source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/wsgi/site-b.ini @ 4245

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/wsgi/site-b.ini@4245
Revision 4245, 4.6 KB checked in by pjkersha, 11 years ago (diff)

Working unit tests for WSGI based Attribute Authority.

  • Altered so that all Attribute Config is picked up from the Paste ini file. Separate cfg or xml based config file is still supported.

TODO:

  • Simplify unit test config for client.
Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2008 CCLRC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12
13[DEFAULT]
14# WS-Security settings in THIS file
15wsseCfgFilePath = %(here)s/site-a.ini
16wsseCfgFileSection = WS-Security
17
18# Attribute Authority settings
19# 'name' setting MUST agree with map config file 'thisHost' name attribute
20attributeAuthority.name: Site B
21
22# Lifetime is measured in seconds
23attributeAuthority.attCertLifetime: 28800 
24
25# Allow an offset for clock skew between servers running
26# security services. NB, measured in seconds - use a minus sign for time in the
27# past
28attributeAuthority.attCertNotBeforeOff: 0
29
30# All Attribute Certificates issued are recorded in this dir
31attributeAuthority.attCertDir: $NDGSEC_AACLNT_UNITTEST_DIR/attCertLog
32
33# Files in attCertDir are stored using a rotating file handler
34# attCertFileLogCnt sets the max number of files created before the first is
35# overwritten
36attributeAuthority.attCertFileName: ac.xml
37attributeAuthority.attCertFileLogCnt: 16
38attributeAuthority.dnSeparator:/
39
40# Location of role mapping file
41attributeAuthority.mapConfigFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteBMapConfig.xml
42
43# Settings for custom AAUserRoles derived class to get user roles for given
44# user ID
45attributeAuthority.userRolesModFilePath: $NDGSEC_AACLNT_UNITTEST_DIR
46attributeAuthority.userRolesModName: siteBUserRoles
47attributeAuthority.userRolesClassName: TestUserRoles
48
49# Config for XML signature of Attribute Certificate
50attributeAuthority.signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key
51attributeAuthority.signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt
52attributeAuthority.caCertFilePathList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
53
54[server:main]
55use = egg:Paste#http
56host = 0.0.0.0
57port = 5100
58
59[app:mainApp]
60paste.app_factory = ndg.security.test.attAuthority.wsgi.siteBServerApp:app_factory
61
62# Chain of SOAP Middleware filters
63[pipeline:main]
64pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter wsseSignatureFilter mainApp
65
66
67[filter:AttributeAuthorityFilter]
68paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
69ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
70ServiceSOAPBindingPropPrefix = AttributeAuthority
71AttributeAuthority.propPrefix = attributeAuthority
72AttributeAuthority.propFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/wsgi/site-b.ini
73referencedFilters = wsseSignatureVerificationFilter01
74path = /AttributeAuthority
75enableWSDLQuery = True
76charset = utf-8
77
78[filter:wsseSignatureVerificationFilter]
79paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
80filterID = wsseSignatureVerificationFilter01
81
82[filter:wsseSignatureFilter]
83paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
84# Last filter in chain SOAP handlers writes the response
85writeResponse = True
86
87
88[WS-Security]
89#
90# OUTBOUND MESSAGE CONFIG
91
92# Signature of an outbound message
93
94# Certificate associated with private key used to sign a message.  The sign
95# method will add this to the BinarySecurityToken element of the WSSE header. 
96signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt
97
98# PEM encoded private key file
99signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key
100
101# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
102# signed message.  See __setReqBinSecTokValType method and binSecTokValType
103# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
104# give full namespace to alternative - see
105# ZSI.wstools.Namespaces.OASIS.X509TOKEN
106#
107# binSecTokValType determines whether signingCert or signingCertChain
108# attributes will be used.
109reqBinSecTokValType=X509v3
110
111# Add a timestamp element to an outbound message
112addTimestamp=True
113
114# For WSSE 1.1 - service returns signature confirmation containing signature
115# value sent by client
116applySignatureConfirmation=False
117
118#
119# INBOUND MESSAGE CONFIG
120
121# Provide a space separated list of file paths
122caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
123
124# Logging configuration
125[loggers]
126keys = root, ndg
127
128[handlers]
129keys = console
130
131[formatters]
132keys = generic
133
134[logger_root]
135level = INFO
136handlers = console
137
138[logger_ndg]
139level = DEBUG
140handlers =
141qualname = ndg
142
143[handler_console]
144class = StreamHandler
145args = (sys.stderr,)
146level = NOTSET
147formatter = generic
148
149[formatter_generic]
150format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
151datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.