Changeset 7359 for TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

Timestamp:

24/08/10 16:39:39 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• simplified credential wallet - now a single class SAMLAssertionWallet for caching assertions containing authorisation decision statements and/or attribute statements

File:

• TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py (modified) (9 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

@@ -30 +30 @@
 from ndg.security.test.unit import BaseTestCase
 from ndg.security.common.utils.etree import prettyPrint
-from ndg.security.common.credentialwallet import (SAMLAttributeWallet,
-                                                  SAMLAuthzDecisionWallet)
+from ndg.security.common.credentialwallet import SAMLAssertionWallet
 
 
@@ -94 +93 @@
         return AssertionElementTree.fromXML(assertionElem)
 
-    def _addCredential(self):
-        wallet = SAMLAttributeWallet()   
-        wallet.addCredential(self.assertion, issuerEndpoint=\
-        self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI)
+    def _addCredentials(self):
+        wallet = SAMLAssertionWallet()   
+        wallet.addCredentials(self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI,
+                              [self.assertion])
         return wallet
     
-    def test01AddCredential(self):
-        wallet = self._addCredential()
-        
-        self.assert_(len(wallet.credentials) == 1)
-        self.assert_(self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI in \
-                     wallet.credentialsKeyedByURI)
-        self.assert_(self.__class__.SITEA_SAML_ISSUER_NAME in \
-                     wallet.credentials)
-        
-        assertion = wallet.credentials[
-            self.__class__.SITEA_SAML_ISSUER_NAME
-        ].credential
+    def test01AddCredentials(self):
+        wallet = self._addCredentials()
+        k = self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI
+        self.assert_(len(wallet.retrieveCredentials(k)) == 1)
+        assertions = wallet.retrieveCredentials(
+                            self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI)
+        self.assert_(assertions)
         
         print("SAML Assertion:\n%s" % 
-              prettyPrint(AssertionElementTree.toXML(assertion)))
+              prettyPrint(AssertionElementTree.toXML(assertions[0])))
     
     def test02VerifyCredential(self):
-        wallet = SAMLAttributeWallet()
+        wallet = SAMLAssertionWallet()
         self.assert_(wallet.isValidCredential(self.assertion))
         
@@ -130 +124 @@
         self.assert_(not wallet.isValidCredential(futureAssertion))
         
-    def test03AuditCredential(self):
+    def test03AuditCredentials(self):
         # Add a short lived credential and ensure it's removed when an audit
         # is carried to prune expired credentials
         shortExpiryAssertion = self._createAssertion(validityDuration=1)
-        wallet = SAMLAttributeWallet()
-        wallet.addCredential(shortExpiryAssertion)
-        
-        self.assert_(len(wallet.credentials) == 1)
+        wallet = SAMLAssertionWallet()
+        wallet.addCredentials('a', [shortExpiryAssertion])
+        
+        self.assert_(wallet.retrieveCredentials('a'))
         sleep(2)
         wallet.audit()
-        self.assert_(len(wallet.credentials) == 0)
+        self.assert_(wallet.retrieveCredentials('a') is None)
 
     def test04ClockSkewTolerance(self):
@@ -146 +140 @@
         # a clock skew of 
         shortExpiryAssertion = self._createAssertion(validityDuration=1)
-        wallet = SAMLAttributeWallet()
+        wallet = SAMLAssertionWallet()
         
         # Set a tolerance of five seconds
         wallet.clockSkewTolerance = 5.*60*60
-        wallet.addCredential(shortExpiryAssertion)
-        
-        self.assert_(len(wallet.credentials) == 1)
+        wallet.addCredentials('a', [shortExpiryAssertion])
+        
+        self.assert_(wallet.retrieveCredentials('a'))
         sleep(2)
         wallet.audit()
-        self.assert_(len(wallet.credentials) == 1)
+        self.assert_(wallet.retrieveCredentials('a'))
         
     def test05ReplaceCredential(self):
         # Replace an existing credential from a given institution with a more
         # up to date one
-        wallet = self._addCredential()
-        self.assert_(len(wallet.credentials) == 1)
+        k = self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI
+        wallet = self._addCredentials()
+        self.assert_(len(wallet.retrieveCredentials(k)) == 1)
         
         newAssertion = self._createAssertion()  
 
-        wallet.addCredential(newAssertion)
-        self.assert_(len(wallet.credentials) == 1)
+        wallet.addCredentials(k, [newAssertion])
+        self.assert_(len(wallet.retrieveCredentials(k)) == 1)
         self.assert_(newAssertion.conditions.notOnOrAfter == \
-                     wallet.credentials[
-                        self.__class__.SITEA_SAML_ISSUER_NAME
-                    ].credential.conditions.notOnOrAfter)
-        
-    def test06CredentialsFromSeparateSites(self):
-        wallet = self._addCredential()
-        wallet.addCredential(self._createAssertion(issuerName="MySite"))
-        self.assert_(len(wallet.credentials) == 2)
+                     wallet.retrieveCredentials(k)[0].conditions.notOnOrAfter)
+        
+    def test06CredentialsFromSeparateKeys(self):
+        wallet = self._addCredentials()
+        wallet.addCredentials("MySite",
+                              [self._createAssertion(issuerName="MySite"),
+                               self._createAssertion()])
+        self.assert_(len(wallet.retrieveCredentials("MySite")) == 2)
+        k = self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI
+        self.assert_(len(wallet.retrieveCredentials(k)) == 1)
 
