Ignore:
Timestamp:
12/12/07 14:40:04 (12 years ago)
Author:
pjkersha
Message:

Working Attribute Authority unit tests with WS-Security multiple CAs support. This will be needed for deployment of MyProxy? with Simple CA at partner sites.

Added CA cert and certs and keys for a *TEST* CA for use with unit tests. This CA is NOT for production use.

python/ndg.security.server/setup.py: include .crt certs in conf/ package data

python/ndg.security.server/ndg/security/server/AttAuthority/init.py: added sslCACertDir param. It enables M2Crypto SSL server side to pick up multiple CA certs for a dir.

python/ndg.security.server/ndg/security/server/conf/certs/ca/init.py: make new ca/ dir a package so that it's exported with egg package data.

python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
python/ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • alter WS-Security SOAP handler init to accept multiple CA certs.
  • load multiple CA certs from sslCACertDir key of SessionMgr/AttAuthority? instance

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

  • added new sslCACertDir elem
  • fixed caCertFile - only single elem required

python/ndg.security.test/setup.py: include TEST CA and certs and keys issued from it for use in unit tests. These are fro test only.

python/ndg.security.test/ndg/security/test/AttAuthority/ca/ndg-test-ca.crt,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.key,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.crt: test CA certs and key.

python/ndg.security.test/ndg/security/test/AttAuthority/init.py: fix description

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: ditto + added NDGSEC_INT_DEBUG env var option

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: fixed for new location of CA cert in ca/ sub-dir

python/ndg.security.test/ndg/security/test/sessionMgrClient/ca/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/ca/init.py,
python/ndg.security.test/ndg/security/test/AttAuthority/ca/init.py: ensure ca/ dir gets included in egg package data

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.tac

    r3085 r3135  
    247247    # Initialise WS-Security signature handler passing Attribute Authority 
    248248    # public and private keys 
    249     caCertFile = srv.aa.get('caCertFile') 
    250     if caCertFile: 
    251         caCertFilePathList = (caCertFile,)  
    252     else: 
    253                 caCertFilePathList = None 
    254      
    255249    WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    256250                                verifyingCertFilePath=srv.aa['clntCertFile'], 
     
    258252                                signingPriKeyFilePath=srv.aa['keyFile'], 
    259253                                signingPriKeyPwd=srv.aa['keyPwd'], 
    260                                 caCertFilePathList=caCertFilePathList) 
     254                                caCertFilePathList=srv.aa.get('caCertFileList')) 
    261255 
    262256# Add Service to Attribute Authority branch 
     
    294288        ctx.set_verify(SSL.verify_client_once, 1) 
    295289         
    296         ctx.load_verify_locations(cafile=os.path.basename(srv.aa['caCertFile']),  
    297                                                   capath=os.path.dirname(srv.aa['caCertFile'])) 
     290        ctx.load_verify_locations(capath=srv.aa['sslCACertDir']) 
    298291         
    299292        class ContextFactory: 
Note: See TracChangeset for help on using the changeset viewer.