Ignore:
Timestamp:
18/04/07 16:26:43 (13 years ago)
Author:
pjkersha
Message:

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • improve error messages to include 'X.509' to differentiate with AC errors
  • fixed bug with getAttCert when creating a mapped AC. It now copies over any userId setting from

the original AC input.

was put in to force authors of derived classes to implement an init but it's not necessary.
getRoles and isUserRegistered remain as virtual methods. i.e. they'll raise not NotImplementedError?
if the derived class doesn't overload them.

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml: include a default
attCertLifetime as an aid when making settings following an installation.

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: enable separate
caCertFilePath setting for test7GetMappedAttCert test. This allows one of the unit test AAs to
run without WS-Security settings and one with.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: custom settings for
DEWS tests but also important some additions:

  • include 'issuingusercertfilepath' for test6GetAttCertWithUserIdSet test otherwise it will fail

on the server side in the case when WS-Security signature settings are not made.

  • include 'cacertfilepathlist' setting for test7GetMappedAttCert test.
  • 'mappedAttCertFilePath' enables issued mapped AC to be saved to file for test7GetMappedAttCert

test.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py

    r2401 r2420  
    180180        except KeyboardInterrupt: 
    181181            sys.exit(0) 
     182 
     183        # List of CA certificates for use in validation of certs used in 
     184        # signature for server reponse 
     185        try: 
     186            caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split() 
     187        except: 
     188            caCertFilePathList = [] 
    182189        
    183190        # Make client to site B Attribute Authority 
    184         clnt = AttAuthorityClient( 
     191        clnt = AttAuthorityClient(\ 
    185192uri=self.cfg['test7GetMappedAttCert']['uri'],  
    186193signingCertFilePath=self.cfg['test7GetMappedAttCert'].get('usercertfilepath'), 
    187194signingPriKeyFilePath=self.cfg['test7GetMappedAttCert'].get('userprikeyfilepath'), 
    188195signingPriKeyPwd=userPriKeyPwd, 
     196caCertFilePathList=caCertFilePathList, 
    189197tracefile=sys.stderr) 
    190198     
     
    193201                                  userAttCert=userAttCert) 
    194202        print "Attribute Certificate: \n\n:" + str(attCert) 
     203         
     204        attCert.filePath = \ 
     205                    self.cfg['test7GetMappedAttCert']['mappedattcertfilepath'] 
     206        attCert.write() 
    195207  
    196208  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2401 r2420  
    1313#uri = https://localhost:5000/AttributeAuthority 
    1414#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    15 #uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority 
     15uri = http://glue.badc.rl.ac.uk/DEWS/Portal/AttributeAuthority 
    1616#uri = http://glue.badc.rl.ac.uk:41000/AttributeAuthority 
    1717 
     
    2323# from tty 
    2424userprikeypwd =  
     25 
     26# All commented out to test service without WS-Security 
    2527#usercertfilepath = ./proxy-cert.pem 
    2628#userprikeyfilepath = ./proxy-key.pem 
     
    2830# the user cert as well as proxy is needed to complete the chain of trust 
    2931# with the CA 
    30 usercertfilepath = ./aa-cert.pem 
    31 userprikeyfilepath = ./aa-key.pem 
     32#usercertfilepath = ./aa-cert.pem 
     33#userprikeyfilepath = ./aa-key.pem 
    3234 
    3335# Space separated list of CA certificate files used to verify certificate used 
    3436# in message signature 
    35 cacertfilepathlist = ./cacert.pem 
     37#cacertfilepathlist = ./cacert.pem 
    3638 
    3739[test3GetTrustedHostInfo] 
     
    5153 
    5254[test6GetAttCertWithUserIdSet] 
    53 userId = userWhoIsEntitledToTheRolesInThisCert 
     55userId = dewsPortalUser 
     56issuingusercertfilepath = ./aa-cert.pem 
    5457 
    5558[test7GetMappedAttCert] 
    5659# Comment out to set for no signature handling 
    5760userprikeypwd =  
    58 usercertfilepath = ./proxy-cert.pem 
    59 userprikeyfilepath = ./proxy-key.pem 
     61#usercertfilepath = ./proxy-cert.pem 
     62#userprikeyfilepath = ./proxy-key.pem 
     63usercertfilepath = ./aa-cert.pem 
     64userprikeyfilepath = ./aa-key.pem 
    6065 
    61 uri = http://localhost:5100/AttributeAuthority 
     66# Space separated list of CA certificate files used to verify certificate used 
     67# in message signature 
     68cacertfilepathlist = ./cacert.pem 
     69 
     70#uri = http://localhost:5100/AttributeAuthority 
    6271# Heath Data Server 
    6372#uri = https://glue.badc.rl.ac.uk:42000/AttributeAuthority 
    6473# Marine Data Server 
    65 #uri = http://glue.badc.rl.ac.uk:43000/AttributeAuthority 
     74uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    6675userAttCertFilePath = ./ac.xml 
     76mappedAttCertFilePath = ./mapped-ac.xml 
    6777 
    6878 
    69  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2397 r2420  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
     5    <useSSL></useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyClientTest.cfg

    r2397 r2420  
    2121 
    2222[test2GetDelegation] 
    23 username: sstljakTestUser 
    24 #username: gabriel 
     23#username: sstljakTestUser 
     24username: gabriel 
    2525passphrase: 
    2626 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/MyProxy/myProxyProperties.xml

    r2397 r2420  
    2020        Set "host/" prefix to host cert CN as is default with globus 
    2121        --> 
    22         <serverCNprefix>host/</serverCNprefix>   
     22        <serverCNprefix></serverCNprefix>        
    2323        <!-- 
    2424        Nb. GRID_SECURITY_DIR environment variable if set, overrides this setting 
Note: See TracChangeset for help on using the changeset viewer.