source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2515

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2515
Revision 2515, 3.8 KB checked in by pjkersha, 13 years ago (diff)
  • Working version of WS-Security interface with proxy certificates - chain

of trust containing proxy cert and user cert is passed in a base 64 encoded
DER in a 'X509PKIPathv1' type BinarySecurityToken?.

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:

  • fix to soap_getX509Cert() - return base 64 encoded DER instead of PEM

format

ndg.security.server/ndg/security/server/AttAuthority/init.py,
ndg.security.server/ndg/security/server/ca/init.py,
ndg.security.server/ndg/security/server/SessionMgr/init.py,
ndg.security.client/ndg/security/client/SimpleCAClient.py:

  • added repr and get methods to better emulate dict behaviour

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:

  • modified to enable correct passing of proxy certificates with WS-Security
  • all unit tests work with these changes

ndg.security.common/ndg/security/common/X509.py:

  • fix to X509Cert.toString method - added 'return'
  • fix to X500DN comparison operators - use eq and ne deleted cmp
  • various fixes to X509Stack particular iter and verifyCertChain.
  • get method now behaves like dict parent class

ndg.security.common/ndg/security/common/AttCert.py:

  • fixed bug in holderDN attribute - now correctly set to call getHolderDN

NOT getHolder!

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • added setSignatureHandler flag to init

ndg.security.common/ndg/security/common/wsSecurity.py:

  • working version to handle proxy certificates correctly - uses

'X509PKIPathv1' type BinarySecurityToken?.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
17
18# X.509 certificate for Attribute Authority - to verify the signature of
19# returned responses
20#aacertfilepath =
21
22# Password protecting client private key - if omitted it will be prompted for
23# from tty
24clntprikeypwd = 
25
26# Set to False to test service without WS-Security signature
27setsignaturehandler = True
28
29# ValueType for BinarySecurityToken element of WSSE header.  Specify
30# 'X509PKIPathv1' for use with proxy certificates
31#reqbinsectokvaltype = X509v3
32#reqbinsectokvaltype = X509
33reqbinsectokvaltype = X509PKIPathv1
34
35# Test with proxy certificates or with standard certs.  Comment out as
36# appropriate
37proxycertfilepath = ./proxy-cert.pem
38
39# Test without proxy certificates - uses AA server side cert/private key for
40# client side too (!)
41#clntcertfilepath = ./aa-cert.pem
42
43#clntprikeyfilepath = ./aa-key.pem
44clntprikeyfilepath = ./proxy-key.pem
45
46
47# Space separated list of CA certificate files used to verify certificate used
48# in message signature
49cacertfilepathlist = ./cacert.pem
50
51[test3GetTrustedHostInfo]
52role = postgrad
53# Test no matching role exception
54#role = blah
55 
56[test5GetAttCert]
57# If clntcertfilepath is a proxy set this cert as the one that issued the
58# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
59#issuingclntcertfilepath = ./user-cert.pem
60
61# Test with no digital signature applied
62#issuingclntcertfilepath = ./proxy-cert.pem
63# Setup for use by testGetMappedAttCert test
64attCertFilePath = ./ac.xml
65
66[test6GetAttCertWithUserIdSet]
67userId = system
68issuingclntcertfilepath = ./aa-cert.pem
69
70[test7GetMappedAttCert]
71# Set to False to test service without WS-Security signature
72setsignaturehandler = True
73
74# ValueType for BinarySecurityToken element of WSSE header.  Specify
75# 'X509PKIPathv1' for use with proxy certificates
76#reqbinsectokvaltype = X509v3
77#reqbinsectokvaltype = X509
78reqbinsectokvaltype = X509PKIPathv1
79
80# Test with proxy certificates or with standard certs.  Comment out as
81# appropriate
82proxycertfilepath = ./proxy-cert.pem
83#clntcertfilepath = ./aa-cert.pem
84
85clntprikeypwd = 
86clntprikeyfilepath = ./proxy-key.pem
87#clntprikeyfilepath = ./aa-key.pem
88
89# Space separated list of CA certificate files used to verify certificate used
90# in message signature
91cacertfilepathlist = ./cacert.pem
92
93uri = http://localhost:5100/AttributeAuthority
94# Heath Data Server
95#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority
96# Marine Data Server
97#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
98userAttCertFilePath = ./ac.xml
99mappedAttCertFilePath = ./mapped-ac.xml
100
101[test8GetMappedAttCertStressTest]
102# Set to False for no signature handling
103setSignatureHandler = True
104
105# ValueType for BinarySecurityToken element of WSSE header.  Specify
106# 'X509PKIPathv1' for use with proxy certificates
107#reqbinsectokvaltype = X509v3
108#reqbinsectokvaltype = X509
109reqbinsectokvaltype = X509PKIPathv1
110
111# Test with proxy certificates or with standard certs.  Comment out as
112# appropriate
113proxycertfilepath = ./proxy-cert.pem
114#clntcertfilepath = ./aa-cert.pem
115
116clntprikeypwd = 
117clntprikeyfilepath = ./aa-key.pem
118
119# Space separated list of CA certificate files used to verify certificate used
120# in message signature
121cacertfilepathlist = ./cacert.pem
122
123uri = http://localhost:5000/AttributeAuthority
124userAttCertFilePathList = ./ac.xml
125
126
Note: See TracBrowser for help on using the repository browser.