source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2530

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2530
Revision 2530, 3.8 KB checked in by pjkersha, 13 years ago (diff)

Working Session Manager unit tests for connect and disconmect calls and
getAttCert calls. Correct use of proxy certs with WS-Security signature
interface is also configured.

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
removed blank line

ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml:
added setting for signature handler flag and CA cert

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • fix to soap_disconnect - call SessionMgr?.deleteUserSession
  • fix to soap_getX509Cert - base64 encode DER format cert output
  • added 'useSignatureHandler' flag to enable WS-Security signature handling

to be omitted if required.

ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • ref to CredWalletInvalidUserX509Cert
  • give explicit keyword names in connect2UserSession method signature
  • raise CredWalletInvalidUserX509Cert if Credential Wallet cert is invalid
  • SessionMgr?.deleteUserSession method - added userSess keyword; fixed userDN

setting to ensure its a string

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
cosmetic changes

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • added _getCertChainFromProxyCertFile method to enable correct proxy cert

loading

  • added caCertFilePathList, reqBinSecTokValType, setSignatureHandler and

signingCertChain keyword settings to SessionMgrClient? initialisation

  • removed duplicated test6bCookieGetMappedAttCert method

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:

  • dropped serverCNprefix element setting - not needed for test certs used.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • added new params caCertFilePathList, reqBinSecTokValType,

setSignatureHandler and proxycertfilepath

ndg.security.common/ndg/security/common/SessionMgr/init.py:

SignatureHandler? to switched on/off

ndg.security.common/ndg/security/common/AttAuthority/init.py: fix to
pydoc for AttAuthorityClient?.init

ndg.security.common/ndg/security/common/CredWallet.py: major fixes for
SessionMgr? - AA calls -

  • CredWalletInvalidUserX509Cert new exception type raised if user cert is

invalid

  • separate setAAuri into a new method createAAClnt
  • getAttCert method can take an aaClnt keyword. This enables the client

object to the AA to call to be passed in. Default is the target AA,
self.aaClnt.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
17
18# X.509 certificate for Attribute Authority - to verify the signature of
19# returned responses
20#aacertfilepath =
21
22# Password protecting client private key - if omitted it will be prompted for
23# from tty
24clntprikeypwd = 
25
26# Set to False to test service without WS-Security signature
27setsignaturehandler = True
28
29# ValueType for BinarySecurityToken element of WSSE header.  Specify
30# 'X509PKIPathv1' for use with proxy certificates
31#reqbinsectokvaltype = X509v3
32#reqbinsectokvaltype = X509
33reqbinsectokvaltype = X509PKIPathv1
34
35# Test with proxy certificates or with standard certs.  Comment out as
36# appropriate
37proxycertfilepath = ./proxy-cert.pem
38
39# Test without proxy certificates - uses AA server side cert/private key for
40# client side too (!)
41#clntcertfilepath = ./aa-cert.pem
42
43#clntprikeyfilepath = ./aa-key.pem
44clntprikeyfilepath = ./proxy-key.pem
45
46# Space separated list of CA certificate files used to verify certificate used
47# in message signature
48cacertfilepathlist = ./cacert.pem
49
50[test3GetTrustedHostInfo]
51role = postgrad
52# Test no matching role exception
53#role = blah
54 
55[test5GetAttCert]
56# If clntcertfilepath is a proxy set this cert as the one that issued the
57# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
58#issuingclntcertfilepath = ./user-cert.pem
59
60# Test with no digital signature applied
61#issuingclntcertfilepath = ./proxy-cert.pem
62# Setup for use by testGetMappedAttCert test
63attCertFilePath = ./ac.xml
64
65[test6GetAttCertWithUserIdSet]
66userId = system
67issuingclntcertfilepath = ./aa-cert.pem
68
69[test7GetMappedAttCert]
70# Set to False to test service without WS-Security signature
71setsignaturehandler = True
72
73# ValueType for BinarySecurityToken element of WSSE header.  Specify
74# 'X509PKIPathv1' for use with proxy certificates
75#reqbinsectokvaltype = X509v3
76#reqbinsectokvaltype = X509
77reqbinsectokvaltype = X509PKIPathv1
78
79# Test with proxy certificates or with standard certs.  Comment out as
80# appropriate
81proxycertfilepath = ./proxy-cert.pem
82#clntcertfilepath = ./aa-cert.pem
83
84clntprikeypwd = 
85clntprikeyfilepath = ./proxy-key.pem
86#clntprikeyfilepath = ./aa-key.pem
87
88# Space separated list of CA certificate files used to verify certificate used
89# in message signature
90cacertfilepathlist = ./cacert.pem
91
92uri = http://localhost:5100/AttributeAuthority
93# Heath Data Server
94#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority
95# Marine Data Server
96#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
97userAttCertFilePath = ./ac.xml
98mappedAttCertFilePath = ./mapped-ac.xml
99
100[test8GetMappedAttCertStressTest]
101# Set to False for no signature handling
102setSignatureHandler = True
103
104# ValueType for BinarySecurityToken element of WSSE header.  Specify
105# 'X509PKIPathv1' for use with proxy certificates
106#reqbinsectokvaltype = X509v3
107#reqbinsectokvaltype = X509
108reqbinsectokvaltype = X509PKIPathv1
109
110# Test with proxy certificates or with standard certs.  Comment out as
111# appropriate
112proxycertfilepath = ./proxy-cert.pem
113#clntcertfilepath = ./aa-cert.pem
114
115clntprikeypwd = 
116clntprikeyfilepath = ./aa-key.pem
117
118# Space separated list of CA certificate files used to verify certificate used
119# in message signature
120cacertfilepathlist = ./cacert.pem
121
122uri = http://localhost:5000/AttributeAuthority
123userAttCertFilePathList = ./ac.xml
124
125
Note: See TracBrowser for help on using the repository browser.