source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml @ 3135

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml@3135
Revision 3135, 3.4 KB checked in by pjkersha, 12 years ago (diff)

Working Attribute Authority unit tests with WS-Security multiple CAs support. This will be needed for deployment of MyProxy? with Simple CA at partner sites.

Added CA cert and certs and keys for a *TEST* CA for use with unit tests. This CA is NOT for production use.

python/ndg.security.server/setup.py: include .crt certs in conf/ package data

python/ndg.security.server/ndg/security/server/AttAuthority/init.py: added sslCACertDir param. It enables M2Crypto SSL server side to pick up multiple CA certs for a dir.

python/ndg.security.server/ndg/security/server/conf/certs/ca/init.py: make new ca/ dir a package so that it's exported with egg package data.

python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
python/ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • alter WS-Security SOAP handler init to accept multiple CA certs.
  • load multiple CA certs from sslCACertDir key of SessionMgr/AttAuthority? instance

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

  • added new sslCACertDir elem
  • fixed caCertFile - only single elem required

python/ndg.security.test/setup.py: include TEST CA and certs and keys issued from it for use in unit tests. These are fro test only.

python/ndg.security.test/ndg/security/test/AttAuthority/ca/ndg-test-ca.crt,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.key,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.crt: test CA certs and key.

python/ndg.security.test/ndg/security/test/AttAuthority/init.py: fix description

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: ditto + added NDGSEC_INT_DEBUG env var option

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: fixed for new location of CA cert in ca/ sub-dir

python/ndg.security.test/ndg/security/test/sessionMgrClient/ca/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/ca/init.py,
python/ndg.security.test/ndg/security/test/AttAuthority/ca/init.py: ensure ca/ dir gets included in egg package data

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum>5700</portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <!--<useSSL>Yes</useSSL>  leave blank to use http -->
6    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</sslCertFile>
7    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</sslKeyFile>
8    <!--
9    Directory containing CA cert.s to verify SSL peer cert against
10     - ignored if useSSL is blank
11    -->
12    <sslCACertDir>$NDGSEC_SM_UNITTEST_DIR/ca</sslCACertDir>
13    <!--
14    PKI settings for WS-Security signature of outbound SOAP messages
15    -->
16    <!--
17    PKI settings for signature of outbound SOAP messages
18    -->
19    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
20    <!--
21    CA Certificates used to verify X.509 certs used in peer SOAP messages,
22    SSL connections and Attribute Certificates
23    -->
24    <caCertFileList>
25        <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
26    </caCertFileList>
27    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm-cert.pem</certFile>
28    <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm-key.pem</keyFile>
29    <keyPwd/>
30    <!--
31    Set the certificate used to verify the signature of messages from the
32    client.  This can usually be left blank since the client is expected to
33    include the cert with the signature in the inbound SOAP message
34    -->
35    <clntCertFile></clntCertFile>   
36    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey>
37    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
38    <cookieDomain></cookieDomain>
39        <myProxyProp>
40                <!--
41                Delete this element and take setting from MYPROXY_SERVER environment
42                variable if required
43                <hostname>localhost</hostname>
44                -->
45                <!--
46                Delete this element to take default setting 7512 or read
47                MYPROXY_SERVER_PORT setting
48                -->
49                <port>7512</port>
50                <!--
51                Useful if hostname and certificate CN don't match correctly.  Globus
52                host DN is set to "host/<fqdn>".  Delete this element and set from
53                MYPROXY_SERVER_DN environment variable if prefered
54                <serverDN></serverDN>
55                -->
56                <!--
57                Set "host/" prefix to host cert CN as is default with globus
58                -->
59                <!--
60                This directory path is used to locate the OpenSSL configuration file
61               
62                The settings are used to set up the defaults for the Distinguished Name of
63                the new proxy cert. issued
64               
65                GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
66                but the settings can be independent of any Globus installation
67                -->
68                <openSSLConfFilePath>$NDGSEC_SM_UNITTEST_DIR/openssl.conf</openSSLConfFilePath>
69                <tmpDir>/tmp</tmpDir>
70                <!--
71                        Limit on maximum lifetime any proxy certificate can have -
72                        specified when a certificate is first created by store() method
73                -->
74                <proxyCertMaxLifetime>24</proxyCertMaxLifetime> <!-- in hours -->
75                <!--
76                        Life time of a proxy certificate when issued from the Proxy Server
77                        with getDelegation() method
78                        -->
79                <proxyCertLifetime>8</proxyCertLifetime> <!-- in hours -->
80                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/cacert.pem</caCertFile>
81        </myProxyProp>
82        <simpleCACltProp>
83            <uri></uri>
84        <xmlSigKeyFile></xmlSigKeyFile>
85        <xmlSigCertFile></xmlSigCertFile>
86        <xmlSigCertPwd></xmlSigCertPwd>
87    </simpleCACltProp>
88    <credReposProp>
89            <modFilePath></modFilePath>
90            <modName>ndg.security.common.CredWallet</modName>
91            <className>NullCredRepos</className>
92            <propFile></propFile>
93    </credReposProp>
94</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.