1 | # NERC Data Grid Project |
---|
2 | # |
---|
3 | # P J Kershaw 16/01/07 |
---|
4 | # |
---|
5 | # Copyright (C) 2007 CCLRC & NERC |
---|
6 | # |
---|
7 | # This software may be distributed under the terms of the Q Public License, |
---|
8 | # version 1.0 or later. |
---|
9 | [setUp] |
---|
10 | # ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this |
---|
11 | # setting for test6GetMappedAttCert |
---|
12 | uri = https://localhost:5000/AttributeAuthority |
---|
13 | #uri = https://localhost:5000/AttributeAuthority |
---|
14 | #uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority |
---|
15 | #uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority |
---|
16 | #uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority |
---|
17 | #uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority |
---|
18 | |
---|
19 | # For https connections only. !Omit ssl* settings if using http! |
---|
20 | # sslpeercertcn is the expected CommonName of peer cert. Omit if it's the |
---|
21 | # same as peer hostname. |
---|
22 | sslpeercertcn = Junk |
---|
23 | sslcacertfilepathlist = cacert.pem |
---|
24 | |
---|
25 | # X.509 certificate for Attribute Authority - to verify the signature of |
---|
26 | # returned responses |
---|
27 | #aacertfilepath = |
---|
28 | |
---|
29 | # Password protecting client private key - if omitted it will be prompted for |
---|
30 | # from tty |
---|
31 | clntprikeypwd = |
---|
32 | |
---|
33 | # Set to False to test service without WS-Security signature |
---|
34 | setsignaturehandler = True |
---|
35 | |
---|
36 | # ValueType for BinarySecurityToken element of WSSE header. Specify |
---|
37 | # 'X509PKIPathv1' for use with proxy certificates |
---|
38 | reqbinsectokvaltype = X509v3 |
---|
39 | #reqbinsectokvaltype = X509 |
---|
40 | #reqbinsectokvaltype = X509PKIPathv1 |
---|
41 | |
---|
42 | # Test with proxy certificates or with standard certs. Comment out as |
---|
43 | # appropriate |
---|
44 | #proxycertfilepath = ./proxy-cert.pem |
---|
45 | |
---|
46 | # Test without proxy certificates - uses AA server side cert/private key for |
---|
47 | # client side too (!) |
---|
48 | clntcertfilepath = ./aa-cert.pem |
---|
49 | |
---|
50 | clntprikeyfilepath = ./aa-key.pem |
---|
51 | #clntprikeyfilepath = ./proxy-key.pem |
---|
52 | |
---|
53 | # Space separated list of CA certificate files used to verify certificate used |
---|
54 | # in message signature / peer cert in SSL connection |
---|
55 | cacertfilepathlist = ./cacert.pem |
---|
56 | |
---|
57 | [test3GetTrustedHostInfo] |
---|
58 | role = postgrad |
---|
59 | # Test no matching role exception |
---|
60 | #role = blah |
---|
61 | |
---|
62 | [test5GetAttCert] |
---|
63 | # If clntcertfilepath is a proxy set this cert as the one that issued the |
---|
64 | # proxy. Comment out if clntcertfilepath is a standard X.509 cert. |
---|
65 | #issuingclntcertfilepath = ./user-cert.pem |
---|
66 | |
---|
67 | # Test with no digital signature applied |
---|
68 | #issuingclntcertfilepath = ./proxy-cert.pem |
---|
69 | # Setup for use by testGetMappedAttCert test |
---|
70 | attCertFilePath = ./ac.xml |
---|
71 | |
---|
72 | [test6GetAttCertWithUserIdSet] |
---|
73 | userId = system |
---|
74 | # Comment out if SignatureHandler is being used |
---|
75 | #issuingclntcertfilepath = ./aa-cert.pem |
---|
76 | |
---|
77 | [test7GetMappedAttCert] |
---|
78 | # Set to False to test service without WS-Security signature |
---|
79 | setsignaturehandler = True |
---|
80 | |
---|
81 | # ValueType for BinarySecurityToken element of WSSE header. Specify |
---|
82 | # 'X509PKIPathv1' for use with proxy certificates |
---|
83 | reqbinsectokvaltype = X509v3 |
---|
84 | #reqbinsectokvaltype = X509 |
---|
85 | #reqbinsectokvaltype = X509PKIPathv1 |
---|
86 | |
---|
87 | # Test with proxy certificates or with standard certs. Comment out as |
---|
88 | # appropriate |
---|
89 | #proxycertfilepath = ./proxy-cert.pem |
---|
90 | clntcertfilepath = ./aa-cert.pem |
---|
91 | |
---|
92 | clntprikeypwd = |
---|
93 | clntprikeyfilepath = ./proxy-key.pem |
---|
94 | clntprikeyfilepath = ./aa-key.pem |
---|
95 | |
---|
96 | # Space separated list of CA certificate files used to verify certificate used |
---|
97 | # in message signature |
---|
98 | cacertfilepathlist = ./cacert.pem |
---|
99 | |
---|
100 | uri = http://localhost:5100/AttributeAuthority |
---|
101 | # Heath Data Server |
---|
102 | #uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority |
---|
103 | # Marine Data Server |
---|
104 | #uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority |
---|
105 | userAttCertFilePath = ./ac.xml |
---|
106 | mappedAttCertFilePath = ./mapped-ac.xml |
---|
107 | |
---|
108 | [test8GetMappedAttCertStressTest] |
---|
109 | # Set to False for no signature handling |
---|
110 | setSignatureHandler = True |
---|
111 | |
---|
112 | # ValueType for BinarySecurityToken element of WSSE header. Specify |
---|
113 | # 'X509PKIPathv1' for use with proxy certificates |
---|
114 | #reqbinsectokvaltype = X509v3 |
---|
115 | #reqbinsectokvaltype = X509 |
---|
116 | reqbinsectokvaltype = X509PKIPathv1 |
---|
117 | |
---|
118 | # Test with proxy certificates or with standard certs. Comment out as |
---|
119 | # appropriate |
---|
120 | proxycertfilepath = ./proxy-cert.pem |
---|
121 | #clntcertfilepath = ./aa-cert.pem |
---|
122 | |
---|
123 | clntprikeypwd = |
---|
124 | clntprikeyfilepath = ./aa-key.pem |
---|
125 | |
---|
126 | # Space separated list of CA certificate files used to verify certificate used |
---|
127 | # in message signature |
---|
128 | cacertfilepathlist = ./cacert.pem |
---|
129 | |
---|
130 | uri = http://localhost:5000/AttributeAuthority |
---|
131 | userAttCertFilePathList = ./ac.xml |
---|
132 | |
---|
133 | |
---|