "
+                    "Envelope body")
             
         inputQName = QName(soapBody.elem[0].tag)    
-        attributeQueryQName = QName.fromGeneric(
-                                        AttributeQuery.DEFAULT_ELEMENT_NAME)
-        return inputQName == attributeQueryQName
+        authzDecisionQueryQName = QName.fromGeneric(
+                                        AuthzDecisionQuery.DEFAULT_ELEMENT_NAME)
+        return inputQName == authzDecisionQueryQName
 
     def _makeErrorResponse(self, code):

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

@@ -3 +3 @@
     <acInfo>
         <version>1.0</version>
-        <holder></holder>
+        <holder>/CN=client/O=NDG Security Test/OU=WS-Security Unittest</holder>
         <issuer>/CN=AttributeAuthority/O=NDG Security Test/OU=Site A</issuer>
         <issuerName>Site A</issuerName>
         <issuerSerialNumber>253</issuerSerialNumber> 
-        <userId>ndg-user</userId>
+        <userId>system</userId>
         <validity>
-            <notBefore>2010 01 20 08 54 54</notBefore> 
-            <notAfter>2010 01 20 16 54 54</notAfter> 
+            <notBefore>2010 02 15 11 31 46</notBefore> 
+            <notAfter>2010 02 15 19 31 46</notAfter> 
         </validity>
         <attributes>
@@ -33 +33 @@
         <provenance>original</provenance> 
     </acInfo>
-<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>s1dB/p8Cl1SmY0/Jcq+2z2biXHs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Sw36kLKRjSro9409KGZ5YPsQrU9FcvkzwO5n3WJ1WQkgDTS2IhGHCW5OB64bL8e3Ub3gdM1WlHC4
-ybGYfPOuuVfQ4ZHHfLqQMWA9p5ALRmUTAglSt9/uTPYzc8yk7wCWHNYqMDVPHbHwy5MWyAToCHGx
-rqJRs9WgozMJMugslJk=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>el2WOCy3XQ04rzELN8C+GufvDC4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mlKZJckdKXhwpOq0ZsKekoFneVP6T38iLBSgsgSwDUwHqxTTOlBqdkTywaL4lu2Jo1KlzZbeUH/r
+dUilnOs1zAZcl8BAynbXj2LJuGamxLIEFFQJFT7n7ZxAjVwbhbnajscHe3HEYDOxtQrfv5BDvyb/
+lgddNkepm2vHbayEH0c=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
 MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy
 NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

@@ -104 +104 @@
 # SAML SOAP Binding to the Attribute Authority
 [filter:AttributeAuthoritySamlSoapBindingFilter]
-paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
 prefix = saml.soapbinding.
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/attributeCertificateLog

@@ -1 +1 @@
 ac.xml
 ac.xml.1
+ac.xml.10
+ac.xml.11
+ac.xml.12
+ac.xml.13
+ac.xml.14
+ac.xml.15
+ac.xml.16
+ac.xml.2
+ac.xml.3
+ac.xml.4
+ac.xml.5
+ac.xml.6
+ac.xml.7
+ac.xml.8
+ac.xml.9

@@ -1 +1 @@
 ac.xml
 ac.xml.1
+ac.xml.10
+ac.xml.11
+ac.xml.12
+ac.xml.13
+ac.xml.14
+ac.xml.15
+ac.xml.16
+ac.xml.2
+ac.xml.3
+ac.xml.4
+ac.xml.5
+ac.xml.6
+ac.xml.7
+ac.xml.8
+ac.xml.9

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini

@@ -100 +100 @@
 # SAML SOAP Binding to the Attribute Authority
 [filter:AttributeAuthoritySamlSoapBindingFilter]
-paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
 prefix = saml.soapbinding.
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

@@ -406 +406 @@
 # SAML SOAP Binding to the Attribute Authority
 [filter:AttributeAuthoritySamlSoapBindingFilter]
-paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
 prefix = saml.soapbinding.
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.cfg

