source: TI12-security/trunk/python/ @ 3135

Subversion URL:
Revision 3135, 1.8 KB checked in by pjkersha, 13 years ago (diff)

Working Attribute Authority unit tests with WS-Security multiple CAs support. This will be needed for deployment of MyProxy? with Simple CA at partner sites.

Added CA cert and certs and keys for a *TEST* CA for use with unit tests. This CA is NOT for production use.

python/ include .crt certs in conf/ package data

python/ added sslCACertDir param. It enables M2Crypto SSL server side to pick up multiple CA certs for a dir.

python/ make new ca/ dir a package so that it's exported with egg package data.


  • alter WS-Security SOAP handler init to accept multiple CA certs.
  • load multiple CA certs from sslCACertDir key of SessionMgr/AttAuthority? instance


  • added new sslCACertDir elem
  • fixed caCertFile - only single elem required

python/ include TEST CA and certs and keys issued from it for use in unit tests. These are fro test only.

python/ test CA certs and key.

python/ fix description

python/ ditto + added NDGSEC_INT_DEBUG env var option

python/ fixed for new location of CA cert in ca/ sub-dir

python/ ensure ca/ dir gets included in egg package data

1<?xml version="1.0" encoding="utf-8"?>
3    <name>Site A</name>
4    <portNum>5000</portNum>
5    <useSSL></useSSL> <!-- leave blank to use http -->
6    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile>
7    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile>
8    <sslKeyPwd></sslKeyPwd>
9    <!--
10    Directory containing CA cert.s to verify SSL peer cert against
11     - ignored if useSSL is blank
12    -->
13    <sslCACertDir>$NDGSEC_AA_UNITTEST_DIR/ca</sslCACertDir>
14    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
15    <certFile>$NDGSEC_AA_UNITTEST_DIR/siteA-aa.crt</certFile>
16    <keyFile>$NDGSEC_AA_UNITTEST_DIR/siteA-aa.key</keyFile>
17    <keyPwd></keyPwd>
18    <caCertFileList>
19        <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
20        <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/cacert.pem</caCertFile>
21    </caCertFileList>
22    <!--
23    Set the certificate used to verify the signature of messages from the
24    client.  This can usually be left blank since the client is expected to
25    include the cert with the signature in the inbound SOAP message
26    -->
27    <clntCertFile></clntCertFile>   
28    <attCertLifetime>28800</attCertLifetime>
29    <attCertNotBeforeOff>0</attCertNotBeforeOff>
30    <attCertFileName>ac.xml</attCertFileName>
31    <attCertFileLogCnt>16</attCertFileLogCnt>
32    <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile>
33    <attCertDir>$NDGSEC_AA_UNITTEST_DIR/attCertLog</attCertDir>
34    <dnSeparator>/</dnSeparator>
35    <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath>
36    <userRolesModName>siteAUserRoles</userRolesModName>
37    <userRolesClassName>TestUserRoles</userRolesClassName>
38    <userRolesPropFile></userRolesPropFile>
Note: See TracBrowser for help on using the repository browser.