UNICORE Security Libraries Test Plan

Component Description

This test plan covers test of several small security-related libraries used by nearly all components of UNICORE middleware. The following libraries are included (in brackets a version corresponding to this revision of the test plan is given):

• crl-checking (1.3) - a small package with utilities supporting Certificate Revocation Lists handling
• samly2 (1.3.2) - implementation of SAML 2.0 protocol. It doesn't implement the whole SAML specification but only those fragments which are used in UNICORE security stack and UVOS.
• securityLibrary (2.0.0) - this module contains basic security utilities used by other modules. Provides support for creating and validating ETD assertions, User assertions, Consignor assertions (created by gateway) and also some classes which helps to create a secure client side on HTTP client level. Client side Web Service security support is not included.
• secutils-xfire (1.0.0) - supports both client and server side security on the web-service layer. The library is assuming usage of the XFire web service engine. It allows developers to add in a trivial way support for UNICORE 6 style security: authentication (SSL/Gateway), full support of ETD and digital signing of SOAP requests.
• xfire-voutils (1.4.0) - this library provides XFire handlers and utility classes which allows for adding SAML support to Web Services servers and clients. Library supports pushing of assertions from the client, parsing them on server side, querying the SAML authority for attribute assertions and additionally mapping certain attributes to special authorization or incarnation related variables.

The libraries are not deployed in separation. Are always used as a part of a client or server software. The most important software using (all of) those libraries are UNICORE/X and UCC.

Functionality tests

Current status of tests in the test plan: final version for the initial certification in EMI-1. Except of the places explicitly marked a description of the functional tests for the libraries: crl-checking, samly2, securityLibrary and secutils-xfire must be added. xfire-votuils functional tests are completed.

xfire-voutils: querying SAML attribute authority (implemented: voutils_pull)

Test whether retrieving SAML attributes from a configured SAML attribute authority works. The test should be performed by installing SAMLAttributePullInHandler on a test web service. The client's attributes should be read and reported by the test web service code. The test should check if all attributes assigned in SAML authority were properly placed in the SecurityTokens object. Additionally incarnation attribute mapping must be configured and library must map the special attributes correctly.

xfire-voutils: extracting pushed SAML attributes (implemented: voutils_push)

Test whether retrieving SAML attributes from a SAML assertion placed in the request's SOAP header works. The test should be performed by installing SAMLAttributePushInHandler on a test web service. The client's attributes should be read and reported by the test web service code. The test should check if all attributes present in the pushed SAML assertion were properly placed in the SecurityTokens object. Additionally incarnation attribute mapping must be configured and library must map the special attributes correctly.

xfire-voutils: pull cache (implemented: voutils_cache)

Test whether caching of pulled SAML attributes works. The test should be performed by installing SAMLAttributePullInHandler on a test web service. The service should be invoked three times in row by the same client, with a cache turned on. Test is passed if only one query to the SAML authority is performed, and client's attributes during the 2nd and 3rd invocation are the same as during the 1st.

Integration tests

N/A

Performance tests

TBD

Scalability tests

TBD

Standard Compliance/Conformance tests

TBD

Regression tests and unit tests

Unit tests coverage must be included in the test report. All bugs reported should have an automated regression test attached if it is possible. Otherwise manual bug checking procedure should be added to this section. Note that this applies to bugs reported from the 1.11.2010.

Bugs that won't get regression test:

• #3024238 (usage of hidden Sun-specific classes) was fixed, the API is not used any more. The issue is not testable. One can use grep to check if sources contains SUN's imports.

Regression tests to be performed manually:

• N/A

Deployment tests

Not applicable, as the library can not be deployed independently from UNICORE services environment. The libraries do not require configuration files except of the two cases:

• crl-checking library: deployment test of the UNICORE container should check if the CRL configuration if properly loaded.
• xfire-voutils library: deployment test of the UNICORE container should check if any of the SAML attribute sources is working correctly if turned on.

-- KrzysztofBenedyczak - 07-Feb-2011