Changeset 2685


Ignore:
Timestamp:
03/07/07 09:35:48 (12 years ago)
Author:
pjkersha
Message:

Preparing new DEWS 0.8.0 release -

ndg.security.server/setup.py: remove commented out code

setup.py, ndg.security.client/setup.py, ndg.security.test/setup.py,
ndg.security.server/setup.py, ndg.security.common/setup.py:
update version to 0.8.0

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml:
reset default transport to http

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
default test settings for DEWS

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • updated for tests with SSL - sslCACertList keyword

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • test with SSL

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • include new SSL settings sslCACertList and sslCACertFilePathList

keywords / properties

  • removed transdict keyword
  • changed tranport attribute to _transport and transdict to _transdict

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • import httplib to enable catch for httplib.BadStatusLine? exception - this

is thrown when trying to connect with http to https service

  • include sslCACertFilePathList property
  • remove clntCertFilePath, clntPriKeyFilePath and clntPriKeyPwd properties -

no longer needed

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • new property caCertFilePathList enables setting of CA certs from file list
  • fix to HTTPSConnection class - set _postConnectionCheck attribute to

SSL.Checker.Checker default if not equivalent keyword was set

ndg.security.common/ndg/security/common/CredWallet.py:

  • enable calls to Attribute Authorities to set CA list for peer cert

verification with SSL connections

ndg-security-install.py: added new -t option to enable install of unit tests
package

Location:
TI12-security/trunk/python
Files:
14 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg-security-install.py

    r2402 r2685  
    6767                          help="Install server package only.") 
    6868         
     69        parser.add_option("-u", 
     70                          "--install-unittests", 
     71                          dest="installUnitTests", 
     72                          action="store_true", 
     73                          default=False, 
     74                          help="Install unit test package only.") 
     75         
    6976        parser.add_option("-o", 
    7077                          "--openssl-path", 
     
    103110        # Sanity check 
    104111        nInstallArgs = sum((self.opt.installClient,  
    105                             self.opt.installServer,  
     112                            self.opt.installServer, 
     113                            self.opt.installUnitTests,  
    106114                            self.opt.installAll)) 
    107115        if not nInstallArgs: 
     
    122130            self.installTwisted() 
    123131             
     132        elif self.opt.installUnitTests: 
     133            main(['-f', self.opt.dependencyLinks, "ndg_security_test"]) 
     134            self.installTwisted() 
     135            
    124136        elif self.opt.installAll: 
    125137            main(['-f', self.opt.dependencyLinks, "ndg_security"]) 
  • TI12-security/trunk/python/ndg.security.client/setup.py

    r2403 r2685  
    3030setup( 
    3131    name =                      'ndg_security_client', 
    32     version =                   '0.7.4', 
     32    version =                   '0.8.0', 
    3333    description =               'NERC DataGrid Security Utilities', 
    3434    long_description =          'Software for securing NDG resources', 
     
    5151    #'exclude_package_data =    {} 
    5252    entry_points =           _entryPoints, 
    53     #'tSest_suite =                'ndg.utils.test.suite', 
     53    #'test_suite =                 'ndg.utils.test.suite', 
    5454    zip_safe =               False 
    5555) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r2679 r2685  
    2626 
    2727# Determine https http transport 
    28 import urlparse 
     28import urlparse, httplib 
    2929from ZSI.wstools.Utility import HTTPResponse 
    3030 
     
    5454                 tracefile=None, 
    5555                 sslCACertList=[], 
     56                 sslCACertFilePathList=[], 
    5657                 sslPeerCertCN=None,  
    5758                 setSignatureHandler=True, 
     
