source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWallet.cfg @ 4397

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWallet.cfg@4397
Revision 4397, 2.8 KB checked in by pjkersha, 12 years ago (diff)

Fixes to CredentialWallet?:

  • refactored _getAttCert, _getAATrustedHostInfo and added _getAAHostInfo - fixed capability to query a local AA instance instead of a remote service
  • added ability to configure WS-Security settings via a prefix in the config file in addition to a separate section
  • unittests re-run OK
Line 
1# Configuration file for Credential Wallet Settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 03/10/08
6#
7# Copyright (C) 2008 STFC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11[DEFAULT]
12userId=ndg-user
13userX509Cert=
14userPriKey=
15issuingX509Cert=
16
17# CA certificates for Attribute Certificate signature validation
18caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt
19
20# CA certificates for SSL connection peer cert. validation
21sslCACertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt
22
23# See attAuthority unit tests to get this service running
24attributeAuthorityURI=http://localhost:5000/AttributeAuthority
25# Switch to alt port for testing with tcpmon
26#attributeAuthorityURI=http://localhost:4900/AttributeAuthority
27
28# Omit Credential Repository and use default NullCredentialRepository
29#credentialRepository=
30
31# Allow the Get Attribute Certificate call to try to get a mapped certificate
32# from another organisation trusted by the target Attribute Authority
33mapFromTrustedHosts=True
34rtnExtAttCertList=True
35
36# Refresh an Attribute Certificate, if an existing one in the wallet has only
37# this length of time left before it expires
38attCertRefreshElapse=7200
39
40# Section in this file from which to retrieve WS-Security settings for
41# digital signature of SOAP messages to Attribute Authorities
42#wssCfgSection=WS-Security
43wssCfgPrefix=wssecurity
44
45# WS-Security
46# Signature of an outbound message
47
48# Certificate associated with private key used to sign a message.  The sign
49# method will add this to the BinarySecurityToken element of the WSSE header. 
50# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
51wssecurity.signingCertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.crt
52
53# ... or provide file path to PEM encoded private key file
54wssecurity.signingPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.key
55
56# Password protecting private key.  Leave blank if there is no password.
57wssecurity.signingPriKeyPwd=
58
59# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
60# signed message.  See __setReqBinSecTokValType method and binSecTokValType
61# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
62# give full namespace to alternative - see
63# ZSI.wstools.Namespaces.OASIS.X509TOKEN
64#
65# binSecTokValType determines whether signingCert or signingCertChain
66# attributes will be used.
67wssecurity.reqBinSecTokValType=X509v3
68
69# Add a timestamp element to an outbound message
70wssecurity.addTimestamp=True
71
72# For WSSE 1.1 - service returns signature confirmation containing signature
73# value sent by client
74wssecurity.applySignatureConfirmation=True
75
76#
77# INBOUND MESSAGE CONFIG
78
79# Provide a space separated list of file paths
80wssecurity.caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt
Note: See TracBrowser for help on using the repository browser.