source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml @ 2530

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml@2530
Revision 2530, 2.8 KB checked in by pjkersha, 13 years ago (diff)

Working Session Manager unit tests for connect and disconmect calls and
getAttCert calls. Correct use of proxy certs with WS-Security signature
interface is also configured.

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
removed blank line

ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml:
added setting for signature handler flag and CA cert

ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • fix to soap_disconnect - call SessionMgr?.deleteUserSession
  • fix to soap_getX509Cert - base64 encode DER format cert output
  • added 'useSignatureHandler' flag to enable WS-Security signature handling

to be omitted if required.

ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • ref to CredWalletInvalidUserX509Cert
  • give explicit keyword names in connect2UserSession method signature
  • raise CredWalletInvalidUserX509Cert if Credential Wallet cert is invalid
  • SessionMgr?.deleteUserSession method - added userSess keyword; fixed userDN

setting to ensure its a string

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
cosmetic changes

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • added _getCertChainFromProxyCertFile method to enable correct proxy cert

loading

  • added caCertFilePathList, reqBinSecTokValType, setSignatureHandler and

signingCertChain keyword settings to SessionMgrClient? initialisation

  • removed duplicated test6bCookieGetMappedAttCert method

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:

  • dropped serverCNprefix element setting - not needed for test certs used.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • added new params caCertFilePathList, reqBinSecTokValType,

setSignatureHandler and proxycertfilepath

ndg.security.common/ndg/security/common/SessionMgr/init.py:

SignatureHandler? to switched on/off

ndg.security.common/ndg/security/common/AttAuthority/init.py: fix to
pydoc for AttAuthorityClient?.init

ndg.security.common/ndg/security/common/CredWallet.py: major fixes for
SessionMgr? - AA calls -

  • CredWalletInvalidUserX509Cert new exception type raised if user cert is

invalid

  • separate setAAuri into a new method createAAClnt
  • getAttCert method can take an aaClnt keyword. This enables the client

object to the AA to call to be passed in. Default is the target AA,
self.aaClnt.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum>5700</portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile>
6    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile>
7    <!--
8    PKI settings for signature of outbound SOAP messages
9    -->
10    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
11    <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
12    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</certFile>
13    <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</keyFile>
14    <keyPwd/>
15    <!--
16    Set the certificate used to verify the signature of messages from the
17    client.  This can usually be left blank since the client is expected to
18    include the cert with the signature in the inbound SOAP message
19    -->
20    <clntCertFile></clntCertFile>   
21    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey>
22    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
23    <cookieDomain></cookieDomain>
24        <myProxyProp>
25                <!--
26                Delete this element and take setting from MYPROXY_SERVER environment
27                variable if required
28                <hostname>localhost</hostname>
29                -->
30                <!--
31                Delete this element to take default setting 7512 or read
32                MYPROXY_SERVER_PORT setting
33                -->
34                <port>7512</port>
35                <!--
36                Useful if hostname and certificate CN don't match correctly.  Globus
37                host DN is set to "host/<fqdn>".  Delete this element and set from
38                MYPROXY_SERVER_DN environment variable if prefered
39                <serverDN></serverDN>
40                -->
41                <!--
42                Set "host/" prefix to host cert CN as is default with globus
43                -->
44                <!--
45                Nb. GRID_SECURITY_DIR environment variable if set, overrides this
46                setting
47               
48                This directory path is used to locate the OpenSSL configuration file
49                -->
50                <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
51                <!-- Open SSL Configuration settings -->
52                <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
53                <tmpDir>/tmp</tmpDir>
54                <!--
55                        Limit on maximum lifetime any proxy certificate can have -
56                        specified when a certificate is first created by store() method
57                -->
58                <proxyCertMaxLifetime>24</proxyCertMaxLifetime> <!-- in hours -->
59                <!--
60                        Life time of a proxy certificate when issued from the Proxy Server
61                        with getDelegation() method
62                        -->
63                <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours -->
64                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
65        </myProxyProp>
66        <simpleCACltProp>
67            <uri></uri>
68        <xmlSigKeyFile></xmlSigKeyFile>
69        <xmlSigCertFile></xmlSigCertFile>
70        <xmlSigCertPwd></xmlSigCertPwd>
71    </simpleCACltProp>
72    <credReposProp>
73            <modFilePath></modFilePath>
74            <modName>ndg.security.common.CredWallet</modName>
75            <className>NullCredRepos</className>
76            <propFile></propFile>
77    </credReposProp>
78</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.