source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/invalidSiteAAttAuthorityProperties.xml @ 4131

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/invalidSiteAAttAuthorityProperties.xml@4131
Revision 4131, 3.8 KB checked in by cbyrom, 11 years ago (diff)

Create new utility package with class, ConfigFileParsers? - a utility
class with parsers for XML and INI style config files. This takes
a filename, together with an optional dictionary of valid keys (to
check for invalid config inputs) + optional section list (to restrict
parsing of INI files to particular sections) and returns a
dictionary of read in properties. NB, if valid keys are specified
and not featured in the prop file, default values are set up in the
returned property dict.
Implemented use of the ConfigFileParsers? in the AttAuthority? service.
Added new testsuite (together with noseTests class to drive tests) to
exercise the new parsers in the context of the AttAuthority? section +
added test config files.

Line 
1# Configuration file for Attribute Authority Server
2#
3# NERC Data Grid Project
4#
5# C Byrom 20/08/08
6#
7# Copyright (C) 2008 CCLRC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
13# 'name' setting MUST agree with map config file 'thisHost' name attribute
14name: Site A
15
16# the port number the service is to run on
17portNum: 5000
18
19# Flag for SSL - set to something to stipulate http, leave blank to use http
20useSSL:
21
22# X.509 certificate for SSL connections - ignored if useSSL is blank
23sslCertFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt
24
25# Private key file for SSL  - ignored if useSSL is blank
26sslKeyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key
27
28# Password protecting private SSL key - leave blank if none set
29sslKeyPwd:
30
31# Directory containing CA cert.s to verify SSL peer cert against - ignored if
32# useSSL is blank
33sslCACertDir: $NDGSEC_AACLNT_UNITTEST_DIR/ca
34
35# CA Certificates used to verify X.509 certs used in Attribute Certificates.
36# The CA certificates of other NDG trusted sites should go here.  NB, multiple
37# values should be delimited by a space
38caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem
39
40# Leave blank for NO SOAP signature
41useSignatureHandler: Yes
42
43# Set the certificate used to verify the signature of messages from the
44# client.  This can usually be left blank since the client is expected to
45# include the cert with the signature in the inbound SOAP message
46clntCertFile:
47# Lifetime is measured in seconds
48attCertLifetime: 28800
49# Allow an offset for clock skew between servers running
50# security services. NB, measured in seconds - use a minus sign for time in the past
51attCertNotBeforeOff: 0
52# All Attribute Certificates issued are recorded in this dir
53attCertDir: $NDGSEC_AACLNT_UNITTEST_DIR/attCertLog
54# Files in attCertDir are stored using a rotating file handler
55# attCertFileLogCnt sets the max number of files created before the first is overwritten
56attCertFileName: ac.xml
57attCertFileLogCnt: 16
58dnSeparator:/
59
60# Location of role mapping file
61mapConfigFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteAMapConfig.xml
62
63# Settings for custom AAUserRoles derived class to get user roles for given user ID
64userRolesModFilePath: $NDGSEC_AACLNT_UNITTEST_DIR
65userRolesModName: siteAUserRoles
66userRolesClassName: TestUserRoles
67userRolesPropFile:
68
69
70#
71# SOAP Signature Handler settings
72[WS-Security]
73#
74# OUTBOUND MESSAGE CONFIG
75
76# Signature of an outbound message
77
78# Certificate associated with private key used to sign a message.  The sign
79# method will add this to the BinarySecurityToken element of the WSSE header. 
80# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
81# As an alternative, use signingCertChain - see below...
82
83# PEM encoded cert
84certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt
85
86# ... or provide file path to PEM encoded private key file
87keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key
88
89# Password protecting private key.  Leave blank if there is no password.
90keyPwd=
91
92# Inclusive namespace prefixes Canonicalisation of reference elements -
93# space separated list e.g. refC14nInclNS=wsse ds ns1
94wssRefInclNS:
95
96# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
97# same format as the above
98wssSignedInfoInclNS:
99
100
101# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
102# signed message.  See __setReqBinSecTokValType method and binSecTokValType
103# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
104# give full namespace to alternative - see
105# ZSI.wstools.Namespaces.OASIS.X509TOKEN
106#
107# binSecTokValType determines whether signingCert or signingCertChain
108# attributes will be used.
109reqBinSecTokValType: X509v3
110
111# For WSSE 1.1 - service returns signature confirmation containing signature
112# value sent by client
113applySignatureConfirmation: True
114
115
Note: See TracBrowser for help on using the repository browser.