source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2420

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2420
Revision 2420, 2.5 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • improve error messages to include 'X.509' to differentiate with AC errors
  • fixed bug with getAttCert when creating a mapped AC. It now copies over any userId setting from

the original AC input.

was put in to force authors of derived classes to implement an init but it's not necessary.
getRoles and isUserRegistered remain as virtual methods. i.e. they'll raise not NotImplementedError?
if the derived class doesn't overload them.

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml: include a default
attCertLifetime as an aid when making settings following an installation.

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: enable separate
caCertFilePath setting for test7GetMappedAttCert test. This allows one of the unit test AAs to
run without WS-Security settings and one with.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: custom settings for
DEWS tests but also important some additions:

  • include 'issuingusercertfilepath' for test6GetAttCertWithUserIdSet test otherwise it will fail

on the server side in the case when WS-Security signature settings are not made.

  • include 'cacertfilepathlist' setting for test7GetMappedAttCert test.
  • 'mappedAttCertFilePath' enables issued mapped AC to be saved to file for test7GetMappedAttCert

test.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
17
18# X.509 certificate for Attribute Authority - to verify the signature of
19# returned responses
20#aacertfilepath =
21
22# Password protecting client private key - if omitted it will be prompted for
23# from tty
24userprikeypwd = 
25
26# All commented out to test service without WS-Security
27#usercertfilepath = ./proxy-cert.pem
28#userprikeyfilepath = ./proxy-key.pem
29# Test with CA cert validation - proxy certs currently work with this as
30# the user cert as well as proxy is needed to complete the chain of trust
31# with the CA
32#usercertfilepath = ./aa-cert.pem
33#userprikeyfilepath = ./aa-key.pem
34
35# Space separated list of CA certificate files used to verify certificate used
36# in message signature
37#cacertfilepathlist = ./cacert.pem
38
39[test3GetTrustedHostInfo]
40role = postgrad
41# Test no matching role exception
42#role = blah
43 
44[test5GetAttCert]
45# If usercertfilepath is a proxy set this cert as the one that issued the
46# proxy.  Comment out if usercertfilepath is a standard X.509 cert.
47#issuingusercertfilepath = ./user-cert.pem
48
49# Test with no digital signature applied
50#issuingusercertfilepath = ./proxy-cert.pem
51# Setup for use by testGetMappedAttCert test
52attCertFilePath = ./ac.xml
53
54[test6GetAttCertWithUserIdSet]
55userId = dewsPortalUser
56issuingusercertfilepath = ./aa-cert.pem
57
58[test7GetMappedAttCert]
59# Comment out to set for no signature handling
60userprikeypwd = 
61#usercertfilepath = ./proxy-cert.pem
62#userprikeyfilepath = ./proxy-key.pem
63usercertfilepath = ./aa-cert.pem
64userprikeyfilepath = ./aa-key.pem
65
66# Space separated list of CA certificate files used to verify certificate used
67# in message signature
68cacertfilepathlist = ./cacert.pem
69
70#uri = http://localhost:5100/AttributeAuthority
71# Heath Data Server
72#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority
73# Marine Data Server
74uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
75userAttCertFilePath = ./ac.xml
76mappedAttCertFilePath = ./mapped-ac.xml
77
78
Note: See TracBrowser for help on using the repository browser.