source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2685

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2685
Revision 2685, 4.2 KB checked in by pjkersha, 13 years ago (diff)

Preparing new DEWS 0.8.0 release -

ndg.security.server/setup.py: remove commented out code

setup.py, ndg.security.client/setup.py, ndg.security.test/setup.py,
ndg.security.server/setup.py, ndg.security.common/setup.py:
update version to 0.8.0

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml:
reset default transport to http

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
default test settings for DEWS

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • updated for tests with SSL - sslCACertList keyword

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • test with SSL

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • include new SSL settings sslCACertList and sslCACertFilePathList

keywords / properties

  • removed transdict keyword
  • changed tranport attribute to _transport and transdict to _transdict

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • import httplib to enable catch for httplib.BadStatusLine? exception - this

is thrown when trying to connect with http to https service

  • include sslCACertFilePathList property
  • remove clntCertFilePath, clntPriKeyFilePath and clntPriKeyPwd properties -

no longer needed

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • new property caCertFilePathList enables setting of CA certs from file list
  • fix to HTTPSConnection class - set _postConnectionCheck attribute to

SSL.Checker.Checker default if not equivalent keyword was set

ndg.security.common/ndg/security/common/CredWallet.py:

  • enable calls to Attribute Authorities to set CA list for peer cert

verification with SSL connections

ndg-security-install.py: added new -t option to enable install of unit tests
package

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
17#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
18
19# For https connections only.  !Omit ssl* settings if using http!
20# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
21# same as peer hostname.
22sslpeercertcn = Junk
23sslcacertfilepathlist = cacert.pem
24
25# X.509 certificate for Attribute Authority - to verify the signature of
26# returned responses
27#aacertfilepath =
28
29# Password protecting client private key - if omitted it will be prompted for
30# from tty
31clntprikeypwd = 
32
33# Set to False to test service without WS-Security signature
34setsignaturehandler = True
35
36# ValueType for BinarySecurityToken element of WSSE header.  Specify
37# 'X509PKIPathv1' for use with proxy certificates
38reqbinsectokvaltype = X509v3
39#reqbinsectokvaltype = X509
40#reqbinsectokvaltype = X509PKIPathv1
41
42# Test with proxy certificates or with standard certs.  Comment out as
43# appropriate
44#proxycertfilepath = ./proxy-cert.pem
45
46# Test without proxy certificates - uses AA server side cert/private key for
47# client side too (!)
48clntcertfilepath = ./aa-cert.pem
49
50clntprikeyfilepath = ./aa-key.pem
51#clntprikeyfilepath = ./proxy-key.pem
52
53# Space separated list of CA certificate files used to verify certificate used
54# in message signature / peer cert in SSL connection
55cacertfilepathlist = ./cacert.pem
56
57[test3GetTrustedHostInfo]
58role = postgrad
59# Test no matching role exception
60#role = blah
61 
62[test5GetAttCert]
63# If clntcertfilepath is a proxy set this cert as the one that issued the
64# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
65#issuingclntcertfilepath = ./user-cert.pem
66
67# Test with no digital signature applied
68#issuingclntcertfilepath = ./proxy-cert.pem
69# Setup for use by testGetMappedAttCert test
70attCertFilePath = ./ac.xml
71
72[test6GetAttCertWithUserIdSet]
73userId = system
74# Comment out if SignatureHandler is being used
75#issuingclntcertfilepath = ./aa-cert.pem
76
77[test7GetMappedAttCert]
78# Set to False to test service without WS-Security signature
79setsignaturehandler = True
80
81# ValueType for BinarySecurityToken element of WSSE header.  Specify
82# 'X509PKIPathv1' for use with proxy certificates
83reqbinsectokvaltype = X509v3
84#reqbinsectokvaltype = X509
85#reqbinsectokvaltype = X509PKIPathv1
86
87# Test with proxy certificates or with standard certs.  Comment out as
88# appropriate
89#proxycertfilepath = ./proxy-cert.pem
90clntcertfilepath = ./aa-cert.pem
91
92clntprikeypwd = 
93clntprikeyfilepath = ./proxy-key.pem
94clntprikeyfilepath = ./aa-key.pem
95
96# Space separated list of CA certificate files used to verify certificate used
97# in message signature
98cacertfilepathlist = ./cacert.pem
99
100uri = http://localhost:5100/AttributeAuthority
101# Heath Data Server
102#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
103# Marine Data Server
104#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
105userAttCertFilePath = ./ac.xml
106mappedAttCertFilePath = ./mapped-ac.xml
107
108[test8GetMappedAttCertStressTest]
109# Set to False for no signature handling
110setSignatureHandler = True
111
112# ValueType for BinarySecurityToken element of WSSE header.  Specify
113# 'X509PKIPathv1' for use with proxy certificates
114#reqbinsectokvaltype = X509v3
115#reqbinsectokvaltype = X509
116reqbinsectokvaltype = X509PKIPathv1
117
118# Test with proxy certificates or with standard certs.  Comment out as
119# appropriate
120proxycertfilepath = ./proxy-cert.pem
121#clntcertfilepath = ./aa-cert.pem
122
123clntprikeypwd = 
124clntprikeyfilepath = ./aa-key.pem
125
126# Space separated list of CA certificate files used to verify certificate used
127# in message signature
128cacertfilepathlist = ./cacert.pem
129
130uri = http://localhost:5000/AttributeAuthority
131userAttCertFilePathList = ./ac.xml
132
133
Note: See TracBrowser for help on using the repository browser.