From: Josh Karlin Date: Mon, 12 Apr 2010 19:55:06 +0000 (+0000) Subject: Delegation/Verification working and tested X-Git-Tag: geni-apiv1-totrunk~67 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=b51f82d3b954dac1dcaaaa3930f826b085331d60 Delegation/Verification working and tested --- diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index 4d54dc3b..b55c6b47 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -470,14 +470,11 @@ class Credential(object): if self.legacy: self.legacy = None + # Update signatures + self.decode() + - def getTextNode(self, element, subele): - sub = element.getElementsByTagName(subele)[0] - if len(sub.childNodes) > 0: - return sub.childNodes[0].nodeValue - else: - return None ## # Retrieve the attributes of the credential from the XML. @@ -488,7 +485,7 @@ class Credential(object): if not self.xml: return doc = parseString(self.xml) - sigs = None + sigs = [] signed_cred = doc.getElementsByTagName("signed-credential") # Is this a signed-cred or just a cred? @@ -524,7 +521,9 @@ class Credential(object): # Is there a parent? parent = cred.getElementsByTagName("parent") if len(parent) > 0: - self.parent = Credential(string=getTextNode(cred, "parent")) + parent_doc = parent[0].getElementsByTagName("credential")[0] + parent_xml = parent_doc.toxml() + self.parent = Credential(string=parent_xml) self.updateRefID() # Assign the signatures to the credentials diff --git a/tests/testCred.py b/tests/testCred.py index b148bb27..74201897 100755 --- a/tests/testCred.py +++ b/tests/testCred.py @@ -64,8 +64,11 @@ class TestCred(unittest.TestCase): gid.encode() gid.sign() return gid, keys + + - def testDelegation(self): + + def testDelegationAndVerification(self): gidAuthority, keys = self.createSignedGID("site", "urn:publicid:IDN+plc+authority+site") gidCaller, ckeys = self.createSignedGID("foo", "urn:publicid:IDN+plc:site+user+foo", keys, gidAuthority) @@ -86,12 +89,14 @@ class TestCred(unittest.TestCase): cred.set_issuer_keys("/tmp/auth_key", "/tmp/auth_gid") cred.sign() + cred.verify(['/tmp/auth_gid']) # Test copying cred2 = Credential(string=cred.save_to_string()) cred2.verify(['/tmp/auth_gid']) + # Test delegation delegated = Credential() delegated.set_gid_caller(gidDelegatee) @@ -105,20 +110,62 @@ class TestCred(unittest.TestCase): delegated.set_issuer_keys("/tmp/caller_pkey", "/tmp/caller_gid") delegated.encode() + delegated.sign() # This should verify delegated.verify(['/tmp/auth_gid']) - delegated.save_to_file("/tmp/dcred") + backup = Credential(string=delegated.get_xml()) # Test that verify catches an incorrect lifetime delegated.set_lifetime(6000) + delegated.encode() + delegated.sign() + try: + delegated.verify(['/tmp/auth_gid']) + assert(1==0) + except CredentialNotVerifiable: + pass + + # Test that verify catches an incorrect signer + delegated = Credential(string=backup.get_xml()) + delegated.set_issuer_keys("/tmp/auth_key", "/tmp/auth_gid") + delegated.encode() + delegated.sign() + + try: + delegated.verify(['/tmp/auth_gid']) + assert(1==0) + except CredentialNotVerifiable: + pass + - WHY IS THIS CRASHING?? + # Test that verify catches a changed gid + delegated = Credential(string=backup.get_xml()) + delegated.set_gid_object(delegated.get_gid_caller()) delegated.encode() delegated.sign() - delegated.verify(['/tmp/auth_gid']) + + try: + delegated.verify(['/tmp/auth_gid']) + assert(1==0) + except CredentialNotVerifiable: + pass + + + # Test that verify catches a credential with the wrong authority for the object + test = Credential(string=cred.get_xml()) + test.set_issuer_keys("/tmp/caller_pkey", "/tmp/caller_gid") + test.encode() + test.sign() + + try: + test.verify(['/tmp/auth_gid']) + assert(1==0) + except CredentialNotVerifiable: + pass + if __name__ == "__main__":