source: TI12-security/trunk/python/ @ 2289

Subversion URL:
Revision 2289, 1.8 KB checked in by pjkersha, 15 years ago (diff)

modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ experimented with omitting signature PKI settings.

set serverCNprefix element to host/ for this MyProxy? installations server cert.

altered for account on this machine.

python/ slight change to Python 2.5 check for
ElementTree inclusion

SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
1<?xml version="1.0" encoding="utf-8"?>
3        <!--
4        'name' setting MUST agree with map config file 'thisHost' name
5        attribute
6        -->
7    <name>BADC</name> 
8    <portNum>5000</portNum>
9    <!--
10    PKI settings for transport level encryption
11    -->
12    <useSSL></useSSL> <!-- leave blank to use http -->
13    <sslCertFile></sslCertFile>
14    <sslKeyFile></sslKeyFile>
15    <sslKeyPwd></sslKeyPwd>
16    <!--
17    PKI settings for signature of outbound SOAP messages
18    -->
19    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
20    <certFile></certFile>
21    <keyFile></keyFile>
22    <keyPwd></keyPwd>
23    <caCertFile></caCertFile>
24    <!--
25    Set the certificate used to verify the signature of messages from the
26    client.  This can usually be left blank since the client is expected to
27    include the cert with the signature in the inbound SOAP message
28    -->
29    <clntCertFile></clntCertFile>   
30    <attCertLifetime></attCertLifetime> <!-- Measured in seconds -->
31        <!--
32        Allow an offset for clock skew between servers running
33        security services.  - Use minus sign for time in the past
34        -->
35    <attCertNotBeforeOff>0</attCertNotBeforeOff>
36    <!-- Location of role mapping file -->
37    <mapConfigFile></mapConfigFile>
38    <!-- All Attribute Certificates are recorded in this dir before dispatch
39    to SOAP requestor
40    -->
41    <attCertDir></attCertDir>
42    <!--
43    File prefix and suffix for files stored in attCertDir
44    -->
45    <attCertFilePfx>ac-</attCertFilePfx>
46    <attCertFileSfx>.xml</attCertFileSfx>
47    <dnSeparator>/</dnSeparator>
48    <!--
49    Settings for custom AAUserRoles derived class to get user roles for
50    given user ID
51    -->
52    <userRolesModFilePath></userRolesModFilePath>
53    <userRolesModName></userRolesModName>
54    <userRolesClassName></userRolesClassName>
55    <userRolesPropFile></userRolesPropFile>
Note: See TracBrowser for help on using the repository browser.