Ignore:
Timestamp:
13/04/07 14:09:19 (13 years ago)
Author:
pjkersha
Message:

ndg.security.server/ndg/security/server/AttAuthority/server-config.tac: added caCertFilePathList
keyword to SignatureHandler? creation. This enables CA certs to be used to check the X.509 certs
used with the signatures of client requests in SignatureHandler?.verify.

ndg.security.server/ndg/security/server/Log.py: experimenting with SysLogHandler? - currently won't
write to syslog but equivalent syslog package does work!

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: added
caCertFilePathList keyword to SignatureHandler? creation - enables CA certs to be used to check the
X.509 certs used with signatures.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: added
cacertfilepathlist item to enable setting of CA certs for cert validation

ndg.security.test/ndg/security/test/Log/LogTest.py: experiment with settings to try rotating file
handler.

Tests/dewsBinaryDataGet/binaryDataGet.py: enable uri to be set from command line.

ndg.security.common/ndg/security/common/wsSecurity.py:

  • added new exception type WSSecurityError
  • added capability to verify X.509 certs used in signatures against CA certs. CA certs are held

in an M2Crypto X509_Stack object. They are added to this using the caCertDirPath and/or
caCertFilePathList SignatureHandler? properties. New verifyCert method does the validation at the
end of the SignatureHandler?.verify.

! Current version can't validate proxy certs because an extra cert is present in the chain of
trust:

proxy cert -> user cert -> CA cert

rather than just:

user cert -> CA cert.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2350 r2401  
    4646                sys.exit(0) 
    4747 
     48        # List of CA certificates for use in validation of certs used in 
     49        # signature for server reponse 
     50        try: 
     51            caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split() 
     52        except: 
     53            caCertFilePathList = [] 
     54             
    4855        # Instantiate WS proxy 
    4956        self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 
    50                signingCertFilePath=self.cfg['setUp'].get('usercertfilepath'), 
    51                signingPriKeyFilePath=self.cfg['setUp'].get('userprikeyfilepath'), 
    52                signingPriKeyPwd=self.userPriKeyPwd, 
    53                tracefile=sys.stderr) 
     57           signingCertFilePath=self.cfg['setUp'].get('usercertfilepath'), 
     58           signingPriKeyFilePath=self.cfg['setUp'].get('userprikeyfilepath'), 
     59           signingPriKeyPwd=self.userPriKeyPwd, 
     60           caCertFilePathList=caCertFilePathList, 
     61           tracefile=sys.stderr) 
    5462             
    5563     
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2397 r2401  
    2323# from tty 
    2424userprikeypwd =  
    25 usercertfilepath = ./proxy-cert.pem 
    26 userprikeyfilepath = ./proxy-key.pem 
     25#usercertfilepath = ./proxy-cert.pem 
     26#userprikeyfilepath = ./proxy-key.pem 
     27# Test with CA cert validation - proxy certs currently work with this as 
     28# the user cert as well as proxy is needed to complete the chain of trust 
     29# with the CA 
     30usercertfilepath = ./aa-cert.pem 
     31userprikeyfilepath = ./aa-key.pem 
     32 
     33# Space separated list of CA certificate files used to verify certificate used 
     34# in message signature 
     35cacertfilepathlist = ./cacert.pem 
    2736 
    2837[test3GetTrustedHostInfo] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/Log/LogTest.py

    r2397 r2401  
    1919    def setUp(self): 
    2020        import pdb;pdb.set_trace() 
    21         self.log = Log(logFilePath="./ndg.log",  
     21        self.log = Log(logName='LogUnitTest', 
     22                       logFilePath="./ndg.log",  
    2223                       console=True, 
    2324                       sysLog=True) 
     25         
     26        # Force rotating file handler to produce multiple files 
     27        self.log.__class__.maxBytes = 10 
    2428 
    2529    def test(self): 
Note: See TracChangeset for help on using the changeset viewer.