source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg @ 3135

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg@3135
Revision 3135, 4.0 KB checked in by pjkersha, 13 years ago (diff)

Working Attribute Authority unit tests with WS-Security multiple CAs support. This will be needed for deployment of MyProxy? with Simple CA at partner sites.

Added CA cert and certs and keys for a *TEST* CA for use with unit tests. This CA is NOT for production use.

python/ndg.security.server/setup.py: include .crt certs in conf/ package data

python/ndg.security.server/ndg/security/server/AttAuthority/init.py: added sslCACertDir param. It enables M2Crypto SSL server side to pick up multiple CA certs for a dir.

python/ndg.security.server/ndg/security/server/conf/certs/ca/init.py: make new ca/ dir a package so that it's exported with egg package data.

python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
python/ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • alter WS-Security SOAP handler init to accept multiple CA certs.
  • load multiple CA certs from sslCACertDir key of SessionMgr/AttAuthority? instance

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

  • added new sslCACertDir elem
  • fixed caCertFile - only single elem required

python/ndg.security.test/setup.py: include TEST CA and certs and keys issued from it for use in unit tests. These are fro test only.

python/ndg.security.test/ndg/security/test/AttAuthority/ca/ndg-test-ca.crt,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.key,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.crt: test CA certs and key.

python/ndg.security.test/ndg/security/test/AttAuthority/init.py: fix description

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: ditto + added NDGSEC_INT_DEBUG env var option

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: fixed for new location of CA cert in ca/ sub-dir

python/ndg.security.test/ndg/security/test/sessionMgrClient/ca/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/ca/init.py,
python/ndg.security.test/ndg/security/test/AttAuthority/ca/init.py: ensure ca/ dir gets included in egg package data

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13#uri = https://localhost:5000/AttributeAuthority
14
15# For https connections only.  !Omit ssl* settings if using http!
16# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
17# same as peer hostname.
18sslpeercertcn = Junk
19sslcacertfilepathlist = ./ca/cacert.pem
20
21# X.509 certificate for Attribute Authority - to verify the signature of
22# returned responses
23#aacertfilepath =
24
25# Password protecting client private key - if omitted it will be prompted for
26# from tty
27clntprikeypwd = 
28
29# Set to False to test service without WS-Security signature
30setsignaturehandler = True
31
32# ValueType for BinarySecurityToken element of WSSE header.  Specify
33# 'X509PKIPathv1' for use with proxy certificates
34reqbinsectokvaltype = X509v3
35#reqbinsectokvaltype = X509
36#reqbinsectokvaltype = X509PKIPathv1
37
38# Test with proxy certificates or with standard certs.  Comment out as
39# appropriate
40#proxycertfilepath = ./proxy-cert.pem
41
42# Test without proxy certificates - uses AA server side cert/private key for
43# client side too (!)
44clntcertfilepath = ./aa-cert.pem
45
46clntprikeyfilepath = ./aa-key.pem
47#clntprikeyfilepath = ./proxy-key.pem
48
49# Space separated list of CA certificate files used to verify certificate used
50# in message signature / peer cert in SSL connection
51cacertfilepathlist = ./ca/cacert.pem ./ca/ndg-test-ca.crt
52
53[test3GetTrustedHostInfo]
54role = postgrad
55# Test no matching role exception
56#role = blah
57 
58[test5GetAttCert]
59# If clntcertfilepath is a proxy set this cert as the one that issued the
60# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
61#issuingclntcertfilepath = ./user-cert.pem
62
63# Test with no digital signature applied
64#issuingclntcertfilepath = ./proxy-cert.pem
65# Setup for use by testGetMappedAttCert test
66attCertFilePath = ./ac-clnt.xml
67
68[test6GetAttCertWithUserIdSet]
69userId = system
70# Comment out if SignatureHandler is being used
71#issuingclntcertfilepath = ./aa-cert.pem
72
73[test7GetMappedAttCert]
74# Set to False to test service without WS-Security signature
75setsignaturehandler = True
76
77# ValueType for BinarySecurityToken element of WSSE header.  Specify
78# 'X509PKIPathv1' for use with proxy certificates
79reqbinsectokvaltype = X509v3
80#reqbinsectokvaltype = X509
81#reqbinsectokvaltype = X509PKIPathv1
82
83# Test with proxy certificates or with standard certs.  Comment out as
84# appropriate
85#proxycertfilepath = ./proxy-cert.pem
86clntcertfilepath = ./aa-cert.pem
87
88clntprikeypwd = 
89clntprikeyfilepath = ./proxy-key.pem
90clntprikeyfilepath = ./aa-key.pem
91
92# Space separated list of CA certificate files used to verify certificate used
93# in message signature
94cacertfilepathlist = ./ca/cacert.pem
95
96uri = http://localhost:5100/AttributeAuthority
97# Heath Data Server
98#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
99# Marine Data Server
100#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
101userAttCertFilePath = ./ac-clnt.xml
102
103mappedAttCertFilePath = ./mapped-ac.xml
104
105[test8GetMappedAttCertStressTest]
106# Set to False for no signature handling
107setSignatureHandler = True
108
109# ValueType for BinarySecurityToken element of WSSE header.  Specify
110# 'X509PKIPathv1' for use with proxy certificates
111reqbinsectokvaltype = X509v3
112#reqbinsectokvaltype = X509
113#reqbinsectokvaltype = X509PKIPathv1
114
115# Test with proxy certificates or with standard certs.  Comment out as
116# appropriate
117#proxycertfilepath = ./proxy-cert.pem
118clntcertfilepath = ./aa-cert.pem
119
120clntprikeypwd = 
121clntprikeyfilepath = ./aa-key.pem
122
123# Space separated list of CA certificate files used to verify certificate used
124# in message signature
125cacertfilepathlist = ./ca/cacert.pem
126
127uri = http://localhost:5000/AttributeAuthority
128userAttCertFilePathList = ./ac-clnt.xml
129
130
Note: See TracBrowser for help on using the repository browser.