     def test07Pickle(self):
-        wallet = self._addCredential()
+        wallet = self._addCredentials()
         outFile = open(self.__class__.PICKLE_FILEPATH, 'w')
         pickle.dump(wallet, outFile)
@@ -185 +182 @@
         inFile = open(self.__class__.PICKLE_FILEPATH)
         unpickledWallet = pickle.load(inFile)
-        self.assert_(unpickledWallet.credentialsKeyedByURI.get(
-            self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI))
-        
-        self.assert_(unpickledWallet.credentials.items()[0][1].issuerName == \
-                     BaseTestCase.SITEA_SAML_ISSUER_NAME)
+        
+        assertions = unpickledWallet.retrieveCredentials(
+            self.__class__.SITEA_ATTRIBUTEAUTHORITY_SAML_URI)
+        self.assert_(assertions)
+        
+        self.assert_(assertions[0].issuer.value == \
+                     self.__class__.SITEA_SAML_ISSUER_NAME)
 
     def test08CreateFromConfig(self):
-        wallet = SAMLAttributeWallet.fromConfig(
+        wallet = SAMLAssertionWallet.fromConfig(
                                 self.__class__.CONFIG_FILEPATH)
         self.assert_(wallet.clockSkewTolerance == timedelta(seconds=0.01))
@@ -243 +242 @@
         return AssertionElementTree.fromXML(assertionElem)
                     
-    def _addCredential(self):
-        wallet = SAMLAuthzDecisionWallet()   
-        wallet.addCredential(self.assertion)
+    def _addCredentials(self):
+        wallet = SAMLAssertionWallet()   
+        wallet.addCredentials(self.__class__.RESOURCE_ID, [self.assertion])
         return wallet
     
-    def test01AddCredential(self):
-        wallet = self._addCredential()
-        
-        self.assert_(len(wallet.credentials) == 1)
-        self.assert_(self.__class__.RESOURCE_ID in wallet.credentials)
-
-        assertion = wallet.credentials[self.__class__.RESOURCE_ID].credential
+    def test01AddCredentials(self):
+        wallet = self._addCredentials()
+        
+        self.assert_(
+            len(wallet.retrieveCredentials(self.__class__.RESOURCE_ID)) == 1)
+
+        assertion = wallet.retrieveCredentials(self.__class__.RESOURCE_ID)[-1]
         
         print("SAML Assertion:\n%s" % 
@@ -260 +259 @@
     
     def test02VerifyCredential(self):
-        wallet = SAMLAttributeWallet()
+        wallet = SAMLAssertionWallet()
         self.assert_(wallet.isValidCredential(self.assertion))
         
@@ -272 +271 @@
 
         self.assert_(not wallet.isValidCredential(futureAssertion))
-        
-    def test03AuditCredential(self):
-        # Add a short lived credential and ensure it's removed when an audit
-        # is carried to prune expired credentials
-        shortExpiryAssertion = self._createAssertion(validityDuration=1)
-        wallet = SAMLAttributeWallet()
-        wallet.addCredential(shortExpiryAssertion)
-        
-        self.assert_(len(wallet.credentials) == 1)
-        sleep(2)
-        wallet.audit()
-        self.assert_(len(wallet.credentials) == 0)
-
-    def test04ClockSkewTolerance(self):
-        # Add a short lived credential but with the wallet set to allow for
-        # a clock skew of 
-        shortExpiryAssertion = self._createAssertion(validityDuration=1)
-        wallet = SAMLAuthzDecisionWallet()
-        
-        # Set a tolerance of five seconds
-        wallet.clockSkewTolerance = 5.*60*60
-        wallet.addCredential(shortExpiryAssertion)
-        
-        self.assert_(len(wallet.credentials) == 1)
-        sleep(2)
-        wallet.audit()
-        self.assert_(len(wallet.credentials) == 1)
-        
-    def test05ReplaceCredential(self):
-        # Replace an existing credential from a given institution with a more
-        # up to date one
-        wallet = self._addCredential()
-        self.assert_(len(wallet.credentials) == 1)
-        
-        newAssertion = self._createAssertion()  
-
-        wallet.addCredential(newAssertion)
-        self.assert_(len(wallet.credentials) == 1)
-        self.assert_(newAssertion.conditions.notOnOrAfter == \
-                     wallet.credentials[
-                        self.__class__.RESOURCE_ID
-                    ].credential.conditions.notOnOrAfter)
 
     def test06Pickle(self):
-        wallet = self._addCredential()
+        wallet = self._addCredentials()
         outFile = open(self.__class__.PICKLE_FILEPATH, 'w')
         pickle.dump(wallet, outFile)
@@ -323 +280 @@
         inFile = open(self.__class__.PICKLE_FILEPATH)
         unpickledWallet = pickle.load(inFile)
-        self.assert_(unpickledWallet.credentials.get(
+        self.assert_(unpickledWallet.retrieveCredentials(
                                                     self.__class__.RESOURCE_ID))
         
     def test07CreateFromConfig(self):
-        wallet = SAMLAttributeWallet.fromConfig(
+        wallet = SAMLAssertionWallet.fromConfig(
                                 self.__class__.CONFIG_FILEPATH)
         self.assert_(wallet.clockSkewTolerance == timedelta(seconds=0.01))