1 | # NERC Data Grid Project |
---|
2 | # |
---|
3 | # P J Kershaw 16/01/07 |
---|
4 | # |
---|
5 | # Copyright (C) 2007 STFC |
---|
6 | # |
---|
7 | # This software may be distributed under the terms of the Q Public License, |
---|
8 | # version 1.0 or later. |
---|
9 | |
---|
10 | [setUp] |
---|
11 | # ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this |
---|
12 | # setting for test6GetMappedAttCert |
---|
13 | uri = http://localhost:5000/AttributeAuthority |
---|
14 | |
---|
15 | # With TCP Mon: |
---|
16 | #uri = http://localhost:4999/AttributeAuthority |
---|
17 | |
---|
18 | # For https connections only. !Omit ssl* settings if using http! |
---|
19 | # sslpeercertcn is the expected CommonName of peer cert. Omit if it's the |
---|
20 | # same as peer hostname. |
---|
21 | sslPeerCertCN = AttributeAuthority |
---|
22 | sslCACertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt |
---|
23 | |
---|
24 | [test02GetTrustedHostInfo] |
---|
25 | role = postgrad |
---|
26 | |
---|
27 | [test03GetTrustedHostInfoWithNoMatchingRoleFound] |
---|
28 | # Set an alternative role to test no matching role found exception |
---|
29 | role = blah |
---|
30 | |
---|
31 | [test06GetAttCert] |
---|
32 | # If clntcertfilepath is a proxy set this cert as the one that issued the |
---|
33 | # proxy. Comment out if clntcertfilepath is a standard X.509 cert. |
---|
34 | #issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/user-cert.pem |
---|
35 | |
---|
36 | # Test with no digital signature applied |
---|
37 | #issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem |
---|
38 | |
---|
39 | # Setup for use by test08GetMappedAttCert test |
---|
40 | attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml |
---|
41 | |
---|
42 | [test07GetAttCertWithUserIdSet] |
---|
43 | userId = system |
---|
44 | attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt-test6.xml |
---|
45 | |
---|
46 | [test08GetMappedAttCert] |
---|
47 | uri = http://localhost:5100/AttributeAuthority |
---|
48 | userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml |
---|
49 | mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml |
---|
50 | |
---|
51 | [test09GetMappedAttCertStressTest] |
---|
52 | uri = http://localhost:5100/AttributeAuthority |
---|
53 | userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml |
---|
54 | |
---|
55 | [wsse] |
---|
56 | # WS-Security settings for unit test AA clients |
---|
57 | # |
---|
58 | # OUTBOUND MESSAGE CONFIG |
---|
59 | |
---|
60 | # Signature of an outbound message |
---|
61 | |
---|
62 | # Certificate associated with private key used to sign a message. The sign |
---|
63 | # method will add this to the BinarySecurityToken element of the WSSE header. |
---|
64 | signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/test.crt |
---|
65 | |
---|
66 | # PEM encoded private key file |
---|
67 | signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/test.key |
---|
68 | |
---|
69 | # Set the ValueType for the BinarySecurityToken added to the WSSE header for a |
---|
70 | # signed message. See __setReqBinSecTokValType method and binSecTokValType |
---|
71 | # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or |
---|
72 | # give full namespace to alternative - see |
---|
73 | # ZSI.wstools.Namespaces.OASIS.X509TOKEN |
---|
74 | # |
---|
75 | # binSecTokValType determines whether signingCert or signingCertChain |
---|
76 | # attributes will be used. |
---|
77 | reqBinSecTokValType=X509v3 |
---|
78 | |
---|
79 | # Add a timestamp element to an outbound message |
---|
80 | addTimestamp=True |
---|
81 | |
---|
82 | # For WSSE 1.1 - service returns signature confirmation containing signature |
---|
83 | # value sent by client |
---|
84 | applySignatureConfirmation=False |
---|
85 | |
---|
86 | # |
---|
87 | # INBOUND MESSAGE CONFIG |
---|
88 | |
---|
89 | # Provide a space separated list of file paths |
---|
90 | caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt |
---|
91 | |
---|