@@ -11 +11 @@
 #  use a separate test case class in the test module and is 
 # included here
-[test01SAMLAttributeQuery]
+[test01AttributeQuery]
 uri = http://localhost:5000/AttributeAuthority/saml
 subject = https://openid.localhost/philip.kershaw
 siteAttributeName = urn:siteA:security:authz:1.0:attr
 
-[test02SAMLAttributeQueryInvalidIssuer]
+[test02AttributeQueryInvalidIssuer]
 uri = http://localhost:5000/AttributeAuthority/saml
 subject = https://openid.localhost/philip.kershaw
 siteAttributeName = urn:siteA:security:authz:1.0:attr
 
-[test03SAMLAttributeQueryUnknownSubject]
+[test03AttributeQueryUnknownSubject]
 uri = http://localhost:5000/AttributeAuthority/saml
 subject = https://openid.localhost/unknown
 siteAttributeName = urn:siteA:security:authz:1.0:attr
 
-[test04SAMLAttributeQueryInvalidAttrName]
+[test04AttributeQueryInvalidAttrName]
 uri = http://localhost:5000/AttributeAuthority/saml
 subject = https://openid.localhost/philip.kershaw

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py

@@ -12 +12 @@
 import logging
 logging.basicConfig(level=logging.DEBUG)
+import os
 from datetime import datetime
 from uuid import uuid4
@@ -37 +38 @@
     """NDG Attribute Authority SAML SOAP Binding client unit tests"""
     CONFIG_FILENAME = 'test_samlattributeauthorityclient.cfg'
+    CONFIG_FILEPATH = os.path.join(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'],
+                                   CONFIG_FILENAME)
     
     def __init__(self, *arg, **kw):
@@ -46 +49 @@
         self.startSiteAAttributeAuthority(withSSL=True, port=5443)
        
-    def test01SAMLAttributeQuery(self):
-        _cfg = self.cfg['test01SAMLAttributeQuery']
+    def test01AttributeQuery(self):
+        _cfg = self.cfg['test01AttributeQuery']
         
         attributeQuery = AttributeQuery()
@@ -114 +117 @@
         print(prettyPrint(samlResponseElem))
              
-    def test02SAMLAttributeQueryInvalidIssuer(self):
-        _cfg = self.cfg['test02SAMLAttributeQueryInvalidIssuer']
+    def test02AttributeQueryInvalidIssuer(self):
+        _cfg = self.cfg['test02AttributeQueryInvalidIssuer']
         
         attributeQuery = AttributeQuery()
@@ -154 +157 @@
             response.status.statusCode.value==StatusCode.REQUEST_DENIED_URI)
                     
-    def test03SAMLAttributeQueryUnknownSubject(self):
-        _cfg = self.cfg['test03SAMLAttributeQueryUnknownSubject']
+    def test03AttributeQueryUnknownSubject(self):
+        _cfg = self.cfg['test03AttributeQueryUnknownSubject']
         
         attributeQuery = AttributeQuery()
@@ -193 +196 @@
             response.status.statusCode.value==StatusCode.UNKNOWN_PRINCIPAL_URI)
              
-    def test04SAMLAttributeQueryInvalidAttrName(self):
-        thisSection = 'test04SAMLAttributeQueryInvalidAttrName'
+    def test04AttributeQueryInvalidAttrName(self):
+        thisSection = 'test04AttributeQueryInvalidAttrName'
         _cfg = self.cfg[thisSection]
         
@@ -220 +223 @@
 
         binding = SOAPBinding.fromConfig(
-                     AttributeAuthoritySAMLInterfaceTestCase.CONFIG_FILENAME, 
+                     AttributeAuthoritySAMLInterfaceTestCase.CONFIG_FILEPATH, 
                      prefix='saml.', 
                      section=thisSection)
@@ -294 +297 @@
         
