ndg.xacml.test.context.test_pdp_with

41 """Tests use of AttributeSelector in policies with resource content XML in 42 the requests. 43 """ 44 NOT_APPLICABLE_RESOURCE_ID = 'https://localhost' 45 PUBLIC_RESOURCE_ID = 'http://localhost/resource-only-restricted' 46 47 RESOURCE_CONTENT_VERSION_100 = \ 48 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 49 xmlns:wps="http://www.opengis.net/wps/1.0.0" 50 xmlns:xlink="http://www.w3.org/1999/xlink" 51 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 52 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 53 language="en-CA" service="WPS"> 54 <wps:AcceptVersions> 55 <ows:Version>1.0.0</ows:Version> 56 </wps:AcceptVersions> 57 </wps:GetCapabilities> 58 ''' 59 RESOURCE_CONTENT_VERSION_200 = \ 60 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 61 xmlns:wps="http://www.opengis.net/wps/1.0.0" 62 xmlns:xlink="http://www.w3.org/1999/xlink" 63 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 64 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 65 language="en-CA" service="WPS"> 66 <wps:AcceptVersions> 67 <ows:Version>2.0.0</ows:Version> 68 </wps:AcceptVersions> 69 </wps:GetCapabilities> 70 ''' 71 RESOURCE_CONTENT_NO_VERSION = \ 72 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 73 xmlns:wps="http://www.opengis.net/wps/1.0.0" 74 xmlns:xlink="http://www.w3.org/1999/xlink" 75 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 76 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 77 language="en-CA" service="WPS"> 78 </wps:GetCapabilities> 79 ''' 80 RESOURCE_CONTENT_EXECUTE = \ 81 '''<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 82 <wps:Execute service="WPS" version="1.0.0" 83 xmlns:wps="http://www.opengis.net/wps/1.0.0" 84 xmlns:ows="http://www.opengis.net/ows/1.1" 85 xmlns:xlink="http://www.w3.org/1999/xlink" 86 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 87 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsExecute_request.xsd"> 88 <ows:Identifier>Buffer</ows:Identifier> 89 <wps:DataInputs> 90 <wps:Input> 91 <ows:Identifier>InputPolygon</ows:Identifier> 92 <ows:Title>Playground area</ows:Title> 93 <wps:Reference xlink:href="http://foo.bar/some_WFS_request.xml"/> 94 </wps:Input> 95 <wps:Input> 96 <ows:Identifier>BufferDistance</ows:Identifier> 97 <ows:Title>Distance which people will walk to get to a playground.</ows:Title> 98 <wps:Data> 99 <wps:LiteralData>400</wps:LiteralData> 100 </wps:Data> 101 </wps:Input> 102 </wps:DataInputs> 103 <wps:ResponseForm> 104 <wps:RawDataOutput> 105 <ows:Identifier>BufferedPolygon</ows:Identifier> 106 </wps:RawDataOutput> 107 </wps:ResponseForm> 108 </wps:Execute> 109 ''' 110 @staticmethod

111 - def _make_element(tag, ns_prefix, ns_uri):

112 if Config.use_lxml: 113 elem = ElementTree.Element(tag, nsmap={ns_prefix: ns_uri}) 114 else: 115 elem = ElementTree.Element(tag) 116 ElementTree._namespace_map[ns_uri] = ns_prefix 117 return elem

118

119 - def _make_resource_content_element(self, resourceContent):

120 resourceContentSubElem = ElementTree.XML(resourceContent) 121 tag = str(QName(XacmlContextBase.XACML_2_0_CONTEXT_NS, 122 XacmlResource.RESOURCE_CONTENT_ELEMENT_LOCAL_NAME)) 123 resourceContentElem = self._make_element(tag, 124 XacmlContextBase.XACML_2_0_CONTEXT_NS_PREFIX, 125 XacmlContextBase.XACML_2_0_CONTEXT_NS) 126 resourceContentElem.append(resourceContentSubElem) 127 128 log.debug("\n%s", prettyPrint(resourceContentElem)) 129 130 return resourceContentElem

