3 # Copyright (C) 2015 Ipsilon project Contributors, for license see COPYING
5 from helpers.common import IpsilonTestBase # pylint: disable=relative-import
6 from helpers.common import WRAP_HOSTNAME # pylint: disable=relative-import
7 from helpers.http import HttpSessions # pylint: disable=relative-import
11 from string import Template
13 idp_g = {'TEMPLATES': '${TESTDIR}/templates/install',
14 'CONFDIR': '${TESTDIR}/etc',
15 'DATADIR': '${TESTDIR}/lib',
16 'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
17 'STATICDIR': '${ROOTDIR}',
18 'BINDIR': '${ROOTDIR}/ipsilon',
19 'WSGI_SOCKET_PREFIX': '${TESTDIR}/${NAME}/logs/wsgi'}
22 idp_a = {'hostname': '${ADDRESS}:${PORT}',
23 'admin_user': '${TEST_USER}',
24 'system_user': '${TEST_USER}',
25 'instance': '${NAME}',
31 'gssapi_httpd_keytab': '${TESTDIR}/${HTTP_KTNAME}',
32 'server_debugging': 'True'}
35 sp_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
36 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf',
37 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',
38 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}
41 sp_a = {'hostname': '${ADDRESS}:${PORT}',
43 'http://%s:45080/idp1/saml2/metadata' % WRAP_HOSTNAME,
44 'saml_secure_setup': 'False',
46 'httpd_user': '${TEST_USER}'}
48 sp2_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
49 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf',
50 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',
51 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}
53 sp2_a = {'hostname': '${ADDRESS}:${PORT}',
54 'saml_idp_url': 'http://idp.ipsilon.dev:45080/idp1',
55 'admin_user': '${TEST_USER}',
56 'admin_password': '${TESTDIR}/pw.txt',
57 'saml_sp_name': 'sp2',
58 'saml_secure_setup': 'False',
60 'httpd_user': '${TEST_USER}'}
63 def fixup_sp_httpd(httpdir):
66 Alias /sp ${HTTPDIR}/sp
68 <Directory ${HTTPDIR}/sp>
74 t = Template(location)
75 text = t.substitute({'HTTPDIR': httpdir})
76 with open(httpdir + '/conf.d/ipsilon-saml.conf', 'a') as f:
79 os.mkdir(httpdir + '/sp')
80 with open(httpdir + '/sp/index.html', 'w') as f:
84 class IpsilonTest(IpsilonTestBase):
87 super(IpsilonTest, self).__init__('testgssapi', __file__)
89 def setup_servers(self, env=None):
90 os.mkdir("%s/ccaches" % self.testdir)
92 print "Installing KDC server"
93 kdcenv = self.setup_kdc(env)
95 print "Creating principals and keytabs"
96 self.setup_keys(kdcenv)
99 self.kinit_keytab(kdcenv)
101 print "Installing IDP server"
103 addr = 'idp.ipsilon.dev'
106 idp = self.generate_profile(idp_g, idp_a, name, addr, port)
107 conf = self.setup_idp_server(idp, name, addr, port, env)
109 print "Starting IDP's httpd server"
110 self.start_http_server(conf, env)
112 print "Installing first SP server"
116 sp = self.generate_profile(sp_g, sp_a, name, addr, port)
117 conf = self.setup_sp_server(sp, name, addr, port, env)
118 fixup_sp_httpd(os.path.dirname(conf))
120 print "Starting first SP's httpd server"
121 self.start_http_server(conf, env)
123 print "Installing second SP server"
127 sp = self.generate_profile(sp2_g, sp2_a, name, addr, port)
128 with open(os.path.dirname(sp) + '/pw.txt', 'a') as f:
130 conf = self.setup_sp_server(sp, name, addr, port, env)
131 os.remove(os.path.dirname(sp) + '/pw.txt')
132 fixup_sp_httpd(os.path.dirname(conf))
134 print "Starting second SP's httpd server"
135 self.start_http_server(conf, env)
137 if __name__ == '__main__':
142 user = pwd.getpwuid(os.getuid())[0]
144 testdir = os.environ['TESTDIR']
146 krb5conf = os.path.join(testdir, 'krb5.conf')
147 kenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
148 'KRB5_CONFIG': krb5conf,
149 'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user')}
152 os.environ[key] = kenv[key]
154 sess = HttpSessions()
155 sess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME, user,
157 sess.add_server(sp1name, 'http://127.0.0.11:45081')
158 sess.add_server(sp2name, 'http://127.0.0.11:45082')
160 print "testgssapi: Authenticate to IDP ...",
162 sess.auth_to_idp(idpname, krb=True)
163 except Exception, e: # pylint: disable=broad-except
164 print >> sys.stderr, " ERROR: %s" % repr(e)
168 print "testgssapi: Add first SP Metadata to IDP ...",
170 sess.add_sp_metadata(idpname, sp1name)
171 except Exception, e: # pylint: disable=broad-except
172 print >> sys.stderr, " ERROR: %s" % repr(e)
176 print "testgssapi: Access first SP Protected Area ...",
178 page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
179 page.expected_value('text()', 'WORKS!')
180 except ValueError, e:
181 print >> sys.stderr, " ERROR: %s" % repr(e)
185 print "testgssapi: Access second SP Protected Area ...",
187 page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')
188 page.expected_value('text()', 'WORKS!')
189 except ValueError, e:
190 print >> sys.stderr, " ERROR: %s" % repr(e)