source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/test_attributeauthority.cfg @ 4654

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthority/test_attributeauthority.cfg@4654
Revision 4654, 2.8 KB checked in by pjkersha, 11 years ago (diff)

#884: add capability to X509Cert.isValidTime to warn when X.509 certificates are due to expire within a certain time limit (default 30 days). isValidTime is now called from read and parsing routines. warnings.warn and logging.warning are called so logs from security services will display the messages.

Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 STFC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9
10[setUp]
11# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
12# setting for test6GetMappedAttCert
13propFilePath=$NDGSEC_AA_UNITTEST_DIR/siteA/siteAAttAuthority.cfg
14
15# For https connections only.  !Omit ssl* settings if using http!
16# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
17# same as peer hostname.
18sslPeerCertCN = AttributeAuthority
19sslCACertFilePathList = $NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt
20
21[test02GetTrustedHostInfo]
22role = postgrad
23
24[test03GetTrustedHostInfoWithNoMatchingRoleFound]
25# Set an alternative role to test no matching role found exception
26role = blah
27 
28[test06GetAttCert]
29# If clntcertfilepath is a proxy set this cert as the one that issued the
30# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
31#issuingclntcertfilepath = $NDGSEC_AA_UNITTEST_DIR/user-cert.pem
32
33# Test with no digital signature applied
34#issuingclntcertfilepath = $NDGSEC_AA_UNITTEST_DIR/proxy-cert.pem
35
36# Setup for use by test08GetMappedAttCert test
37attCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml
38
39[test07GetAttCertWithUserIdSet]
40userId = system
41attCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt-test6.xml
42
43[test08GetMappedAttCert]
44uri = http://localhost:5100/AttributeAuthority
45userAttCertFilePath = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml
46mappedAttCertFilePath = $NDGSEC_AA_UNITTEST_DIR/mapped-ac.xml
47
48[test09GetMappedAttCertStressTest]
49uri = http://localhost:5100/AttributeAuthority
50userAttCertFilePathList = $NDGSEC_AA_UNITTEST_DIR/ac-clnt.xml
51
52[wsse]
53# WS-Security settings for unit test AA clients
54#
55# OUTBOUND MESSAGE CONFIG
56
57# Signature of an outbound message
58
59# Certificate associated with private key used to sign a message.  The sign
60# method will add this to the BinarySecurityToken element of the WSSE header. 
61signingCertFilePath=$NDGSEC_AA_UNITTEST_DIR/test.crt
62
63# PEM encoded private key file
64signingPriKeyFilePath=$NDGSEC_AA_UNITTEST_DIR/test.key
65
66# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
67# signed message.  See __setReqBinSecTokValType method and binSecTokValType
68# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
69# give full namespace to alternative - see
70# ZSI.wstools.Namespaces.OASIS.X509TOKEN
71#
72# binSecTokValType determines whether signingCert or signingCertChain
73# attributes will be used.
74reqBinSecTokValType=X509v3
75
76# Add a timestamp element to an outbound message
77addTimestamp=True
78
79# For WSSE 1.1 - service returns signature confirmation containing signature
80# value sent by client
81applySignatureConfirmation=False
82
83#
84# INBOUND MESSAGE CONFIG
85
86# Provide a space separated list of file paths
87caCertFilePathList=$NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt
88
Note: See TracBrowser for help on using the repository browser.