    6566        extra WS debug information 
    6667         
    67         @type transdict: dict 
    68         @keyword transdict: keywords to connection transport used by  
    69         ZSI.client.Binding.  If transport type is HTTPS,  
    70         m2CryptoSSLUtility.HTTPSConnection is used.  This is a customisation 
    71         of the M2Crypto version to enable setting of specific peer cert DN or 
    72         CN to check against.  By default, the peer's hostname is expected to 
    73         equal the peer CN. 
     68        @type sslCACertList: list 
     69        @keyword sslCACertList: This keyword is for use with SSL connections  
     70        only.  Set a list of one ore more CA certificates.  The peer cert. 
     71        must verify against at least one of these otherwise the connection 
     72        is dropped. 
     73         
     74        @type sslCACertFilePathList: list 
     75        @keyword sslCACertFilePathList: the same as the above except CA certs 
     76        can be passed as a list of file paths to read from 
    7477         
    7578        @type sslPeerCertCN: string 
    76         @keyword sslPeerCertCN: short cut to the above for setting an 
    77         alternate CommonName to match with peer cert.  Setting this 
    78         keyword avoids messing around with transdict keyword explicitly.   
    79         This keyword is for use with SSL connections only. 
     79        @keyword sslPeerCertCN: set an alternate CommonName to match with peer 
     80        cert.  This keyword is for use with SSL connections only. 
    8081                      
    8182        @type setSignatureHandler: bool 
     
    9899        if sslCACertList: 
    99100            self.__setSSLCACertList(sslCACertList) 
    100          
     101        elif sslCACertFilePathList: 
     102            self.__setSSLCACertFilePathList(sslCACertFilePathList) 
    101103         
    102104        # WS-Security Signature handler - set only if any of the keywords were 
     
    116118    #_________________________________________________________________________ 
    117119    def __setURI(self, uri): 
    118          
     120        """Set URI for service 
     121        @type uri: string 
     122        @param uri: URI for service to connect to""" 
    119123        if not isinstance(uri, basestring): 
    120124            raise AttAuthorityClientError, \ 
     
    142146        needed if the peer cert CN = peer hostname""" 
    143147        if self._transport != HTTPSConnection: 
    144             raise AttAuthorityClientError, \ 
    145                 "Setting peer cert CN - transport type must be HTTPS" 
     148            return 
    146149         
    147150        if self._transdict.get('postConnectionCheck'): 
     
    159162        which the peer cert must verify its signature against""" 
    160163        if self._transport != HTTPSConnection: 
    161             raise AttAuthorityClientError, \ 
    162             "Setting SSL check CA cert list - transport type must be HTTPS" 
    163          
    164         if self._transdict['postConnectionCheck']: 
     164            return 
     165         
     166        if self._transdict.get('postConnectionCheck'): 
    165167            self._transdict['postConnectionCheck'].caCertList = caCertList 
    166168        else: 
     
    170172    sslCACertList = property(fset=__setSSLCACertList,  
    171173doc="for https connections, set list of CA certs from which to verify peer cert") 
     174 
     175 
     176    #_________________________________________________________________________ 
     177    def __setSSLCACertFilePathList(self, caCertFilePathList): 
     178        """For use with HTTPS connections only.  Specify CA certs to one of  
     179        which the peer cert must verify its signature against""" 
     180        if self._transport != HTTPSConnection: 
     181            return 
     182         
     183        if self._transdict.get('postConnectionCheck'): 
     184            self._transdict['postConnectionCheck'].caCertFilePathList = \ 
     185                                            caCertFilePathList 
     186        else: 
     187            self._transdict['postConnectionCheck'] = \ 
     188                            HostCheck(caCertFilePathList=caCertFilePathList) 
     189 
     190    sslCACertFilePathList = property(fset=__setSSLCACertFilePathList,  
     191doc="for https connections, set list of CA cert files from which to verify peer cert") 
    172192 
    173193     
     
