source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml @ 2437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml@2437
Revision 2437, 2.8 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • soap_disconnect: added call to SessionMgr?.disconnect, added logic for retrieving ID from cert.

used with WS-Security signature.

  • add code to check for useSignatureHandler config param. If this flag is set, get user ID from

cert in WS-Security header

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml,
ndg.security.server/ndg/security/server/SessionMgr/init.py: added "useSignatureHandler" parameter
to properties file elements.

www/html/sessionMgr.wsdl,
ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py: removed userCert
argument. - This is not needed as cert chain can be passed in by setting #X509PKIPathv1 for
BinarySecurityToken?.

ndg.security.client/ndg/security/client/ndgSessionClient.py: started on updates from alpha version -
--req-autho flag is now --req-attr

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg: added more tests for signature
verification tests.

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py: removed userCert arg from
disconnect call. It's passed in the signature in the WS-Security header.

ndg.security.common/ndg/security/common/XMLSec.py: fixed bug in applyEnvelopedSignature - removed
incorrect strip call from digest calc:

calcSignedInfoDigestValue = sha(signedInfoC14n).digest()#.strip()


ndg.security.common/ndg/security/common/SessionMgr/init.py: Session Manager client code -
remove refs to "userCert" for disconnect and connect calls. It's passed in the WS-Security header
instead.

ndg.security.common/ndg/security/common/wsSecurity.py: comment - query whitespace strip in
extraction of calculated signature value from message "b64EncSignatureValue".

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum>5700</portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile>
6    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile>
7    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
8    <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
9    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</certFile>
10    <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</keyFile>
11    <keyPwd/>
12    <!--
13    Set the certificate used to verify the signature of messages from the
14    client.  This can usually be left blank since the client is expected to
15    include the cert with the signature in the inbound SOAP message
16    -->
17    <clntCertFile></clntCertFile>   
18    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey>
19    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
20    <cookieDomain></cookieDomain>
21        <myProxyProp>
22                <!--
23                Delete this element and take setting from MYPROXY_SERVER environment
24                variable if required
25                <hostname>localhost</hostname>
26                -->
27                <!--
28                Delete this element to take default setting 7512 or read
29                MYPROXY_SERVER_PORT setting
30                -->
31                <port>7512</port>
32                <!--
33                Useful if hostname and certificate CN don't match correctly.  Globus
34                host DN is set to "host/<fqdn>".  Delete this element and set from
35                MYPROXY_SERVER_DN environment variable if prefered
36                <serverDN></serverDN>
37                -->
38                <!--
39                Set "host/" prefix to host cert CN as is default with globus
40                -->
41                <serverCNprefix>host/</serverCNprefix> 
42                <!--
43                Nb. GRID_SECURITY_DIR environment variable if set, overrides this
44                setting
45               
46                This directory path is used to locate the OpenSSL configuration file
47                -->
48                <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
49                <!-- Open SSL Configuration settings -->
50                <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
51                <tmpDir>/tmp</tmpDir>
52                <!--
53                        Limit on maximum lifetime any proxy certificate can have -
54                        specified when a certificate is first created by store() method
55                -->
56                <proxyCertMaxLifetime>24</proxyCertMaxLifetime> <!-- in hours -->
57                <!--
58                        Life time of a proxy certificate when issued from the Proxy Server
59                        with getDelegation() method
60                        -->
61                <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours -->
62                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
63        </myProxyProp>
64        <simpleCACltProp>
65            <uri></uri>
66        <xmlSigKeyFile></xmlSigKeyFile>
67        <xmlSigCertFile></xmlSigCertFile>
68        <xmlSigCertPwd></xmlSigCertPwd>
69    </simpleCACltProp>
70    <credReposProp>
71            <modFilePath></modFilePath>
72            <modName>ndg.security.common.CredWallet</modName>
73            <className>NullCredRepos</className>
74            <propFile></propFile>
75    </credReposProp>
76</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.