Ignore:
Timestamp:
16/03/10 08:37:55 (11 years ago)
Author:
pjkersha
Message:
  • Working Credential Wallet refactored for Python 2.6
  • Pruned out more old code: ZSI and Twisted SAOP/WSDL wrappers, Session Manager and WS-Security, Test 'Site B' Attribute Authority - for testing role mapping.
  • Started XACML package ElementTree based parser.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

    r6615 r6730  
    11#!/usr/bin/env python 
    2 """Unit tests for Credential Wallet classes 
     2"""Unit tests for Credential Wallet class 
    33 
    44NERC DataGrid Project 
     
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1111__revision__ = '$Id: $' 
     12import logging 
     13logging.basicConfig(level=logging.DEBUG) 
    1214 
    1315import unittest 
    14 import os, sys, getpass, re 
    15 import traceback 
     16import os 
    1617 
    1718from string import Template 
     
    2324from time import sleep 
    2425from datetime import datetime, timedelta 
     26 
    2527from ndg.saml.utils import SAMLDateTime 
    2628from ndg.saml.xml.etree import AssertionElementTree 
    2729 
    2830from ndg.security.test.unit import BaseTestCase 
     31from ndg.security.common.utils.etree import prettyPrint 
     32from ndg.security.common.credentialwallet import SAMLCredentialWallet 
    2933 
    30 from ndg.security.common.utils.configfileparsers import ( 
    31                                                     CaseSensitiveConfigParser) 
    32 from ndg.security.common.utils.etree import prettyPrint 
    33 from ndg.security.common.X509 import X509CertParse 
    34 from ndg.security.common.credentialwallet import (NDGCredentialWallet,  
    35     CredentialWalletAttributeRequestDenied, SAMLCredentialWallet) 
    36 from ndg.security.server.attributeauthority import AttributeAuthority 
    37  
    38 from os.path import expandvars as xpdVars 
    39 from os.path import join as jnPath 
    40 mkPath = lambda file: jnPath(os.environ['NDGSEC_CREDWALLET_UNITTEST_DIR'], file) 
    41  
    42 import logging 
    43 logging.basicConfig(level=logging.DEBUG) 
    44  
    45  
    46 class NDGCredentialWalletTestCase(BaseTestCase): 
    47     """Unit test case for  
    48     ndg.security.common.credentialwallet.NDGCredentialWallet class. 
    49     """ 
    50     THIS_DIR = os.path.dirname(__file__) 
    51     PICKLE_FILENAME = 'NDGCredentialWalletPickle.dat' 
    52     PICKLE_FILEPATH = os.path.join(THIS_DIR, PICKLE_FILENAME) 
    53  
    54     def __init__(self, *arg, **kw): 
    55         super(NDGCredentialWalletTestCase, self).__init__(*arg, **kw) 
    56         self.startAttributeAuthorities() 
    57      
    58     def setUp(self): 
    59         super(NDGCredentialWalletTestCase, self).setUp() 
    60          
    61         if 'NDGSEC_INT_DEBUG' in os.environ: 
    62             import pdb 
    63             pdb.set_trace() 
    64          
    65         if 'NDGSEC_CREDWALLET_UNITTEST_DIR' not in os.environ: 
    66             os.environ['NDGSEC_CREDWALLET_UNITTEST_DIR'] = \ 
    67                 os.path.abspath(os.path.dirname(__file__)) 
    68          
    69         self.cfg = CaseSensitiveConfigParser() 
    70         configFilePath = jnPath(os.environ['NDGSEC_CREDWALLET_UNITTEST_DIR'], 
    71                                 "credWalletTest.cfg") 
    72         self.cfg.read(configFilePath) 
    73  
    74         self.userX509CertFilePath=self.cfg.get('setUp', 'userX509CertFilePath') 
    75         self.userPriKeyFilePath=self.cfg.get('setUp', 'userPriKeyFilePath') 
    76          
    77  
    78     def test01ReadOnlyClassVariables(self): 
    79          
    80         try: 
    81             NDGCredentialWallet.accessDenied = 'yes' 
    82             self.fail("accessDenied class variable should be read-only") 
    83         except Exception, e: 
    84             print("PASS - accessDenied class variable is read-only") 
    85  
    86         try: 
    87             NDGCredentialWallet.accessGranted = False 
    88             self.fail("accessGranted class variable should be read-only") 
    89         except Exception, e: 
    90             print("PASS - accessGranted class variable is read-only") 
    91              
    92         assert(not NDGCredentialWallet.accessDenied) 
    93         assert(NDGCredentialWallet.accessGranted) 
    94          
    95          
    96     def test02SetAttributes(self): 
    97          
    98         credWallet = NDGCredentialWallet() 
    99         credWallet.userX509Cert=open(xpdVars(self.userX509CertFilePath)).read() 
    100         print("userX509Cert=%s" % credWallet.userX509Cert) 
    101         credWallet.userId = 'ndg-user' 
    102         print("userId=%s" % credWallet.userId) 
    103          
    104         try: 
    105             credWallet.blah = 'blah blah' 
    106             self.fail("Attempting to set attribute not in __slots__ class " 
    107                       "variable should fail") 
    108         except AttributeError: 
    109             print("PASS - expected AttributeError when setting attribute " 
    110                   "not in __slots__ class variable") 
    111              
    112         credWallet.caCertFilePathList=None 
    113         credWallet.attributeAuthorityURI='http://localhost/AttributeAuthority' 
    114              
    115         credWallet.attributeAuthority = None 
    116         credWallet._credentialRepository = None 
    117         credWallet.mapFromTrustedHosts = False 
    118         credWallet.rtnExtAttCertList = True 
    119         credWallet.attCertRefreshElapse = 7200 