    193213                                fset=__setSignatureHandler, 
    194214                                doc="SignatureHandler object") 
    195  
    196   
    197     #_________________________________________________________________________ 
    198     def __setClntCertFilePath(self, clntCertFilePath): 
    199          
    200         if not isinstance(clntCertFilePath, basestring): 
    201             raise AttAuthorityClientError, \ 
    202                 "Client public key file path must be a valid string" 
    203          
    204         self.__clntCertFilePath = clntCertFilePath 
    205          
    206         try: 
    207             self.__clntCert = open(self.__clntCertFilePath).read() 
    208              
    209         except IOError, (errNo, errMsg): 
    210             raise AttAuthorityClientError, \ 
    211                     "Reading certificate file \"%s\": %s" % \ 
    212                     (self.__clntCertFilePath, errMsg) 
    213                                 
    214         except Exception, e: 
    215             raise AttAuthorityClientError, \ 
    216                                     "Reading certificate file \"%s\": %s" % \ 
    217                                     (self.__clntCertFilePath, str(e)) 
    218          
    219     clntCertFilePath = property(fset=__setClntCertFilePath, 
    220                                 doc="File path for client public key") 
    221  
    222   
    223     #_________________________________________________________________________ 
    224     def __setClntPriKeyFilePath(self, clntPriKeyFilePath): 
    225          
    226         if not isinstance(clntPriKeyFilePath, basestring): 
    227             raise AttAuthorityClientError(\ 
    228                 "Client public key file path must be a valid string") 
    229          
    230         self.__clntPriKeyFilePath = clntPriKeyFilePath 
    231          
    232     clntPriKeyFilePath = property(fset=__setClntPriKeyFilePath, 
    233                                   doc="File path for client private key") 
    234  
    235   
    236     #_________________________________________________________________________ 
    237     def __setClntPriKeyPwd(self, clntPriKeyPwd): 
    238          
    239         if not isinstance(clntPriKeyPwd, basestring): 
    240             raise SessionMgrClientError, \ 
    241                         "Client private key password must be a valid string" 
    242          
    243         self.__clntPriKeyPwd = clntPriKeyPwd 
    244          
    245     clntPriKeyPwd = property(fset=__setClntPriKeyPwd, 
    246                          doc="Password protecting client private key file") 
    247215     
    248216         
     
    281249        """ 
    282250 
    283         hostname, aaURI, loginURI = self.__srv.getHostInfo() 
    284          
     251        try: 
     252            hostname, aaURI, loginURI = self.__srv.getHostInfo() 
     253        except httplib.BadStatusLine, e: 
     254            raise AttAuthorityClientError, "HTTP bad status line: %s" % e 
     255 
    285256        hostInfo = {} 
    286257        hostInfo[hostname] = {'aaURI': aaURI, 'loginURI': loginURI} 
     
    301272        from the map configuration""" 
    302273             
    303         trustedHosts = self.__srv.getTrustedHostInfo(role) 
     274        try: 
     275            trustedHosts = self.__srv.getTrustedHostInfo(role) 
     276        except httplib.BadStatusLine, e: 
     277            raise AttAuthorityClientError, "HTTP bad status line: %s" % e 
    304278 
    305279        # Convert into dictionary form as used by AttAuthority class 
     
    355329            userAttCert = userAttCert.toString() 
    356330             
    357         sAttCert, msg = self.__srv.getAttCert(userId, userCert, userAttCert)   
     331        try: 
     332            sAttCert, msg = self.__srv.getAttCert(userId, userCert, userAttCert)   
     333        except httplib.BadStatusLine, e: 
     334            raise AttAuthorityClientError, "HTTP bad status line: %s" % e 
     335         
    358336        if sAttCert: 
    359337            return AttCertParse(sAttCert) 
     
    369347        @return X.509 certificate for Attribute Authority""" 
    370348         
    371         return self.__srv.getX509Cert()                 
     349        try: 
     350            return self.__srv.getX509Cert()                 
     351        except httplib.BadStatusLine, e: 
     352            raise AttAuthorityClientError, "HTTP bad status line: %s" % e 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/CredWallet.py

    r2530 r2685  
    439439        # BinarySecurityToken containing proxy cert and user cert that issued 
    440440        # the proxy 
     441 
    441442        reqBinSecTokValType=SignatureHandler.binSecTokValType["X509PKIPathv1"] 
    442443        certChain = (self.__userCert, self.__proxyCert) 
     
    447448                                    signingCertChain=certChain, 
    448449                                    signingPriKey=self.__proxyPriKey, 
    449                                     caCertFilePathList=caCertFilePathList) 
     450                                    caCertFilePathList=caCertFilePathList, 
     451                                    sslCACertFilePathList=caCertFilePathList) 
    450452        return aaClnt 
    451453 
     
