Ignore:
Timestamp:
16/03/07 13:47:56 (13 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/AttAuthority/server-config.tac:
modified soap_getAttCert to allow for unsigned client messages. If the
useSignatureHandler flag is not set, then the certificate passed in to
AttAuthority?.getAttCert is the userCert element of the SOAP message.

This is a useful capability if both client and service are behind a firewall
and message security is not required.

python/ndg.security.server/ndg/security/server/AttAuthority/init.py,
python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.
xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml:
added useSignatureHandler element to list of elements in the properties file.
If this is not set, then the service will not apply signature or signature
verification to messages.

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: use dictionary get() rather then [key] for signature keywords. This enables
them to be omitted in the config file so as to switch off the signature handler.

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: experimented with omitting signature PKI settings.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml:
set serverCNprefix element to host/ for this MyProxy? installations server cert.

python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg:
altered for account on this machine.

python/ndg.security.common/setup.py: slight change to Python 2.5 check for
ElementTree inclusion

python/ndg.security.common/ndg/security/common/AttAuthority/init.py:
SignatureHandler? is now optional. It's left as None if none of the signature
keywords are set via init. It can be set later as the signatureHandler
property now has set capability enabled.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2287 r2289  
    4848        # Instantiate WS proxy 
    4949        self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 
    50                signingCertFilePath=self.cfg['setUp']['usercertfilepath'], 
    51                signingPriKeyFilePath=self.cfg['setUp']['userprikeyfilepath'], 
     50               signingCertFilePath=self.cfg['setUp'].get('usercertfilepath'), 
     51               signingPriKeyFilePath=self.cfg['setUp'].get('userprikeyfilepath'), 
    5252               signingPriKeyPwd=self.userPriKeyPwd, 
    5353               tracefile=sys.stderr) 
     
    9797            raise "Error reading certificate file \"%s\": %s" % \ 
    9898                                    (ioErr.filename, ioErr.strerror) 
     99        import pdb;pdb.set_trace() 
    99100 
    100101        # Make attribute certificate request 
     
    168169                            prompt="\nsetUp - client private key password: ") 
    169170            else: 
    170                 userPriKeyPwd = self.cfg['setUp'].get('userprikeypwd') 
     171                userPriKeyPwd = \ 
     172                        self.cfg['test7GetMappedAttCert'].get('userprikeypwd') 
    171173        except KeyboardInterrupt: 
    172174            sys.exit(0) 
    173175        
    174         # Make client to site B Attribute Authority     
     176        # Make client to site B Attribute Authority 
    175177        clnt = AttAuthorityClient( 
    176178uri=self.cfg['test7GetMappedAttCert']['uri'],  
    177 signingCertFilePath=self.cfg['test7GetMappedAttCert']['usercertfilepath'], 
    178 signingPriKeyFilePath=self.cfg['test7GetMappedAttCert']['userprikeyfilepath'], 
     179signingCertFilePath=self.cfg['test7GetMappedAttCert'].get('usercertfilepath'), 
     180signingPriKeyFilePath=self.cfg['test7GetMappedAttCert'].get('userprikeyfilepath'), 
    179181signingPriKeyPwd=userPriKeyPwd, 
    180182tracefile=sys.stderr) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2287 r2289  
    1010# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1111# setting for test6GetMappedAttCert 
    12 #uri = http://localhost:5000/AttributeAuthority 
     12uri = http://localhost:5000/AttributeAuthority 
    1313#uri = https://localhost:5000/AttributeAuthority 
    14 uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority 
     14#uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority 
     15#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority 
    1516 
    1617# X.509 certificate for Attribute Authority - to verify the signature of 
     
    2021# Password protecting client private key - if omitted it will be prompted for 
    2122# from tty 
    22 userprikeypwd =  
    23 usercertfilepath = ./proxy-cert.pem 
    24 userprikeyfilepath = ./proxy-key.pem 
     23#userprikeypwd =  
     24#usercertfilepath = ./proxy-cert.pem 
     25#userprikeyfilepath = ./proxy-key.pem 
    2526 
    2627[test3GetTrustedHostInfo] 
     
    3334# proxy.  Comment out if usercertfilepath is a standard X.509 cert. 
    3435#issuingusercertfilepath = ./user-cert.pem 
     36 
     37# Test with no digital signature applied 
     38issuingusercertfilepath = ./proxy-cert.pem 
    3539# Setup for use by testGetMappedAttCert test 
    3640attCertFilePath = ./ac.xml 
     
    4044 
    4145[test7GetMappedAttCert] 
     46# Comment out to set for no signature handling 
    4247userprikeypwd =  
    4348usercertfilepath = ./proxy-cert.pem 
     
    4550 
    4651uri = http://localhost:5100/AttributeAuthority 
     52# Heath Data Server 
     53#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority 
     54# Marine Data Server 
     55#uri = http://glue.badc.rl.ac.uk:43000/AttributeAuthority 
    4756userAttCertFilePath = ./ac.xml 
    4857 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2251 r2289  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL>True</useSSL> <!-- leave blank to use http --> 
     5    <useSSL></useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
    88    <sslKeyPwd>Junk</sslKeyPwd> 
     9    <useSignatureHandler></useSignatureHandler> <!-- leave blank for no signature --> 
    910    <certFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</certFile> 
    1011    <keyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</keyFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml

    r2251 r2289  
    77    <sslKeyFile></sslKeyFile> 
    88    <sslKeyPwd>Junk</sslKeyPwd> 
     9    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    910    <certFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</certFile> 
    1011    <caCertFile>$NDGSEC_AA_UNITTEST_DIR/cacert.pem</caCertFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r2085 r2289  
    2121 
    2222[test2GetDelegation] 
    23 #username: sstljakTestUser 
    24 username: gabriel 
     23username: sstljakTestUser 
     24#username: gabriel 
    2525passphrase: 
    2626 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml

    r2251 r2289  
    2020        Set "host/" prefix to host cert CN as is default with globus 
    2121        --> 
    22         <serverCNprefix></serverCNprefix>        
     22        <serverCNprefix>host/</serverCNprefix>   
    2323        <!-- 
    2424        Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting 
Note: See TracChangeset for help on using the changeset viewer.