    120       
    121              
    122     def test03GetAttCertWithUserId(self): 
    123                      
    124         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    125                                                           'cfgFilePath')) 
    126         attCert = credWallet.getAttCert() 
    127          
    128         # No user X.509 cert is set so the resulting Attribute Certificate 
    129         # user ID should be the same as that set for the wallet 
    130         assert(attCert.userId == credWallet.userId) 
    131         print("Attribute Certificate:\n%s" % attCert) 
    132          
    133     def test04GetAttCertWithUserX509Cert(self): 
    134                      
    135         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    136                                                           'cfgFilePath')) 
    137          
    138         # Set a test individual user certificate to override the client  
    139         # cert. and private key in WS-Security settings in the config file 
    140         credWallet.userX509Cert=open(xpdVars(self.userX509CertFilePath)).read() 
    141         credWallet.userPriKey=open(xpdVars(self.userPriKeyFilePath)).read() 
    142         attCert = credWallet.getAttCert() 
    143          
    144         # A user X.509 cert. was set so this cert's DN should be set in the 
    145         # userId field of the resulting Attribute Certificate 
    146         assert(attCert.userId == str(credWallet.userX509Cert.dn)) 
    147         print("Attribute Certificate:\n%s" % attCert) 
    148  
    149     def test05GetAttCertRefusedWithUserX509Cert(self): 
    150          
    151         # Keyword mapFromTrustedHosts overrides any setting in the config file 
    152         # This flag prevents role mapping from a trusted AA and so in this case 
    153         # forces refusal of the request 
    154         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    155                                                           'cfgFilePath'), 
    156                                          mapFromTrustedHosts=False)     
    157         credWallet.userX509CertFilePath = self.userX509CertFilePath 
    158         credWallet.userPriKeyFilePath = self.userPriKeyFilePath 
    159          
    160         # Set AA URI AFTER user PKI settings so that these are picked in the 
    161         # implicit call to create a new AA Client when the URI is set 
    162         credWallet.attributeAuthorityURI = self.cfg.get('setUp',  
    163                                                         'attributeAuthorityURI') 
    164         try: 
    165             attCert = credWallet.getAttCert() 
    166         except CredentialWalletAttributeRequestDenied, e: 
    167             print("ok - obtained expected result: %s" % e) 
    168             return 
    169          
    170         self.fail("Request allowed from Attribute Authority where user is NOT " 
    171                   "registered!") 
    172  
    173     def test06GetMappedAttCertWithUserId(self): 
    174          
    175         # Call Site A Attribute Authority where user is registered 
    176         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    177                                                           'cfgFilePath')) 
    178         attCert = credWallet.getAttCert() 
    179  
    180         # Use Attribute Certificate cached in wallet to get a mapped  
    181         # Attribute Certificate from Site B's Attribute Authority 
    182         siteBURI = self.cfg.get('setUp', 'attributeAuthorityURI')         
    183         attCert = credWallet.getAttCert(attributeAuthorityURI=siteBURI) 
    184              
    185         print("Mapped Attribute Certificate from Site B Attribute " 
    186               "Authority:\n%s" % attCert) 
    187                          
    188     def test07GetAttCertFromLocalAAInstance(self): 
    189         thisSection = 'test07GetAttCertFromLocalAAInstance' 
    190         aaPropFilePath = self.cfg.get(thisSection, 
    191                                       'attributeAuthorityPropFilePath')  
    192                    
    193         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    194                                                           'cfgFilePath')) 
    195         credWallet.attributeAuthority = AttributeAuthority.fromPropertyFile( 
    196                                             propFilePath=aaPropFilePath) 
    197         attCert = credWallet.getAttCert() 
    198          
    199         # No user X.509 cert is set so the resulting Attribute Certificate 
    200         # user ID should be the same as that set for the wallet 
    201         assert(attCert.userId == credWallet.userId) 
    202         print("Attribute Certificate:\n%s" % attCert)   
    203  
    204     def test08Pickle(self): 
    205         credWallet = NDGCredentialWallet(cfg=self.cfg.get('setUp',  
    206                                                           'cfgFilePath')) 
    207  
    208         outFile = open(NDGCredentialWalletTestCase.PICKLE_FILEPATH, 'w') 
    209         pickle.dump(credWallet, outFile) 
    210         outFile.close() 
    211          
    212         inFile = open(NDGCredentialWalletTestCase.PICKLE_FILEPATH) 
    213         unpickledCredWallet = pickle.load(inFile) 
    214         self.assert_(unpickledCredWallet.userId == credWallet.userId) 
    215          
    21634 
    21735class SAMLCredentialWalletTestCase(BaseTestCase): 
Note: See TracChangeset for help on using the changeset viewer.