131 132

133 - def test01NotApplicable(self):

134 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 135 ReaderFactory) 136 resourceContent = self._make_resource_content_element( 137 self.__class__.RESOURCE_CONTENT_VERSION_100) 138 request = self._createRequestCtx( 139 self.__class__.NOT_APPLICABLE_RESOURCE_ID, 140 resourceContent=resourceContent) 141 request.elem = RequestElementTree.toXML(request) 142 request.attributeSelector = EtreeXPathSelector(request.elem) 143 response = self.pdp.evaluate(request) 144 self.failIf(response is None, "Null response") 145 for result in response.results: 146 self.failIf(result.decision != Decision.NOT_APPLICABLE, 147 "Expecting not applicable decision")

148

149 - def test02Permit(self):

150 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 151 ReaderFactory) 152 resourceContent = self._make_resource_content_element( 153 self.__class__.RESOURCE_CONTENT_VERSION_100) 154 request = self._createRequestCtx( 155 self.__class__.PUBLIC_RESOURCE_ID, 156 resourceContent=resourceContent) 157 request.elem = RequestElementTree.toXML(request) 158 request.attributeSelector = EtreeXPathSelector(request.elem) 159 response = self.pdp.evaluate(request) 160 self.failIf(response is None, "Null response") 161 for result in response.results: 162 self.failIf(result.decision != Decision.PERMIT, 163 "Expecting permit decision")

164

165 - def test03Deny(self):

166 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 167 ReaderFactory) 168 resourceContent = self._make_resource_content_element( 169 self.__class__.RESOURCE_CONTENT_VERSION_200) 170 request = self._createRequestCtx( 171 self.__class__.PUBLIC_RESOURCE_ID, 172 resourceContent=resourceContent) 173 request.elem = RequestElementTree.toXML(request) 174 request.attributeSelector = EtreeXPathSelector(request.elem) 175 response = self.pdp.evaluate(request) 176 self.failIf(response is None, "Null response") 177 for result in response.results: 178 self.failIf(result.decision != Decision.DENY, 179 "Expecting deny decision")

180

181 - def test04Indeterminate(self):

182 '''This should result in an indeterminate decision because the policy 183 includes an AttributeSelector with MustBePresent="true", whereas the 184 request context path is not found in the request XML. 185 ''' 186 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 187 ReaderFactory) 188 resourceContent = self._make_resource_content_element( 189 self.__class__.RESOURCE_CONTENT_NO_VERSION) 190 request = self._createRequestCtx( 191 self.__class__.PUBLIC_RESOURCE_ID, 192 resourceContent=resourceContent) 193 request.elem = RequestElementTree.toXML(request) 194 request.attributeSelector = EtreeXPathSelector(request.elem) 195 response = self.pdp.evaluate(request) 196 self.failIf(response is None, "Null response") 197 for result in response.results: 198 self.failIf(result.decision != Decision.INDETERMINATE, 199 "Expecting indeterminate decision")

200

201 - def test05ExecutePermit(self):

202 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR2_FILEPATH, 203 ReaderFactory) 204 resourceContent = self._make_resource_content_element( 205 self.__class__.RESOURCE_CONTENT_EXECUTE) 206 request = self._createRequestCtx( 207 self.__class__.PUBLIC_RESOURCE_ID, 208 resourceContent=resourceContent) 209 request.elem = RequestElementTree.toXML(request) 210 request.attributeSelector = EtreeXPathSelector(request.elem) 211 response = self.pdp.evaluate(request) 212 self.failIf(response is None, "Null response") 213 for result in response.results: 214 self.failIf(result.decision != Decision.PERMIT, 215 "Expecting permit decision")

216

217 - def test06ExecuteConditionPermit(self):

