source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2884

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2884
Revision 2884, 4.2 KB checked in by pjkersha, 13 years ago (diff)

Explicitly setting of SSL timeout avoids hanging client for calls over https

ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • added ref to NDGSEC_INT_DEBUG environment variable -sets service to stop in debugger at the start of each SOAP call. Service must be restarted in order for variable to be picked up

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • running unit tests with https switched on to investigate timeout problems. SM calls to an AA over https currently fail with a HTTP bad status line error

ndg.security.common/ndg/security/common/AttAuthority/init.py: improve error reporting for getAttCert call.

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • added functionality to set read and write timeouts. M2Crypto default is 600s(!). Changed default to 3s
Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = https://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
17#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
18
19# For https connections only.  !Omit ssl* settings if using http!
20# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
21# same as peer hostname.
22sslpeercertcn = Junk
23sslcacertfilepathlist = cacert.pem
24
25# X.509 certificate for Attribute Authority - to verify the signature of
26# returned responses
27#aacertfilepath =
28
29# Password protecting client private key - if omitted it will be prompted for
30# from tty
31clntprikeypwd = 
32
33# Set to False to test service without WS-Security signature
34setsignaturehandler = True
35
36# ValueType for BinarySecurityToken element of WSSE header.  Specify
37# 'X509PKIPathv1' for use with proxy certificates
38reqbinsectokvaltype = X509v3
39#reqbinsectokvaltype = X509
40#reqbinsectokvaltype = X509PKIPathv1
41
42# Test with proxy certificates or with standard certs.  Comment out as
43# appropriate
44#proxycertfilepath = ./proxy-cert.pem
45
46# Test without proxy certificates - uses AA server side cert/private key for
47# client side too (!)
48clntcertfilepath = ./aa-cert.pem
49
50clntprikeyfilepath = ./aa-key.pem
51#clntprikeyfilepath = ./proxy-key.pem
52
53# Space separated list of CA certificate files used to verify certificate used
54# in message signature / peer cert in SSL connection
55cacertfilepathlist = ./cacert.pem
56
57[test3GetTrustedHostInfo]
58role = postgrad
59# Test no matching role exception
60#role = blah
61 
62[test5GetAttCert]
63# If clntcertfilepath is a proxy set this cert as the one that issued the
64# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
65#issuingclntcertfilepath = ./user-cert.pem
66
67# Test with no digital signature applied
68#issuingclntcertfilepath = ./proxy-cert.pem
69# Setup for use by testGetMappedAttCert test
70attCertFilePath = ./ac.xml
71
72[test6GetAttCertWithUserIdSet]
73userId = system
74# Comment out if SignatureHandler is being used
75#issuingclntcertfilepath = ./aa-cert.pem
76
77[test7GetMappedAttCert]
78# Set to False to test service without WS-Security signature
79setsignaturehandler = True
80
81# ValueType for BinarySecurityToken element of WSSE header.  Specify
82# 'X509PKIPathv1' for use with proxy certificates
83reqbinsectokvaltype = X509v3
84#reqbinsectokvaltype = X509
85#reqbinsectokvaltype = X509PKIPathv1
86
87# Test with proxy certificates or with standard certs.  Comment out as
88# appropriate
89#proxycertfilepath = ./proxy-cert.pem
90clntcertfilepath = ./aa-cert.pem
91
92clntprikeypwd = 
93clntprikeyfilepath = ./proxy-key.pem
94clntprikeyfilepath = ./aa-key.pem
95
96# Space separated list of CA certificate files used to verify certificate used
97# in message signature
98cacertfilepathlist = ./cacert.pem
99
100uri = http://localhost:5100/AttributeAuthority
101# Heath Data Server
102#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
103# Marine Data Server
104#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
105userAttCertFilePath = ./ac.xml
106mappedAttCertFilePath = ./mapped-ac.xml
107
108[test8GetMappedAttCertStressTest]
109# Set to False for no signature handling
110setSignatureHandler = True
111
112# ValueType for BinarySecurityToken element of WSSE header.  Specify
113# 'X509PKIPathv1' for use with proxy certificates
114#reqbinsectokvaltype = X509v3
115#reqbinsectokvaltype = X509
116reqbinsectokvaltype = X509PKIPathv1
117
118# Test with proxy certificates or with standard certs.  Comment out as
119# appropriate
120proxycertfilepath = ./proxy-cert.pem
121#clntcertfilepath = ./aa-cert.pem
122
123clntprikeypwd = 
124clntprikeyfilepath = ./aa-key.pem
125
126# Space separated list of CA certificate files used to verify certificate used
127# in message signature
128cacertfilepathlist = ./cacert.pem
129
130uri = http://localhost:5000/AttributeAuthority
131userAttCertFilePathList = ./ac.xml
132
133
Note: See TracBrowser for help on using the repository browser.