source: TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/wssecurity.cfg @ 6386

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/WSSecurity/ndg/wssecurity/common/signaturehandler/wssecurity.cfg@6386
Revision 6386, 3.1 KB checked in by pjkersha, 10 years ago (diff)
Line 
1# Configuration file for WS-Security settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 01/04/08
6#
7# Copyright (C) 2009 Science and Technology Facilities Council
8#
9# BSD - See LICENCE file for details
10#
11# TODO: Refactor option names - put into inbound and outbound sections / apply
12# namespace prefixes to better categorise
13[DEFAULT]
14
15#
16# OUTBOUND MESSAGE CONFIG
17
18# Signature of an outbound message
19
20# Certificate associated with private key used to sign a message.  The sign
21# method will add this to the BinarySecurityToken element of the WSSE header. 
22# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
23# As an alternative, use signingCertChain - see below...
24
25# Provide the PEM encoded content here
26signingCert=
27
28# ... or provide file path PEM encode cert here
29signingCertFilePath=
30
31# Pass a list of certificates ',' separated PEM encoded certs constituting a
32# chain of trust from the certificate used to verifying the signature backward
33# to the CA cert.  The CA cert need not be included.  To use this option,
34# reqBinSecTokValType must be set to the X509PKIPathv1
35signingCertChain=
36
37# PEM encoded content of private key file used by sign method to sign message
38signingPriKey=
39
40# ... or provide file path to PEM encoded private key file
41signingPriKeyFilePath=
42
43# Password protecting private key.  Leave blank if there is no password.
44signingPriKeyPwd=
45
46# Set CA certificates for verification of chain of trust for inbound messages
47# Set a directory from which to pick up CA cert files or ...
48caCertDirPath=
49
50# Provide a space separated list of file paths
51caCertFilePathList=
52
53# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
54# signed message.  See __setReqBinSecTokValType method and binSecTokValType
55# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
56# give full namespace to alternative - see
57# ZSI.wstools.Namespaces.OASIS.X509TOKEN
58#
59# binSecTokValType determines whether signingCert or signingCertChain
60# attributes will be used.
61reqBinSecTokValType=X509v3
62
63# Add a timestamp element to an outbound message
64addTimestamp=True
65
66# For WSSE 1.1 - service returns signature confirmation containing signature
67# value sent by client
68applySignatureConfirmation=False
69
70# Inclusive namespace prefixes - for Exclusive Canonicalisation only
71# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
72
73# Inclusive namespace prefixes Canonicalisation of reference elements -
74# space separated list e.g. refC14nInclNS=wsse ds ns1
75refC14nInclNS=
76
77# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
78# same format as the above
79signedInfoC14nInclNS=
80
81#
82# INBOUND MESSAGE CONFIG
83
84# X.509 certificate used by verify method to verify a message.  This argument
85# can be omitted if the message to be verified contains the X.509 certificate
86# in the BinarySecurityToken element.  In this case, the cert read from the
87# message will be assigned to the verifyingCert attribute.
88
89# Provide the PEM encoded content here
90verifyingCert=
91
92# ... or provide file path PEM encode cert here
93verifyingCertFilePath=
Note: See TracBrowser for help on using the repository browser.