218 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR3_FILEPATH, 219 ReaderFactory) 220 resourceContent = self._make_resource_content_element( 221 self.__class__.RESOURCE_CONTENT_EXECUTE) 222 request = self._createRequestCtx( 223 self.__class__.PUBLIC_RESOURCE_ID, 224 resourceContent=resourceContent) 225 request.elem = RequestElementTree.toXML(request) 226 request.attributeSelector = EtreeXPathSelector(request.elem) 227 response = self.pdp.evaluate(request) 228 self.failIf(response is None, "Null response") 229 for result in response.results: 230 self.failIf(result.decision != Decision.PERMIT, 231 "Expecting permit decision")

232

233 - def test07ExecuteConditionDeny(self):

234 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR3_FILEPATH, 235 ReaderFactory) 236 resourceContent = self._make_resource_content_element( 237 self.__class__.RESOURCE_CONTENT_EXECUTE) 238 request = self._createRequestCtx( 239 self.__class__.PUBLIC_RESOURCE_ID, 240 subjectId='https://nowhere.ac.uk/noone', 241 resourceContent=resourceContent) 242 request.elem = RequestElementTree.toXML(request) 243 request.attributeSelector = EtreeXPathSelector(request.elem) 244 response = self.pdp.evaluate(request) 245 self.failIf(response is None, "Null response") 246 for result in response.results: 247 self.failIf(result.decision != Decision.DENY, 248 "Expecting deny decision")

249

250 - def test08ExecuteLxmlPermit(self):

251 # Test with condition in XPath expression - this will only return a 252 # permit decision when using lxml 253 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR4_FILEPATH, 254 ReaderFactory) 255 resourceContent = self._make_resource_content_element( 256 self.__class__.RESOURCE_CONTENT_EXECUTE) 257 request = self._createRequestCtx( 258 self.__class__.PUBLIC_RESOURCE_ID, 259 resourceContent=resourceContent) 260 request.elem = RequestElementTree.toXML(request) 261 request.attributeSelector = EtreeXPathSelector(request.elem) 262 response = self.pdp.evaluate(request) 263 self.failIf(response is None, "Null response") 264 for result in response.results: 265 if Config.use_lxml: 266 self.failIf(result.decision != Decision.PERMIT, 267 "Expecting permit decision") 268 else: 269 log.debug("Using ElementTree: dependent on the version, this " 270 "test may result in an indeterminate decision. " 271 "result.decision = %s" % result.decision)

272

273 - def test09SelectAttributePermit(self):

274 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR5_FILEPATH, 275 ReaderFactory) 276 resourceContent = self._make_resource_content_element( 277 self.__class__.RESOURCE_CONTENT_EXECUTE) 278 request = self._createRequestCtx( 279 self.__class__.PUBLIC_RESOURCE_ID, 280 resourceContent=resourceContent) 281 request.elem = RequestElementTree.toXML(request) 282 request.attributeSelector = EtreeXPathSelector(request.elem) 283 response = self.pdp.evaluate(request) 284 self.failIf(response is None, "Null response") 285 for result in response.results: 286 if Config.use_lxml: 287 self.failIf(result.decision != Decision.PERMIT, 288 "Expecting permit decision") 289 else: 290 self.failIf(result.decision != Decision.INDETERMINATE, 291 "Expecting indeterminate decision")

292

293 - def test10SelectAttributeDeny(self):

294 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR6_FILEPATH, 295 ReaderFactory) 296 resourceContent = self._make_resource_content_element( 297 self.__class__.RESOURCE_CONTENT_EXECUTE) 298 request = self._createRequestCtx( 299 self.__class__.PUBLIC_RESOURCE_ID, 300 resourceContent=resourceContent) 301 request.elem = RequestElementTree.toXML(request) 302 request.attributeSelector = EtreeXPathSelector(request.elem) 303 response = self.pdp.evaluate(request) 304 self.failIf(response is None, "Null response") 305 for result in response.results: 306 if Config.use_lxml: 307 self.failIf(result.decision != Decision.DENY, 308 "Expecting deny decision") 309 else: 310 self.failIf(result.decision != Decision.INDETERMINATE, 311 "Expecting indeterminate decision")

Source Code for Module ndg.xacml.test.context.test_pdp_with_attributeselector