source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 2900

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@2900
Revision 2900, 4.2 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/setup.py: added *.conf for conf/ openssl.conf file

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • Use RotatingFileHandler? from logging package to enable store of ACs issued to be limited. Properties file attCertFileLogCnt sets maximum number of files created before rotation.
  • newAttCertFilePath() is replaced by rotating file handler functionality
  • added logging with some debug messages - more needed to complete

ndg.security.server/ndg/security/server/conf/attCert/init.py

  • renamed to ndg.security.test/ndg/security/test/AttAuthority/attCertLog/init.py

ndg.security.server/ndg/security/server/conf/userRoles.py: userIsRegistered should return bool

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:

  • filled in default values for most attributes to ease installation config tasks
  • attCertFilePfx and attCertFileSfx replaced with attCertFileName and attCertFileLog attributes for new AC logging.

ndg.security.client/ndg/security/client/ndgSessionClient.py: removed debug calls. This module may now be surplus because of Pylons framework and plans for Java and PHP clients.

ndg.security.test/ndg/security/test/AttAuthority/siteAUserRoles.py: added coapec for testing

ndg.security.test/ndg/security/test/AttAuthority/siteAMapConfig.xml: fix formatting

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: altered settings for tests

ndg.security.test/ndg/security/test/Log/LogTest.py: exptd with log config. Eventually change to be harness for SOAP log interface

Makefile: use default python + added force target.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
15#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
16#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority
17#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority
18
19# For https connections only.  !Omit ssl* settings if using http!
20# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
21# same as peer hostname.
22sslpeercertcn = Junk
23sslcacertfilepathlist = cacert.pem
24
25# X.509 certificate for Attribute Authority - to verify the signature of
26# returned responses
27#aacertfilepath =
28
29# Password protecting client private key - if omitted it will be prompted for
30# from tty
31clntprikeypwd = 
32
33# Set to False to test service without WS-Security signature
34setsignaturehandler = True
35
36# ValueType for BinarySecurityToken element of WSSE header.  Specify
37# 'X509PKIPathv1' for use with proxy certificates
38reqbinsectokvaltype = X509v3
39#reqbinsectokvaltype = X509
40#reqbinsectokvaltype = X509PKIPathv1
41
42# Test with proxy certificates or with standard certs.  Comment out as
43# appropriate
44#proxycertfilepath = ./proxy-cert.pem
45
46# Test without proxy certificates - uses AA server side cert/private key for
47# client side too (!)
48clntcertfilepath = ./aa-cert.pem
49
50clntprikeyfilepath = ./aa-key.pem
51#clntprikeyfilepath = ./proxy-key.pem
52
53# Space separated list of CA certificate files used to verify certificate used
54# in message signature / peer cert in SSL connection
55cacertfilepathlist = ./cacert.pem
56
57[test3GetTrustedHostInfo]
58role = postgrad
59# Test no matching role exception
60#role = blah
61 
62[test5GetAttCert]
63# If clntcertfilepath is a proxy set this cert as the one that issued the
64# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
65#issuingclntcertfilepath = ./user-cert.pem
66
67# Test with no digital signature applied
68#issuingclntcertfilepath = ./proxy-cert.pem
69# Setup for use by testGetMappedAttCert test
70attCertFilePath = ./ac-clnt.xml
71
72[test6GetAttCertWithUserIdSet]
73userId = system
74# Comment out if SignatureHandler is being used
75#issuingclntcertfilepath = ./aa-cert.pem
76
77[test7GetMappedAttCert]
78# Set to False to test service without WS-Security signature
79setsignaturehandler = True
80
81# ValueType for BinarySecurityToken element of WSSE header.  Specify
82# 'X509PKIPathv1' for use with proxy certificates
83reqbinsectokvaltype = X509v3
84#reqbinsectokvaltype = X509
85#reqbinsectokvaltype = X509PKIPathv1
86
87# Test with proxy certificates or with standard certs.  Comment out as
88# appropriate
89#proxycertfilepath = ./proxy-cert.pem
90clntcertfilepath = ./aa-cert.pem
91
92clntprikeypwd = 
93clntprikeyfilepath = ./proxy-key.pem
94clntprikeyfilepath = ./aa-key.pem
95
96# Space separated list of CA certificate files used to verify certificate used
97# in message signature
98cacertfilepathlist = ./cacert.pem
99
100uri = http://localhost:5100/AttributeAuthority
101# Heath Data Server
102#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
103# Marine Data Server
104#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
105userAttCertFilePath = ./ac-clnt.xml
106
107mappedAttCertFilePath = ./mapped-ac.xml
108
109[test8GetMappedAttCertStressTest]
110# Set to False for no signature handling
111setSignatureHandler = True
112
113# ValueType for BinarySecurityToken element of WSSE header.  Specify
114# 'X509PKIPathv1' for use with proxy certificates
115#reqbinsectokvaltype = X509v3
116#reqbinsectokvaltype = X509
117reqbinsectokvaltype = X509PKIPathv1
118
119# Test with proxy certificates or with standard certs.  Comment out as
120# appropriate
121proxycertfilepath = ./proxy-cert.pem
122#clntcertfilepath = ./aa-cert.pem
123
124clntprikeypwd = 
125clntprikeyfilepath = ./aa-key.pem
126
127# Space separated list of CA certificate files used to verify certificate used
128# in message signature
129cacertfilepathlist = ./cacert.pem
130
131uri = http://localhost:5000/AttributeAuthority
132userAttCertFilePathList = ./ac-clnt.xml
133
134
Note: See TracBrowser for help on using the repository browser.