source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/wssecurity.cfg @ 4096

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/wssecurity.cfg@4096
Revision 4096, 3.3 KB checked in by cbyrom, 11 years ago (diff)

Add the CA certificate used by the java clients to the python echo service.

Line 
1# Configuration file for WS-Security settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 01/04/08
6#
7# Copyright (C) 2008 CCLRC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12# TODO: Refactor option names - put into inbound and outbound sections / apply
13# namespace prefixes to better categorise
14[DEFAULT]
15
16#
17# OUTBOUND MESSAGE CONFIG
18
19# Signature of an outbound message
20
21# Certificate associated with private key used to sign a message.  The sign
22# method will add this to the BinarySecurityToken element of the WSSE header. 
23# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
24# As an alternative, use signingCertChain - see below...
25
26# Provide the PEM encoded content here
27signingCert=
28
29# ... or provide file path PEM encode cert here
30signingCertFilePath=$NDGSEC_WSSESRV_UNITTEST_DIR/server.crt
31
32# Pass a list of certificates ',' separated PEM encoded certs constituting a
33# chain of trust from the certificate used to verifying the signature backward
34# to the CA cert.  The CA cert need not be included.  To use this option,
35# reqBinSecTokValType must be set to the X509PKIPathv1
36signingCertChain=
37
38# PEM encoded content of private key file used by sign method to sign message
39signingPriKey=
40
41# ... or provide file path to PEM encoded private key file
42signingPriKeyFilePath=$NDGSEC_WSSESRV_UNITTEST_DIR/server.key
43
44# Password protecting private key.  Leave blank if there is no password.
45signingPriKeyPwd=
46
47# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
48# signed message.  See __setReqBinSecTokValType method and binSecTokValType
49# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
50# give full namespace to alternative - see
51# ZSI.wstools.Namespaces.OASIS.X509TOKEN
52#
53# binSecTokValType determines whether signingCert or signingCertChain
54# attributes will be used.
55reqBinSecTokValType=X509v3
56
57# Add a timestamp element to an outbound message
58addTimestamp=True
59
60# For WSSE 1.1 - service returns signature confirmation containing signature
61# value sent by client
62applySignatureConfirmation=True
63
64# Inclusive namespace prefixes - for Exclusive Canonicalisation only
65# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
66
67# Inclusive namespace prefixes Canonicalisation of reference elements -
68# space separated list e.g. refC14nInclNS=wsse ds ns1
69refC14nInclNS=
70
71# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
72# same format as the above
73signedInfoC14nInclNS=
74
75#
76# INBOUND MESSAGE CONFIG
77
78# X.509 certificate used by verify method to verify a message.  This argument
79# can be omitted if the message to be verified contains the X.509 certificate
80# in the BinarySecurityToken element.  In this case, the cert read from the
81# message will be assigned to the verifyingCert attribute.
82
83# Provide the PEM encoded content here
84verifyingCert=
85
86# ... or provide file path PEM encode cert here
87verifyingCertFilePath=
88
89# Set CA certificates for verification of chain of trust for inbound messages
90# Set a directory from which to pick up CA cert files or ...
91caCertDirPath=
92
93# Provide a space separated list of file paths
94# - NB, the two CA certificates are for the python and the java clients, respectively
95caCertFilePathList=$NDGSEC_WSSESRV_UNITTEST_DIR/ndg-test-ca.crt $NDGSEC_WSSESRV_UNITTEST_DIR/cacert.pem
Note: See TracBrowser for help on using the repository browser.