    935937             
    936938        # Repeat authorisation attempts until succeed or means are exhausted 
     939        import pdb;pdb.set_trace() 
    937940        while True: 
    938941             
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r2679 r2685  
    4848                 uri=None,  
    4949                 tracefile=None, 
    50                  transdict={}, 
     50                 sslCACertList=[], 
     51                 sslCACertFilePathList=[], 
    5152                 sslPeerCertCN=None,  
    5253                 setSignatureHandler=True, 
     
    6162        WS debug information 
    6263         
    63         @type transdict: dict 
    64         @keyword transdict: keywords to connection transport used by  
    65         ZSI.client.Binding.  If transport type is HTTPS,  
    66         m2CryptoSSLUtility.HTTPSConnection is used.  This is a customisation 
    67         of the M2Crypto version to enable setting of specific peer cert DN or 
    68         CN to check against.  By default, the peer's hostname is expected to 
    69         equal the peer CN. 
     64        @type sslCACertList: list 
     65        @keyword sslCACertList: This keyword is for use with SSL connections  
     66        only.  Set a list of one ore more CA certificates.  The peer cert. 
     67        must verify against at least one of these otherwise the connection 
     68        is dropped. 
     69         
     70        @type sslCACertFilePathList: list 
     71        @keyword sslCACertFilePathList: the same as the above except CA certs 
     72        can be passed as a list of file paths to read from 
    7073         
    7174        @type sslPeerCertCN: string 
    72         @keyword sslPeerCertCN: short cut to the above for setting an 
    73         alternate CommonName to match with peer cert.  Setting this 
    74         keyword avoids messing around with transdict keyword explicitly.   
    75         This keyword is for use with SSL connections only. 
     75        @keyword sslPeerCertCN: set an alternate CommonName to match with peer 
     76        cert.  This keyword is for use with SSL connections only. 
    7677         
    7778        @type setSignatureHandler: bool 
     
    8485        self.__srv = None 
    8586        self.__uri = None 
    86         self.transdict = transdict         
     87        self._transdict = {}         
    8788         
    8889        if uri: 
     
    9192        if sslPeerCertCN: 
    9293            self.__setSSLPeerCertCN(sslPeerCertCN) 
     94         
     95        if sslCACertList: 
     96            self.__setSSLCACertList(sslCACertList) 
     97        elif sslCACertFilePathList: 
     98            self.__setCACertFilePathList(sslCACertFilePathList) 
    9399 
    94100        # WS-Security Signature handler - set only if any of the keywords were 
     
    109115    #_________________________________________________________________________ 
    110116    def __setURI(self, uri): 
    111         "Set URI property method" 
     117        """Set URI for service 
     118        @type uri: string 
     119        @param uri: URI for service to connect to""" 
    112120         
    113121        if not isinstance(uri, basestring): 
     
    123131                 
    124132        if scheme == "https": 
    125             self.__transport = HTTPSConnection 
     133            self._transport = HTTPSConnection 
    126134        else: 
    127             self.__transport = None 
     135            self._transport = None 
    128136             
    129137            # Ensure SSL settings are cancelled 
     
