Changeset 7327 for TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Timestamp:

16/08/10 13:54:09 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• added unit tests for XACML Context handler

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit

Files:

• __init__.py (modified) (1 diff)
• x509/test_x509.py (modified) (3 diffs)
• xacml/pip-mapping.txt (modified) (1 diff)
• xacml/saml_ctx_handler.cfg (added)
• xacml/test_saml_ctx_handler.py (added)
• xacml/test_saml_pip.py (modified) (4 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/__init__.py

@@ -131 +131 @@
         X500DN.fromString("/O=Site A/CN=Authorisation Service"), 
         X500DN.fromString("/O=Site B/CN=Authorisation Service"),
-        X500DN.fromString('/CN=test/O=NDG/OU=BADC')
+        X500DN.fromString('/CN=test/O=NDG/OU=BADC'),
+        X500DN.fromString('/O=NDG/OU=Security/CN=localhost')
     )
     

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/x509/test_x509.py

@@ -25 +25 @@
 
 from ConfigParser import SafeConfigParser
+
 from ndg.security.test.unit import BaseTestCase
-
-import warnings
-_warningMsg = None
-_origWarn = warnings.warn
-def _warnWrapper(*arg, **kw):
-    global _warningMsg
-    _warningMsg = arg[0]
-    _origWarn(*arg, **kw)
-
-warnings.warn = _warnWrapper
-
-from ndg.security.common.X509 import X509CertRead, X509CertParse, X500DN, \
-    X509Stack, X509StackEmptyError, SelfSignedCert, X509CertIssuerNotFound
+from ndg.security.common.X509 import (X509CertRead, X509CertParse, X500DN, 
+    X509Stack, X509StackEmptyError, SelfSignedCert, X509CertIssuerNotFound)
+
 
 class X509TestCase(BaseTestCase):
     """Unit test X509 module"""
     CA_DIR = os.path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'ca')
-    
-    def __del__(self):
-        warnings.warn = _origWarn
-        if getattr(super(X509TestCase, self), "__del__", None):
-            super(X509TestCase, self).__del__()
         
     def setUp(self):
@@ -189 +175 @@
         self.test01X509CertRead()
         
-        # Set ridiculous bounds for expiry warning to ensure a warning message
-        # is output
-        self.assert_(self.x509Cert.isValidTime(nDaysBeforeExpiryLimit=36500), 
-                                               "Certificate has expired")
-        if not _warningMsg:
-            self.fail("No warning message was set")
-        else:
-            print("PASSED - Got warning message from X509Cert."
-                  "isValidTime: %s" % _warningMsg)
-
-    def test10ReadStackFromCADir(self):
-        
-        stack = X509Stack.fromCADir(X509TestCase.CA_DIR)
-        self.assert_(stack)
-        self.assert_(len(stack) > 0)
+        warningMsg = None
+        
+        # Capture stderr
+        try:
+            warningOutput = StringIO()
+            _stderr = sys.stderr
+            sys.stderr = warningOutput
+            
+            # Set ridiculous bounds for expiry warning to ensure a warning 
+            # message is output
+            validStatus = self.x509Cert.isValidTime(
+                                                nDaysBeforeExpiryLimit=36500)
+            self.assert_(validStatus, "Certificate has expired")
+        finally:
+            sys.stderr = _stderr
+            warningMsg = warningOutput.getvalue()
+            
+        self.assert_("UserWarning" in str(warningMsg), 
+                     "No warning message was set")
+        
+        print("PASSED - Got warning message from X509Cert.isValidTime: %s" % 
+              warningMsg)
+
         
 class X500DNTestCase(BaseTestCase):
@@ -215 +209 @@
         self.assert_(str(dn))
         print(dn)
+        
+    def test02VerifyCommaSeparatedDnParsing(self):
+        # Test parsing for ',' delimited fields
+        dnStr = 'O=NDG, OU=Security, CN=localhost'
+        dn = X500DN.fromString(dnStr)
+        self.assert_(str(dn))
+        print(dn)
+        
                                       
 if __name__ == "__main__":

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/pip-mapping.txt

@@ -19 +19 @@
 
 # Entries are whitespace delimited <attribute id> <attribute authority>
-urn:ndg:security:attributes https://localhost:5443/AttributeAuthority
+urn:siteA:security:authz:1.0:attr https://localhost:5443/AttributeAuthority
 myattributeid https://myattributeauthority.ac.uk/
 http://someotherattributeid.schema https://another.ac.uk/attributeservice/

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_pip.py

@@ -38 +38 @@
     CONFIG_FILEPATH = path.join(THIS_DIR, CONFIG_FILENAME)
     
-    NDGS_ATTR_ID = 'urn:ndg:security:attributes'
+    NDGS_ATTR_ID = BaseTestCase.ATTRIBUTE_NAMES[0]
     OPENID_ATTR_ID = 'urn:esg:openid'
-    OPENID = 'https://localhost:7443/pjkershaw'
     
     CLNT_CERT_FILEPATH = path.join(BaseTestCase.PKI_DIR, 'localhost.crt')
@@ -83 +82 @@
                                                             openidAttr.dataType)
         
-        openidAttrVal = anyUriAttrValue(self.__class__.OPENID)
+        openidAttrVal = anyUriAttrValue(self.__class__.OPENID_URI)
         openidAttr.attributeValues.append(openidAttrVal) 
         
@@ -115 +114 @@
         ctx = self._createXacmlRequestCtx()
         
-        attributes = pip.attributeQuery(ctx, designator)
-        self.assert_(len(attributes) > 0)
+        attributeValues = pip.attributeQuery(ctx, designator)
+        self.assert_(len(attributeValues) > 0)
+        print("PIP retrieved attribute values %r" % attributeValues)
         
     def test04InitFromConfigFile(self):
@@ -122 +122 @@
         pip = PIP.fromConfig(self.__class__.CONFIG_FILEPATH)
         self.assert_(pip.mappingFilePath)
-        
-        for i in dir(PIP):
-            print("%s = %r" % (i, getattr(pip, i)))
+
         
 if __name__ == "__main__":