Changeset 6615 for TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Timestamp:

23/02/10 16:40:24 (11 years ago)

Author:

pjkersha

Message:

AuthzService? unit test wiht ndg.security.server.wsgi.authzservice.AuthzServiceMiddleware? near complete. Fixes required to PIP callout to Attribute Authority.

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Files:

• config/attributeauthority/sitea/site-a.ini (modified) (1 diff)
• config/attributeauthority/sitea/siteAUserRoles.py (modified) (1 diff)
• config/sessionmanager/userx509certauthn.py (modified) (1 diff)
• integration/authz_lite/securityservices.ini (modified) (1 diff)
• unit/attributeauthority/test_attributeauthority.py (modified) (1 diff)
• unit/attributeauthorityclient/test_samlattributeauthorityclient.py (modified) (1 diff)
• unit/credentialwallet/test_credentialwallet.py (modified) (1 diff)
• unit/saml/test_samlinterface.py (modified) (1 diff)
• unit/sessionmanager/userx509certauthn.py (modified) (1 diff)
• unit/wsgi/saml/attribute-interface.ini (modified) (1 diff)
• unit/wsgi/saml/authz-decision-interface.ini (modified) (1 diff)
• unit/wsgi/saml/authz-service.ini (modified) (3 diffs)
• unit/wsgi/saml/policy-1.1.xml (added)
• unit/wsgi/saml/test_soapattributeinterface.py (modified) (1 diff)
• unit/wsgi/saml/test_soapauthzdecisioninterface.py (modified) (3 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

@@ -108 +108 @@
 prefix = saml.soapbinding.
 
-saml.soapbinding.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML
+saml.soapbinding.deserialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML
 
 # Specialisation to incorporate ESG Group/Role type

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/siteAUserRoles.py

@@ -14 +14 @@
 from uuid import uuid4
 
-from saml.common.xml import SAMLConstants
-from saml.saml2.core import (Assertion, Attribute, AttributeStatement, Issuer,
+from ndg.saml.common.xml import SAMLConstants
+from ndg.saml.saml2.core import (Assertion, Attribute, AttributeStatement, Issuer,
                              SAMLVersion, Subject, NameID, Conditions,
                              XSStringAttributeValue)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/sessionmanager/userx509certauthn.py

@@ -18 +18 @@
 from ndg.security.server.sessionmanager import SessionManager, \
     AbstractAuthNService, AuthNServiceInvalidCredentials, AuthNServiceError
-from ndg.security.common.myproxy import MyProxyClient
+from myproxy.client import MyProxyClient
+
 
 class UserX509CertAuthN(AbstractAuthNService):

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

@@ -414 +414 @@
 prefix = saml.soapbinding.
 
-saml.soapbinding.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML
+saml.soapbinding.deserialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML
 
 # Specialisation to incorporate ESG Group/Role type

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthority/test_attributeauthority.py

@@ -244 +244 @@
 from uuid import uuid4
 from datetime import datetime
-from saml.saml2.core import (Response, Attribute, SAMLVersion, Subject, NameID,
+from ndg.saml.saml2.core import (Response, Attribute, SAMLVersion, Subject, NameID,
                              Issuer, AttributeQuery, XSStringAttributeValue, 
                              Status, StatusMessage, StatusCode)
-from saml.xml import XMLConstants
+from ndg.saml.xml import XMLConstants
 from ndg.security.common.saml_utils.esg import EsgSamlNamespaces
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py

@@ -17 +17 @@
 from xml.etree import ElementTree
 
-from saml.common import SAMLVersion
-from saml.common.xml import SAMLConstants
-from saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
-from saml.saml2.core import (Subject, Issuer, Attribute, NameID, AttributeQuery,
+from ndg.saml.common import SAMLVersion
+from ndg.saml.common.xml import SAMLConstants
+from ndg.saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
+from ndg.saml.saml2.core import (Subject, Issuer, Attribute, NameID, AttributeQuery,
                              StatusCode, XSStringAttributeValue, )
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

@@ -23 +23 @@
 from time import sleep
 from datetime import datetime, timedelta
-from saml.utils import SAMLDateTime
-from saml.xml.etree import AssertionElementTree
+from ndg.saml.utils import SAMLDateTime
+from ndg.saml.xml.etree import AssertionElementTree
 
 from ndg.security.test.unit import BaseTestCase

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/saml/test_samlinterface.py

@@ -20 +20 @@
 from xml.etree import ElementTree
 
-from saml.saml2.core import (Response, Assertion, Attribute, 
+from ndg.saml.saml2.core import (Response, Assertion, Attribute, 
                              AttributeStatement, SAMLVersion, Subject, NameID,
                              Issuer, AttributeQuery, XSStringAttributeValue, 
                              Conditions, Status, StatusCode)
-from saml.xml import XMLConstants
-from saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
+from ndg.saml.xml import XMLConstants
+from ndg.saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
 
 from ndg.security.common.soap.client import (UrlLib2SOAPClient, 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sessionmanager/userx509certauthn.py

@@ -16 +16 @@
 from ndg.security.server.sessionmanager import SessionManager, \
     AbstractAuthNService, AuthNServiceInvalidCredentials, AuthNServiceError
-from ndg.security.common.myproxy import MyProxyClient
+from myproxy.client import MyProxyClient
+
 
 class UserX509CertAuthN(AbstractAuthNService):