    138146        Name to match with Common Name of the peer certificate.  This is not 
    139147        needed if the peer cert CN = peer hostname""" 
    140         if cn is None: 
    141             # Remove any HostCheck object created previously 
    142             try: 
    143                 del self.transdict['postConnectionCheck'] 
    144             except KeyError: 
    145                 pass 
    146         elif self.transdict['postConnectionCheck']: 
    147             self.transdict['postConnectionCheck'].peerCertCN = cn 
     148        if self._transport != HTTPSConnection: 
     149            return 
     150         
     151        if self._transdict.get('postConnectionCheck'): 
     152            self._transdict['postConnectionCheck'].peerCertCN = cn 
    148153        else: 
    149             self.transdict['postConnectionCheck'] = HostCheck(peerCertCN=cn) 
     154            self._transdict['postConnectionCheck'] = HostCheck(peerCertCN=cn) 
    150155 
    151156    sslPeerCertCN = property(fset=__setSSLPeerCertCN,  
    152157doc="for https connections, set CN of peer cert if other than peer hostname") 
     158 
     159 
     160    #_________________________________________________________________________ 
     161    def __setSSLCACertList(self, caCertList): 
     162        """For use with HTTPS connections only.  Specify CA certs to one of  
     163        which the peer cert must verify its signature against""" 
     164        if self._transport != HTTPSConnection: 
     165            return 
     166         
     167        if self._transdict.get('postConnectionCheck'): 
     168            self._transdict['postConnectionCheck'].caCertList = caCertList 
     169        else: 
     170            self._transdict['postConnectionCheck'] = \ 
     171                                            HostCheck(caCertList=caCertList) 
     172 
     173    sslCACertList = property(fset=__setSSLCACertList,  
     174doc="for https connections, set list of CA certs from which to verify peer cert") 
     175 
     176 
     177    #_________________________________________________________________________ 
     178    def __setSSLCACertFilePathList(self, caCertFilePathList): 
     179        """For use with HTTPS connections only.  Specify CA certs to one of  
     180        which the peer cert must verify its signature against""" 
     181        if self._transport != HTTPSConnection: 
     182            raise AttAuthorityClientError, \ 
     183            "Setting SSL check CA cert list - transport type must be HTTPS" 
     184         
     185        if self._transdict.get('postConnectionCheck'): 
     186            self._transdict['postConnectionCheck'].caCertFilePathList = \ 
     187                                            caCertFilePathList 
     188        else: 
     189            self._transdict['postConnectionCheck'] = \ 
     190                                            HostCheck(caCertList=caCertList) 
     191 
     192    sslCACertFilePathList = property(fset=__setSSLCACertFilePathList,  
     193doc="for https connections, set list of CA cert files from which to verify peer cert") 
    153194 
    154195 
     
    188229                                       sig_handler=self.__signatureHandler, 
    189230                                       tracefile=self.__tracefile, 
    190                                          transport=self.__transport, 
    191                                          transdict=self.transdict) 
     231                                         transport=self._transport, 
     232                                         transdict=self._transdict) 
    192233        except HTTPResponse, e: 
    193234            raise SessionMgrClientError, \ 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r2679 r2685  
    22import socket 
    33 
    4 from M2Crypto import SSL 
     4from M2Crypto import SSL, X509 
    55from M2Crypto.httpslib import HTTPSConnection as _HTTPSConnection 
    66 
     
    1515    setting match for peer cert""" 
    1616 
    17     def __init__(self, peerCertDN=None, peerCertCN=None, caCertList=[], **kw): 
     17    def __init__(self,  
     18                 peerCertDN=None,  
     19                 peerCertCN=None,  
     20                 caCertList=[], 
     21                 caCertFilePathList=[],  
     22                 **kw): 
    1823        """Override parent class __init__ to enable setting of myProxyServerDN 
    1924        setting 
     
    2934         
    3035        @type caCertList: list type of M2Crypto.X509.X509 types 
    31         @keyword caCert: CA X.509 certificates - if set the peer cert's  
     36        @keyword caCertList: CA X.509 certificates - if set the peer cert's  
    3237        CA signature is verified against one of these.  At least one must 
    33         verify""" 
     38        verify 
     39         
     40        @type caCertFilePathList: list string types 
     41        @keyword caCertFilePathList: same as caCertList except input as list 
     42        of CA cert file paths""" 
    3443         
    3544        SSL.Checker.Checker.__init__(self, **kw) 
     
    3746        self.peerCertDN = peerCertDN 
    3847        self.peerCertCN = peerCertCN 
    39         self.caCertList = caCertList 
    40          
     48        if caCertList: 
     49            self.caCertList = caCertList 
     50        elif caCertFilePathList: 
     51            self.caCertFilePathList = caCertFilePathList 
     52             
    4153         
    4254    def __call__(self, peerCert, host=None): 
     
