source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/foursuite/server/wssecurity.cfg @ 5053

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/foursuite/server/wssecurity.cfg@5053
Revision 5053, 3.5 KB checked in by pjkersha, 11 years ago (diff)

Re-arrange WS-Security unittests to allow for new 4Suite based package.

Line 
1# Configuration file for WS-Security settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 01/04/08
6#
7# Copyright (C) 2009 Science and Technology Facilities Council
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12# TODO: Refactor option names - put into inbound and outbound sections / apply
13# namespace prefixes to better categorise
14[DEFAULT]
15
16#
17# OUTBOUND MESSAGE CONFIG
18
19# Signature of an outbound message
20
21# Certificate associated with private key used to sign a message.  The sign
22# method will add this to the BinarySecurityToken element of the WSSE header. 
23# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
24# As an alternative, use signingCertChain - see below...
25
26# Provide the PEM encoded content here
27signingCert=
28
29# ... or provide file path PEM encode cert here
30signingCertFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-server.crt
31#signingCertFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/java-ca-server.crt
32
33# Pass a list of certificates ',' separated PEM encoded certs constituting a
34# chain of trust from the certificate used to verifying the signature backward
35# to the CA cert.  The CA cert need not be included.  To use this option,
36# reqBinSecTokValType must be set to the X509PKIPathv1
37signingCertChain=
38
39# PEM encoded content of private key file used by sign method to sign message
40signingPriKey=
41
42# ... or provide file path to PEM encoded private key file
43signingPriKeyFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-server.key
44#signingPriKeyFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/java-ca-server.key
45
46# Password protecting private key.  Leave blank if there is no password.
47signingPriKeyPwd=
48
49# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
50# signed message.  See __setReqBinSecTokValType method and binSecTokValType
51# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
52# give full namespace to alternative - see
53# ZSI.wstools.Namespaces.OASIS.X509TOKEN
54#
55# binSecTokValType determines whether signingCert or signingCertChain
56# attributes will be used.
57reqBinSecTokValType=X509v3
58
59# Add a timestamp element to an outbound message
60addTimestamp=True
61
62# For WSSE 1.1 - service returns signature confirmation containing signature
63# value sent by client
64applySignatureConfirmation=True
65
66# Inclusive namespace prefixes - for Exclusive Canonicalisation only
67# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
68
69# Inclusive namespace prefixes Canonicalisation of reference elements -
70# space separated list e.g. refC14nInclNS=wsse ds ns1
71refC14nInclNS=
72
73# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
74# same format as the above
75signedInfoC14nInclNS=
76
77#
78# INBOUND MESSAGE CONFIG
79
80# X.509 certificate used by verify method to verify a message.  This argument
81# can be omitted if the message to be verified contains the X.509 certificate
82# in the BinarySecurityToken element.  In this case, the cert read from the
83# message will be assigned to the verifyingCert attribute.
84
85# Provide the PEM encoded content here
86verifyingCert=
87
88# ... or provide file path PEM encode cert here
89verifyingCertFilePath=
90
91# Set CA certificates for verification of chain of trust for inbound messages
92# Set a directory from which to pick up CA cert files or ...
93caCertDirPath=
94
95# Provide a space separated list of file paths
96# - NB, the two CA certificates are for the python and the java clients, respectively
97caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/java-ca.crt $NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
Note: See TracBrowser for help on using the repository browser.