source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2884

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2884
Revision 2884, 4.2 KB checked in by pjkersha, 13 years ago (diff)

Explicitly setting of SSL timeout avoids hanging client for calls over https

ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • added ref to NDGSEC_INT_DEBUG environment variable -sets service to stop in debugger at the start of each SOAP call. Service must be restarted in order for variable to be picked up

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • running unit tests with https switched on to investigate timeout problems. SM calls to an AA over https currently fail with a HTTP bad status line error

ndg.security.common/ndg/security/common/AttAuthority/init.py: improve error reporting for getAttCert call.

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • added functionality to set read and write timeouts. M2Crypto default is 600s(!). Changed default to 3s
RevLine 
[2017]1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
[2086]10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
[2884]12uri = https://localhost:5000/AttributeAuthority
[2685]13#uri = https://localhost:5000/AttributeAuthority
[2350]14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
[2679]15#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
[2515]16#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
[2289]17#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
[2017]18
[2679]19# For https connections only.  !Omit ssl* settings if using http!
20# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
21# same as peer hostname.
22sslpeercertcn = Junk
23sslcacertfilepathlist = cacert.pem
24
[2017]25# X.509 certificate for Attribute Authority - to verify the signature of
26# returned responses
27#aacertfilepath =
28
29# Password protecting client private key - if omitted it will be prompted for
30# from tty
[2515]31clntprikeypwd = 
[2420]32
[2515]33# Set to False to test service without WS-Security signature
34setsignaturehandler = True
[2017]35
[2515]36# ValueType for BinarySecurityToken element of WSSE header.  Specify
37# 'X509PKIPathv1' for use with proxy certificates
[2685]38reqbinsectokvaltype = X509v3
[2515]39#reqbinsectokvaltype = X509
[2685]40#reqbinsectokvaltype = X509PKIPathv1
[2515]41
42# Test with proxy certificates or with standard certs.  Comment out as
43# appropriate
[2685]44#proxycertfilepath = ./proxy-cert.pem
[2515]45
46# Test without proxy certificates - uses AA server side cert/private key for
47# client side too (!)
[2685]48clntcertfilepath = ./aa-cert.pem
[2515]49
[2685]50clntprikeyfilepath = ./aa-key.pem
51#clntprikeyfilepath = ./proxy-key.pem
[2515]52
[2401]53# Space separated list of CA certificate files used to verify certificate used
[2679]54# in message signature / peer cert in SSL connection
[2515]55cacertfilepathlist = ./cacert.pem
[2401]56
[2051]57[test3GetTrustedHostInfo]
[2017]58role = postgrad
[2051]59# Test no matching role exception
60#role = blah
[2017]61 
[2044]62[test5GetAttCert]
[2515]63# If clntcertfilepath is a proxy set this cert as the one that issued the
64# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
65#issuingclntcertfilepath = ./user-cert.pem
[2289]66
67# Test with no digital signature applied
[2515]68#issuingclntcertfilepath = ./proxy-cert.pem
[2044]69# Setup for use by testGetMappedAttCert test
70attCertFilePath = ./ac.xml
[2017]71
[2178]72[test6GetAttCertWithUserIdSet]
[2510]73userId = system
[2679]74# Comment out if SignatureHandler is being used
75#issuingclntcertfilepath = ./aa-cert.pem
[2178]76
77[test7GetMappedAttCert]
[2515]78# Set to False to test service without WS-Security signature
79setsignaturehandler = True
[2044]80
[2515]81# ValueType for BinarySecurityToken element of WSSE header.  Specify
82# 'X509PKIPathv1' for use with proxy certificates
[2685]83reqbinsectokvaltype = X509v3
[2515]84#reqbinsectokvaltype = X509
[2685]85#reqbinsectokvaltype = X509PKIPathv1
[2515]86
87# Test with proxy certificates or with standard certs.  Comment out as
88# appropriate
[2685]89#proxycertfilepath = ./proxy-cert.pem
90clntcertfilepath = ./aa-cert.pem
[2515]91
92clntprikeypwd = 
93clntprikeyfilepath = ./proxy-key.pem
[2685]94clntprikeyfilepath = ./aa-key.pem
[2515]95
[2420]96# Space separated list of CA certificate files used to verify certificate used
97# in message signature
98cacertfilepathlist = ./cacert.pem
99
[2515]100uri = http://localhost:5100/AttributeAuthority
[2289]101# Heath Data Server
[2679]102#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
[2289]103# Marine Data Server
[2515]104#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
[2017]105userAttCertFilePath = ./ac.xml
[2420]106mappedAttCertFilePath = ./mapped-ac.xml
[2017]107
[2510]108[test8GetMappedAttCertStressTest]
[2515]109# Set to False for no signature handling
110setSignatureHandler = True
[2017]111
[2515]112# ValueType for BinarySecurityToken element of WSSE header.  Specify
113# 'X509PKIPathv1' for use with proxy certificates
114#reqbinsectokvaltype = X509v3
115#reqbinsectokvaltype = X509
116reqbinsectokvaltype = X509PKIPathv1
117
118# Test with proxy certificates or with standard certs.  Comment out as
119# appropriate
120proxycertfilepath = ./proxy-cert.pem
121#clntcertfilepath = ./aa-cert.pem
122
123clntprikeypwd = 
124clntprikeyfilepath = ./aa-key.pem
125
[2510]126# Space separated list of CA certificate files used to verify certificate used
127# in message signature
128cacertfilepathlist = ./cacert.pem
129
130uri = http://localhost:5000/AttributeAuthority
[2515]131userAttCertFilePathList = ./ac.xml
[2510]132
133
Note: See TracBrowser for help on using the repository browser.