    8193 
    8294 
     95    #_________________________________________________________________________ 
     96    def __setCACertsFromFileList(self, caCertFilePathList): 
     97        '''Read CA certificates from file and add them to the X.509 
     98        stack 
     99         
     100        @type caCertFilePathList: list or tuple 
     101        @param caCertFilePathList: list of file paths for CA certificates to 
     102        be used to verify certificate used to sign message''' 
     103         
     104        if not isinstance(caCertFilePathList, list) and \ 
     105           not isinstance(caCertFilePathList, tuple): 
     106            raise AttributeError, \ 
     107                        'Expecting a list or tuple for "caCertFilePathList"' 
     108 
     109        self.__caCertStack = X509Stack() 
     110 
     111        for caCertFilePath in caCertFilePathList: 
     112            self.__caCertStack.push(X509.load_cert(caCertFilePath)) 
     113         
     114    caCertFilePathList = property(fset=__setCACertsFromFileList, 
     115    doc="list of CA cert file paths - peer cert must validate against one") 
     116 
     117 
    83118class HTTPSConnection(_HTTPSConnection): 
    84119 
     
    89124            self._postConnectionCheck = kw['postConnectionCheck'] 
    90125            del kw['postConnectionCheck'] 
    91  
     126        else: 
     127            self._postConnectionCheck = SSL.Checker.Checker 
     128             
    92129        _HTTPSConnection.__init__(self, *args, **kw) 
    93130         
  • TI12-security/trunk/python/ndg.security.common/setup.py

    r2403 r2685  
    6868setup( 
    6969    name =                      'ndg_security_common', 
    70     version =                   '0.7.4', 
    71     description =                
     70    version =                   '0.8.0', 
     71    description = \ 
    7272'''NERC DataGrid Security virtual package containing common utilities used 
    7373noth by server and client packages''', 
  • TI12-security/trunk/python/ndg.security.server/setup.py

    r2403 r2685  
    3232] 
    3333 
    34 # Installation location for configuration and share files 
    35 #ndgDir = os.environ.get('NDG_DIR') or os.environ.get('NDG_HOME') or \ 
    36 #        os.path.join('/', 'etc', 'ndg') 
    37 # 
    38 #dataSubDirs = ('conf', 'share') 
    39 #dataDirs = {}.fromkeys(dataSubDirs) 
    40 #for dir in dataSubDirs: 
    41 #    dataDirs[dir] = os.path.join(ndgDir, dir) 
    42 #     
    43 #    # Ensure path is set up OK 
    44 #    try: 
    45 #        os.makedirs(dataDirs[dir], 0755) 
    46 #    except OSError, e: 
    47 #        if e.errno != 17: 
    48 #            raise SystemExit, "Error creating data directory: " + str(e) 
    49 #        else: 
    50 #            pass 
    5134     
    5235setup( 
    5336    name =                      'ndg_security_server', 
    54     version =                   '0.7.4', 
     37    version =                   '0.8.0', 
    5538    description =               'NERC DataGrid Security Services', 
    5639    long_description =          'Server side component for securing NDG resources', 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2679 r2685  
    1010# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1111# setting for test6GetMappedAttCert 
    12 #uri = http://localhost:5000/AttributeAuthority 
    13 uri = https://localhost:5000/AttributeAuthority 
     12uri = http://localhost:5000/AttributeAuthority 
     13#uri = https://localhost:5000/AttributeAuthority 
    1414#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    1515#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority 
     
    3636# ValueType for BinarySecurityToken element of WSSE header.  Specify 
    3737# 'X509PKIPathv1' for use with proxy certificates 
    38 #reqbinsectokvaltype = X509v3 
     38reqbinsectokvaltype = X509v3 
    3939#reqbinsectokvaltype = X509 
    40 reqbinsectokvaltype = X509PKIPathv1 
     40#reqbinsectokvaltype = X509PKIPathv1 
    4141 
    4242# Test with proxy certificates or with standard certs.  Comment out as  
    4343# appropriate 
    44 proxycertfilepath = ./proxy-cert.pem 
     44#proxycertfilepath = ./proxy-cert.pem 
    4545 
    4646# Test without proxy certificates - uses AA server side cert/private key for 
    4747# client side too (!) 
    48 #clntcertfilepath = ./aa-cert.pem 
     48clntcertfilepath = ./aa-cert.pem 
    4949 
    50 #clntprikeyfilepath = ./aa-key.pem 
    51 clntprikeyfilepath = ./proxy-key.pem 
     50clntprikeyfilepath = ./aa-key.pem 
     51#clntprikeyfilepath = ./proxy-key.pem 
    5252 
    5353# Space separated list of CA certificate files used to verify certificate used 
     
