source: TI12-security/trunk/python/ @ 2289

Subversion URL:
Revision 2289, 1.4 KB checked in by pjkersha, 13 years ago (diff)

modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ experimented with omitting signature PKI settings.

set serverCNprefix element to host/ for this MyProxy? installations server cert.

altered for account on this machine.

python/ slight change to Python 2.5 check for
ElementTree inclusion

SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

1<?xml version="1.0" encoding="utf-8"?>
3        <!--
4        Delete this element and take setting from MYPROXY_SERVER environment
5        variable if required
6        <hostname>localhost</hostname>
7        -->
8        <!--
9        Delete this element to take default setting 7512 or read
10        MYPROXY_SERVER_PORT setting
11        -->
12        <port>7512</port>
13        <!--
14        Useful if hostname and certificate CN don't match correctly.  Globus host
15        CN is usually set to "host/<fqdn>".  Delete this element and set from
16        MYPROXY_SERVER_DN environment variable if prefered
17        <serverDN>/O=NDG/OU=sstljak/CN=host/sstljak</serverDN>
18        -->
19        <!--
20        Set "host/" prefix to host cert CN as is default with globus
21        -->
22        <serverCNprefix>host/</serverCNprefix> 
23        <!--
24        Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting
26        This directory path is used to locate the OpenSSL configuration file
27        -->
28        <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
29        <!-- Open SSL Configuration settings -->
30        <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
31        <tmpDir>/tmp</tmpDir>
32        <!--
33                Limit on maximum lifetime any proxy certificate can have - specified
34            when a certificate is first created by store() method
35        -->
36        <!--
37        <proxyCertMaxLifetime></proxyCertMaxLifetime>
38        -->
39        <!--
40                Life time of a proxy certificate when issued from the Proxy Server with
41                getDelegation() method
42                -->
43        <!--
44        <proxyCertLifetime></proxyCertLifetime>
45        -->
46        <caCertFile>cacert.pem</caCertFile>
Note: See TracBrowser for help on using the repository browser.