source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/credWallet.cfg @ 7153

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/credWallet.cfg@7153
Revision 7153, 2.8 KB checked in by pjkersha, 11 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • updated certs for new test CA
  • Property svn:keywords set to Id
Line 
1# Configuration file for Credential Wallet Settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 03/10/08
6#
7# Copyright (C) 2009 Science and Technology Facilities Council
8#
9# BSD - See LICENCE file for details
10[DEFAULT]
11userId=ndg-user
12userX509Cert=
13userPriKey=
14issuingX509Cert=
15
16# CA certificates for Attribute Certificate signature validation
17caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
18
19# CA certificates for SSL connection peer cert. validation
20sslCACertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
21
22# See attAuthority unit tests to get this service running
23attributeAuthorityURI=http://localhost:5000/AttributeAuthority
24# Switch to alt port for testing with tcpmon
25#attributeAuthorityURI=http://localhost:4900/AttributeAuthority
26
27# Omit Credential Repository and use default NullCredentialRepository
28#credentialRepository=
29
30# Allow the Get Attribute Certificate call to try to get a mapped certificate
31# from another organisation trusted by the target Attribute Authority
32mapFromTrustedHosts=True
33rtnExtAttCertList=True
34
35# Refresh an Attribute Certificate, if an existing one in the wallet has only
36# this length of time left before it expires
37attCertRefreshElapse=7200
38
39# Section in this file from which to retrieve WS-Security settings for
40# digital signature of SOAP messages to Attribute Authorities
41#wssCfgSection=WS-Security
42
43# ... or put the settings in the same section but prefix them with this prefix
44wssCfgPrefix=wssecurity
45
46# WS-Security
47# Signature of an outbound message
48
49# Certificate associated with private key used to sign a message.  The sign
50# method will add this to the BinarySecurityToken element of the WSSE header. 
51# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
52wssecurity.signingCertFilePath=$NDGSEC_TEST_CONFIG_DIR/pki/wsse-clnt.crt
53
54# ... or provide file path to PEM encoded private key file
55wssecurity.signingPriKeyFilePath=$NDGSEC_TEST_CONFIG_DIR/pki/wsse-clnt.key
56
57# Password protecting private key.  Leave blank if there is no password.
58wssecurity.signingPriKeyPwd=
59
60# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
61# signed message.  See __setReqBinSecTokValType method and binSecTokValType
62# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
63# give full namespace to alternative - see
64# ZSI.wstools.Namespaces.OASIS.X509TOKEN
65#
66# binSecTokValType determines whether signingCert or signingCertChain
67# attributes will be used.
68wssecurity.reqBinSecTokValType=X509v3
69
70# Add a timestamp element to an outbound message
71wssecurity.addTimestamp=True
72
73# For WSSE 1.1 - service returns signature confirmation containing signature
74# value sent by client
75wssecurity.applySignatureConfirmation=True
76
77#
78# INBOUND MESSAGE CONFIG
79
80# Provide a space separated list of file paths
81wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
Note: See TracBrowser for help on using the repository browser.