source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg @ 4111

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg@4131
Revision 4111, 6.9 KB checked in by cbyrom, 12 years ago (diff)

Adjust the various test config files slightly - including the newly
available input params to set signature confimation and binsectok
value type + add extra trouble shooting info for running the tests.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9
10[setUp]
11# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
12# setting for test6GetMappedAttCert
13uri = http://localhost:4900/AttributeAuthority
14
15# For https connections only.  !Omit ssl* settings if using http!
16# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
17# same as peer hostname.
18sslpeercertcn = AttributeAuthority
19sslcacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
20
21# Site A Attribute Authority X.509 certificate used by WS-Security signature
22# handler to verify signature of messages returned from the Attribute Authority
23# This can normally be omitted because the Attribute Authority returns this
24# certificate in it's response anyway
25#aacertfilepath =
26
27# Set to False to test service without WS-Security signature
28setsignaturehandler = True
29
30# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
31# one which applies ...
32
33# Specifies token is an X.509 certificate
34#reqbinsectokvaltype = X509
35
36# Stipulate X.509 version 3 format
37reqbinsectokvaltype = X509v3
38
39# Specify multiple certificates in a chain of trust.  Use this setting for
40# proxy certificates where a certificate chain consisting of user certificate
41# and proxy certificate is required to secure trust back to the
42# CA: <- User Certificate <- Proxy Certificate
43#reqbinsectokvaltype = X509PKIPathv1
44
45# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
46# This certificate is expected to contain a certificate chain of proxy
47# certificate and user certificate that issued it.  The default is test.crt,
48# a standard certificate.  The certificate returned from the MyProxy unit test
49# could be used in place of it here.
50#
51# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
52# AttAuthorityClientTest.py to default to the same directory as the script
53clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
54
55# Client private key
56clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
57
58# Set password for private key - leave blank if no password is set or comment
59# out to be prompted for it from the command line
60clntprikeypwd = 
61
62# Space separated list of CA certificate files used to verify certificate used
63# in message signature / peer cert in SSL connection
64cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem
65
66# Inclusive namespaces for Exclusive C14N
67#wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1
68#wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec
69wssRefInclNS: 
70wssSignedInfoInclNS: 
71
72[test3GetTrustedHostInfo]
73role = postgrad
74# Set an alternative role here to test no matching role found exception
75#role = blah
76 
77[test5GetAttCert]
78# If clntcertfilepath is a proxy set this cert as the one that issued the
79# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
80#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/user-cert.pem
81
82# Test with no digital signature applied
83#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem
84# Setup for use by testGetMappedAttCert test
85attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
86
87[test6GetAttCertWithUserIdSet]
88userId = system
89# Comment out if SignatureHandler is being used
90#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt
91
92[test7GetMappedAttCert]
93# Set to False to test service without WS-Security signature
94setsignaturehandler = True
95
96# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
97# one which applies ...
98
99# Specifies token is an X.509 certificate
100#reqbinsectokvaltype = X509
101
102# Stipulate X.509 version 3 format
103reqbinsectokvaltype = X509v3
104
105# Specify multiple certificates in a chain of trust.  Use this setting for
106# proxy certificates where a certificate chain consisting of user certificate
107# and proxy certificate is required to secure trust back to the
108# CA: <- User Certificate <- Proxy Certificate
109#reqbinsectokvaltype = X509PKIPathv1
110
111# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
112# This certificate is expected to contain a certificate chain of proxy
113# certificate and user certificate that issued it.  The default is test.crt,
114# a standard certificate.  The certificate returned from the MyProxy unit test
115# could be used in place of it here.
116#
117# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
118# AttAuthorityClientTest.py to default to the same directory as the script
119clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
120
121# Set password for private key - leave blank if no password is set or comment
122# out to be prompted for it from the command line
123clntprikeypwd = 
124clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
125
126# Space separated list of CA certificate files used to verify certificate used
127# in message signature
128cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
129
130uri = http://localhost:5100/AttributeAuthority
131# Heath Data Server
132#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
133# Marine Data Server
134#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
135userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
136
137mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml
138
139[test8GetMappedAttCertStressTest]
140# Set to False for no signature handling
141setSignatureHandler = True
142
143# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
144# one which applies ...
145
146# Specifies token is an X.509 certificate
147#reqbinsectokvaltype = X509
148
149# Stipulate X.509 version 3 format
150reqbinsectokvaltype = X509v3
151
152# Specify multiple certificates in a chain of trust.  Use this setting for
153# proxy certificates where a certificate chain consisting of user certificate
154# and proxy certificate is required to secure trust back to the
155# CA: <- User Certificate <- Proxy Certificate
156#reqbinsectokvaltype = X509PKIPathv1
157
158# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
159# This certificate is expected to contain a certificate chain of proxy
160# certificate and user certificate that issued it.  The default is test.crt,
161# a standard certificate.  The certificate returned from the MyProxy unit test
162# could be used in place of it here.
163#
164# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
165# AttAuthorityClientTest.py to default to the same directory as the script
166clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
167
168# Set password for private key - leave blank if no password is set or comment
169# out to be prompted for it from the command line
170clntprikeypwd = 
171clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
172
173# Space separated list of CA certificate files used to verify certificate used
174# in message signature
175cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
176
177uri = http://localhost:5100/AttributeAuthority
178userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
179
180
Note: See TracBrowser for help on using the repository browser.