         self.assert_(response.status.statusCode.value==StatusCode.SUCCESS_URI)
-
-        
+             
+    def test08AuthzDecisionQuery(self):
+        _cfg = self.cfg['test02AuthzDecisionQuery']
+        
+        query = AuthzDecisionQuery()
+        query.version = SAMLVersion(SAMLVersion.VERSION_20)
+        query.id = str(uuid4())
+        query.issueInstant = datetime.utcnow()
+        
+        query.issuer = Issuer()
+        query.issuer.format = Issuer.X509_SUBJECT
+        query.issuer.value = str(
+                AttributeAuthoritySAMLInterfaceTestCase.VALID_REQUESTOR_IDS[0])
+                        
+        query.subject = Subject()  
+        query.subject.nameID = NameID()
+        query.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT
+        query.subject.nameID.value = _cfg['subject']
+
+        binding = SOAPBinding()
+        binding.serialise = AuthzDecisionQueryElementTree.toXML
+        binding.deserialise = ResponseElementTree.fromXML
+        response = binding.send(query, _cfg['uri'])
+
+        samlResponseElem = ResponseElementTree.toXML(response)
+        
+        print("SAML Response ...")
+        print(ElementTree.tostring(samlResponseElem))
+        print("Pretty print SAML Response ...")
+        print(prettyPrint(samlResponseElem))
+        
+        self.assert_(
+            response.status.statusCode.value==StatusCode.REQUEST_DENIED_URI)
+
+       
 if __name__ == "__main__":
     unittest.main()

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/__init__.py

@@ -9 +9 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = '$Id: $'
-import unittest
 import os
 import paste.fixture
 from paste.deploy import loadapp
 
+from ndg.security.test.unit import BaseTestCase
 
 class TestApp(object):
@@ -28 +28 @@
 
 
-class SOAPAttributeInterfaceMiddlewareTestCase(unittest.TestCase):
+class SoapSamlInterfaceMiddlewareTestCase(BaseTestCase):
     HERE_DIR = os.path.dirname(os.path.abspath(__file__))
     CONFIG_FILENAME = 'test.ini'
     
     def __init__(self, *args, **kwargs):
-        wsgiapp = loadapp(
-            'config:%s' % \
-                SOAPAttributeInterfaceMiddlewareTestCase.CONFIG_FILENAME, 
-            relative_to=SOAPAttributeInterfaceMiddlewareTestCase.HERE_DIR)
+        wsgiapp = loadapp('config:%s' % self.__class__.CONFIG_FILENAME, 
+                          relative_to=self.__class__.HERE_DIR)
         
         self.app = paste.fixture.TestApp(wsgiapp)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini

@@ -18 +18 @@
 
 [app:TestApp]
-paste.app_factory = ndg.security.test.unit.wsgi.saml.test_soapattributeinterface:TestApp
+paste.app_factory = ndg.security.test.unit.wsgi.saml:TestApp
 
 [filter:SAMLSoapAttributeInterfaceFilter]

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-decision-interface.ini

@@ -18 +18 @@
 
 [app:TestApp]
-paste.app_factory = ndg.security.test.unit.wsgi.saml.test_soapattributeinterface:TestApp
+paste.app_factory = ndg.security.test.unit.wsgi.saml:TestApp
 
 [filter:SAMLSoapAttributeInterfaceFilter]

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py

@@ -22 +22 @@
 from ndg.security.common.soap.etree import SOAPEnvelope
 from ndg.security.common.saml_utils.esg import EsgSamlNamespaces
-
-
-class SOAPAttributeInterfaceMiddlewareTestCase(unittest.TestCase):
-    CONFIG_FILENAME = 'authz-decision-interface.ini
-
-    def _createAttributeQuery(self, 
+from ndg.security.test.unit.wsgi.saml import SoapSamlInterfaceMiddlewareTestCase
+
+
+class SOAPAuthzDecisionInterfaceMiddlewareTestCase(unittest.TestCase):
+    CONFIG_FILENAME = 'authz-decision-interface.ini'
+
+    def _createAuthzDecisionQuery(self, 
                         issuer="/O=Site A/CN=Authorisation Service",
                         subject="https://openid.localhost/philip.kershaw"):
-        attributeQuery = AttributeQuery()
-        attributeQuery.version = SAMLVersion(SAMLVersion.VERSION_20)
-        attributeQuery.id = str(uuid4())
-        attributeQuery.issueInstant = datetime.utcnow()
-        
-        attributeQuery.issuer = Issuer()
-        attributeQuery.issuer.format = Issuer.X509_SUBJECT
-        attributeQuery.issuer.value = issuer
+        query = AttributeQuery()
+        query.version = SAMLVersion(SAMLVersion.VERSION_20)
+        query.id = str(uuid4())
+        query.issueInstant = datetime.utcnow()
+        
+        query.issuer = Issuer()
+        query.issuer.format = Issuer.X509_SUBJECT
+        query.issuer.value = issuer
                         
