source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg @ 2510

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg@2510
Revision 2510, 973 bytes checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
fix to caCertFilePathList input to SignatureHandler?. Correctly initialise
if not set.

ndg.security.server/ndg/security/server/AttAuthority/init.py:
Corrected error message text for where a user is not registered or no
mapping is available: ref. userId rather than AC holder DN to allow for the
case in DEWS where a userId distinct from a Proxy cert. DN is used.

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py:
added test8GetMappedAttCertStressTest test for WebSphere? integration tests.
It makes multiple calls with different ACs input to check for errors in
signature or verification.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
added additional config params for the above.

ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml and
ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
switched cert ID of test machine.

ndg.security.common/ndg/security/common/X509.py:

  • new X509Cert methods asDER and asPEM to convert to these formats.

toString now calls to asPEM

  • new class X509Stack to wrap M2Crypto.X509.X509_Stack. This includes an

extra method, verifyCertChain, to verify a chain of trust in the certs
contained in the stack.

  • standalone function, X509StackParseFromDER, wraps

M2Crypto.X509.new_stack_from_der

  • fix to X500DN class to enable correct parsing of proxy certificate DNs.

These have multiple CN entries. These are represented by changing the CN
dict entry to a tuple when initialised.

ndg.security.common/ndg/security/common/wsSecurity.py: changes to enable
handling of certificate chains in WSSE BinarySecurityToken? elements. This
will enable use of proxy certificates with signatures as their chain of
trust is proxy cert -> user cert -> CA cert rather than just cert -> CA cert.

types.

BinarySecurityToken? ValueType? to use

  • SignatureHandler?.init includes new signingCertChain keyword.
  • signingCertChain attribute of class enables setting of an X509Stack object

to assign to BinarySecurityToken?.

then Base 64 encode rather than converting into PEM and then having to
strip BEGIN CERT / END CERT delimiters.

to enable check of Canonicalization - REMOVE in future check in.

BinarySecurityToken? ValueTypes? - 'X509PKIPathv1', 'X509' and 'X509v3'

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 13/12/06
4#
5# Copyright (C) 2006 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9[setUp]
10propFilePath: ./myProxyProperties.xml
11
12[test1Store]
13username: raphaelTest
14#username: gabriel
15passphrase:
16certFile: ./user-cert.pem
17keyFile: ./user-key.pem
18ownerCertFile: ./user-cert.pem
19ownerKeyFile: ./user-key.pem
20ownerPassphrase:
21
22[test2GetDelegation]
23username: raphaelTest
24#username: gabriel
25passphrase:
26
27[test3Info]
28#username: sstljakTestUser
29username: gabriel
30ownerCertFile: ./proxy-cert.pem
31ownerKeyFile: ./proxy-key.pem
32ownerPassphrase: None
33
34[test4ChangePassphrase]
35#username: sstljakTestUser
36username: gabriel
37ownerCertFile: ./proxy-cert.pem
38ownerKeyFile: ./proxy-key.pem
39passphrase: 
40newPassphrase:
41ownerPassphrase: None
42
43[test5Destroy]
44#username: sstljakTestUser
45username: gabriel
46ownerCertFile: ./proxy-cert.pem
47ownerKeyFile: ./proxy-key.pem
48ownerPassphrase: None
Note: See TracBrowser for help on using the repository browser.