source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2289

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2289
Revision 2289, 1.7 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py,
python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.
xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: experimented with omitting signature PKI settings.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml:
set serverCNprefix element to host/ for this MyProxy? installations server cert.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
altered for account on this machine.

python/ndg.security.common/setup.py: slight change to Python 2.5 check for
ElementTree inclusion

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
16
17# X.509 certificate for Attribute Authority - to verify the signature of
18# returned responses
19#aacertfilepath =
20
21# Password protecting client private key - if omitted it will be prompted for
22# from tty
23#userprikeypwd =
24#usercertfilepath = ./proxy-cert.pem
25#userprikeyfilepath = ./proxy-key.pem
26
27[test3GetTrustedHostInfo]
28role = postgrad
29# Test no matching role exception
30#role = blah
31 
32[test5GetAttCert]
33# If usercertfilepath is a proxy set this cert as the one that issued the
34# proxy.  Comment out if usercertfilepath is a standard X.509 cert.
35#issuingusercertfilepath = ./user-cert.pem
36
37# Test with no digital signature applied
38issuingusercertfilepath = ./proxy-cert.pem
39# Setup for use by testGetMappedAttCert test
40attCertFilePath = ./ac.xml
41
42[test6GetAttCertWithUserIdSet]
43userId = userWhoIsEntitledToTheRolesInThisCert
44
45[test7GetMappedAttCert]
46# Comment out to set for no signature handling
47userprikeypwd = 
48usercertfilepath = ./proxy-cert.pem
49userprikeyfilepath = ./proxy-key.pem
50
51uri = http://localhost:5100/AttributeAuthority
52# Heath Data Server
53#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority
54# Marine Data Server
55#uri = http://glue.badc.rl.ac.uk:43000/AttributeAuthority
56userAttCertFilePath = ./ac.xml
57
58
59
Note: See TracBrowser for help on using the repository browser.