Ignore:
Timestamp:
03/07/07 09:35:48 (13 years ago)
Author:
pjkersha
Message:

Preparing new DEWS 0.8.0 release -

ndg.security.server/setup.py: remove commented out code

setup.py, ndg.security.client/setup.py, ndg.security.test/setup.py,
ndg.security.server/setup.py, ndg.security.common/setup.py:
update version to 0.8.0

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml:
reset default transport to http

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg:
default test settings for DEWS

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • updated for tests with SSL - sslCACertList keyword

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • test with SSL

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • include new SSL settings sslCACertList and sslCACertFilePathList

keywords / properties

  • removed transdict keyword
  • changed tranport attribute to _transport and transdict to _transdict

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • import httplib to enable catch for httplib.BadStatusLine? exception - this

is thrown when trying to connect with http to https service

  • include sslCACertFilePathList property
  • remove clntCertFilePath, clntPriKeyFilePath and clntPriKeyPwd properties -

no longer needed

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • new property caCertFilePathList enables setting of CA certs from file list
  • fix to HTTPSConnection class - set _postConnectionCheck attribute to

SSL.Checker.Checker default if not equivalent keyword was set

ndg.security.common/ndg/security/common/CredWallet.py:

  • enable calls to Attribute Authorities to set CA list for peer cert

verification with SSL connections

ndg-security-install.py: added new -t option to enable install of unit tests
package

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg

    r2679 r2685  
    1010# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
    1111# setting for test6GetMappedAttCert 
    12 #uri = http://localhost:5000/AttributeAuthority 
    13 uri = https://localhost:5000/AttributeAuthority 
     12uri = http://localhost:5000/AttributeAuthority 
     13#uri = https://localhost:5000/AttributeAuthority 
    1414#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    1515#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority 
     
    3636# ValueType for BinarySecurityToken element of WSSE header.  Specify 
    3737# 'X509PKIPathv1' for use with proxy certificates 
    38 #reqbinsectokvaltype = X509v3 
     38reqbinsectokvaltype = X509v3 
    3939#reqbinsectokvaltype = X509 
    40 reqbinsectokvaltype = X509PKIPathv1 
     40#reqbinsectokvaltype = X509PKIPathv1 
    4141 
    4242# Test with proxy certificates or with standard certs.  Comment out as  
    4343# appropriate 
    44 proxycertfilepath = ./proxy-cert.pem 
     44#proxycertfilepath = ./proxy-cert.pem 
    4545 
    4646# Test without proxy certificates - uses AA server side cert/private key for 
    4747# client side too (!) 
    48 #clntcertfilepath = ./aa-cert.pem 
     48clntcertfilepath = ./aa-cert.pem 
    4949 
    50 #clntprikeyfilepath = ./aa-key.pem 
    51 clntprikeyfilepath = ./proxy-key.pem 
     50clntprikeyfilepath = ./aa-key.pem 
     51#clntprikeyfilepath = ./proxy-key.pem 
    5252 
    5353# Space separated list of CA certificate files used to verify certificate used 
     
    8181# ValueType for BinarySecurityToken element of WSSE header.  Specify 
    8282# 'X509PKIPathv1' for use with proxy certificates 
    83 #reqbinsectokvaltype = X509v3 
     83reqbinsectokvaltype = X509v3 
    8484#reqbinsectokvaltype = X509 
    85 reqbinsectokvaltype = X509PKIPathv1 
     85#reqbinsectokvaltype = X509PKIPathv1 
    8686 
    8787# Test with proxy certificates or with standard certs.  Comment out as  
    8888# appropriate 
    89 proxycertfilepath = ./proxy-cert.pem 
    90 #clntcertfilepath = ./aa-cert.pem 
     89#proxycertfilepath = ./proxy-cert.pem 
     90clntcertfilepath = ./aa-cert.pem 
    9191 
    9292clntprikeypwd =  
    9393clntprikeyfilepath = ./proxy-key.pem 
    94 #clntprikeyfilepath = ./aa-key.pem 
     94clntprikeyfilepath = ./aa-key.pem 
    9595 
    9696# Space separated list of CA certificate files used to verify certificate used 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml

    r2679 r2685  
    33    <name>Site A</name> 
    44    <portNum>5000</portNum> 
    5     <useSSL>Yes</useSSL> <!-- leave blank to use http --> 
     5    <useSSL></useSSL> <!-- leave blank to use http --> 
    66    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    77    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py

    r2679 r2685  
    2929     
    3030from ndg.security.common.SessionCookie import SessionCookie 
    31 from ndg.security.common.X509 import X509CertParse 
     31from ndg.security.common.X509 import X509CertParse, X509CertRead 
    3232 
    3333 
     
    8282        except: 
    8383            caCertFilePathList = [] 
     84           
     85        try: 
     86            sslCACertList = [X509CertRead(file) for file in \ 
     87                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     88        except KeyError: 
     89            sslCACertList = [] 
    8490           
    8591           
     
    99105        # Omit traceFile keyword to leave out SOAP debug info 
    100106        self.clnt = SessionMgrClient(uri=self.cfg['setUp']['smuri'], 
    101                 sslCACertList=caCertFilePathList, 
     107                sslCACertList=sslCACertList, 
    102108                sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
    103109                setSignatureHandler=setSignatureHandler, 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg

    r2679 r2685  
    1212smuri = https://localhost:5700/SessionManager 
    1313 
    14 # For https connections only.  The expected CommonName of peer cert.  Omit 
    15 # if it's the same as peer hostname 
     14# For https connections only.  !Omit ssl* settings if using http! 
     15# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
     16# same as peer hostname.  
    1617sslpeercertcn = webSphereTest 
     18sslcacertfilepathlist = cacert.pem 
    1719 
    1820# Set to False to test service without WS-Security signature 
     
    6062 
    6163[test6GetAttCertUsingSessID] 
    62 aaURI = http://localhost:5000/AttributeAuthority 
     64aaURI = https://localhost:5000/AttributeAuthority 
    6365 
    6466[test6aGetAttCertRefusedUsingSessID] 
     
    7274 
    7375[test7GetAttCertUsingProxyCert] 
    74 aaURI = http://localhost:5000/AttributeAuthority 
     76aaURI = https://localhost:5000/AttributeAuthority 
    7577 
    7678 
Note: See TracChangeset for help on using the changeset viewer.