source: TI12-security/trunk/python/conf/sessionMgrProperties.xml @ 2136

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/conf/sessionMgrProperties.xml@2136
Revision 2136, 2.8 KB checked in by pjkersha, 12 years ago (diff)

python/ndg.security.server/setup.py:

  • comment out Twisted from install - won't do egg install
  • updated long description

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • added verifyingCertFilePath keyword to SignatureHandler? initialisation
  • added SSL capability

python/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
added element names for reading SSL settings from properties file.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:
added verifyingCertFilePath keyword to SignatureHandler? initialisation

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
python/ndg.security.server/ndg/security/server/SessionMgr/init.py:
added clntCertFile properties file element name for setting certificate for
verifying incoming SOAP messages.

python/ndg.security.server/ndg/security/server/SessionMgr/Makefile:
corrected typo.

python/ndg.security.server/ndg/security/server/MyProxy.py:
Put OpenSSLConfig and OpenSSLConfigError classes into their own package
'openssl' so that they can also be used by the Certificate Authority client.

python/www/html/certificateAuthority.wsdl,
python/ndg.security.server/ndg/security/server/ca/CertificateAuthority_services_server.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services_types.py,
python/ndg.security.common/ndg/security/common/ca/CertificateAuthority_services.py: updated operations to issueCert, revokeCert and getCRL.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: changed address of service to connect to.

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
alternative username connection settings

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
fixed typos in error message and comments.

ython/ndg.security.common/ndg/security/common/XMLSec.py: changed call to
getAttributeNodeNS to getAttributeNode for retrieving reference element URI
attribute.

python/ndg.security.common/ndg/security/common/ca/init.py: code for
Certificate Authority client

python/ndg.security.common/ndg/security/common/wsSecurity.py:

  • tidied up imports
  • added properties for setting keywords to reference and SignedInfo? C14N
  • changed sign method so that it is truely configurable allow use of inclusive or exclusive C14N based on the keywords set for reference and SignedInfo? C14N calls.
  • swapped calls to getAttributeNodeNS with getAttributeNode where appropriate.

java/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/AttAuthority/build/classes/META-INF/ibm-webservicesclient-bnd.xmi:
updated to that request generator correctly places X.509 cert in
BinarySecurityToken? element.

java/DEWS/AttAuthority/appClientModule/Main.java,
java/DEWS/AttAuthority/appClientjava/DEWS/AttAuthority/appClientModule/META-INF/ibm-webservicesclient-bnd.xmiModule/Main.java:
include calls to getX509Cert and getAttCert methods.

java/DEWS/SessionMgr/build/classes/META-INF/ibm-webservicesclient-bnd.xmi,
java/DEWS/SessionMgr/appClientModule/META-INF/ibm-webservicesclient-bnd.xmi:
updates for testing Session MAnager client

java/DEWS/SessionMgr/appClientModule/Main.java: switched username setting.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum></portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile></sslCertFile>
6    <sslKeyFile></sslKeyFile>
7    <caCertFile></caCertFile>
8    <certFile></certFile>
9    <keyFile></keyFile>
10    <keyPwd></keyPwd>
11    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
12    <sslCertFile></sslCertFile>
13    <sslKeyFile></sslKeyFile>
14    <portNum></portNum>
15    <!--
16    Set the certificate used to verify the signature of messages from the
17    client.  This can usually be left blank since the client is expected to
18    include the cert with the signature in the inbound SOAP message
19    -->
20    <clntCertFile></clntCertFile>   
21    <sessMgrEncrKey></sessMgrEncrKey>
22    <sessMgrURI></sessMgrURI>
23    <cookieDomain></cookieDomain>
24        <myProxyProp>
25                <!--
26                Delete this element and take setting from MYPROXY_SERVER environment
27                variable if required
28                <hostname>localhost</hostname>
29                -->
30                <!--
31                Delete this element to take default setting 7512 or read
32                MYPROXY_SERVER_PORT setting
33                -->
34                <port>7512</port>
35                <!--
36                Useful if hostname and certificate CN don't match correctly.  Globus
37                host DN is set to "host/<fqdn>".  Delete this element and set from
38                MYPROXY_SERVER_DN environment variable if prefered
39                <serverDN></serverDN>
40                -->
41                <!--
42                Set "host/" prefix to host cert CN as is default with globus
43                -->
44                <serverCNprefix>host/</serverCNprefix> 
45                <!--
46                Nb. GRID_SECURITY_DIR environment variable if set, overrides this
47                setting
48               
49                This directory path is used to locate the OpenSSL configuration file
50                -->
51                <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
52                <!-- Open SSL Configuration settings -->
53                <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
54                <tmpDir>/tmp</tmpDir>
55                <!--
56                        Limit on maximum lifetime any proxy certificate can have -
57                        specified when a certificate is first created by store() method
58                -->
59                <proxyCertMaxLifetime></proxyCertMaxLifetime> <!-- in hours -->
60                <!--
61                        Life time of a proxy certificate when issued from the Proxy Server
62                        with getDelegation() method
63                        -->
64                <proxyCertLifetime></proxyCertLifetime> <!-- in hours -->
65                <caCertFile></caCertFile>
66        </myProxyProp>
67        <simpleCACltProp>
68            <uri></uri>
69        <xmlSigKeyFile></xmlSigKeyFile>
70        <xmlSigCertFile></xmlSigCertFile>
71        <xmlSigCertPPhrase></xmlSigCertPPhrase>
72    </simpleCACltProp>
73        <!--
74        <simpleCASrvProp>
75            <certExpiryDate></certExpiryDate>
76            <certLifetimeDays></certLifetimeDays>
77            <certTmpDir></certTmpDir>
78            <caCertFile></caCertFile>
79            <signExe></signExe>
80            <path></path>
81        </simpleCASrvProp>
82        -->
83    <credReposProp>
84            <modFilePath></modFilePath>
85            <modName></modName>
86            <className></className>
87            <propFile></propFile>
88    </credReposProp>
89</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.