source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml @ 2289

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml@2289
Revision 2289, 1.4 KB checked in by pjkersha, 13 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py,
python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.
xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: experimented with omitting signature PKI settings.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml:
set serverCNprefix element to host/ for this MyProxy? installations server cert.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
altered for account on this machine.

python/ndg.security.common/setup.py: slight change to Python 2.5 check for
ElementTree inclusion

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<AAprop>
3    <name>Site A</name>
4    <portNum>5000</portNum>
5    <useSSL></useSSL> <!-- leave blank to use http -->
6    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile>
7    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile>
8    <sslKeyPwd>Junk</sslKeyPwd>
9    <useSignatureHandler></useSignatureHandler> <!-- leave blank for no signature -->
10    <certFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</certFile>
11    <keyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</keyFile>
12    <keyPwd>Junk</keyPwd>
13    <caCertFile>$NDGSEC_AA_UNITTEST_DIR/cacert.pem</caCertFile>
14    <!--
15    Set the certificate used to verify the signature of messages from the
16    client.  This can usually be left blank since the client is expected to
17    include the cert with the signature in the inbound SOAP message
18    -->
19    <clntCertFile></clntCertFile>   
20    <attCertLifetime>28800</attCertLifetime>
21    <attCertNotBeforeOff>0</attCertNotBeforeOff>
22    <attCertFilePfx>ac-</attCertFilePfx>
23    <attCertFileSfx>.xml</attCertFileSfx>
24    <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile>
25    <attCertDir>$NDGSEC_AA_UNITTEST_DIR</attCertDir>
26    <dnSeparator>/</dnSeparator>
27    <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath>
28    <userRolesModName>siteAUserRoles</userRolesModName>
29    <userRolesClassName>TestUserRoles</userRolesClassName>
30    <userRolesPropFile></userRolesPropFile>
31</AAprop>
Note: See TracBrowser for help on using the repository browser.