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini

@@ -25 +25 @@
 saml.pathMatchList = /attributeauthority/saml
 saml.queryInterfaceKeyName = attributeQueryInterface
-saml.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML
+saml.deserialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML
 
 # Specialisation to incorporate ESG Group/Role type

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-decision-interface.ini

@@ -28 +28 @@
 saml.pathMatchList = /authorisationservice
 saml.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
-saml.deserialise = saml.xml.etree:AuthzDecisionQueryElementTree.fromXML
-saml.serialise = saml.xml.etree:ResponseElementTree.toXML
+saml.deserialise = ndg.saml.xml.etree:AuthzDecisionQueryElementTree.fromXML
+saml.serialise = ndg.saml.xml.etree:ResponseElementTree.toXML
 
 #______________________________________________________________________________

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-service.ini

@@ -8 +8 @@
 port = 5000
 baseURI = localhost:%(port)s
-
+queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
 [server:main]
 use = egg:Paste#http
@@ -24 +24 @@
 prefix = saml.
 saml.pathMatchList = /authorisationservice
-saml.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
-saml.deserialise = saml.xml.etree:AuthzDecisionQueryElementTree.fromXML
-saml.serialise = saml.xml.etree:ResponseElementTree.toXML
+saml.queryInterfaceKeyName = %(queryInterfaceKeyName)s
+saml.deserialise = ndg.saml.xml.etree:AuthzDecisionQueryElementTree.fromXML
+saml.serialise = ndg.saml.xml.etree:ResponseElementTree.toXML
 
 #______________________________________________________________________________
@@ -34 +34 @@
 # This filter is a container for a binding to a SOAP based interface to the
 # Attribute Authority
-paste.filter_app_factory = ndg.security.server.wsgi.saml.authzservice:AuthzServiceMiddleware
-queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
+paste.filter_app_factory = ndg.security.server.wsgi.authzservice:AuthzServiceMiddleware.filter_app_factory
+prefix = authz.
+authz.policy.filePath = %(here)s/policy-1.1.xml
+authz.queryInterfaceKeyName = %(queryInterfaceKeyName)s
+
+# AuthzDecisionQuery Response settings
+authz.issuerName = /O=NDG/OU=CEDA/CN=Authorisation Service
+authz.clockSkewTolerance = 1
+authz.assertionLifetime = 86400
+
+# Policy Information Point settings - makes an Attribute Queries to 
+# Attribute Authorities
+authz.pip.attributeQuery.subjectIdFormat = urn:esg:openid
+authz.pip.attributeQuery.verifyTimeConditions = True

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapattributeinterface.py

@@ -15 +15 @@
 from cStringIO import StringIO
 
-from saml.saml2.core import (Attribute, SAMLVersion, Subject, NameID, Issuer, 
+from ndg.saml.saml2.core import (Attribute, SAMLVersion, Subject, NameID, Issuer, 
                              AttributeQuery, XSStringAttributeValue, 
                              StatusCode)
-from saml.xml import XMLConstants
-from saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
+from ndg.saml.xml import XMLConstants
+from ndg.saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
 
 from ndg.security.common.soap.etree import SOAPEnvelope

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py

@@ -15 +15 @@
 from cStringIO import StringIO
 
-from saml.saml2.core import (SAMLVersion, Subject, NameID, Issuer, Response,
+from ndg.saml.saml2.core import (SAMLVersion, Subject, NameID, Issuer, Response,
                              AuthzDecisionQuery, AuthzDecisionStatement, Status,
                              StatusCode, StatusMessage, DecisionType, Action, 
                              Conditions, Assertion)
-from saml.xml.etree import AuthzDecisionQueryElementTree, ResponseElementTree
+from ndg.saml.xml.etree import AuthzDecisionQueryElementTree, ResponseElementTree
 
 from ndg.security.common.soap.etree import SOAPEnvelope
@@ -101 +101 @@
                                         SoapSamlInterfaceMiddlewareTestCase):
     CONFIG_FILENAME = 'authz-decision-interface.ini'
-
+    RESOURCE_URI = TestAuthorisationServiceMiddleware.RESOURCE_URI
+    
     def _createAuthzDecisionQuery(self, 
-                    issuer="/O=Site A/CN=PEP",
-                    subject="https://openid.localhost/philip.kershaw",
-                    resource=TestAuthorisationServiceMiddleware.RESOURCE_URI,
-                    action=Action.HTTP_GET_ACTION,
-                    actionNs=Action.GHPP_NS_URI):
+                            issuer="/O=Site A/CN=PEP",
+                            subject="https://openid.localhost/philip.kershaw",
+                            resource=RESOURCE_URI,
+                            action=Action.HTTP_GET_ACTION,
+                            actionNs=Action.GHPP_NS_URI):
         query = AuthzDecisionQuery()
         query.version = SAMLVersion(SAMLVersion.VERSION_20)
@@ -196 +197 @@
     """
     CONFIG_FILENAME = 'authz-service.ini'
+    RESOURCE_URI = 'http://localhost/dap/data/my.nc.dods?time[0:1:0]'
+    
+    def __init__(self, *arg, **kw):
+        """Extend base init to include SAML Attribute Authority required by
+        Authorisation Service"""
+        super(SOAPAuthzDecisionInterfaceMiddlewareTestCase, self).__init__(
+                                                                    *arg, **kw)
+        self.startSiteAAttributeAuthority(withSSL=True, port=5443)