source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg @ 4238

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg@4238
Revision 4238, 6.7 KB checked in by pjkersha, 11 years ago (diff)

Working unit tests for WSGI based Attribute Authority. TODO:

  • test with Attribute Authority properties picked up from ini file instead of XML properties file (code supports both methods)
  • refactor unit test config to use standard WS-Security config section
Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9
10[setUp]
11# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
12# setting for test6GetMappedAttCert
13uri = http://localhost:4900/AttributeAuthority
14
15# For https connections only.  !Omit ssl* settings if using http!
16# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
17# same as peer hostname.
18sslpeercertcn = AttributeAuthority
19sslcacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
20
21# Site A Attribute Authority X.509 certificate used by WS-Security signature
22# handler to verify signature of messages returned from the Attribute Authority
23# This can normally be omitted because the Attribute Authority returns this
24# certificate in it's response anyway
25#aacertfilepath =
26
27# Set to False to test service without WS-Security signature
28setsignaturehandler = True
29
30# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
31# one which applies ...
32
33# Specifies token is an X.509 certificate
34#reqbinsectokvaltype = X509
35
36# Stipulate X.509 version 3 format
37reqbinsectokvaltype = X509v3
38
39# Specify multiple certificates in a chain of trust.  Use this setting for
40# proxy certificates where a certificate chain consisting of user certificate
41# and proxy certificate is required to secure trust back to the
42# CA: <- User Certificate <- Proxy Certificate
43#reqbinsectokvaltype = X509PKIPathv1
44
45# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
46# This certificate is expected to contain a certificate chain of proxy
47# certificate and user certificate that issued it.  The default is test.crt,
48# a standard certificate.  The certificate returned from the MyProxy unit test
49# could be used in place of it here.
50#
51# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
52# AttAuthorityClientTest.py to default to the same directory as the script
53clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
54
55# Client private key
56clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
57
58# Set password for private key - leave blank if no password is set or comment
59# out to be prompted for it from the command line
60clntprikeypwd = 
61
62# Space separated list of CA certificate files used to verify certificate used
63# in message signature / peer cert in SSL connection
64cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem
65
66# Inclusive namespaces for Exclusive C14N
67#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1
68#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec
69refC14nInclNS: 
70signedInfoC14nInclNS: 
71
72[test3GetTrustedHostInfo]
73role = postgrad
74# Set an alternative role here to test no matching role found exception
75#role = blah
76 
77[test5GetAttCert]
78# If clntcertfilepath is a proxy set this cert as the one that issued the
79# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
80#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/user-cert.pem
81
82# Test with no digital signature applied
83#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem
84# Setup for use by testGetMappedAttCert test
85attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
86
87[test6GetAttCertWithUserIdSet]
88userId = system
89# Comment out if SignatureHandler is being used
90#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt
91
92[test7GetMappedAttCert]
93# Set to False to test service without WS-Security signature
94setsignaturehandler = True
95
96# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
97# one which applies ...
98
99# Specifies token is an X.509 certificate
100#reqbinsectokvaltype = X509
101
102# Stipulate X.509 version 3 format
103reqbinsectokvaltype = X509v3
104
105# Specify multiple certificates in a chain of trust.  Use this setting for
106# proxy certificates where a certificate chain consisting of user certificate
107# and proxy certificate is required to secure trust back to the
108# CA: <- User Certificate <- Proxy Certificate
109#reqbinsectokvaltype = X509PKIPathv1
110
111# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
112# This certificate is expected to contain a certificate chain of proxy
113# certificate and user certificate that issued it.  The default is test.crt,
114# a standard certificate.  The certificate returned from the MyProxy unit test
115# could be used in place of it here.
116#
117# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
118# AttAuthorityClientTest.py to default to the same directory as the script
119clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
120
121# Set password for private key - leave blank if no password is set or comment
122# out to be prompted for it from the command line
123clntprikeypwd = 
124clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
125
126# Space separated list of CA certificate files used to verify certificate used
127# in message signature
128cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
129
130uri = http://localhost:5050/AttributeAuthority
131userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
132
133mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml
134
135[test8GetMappedAttCertStressTest]
136# Set to False for no signature handling
137setSignatureHandler = True
138
139# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
140# one which applies ...
141
142# Specifies token is an X.509 certificate
143#reqbinsectokvaltype = X509
144
145# Stipulate X.509 version 3 format
146reqbinsectokvaltype = X509v3
147
148# Specify multiple certificates in a chain of trust.  Use this setting for
149# proxy certificates where a certificate chain consisting of user certificate
150# and proxy certificate is required to secure trust back to the
151# CA: <- User Certificate <- Proxy Certificate
152#reqbinsectokvaltype = X509PKIPathv1
153
154# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
155# This certificate is expected to contain a certificate chain of proxy
156# certificate and user certificate that issued it.  The default is test.crt,
157# a standard certificate.  The certificate returned from the MyProxy unit test
158# could be used in place of it here.
159#
160# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
161# AttAuthorityClientTest.py to default to the same directory as the script
162clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
163
164# Set password for private key - leave blank if no password is set or comment
165# out to be prompted for it from the command line
166clntprikeypwd = 
167clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
168
169# Space separated list of CA certificate files used to verify certificate used
170# in message signature
171cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
172
173uri = http://localhost:5100/AttributeAuthority
174userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
175
176
Note: See TracBrowser for help on using the repository browser.