-        attributeQuery.subject = Subject()  
-        attributeQuery.subject.nameID = NameID()
-        attributeQuery.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT
-        attributeQuery.subject.nameID.value = subject
+        query.subject = Subject()  
+        query.subject.nameID = NameID()
+        query.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT
+        query.subject.nameID.value = subject
                                     
         
@@ -51 +52 @@
         fnAttribute.friendlyName = "FirstName"
 
-        attributeQuery.attributes.append(fnAttribute)
+        query.attributes.append(fnAttribute)
     
         # special case handling for 'LastName' attribute
@@ -59 +60 @@
         lnAttribute.friendlyName = "LastName"
 
-        attributeQuery.attributes.append(lnAttribute)
+        query.attributes.append(lnAttribute)
     
         # special case handling for 'LastName' attribute
@@ -68 +69 @@
         emailAddressAttribute.friendlyName = "emailAddress"
 
-        attributeQuery.attributes.append(emailAddressAttribute)  
-
-        return attributeQuery
-    
-    def _makeRequest(self, attributeQuery=None, **kw):
+        query.attributes.append(emailAddressAttribute)  
+
+        return query
+    
+    def _makeRequest(self, query=None, **kw):
         """Convenience method to construct queries for tests"""
         
-        if attributeQuery is None:
-            attributeQuery = self._createAttributeQuery(**kw)
+        if query is None:
+            query = self._createAuthzDecisionQuery(**kw)
             
-        elem = AttributeQueryElementTree.toXML(attributeQuery)
+        elem = AuthzDecusionQueryElementTree.toXML(query)
         soapRequest = SOAPEnvelope()
         soapRequest.create()
@@ -106 +107 @@
     
     def test01ValidQuery(self):
-        attributeQuery = self._createAttributeQuery()
-        request = self._makeRequest(attributeQuery=attributeQuery)
+        query = self._createAuthzDecisionQuery()
+        request = self._makeRequest(query=query)
         
         header = {
@@ -123 +124 @@
         self.assert_(samlResponse.status.statusCode.value == \
                      StatusCode.SUCCESS_URI)
-        self.assert_(samlResponse.inResponseTo == attributeQuery.id)
+        self.assert_(samlResponse.inResponseTo == query.id)
         self.assert_(samlResponse.assertions[0].subject.nameID.value == \
-                     attributeQuery.subject.nameID.value)
+                     query.subject.nameID.value)
 
     def test02AttributeReleaseDenied(self):
@@ -149 +150 @@
 
     def test03InvalidAttributesRequested(self):
-        attributeQuery = self._createAttributeQuery()
+        query = self._createAuthzDecisionQuery()
         
         # Add an unsupported Attribute name
@@ -157 +158 @@
                                     XSStringAttributeValue.TYPE_LOCAL_NAME
         attribute.friendlyName = "myAttribute"
-        attributeQuery.attributes.append(attribute)     
-        
-        request = self._makeRequest(attributeQuery=attributeQuery)
+        query.attributes.append(attribute)     
+        
+        request = self._makeRequest(query=query)
            
         header = {

@@ -1 +1 @@
 ac.xml
 ac.xml.1
+ac.xml.10
+ac.xml.11
+ac.xml.12
+ac.xml.13
+ac.xml.14
+ac.xml.15
+ac.xml.16
+ac.xml.2
+ac.xml.3
+ac.xml.4
+ac.xml.5
+ac.xml.6
+ac.xml.7
+ac.xml.8
+ac.xml.9