    8181# ValueType for BinarySecurityToken element of WSSE header.  Specify 
    8282# 'X509PKIPathv1' for use with proxy certificates 
    83 #reqbinsectokvaltype = X509v3 
     83reqbinsectokvaltype = X509v3 
    8484#reqbinsectokvaltype = X509 
    85 reqbinsectokvaltype = X509PKIPathv1 
     85#reqbinsectokvaltype = X509PKIPathv1 
    8686 
    8787# Test with proxy certificates or with standard certs.  Comment out as  
    8888# appropriate 
    89 proxycertfilepath = ./proxy-cert.pem 
    90 #clntcertfilepath = ./aa-cert.pem 
     89#proxycertfilepath = ./proxy-cert.pem 
     90clntcertfilepath = ./aa-cert.pem 
    9191 
    9292clntprikeypwd =  
    9393clntprikeyfilepath = ./proxy-key.pem 
    94 #clntprikeyfilepath = ./aa-key.pem 
     94clntprikeyfilepath = ./aa-key.pem 
    9595 
    9696# Space separated list of CA certificate files used to verify certificate used 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2679 r2685  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
     5    <useSSL></useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2679 r2685  
    2929     
    3030from ndg.security.common.SessionCookie import SessionCookie 
    31 from ndg.security.common.X509 import X509CertParse 
     31from ndg.security.common.X509 import X509CertParse, X509CertRead 
    3232 
    3333 
     
    8282        except: 
    8383            caCertFilePathList = [] 
     84           
     85        try: 
     86            sslCACertList = [X509CertRead(file) for file in \ 
     87                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     88        except KeyError: 
     89            sslCACertList = [] 
    8490           
    8591           
     
    99105        # Omit traceFile keyword to leave out SOAP debug info 
    100106        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'], 
    101                 sslCACertList=caCertFilePathList, 
     107                sslCACertList=sslCACertList, 
    102108                sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
    103109                setSignatureHandler=setSignatureHandler, 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

    r2679 r2685  
    1212smuri = https://localhost:5700/SessionManager 
    1313 
    14 # For https connections only.  The expected CommonName of peer cert.  Omit 
    15 # if it's the same as peer hostname 
     14# For https connections only.  !Omit ssl* settings if using http! 
     15# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
     16# same as peer hostname.  
    1617sslpeercertcn = webSphereTest 
     18sslcacertfilepathlist = cacert.pem 
    1719 
    1820# Set to False to test service without WS-Security signature 
     
    6062 
    6163[test6GetAttCertUsingSessID] 
    62 aaURI = http://localhost:5000/AttributeAuthority 
     64aaURI = https://localhost:5000/AttributeAuthority 
    6365 
    6466[test6aGetAttCertRefusedUsingSessID] 
     
    7274 
    7375[test7GetAttCertUsingProxyCert] 
    74 aaURI = http://localhost:5000/AttributeAuthority 
     76aaURI = https://localhost:5000/AttributeAuthority 
    7577 
    7678 
  • TI12-security/trunk/python/ndg.security.test/setup.py

    r2403 r2685  
    3333setup( 
    3434    name =                      'ndg_security_test', 
    35     version =                   '0.7.4', 
     35    version =                   '0.8.0', 
    3636    description =               'NERC DataGrid Security Unit tests', 
    3737    long_description =          'Unit tests client - server side', 
  • TI12-security/trunk/python/setup.py

    r2403 r2685  
    2525setup( 
    2626    name =                      'ndg_security', 
    27     version =                   '0.7.4', 
     27    version =                   '0.8.0', 
    2828    description =               'NERC DataGrid Security Utilities', 
    2929    long_description =          'Software for securing NDG resources', 
Note: See TracChangeset for help on using the changeset viewer.