Ignore:
Timestamp:
12/12/07 14:40:04 (12 years ago)
Author:
pjkersha
Message:

Working Attribute Authority unit tests with WS-Security multiple CAs support. This will be needed for deployment of MyProxy? with Simple CA at partner sites.

Added CA cert and certs and keys for a *TEST* CA for use with unit tests. This CA is NOT for production use.

python/ndg.security.server/setup.py: include .crt certs in conf/ package data

python/ndg.security.server/ndg/security/server/AttAuthority/init.py: added sslCACertDir param. It enables M2Crypto SSL server side to pick up multiple CA certs for a dir.

python/ndg.security.server/ndg/security/server/conf/certs/ca/init.py: make new ca/ dir a package so that it's exported with egg package data.

python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
python/ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • alter WS-Security SOAP handler init to accept multiple CA certs.
  • load multiple CA certs from sslCACertDir key of SessionMgr/AttAuthority? instance

python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/AttAuthority/siteBAttAuthorityProperties.xml,
python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

  • added new sslCACertDir elem
  • fixed caCertFile - only single elem required

python/ndg.security.test/setup.py: include TEST CA and certs and keys issued from it for use in unit tests. These are fro test only.

python/ndg.security.test/ndg/security/test/AttAuthority/ca/ndg-test-ca.crt,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.key,
python/ndg.security.test/ndg/security/test/AttAuthority/siteA-aa.crt: test CA certs and key.

python/ndg.security.test/ndg/security/test/AttAuthority/init.py: fix description

python/ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: ditto + added NDGSEC_INT_DEBUG env var option

python/ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: fixed for new location of CA cert in ca/ sub-dir

python/ndg.security.test/ndg/security/test/sessionMgrClient/ca/init.py,
python/ndg.security.test/ndg/security/test/sessionMgr/ca/init.py,
python/ndg.security.test/ndg/security/test/AttAuthority/ca/init.py: ensure ca/ dir gets included in egg package data

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac

    r3133 r3135  
    214214 
    215215if srv.sm['useSignatureHandler']: 
    216         # Initialise WS-Security signature handler passing Attribute Authority 
    217         # public and private keys 
    218         caCertFile = srv.sm.get('caCertFile') 
    219         if caCertFile: 
    220                 caCertFilePathList = (caCertFile,)  
    221         else: 
    222                 caCertFilePathList = None 
    223          
    224216        # Initialise WS-Security signature handler passing Session Manager 
    225217        # public and private keys 
    226218        WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    227                                                                 verifyingCertFilePath=srv.sm['clntCertFile'], 
    228                                     signingCertFilePath=srv.sm['certFile'], 
    229                                     signingPriKeyFilePath=srv.sm['keyFile'], 
    230                                     signingPriKeyPwd=srv.sm['keyPwd'], 
    231                                     caCertFilePathList=caCertFilePathList) 
     219                                                        verifyingCertFilePath=srv.sm['clntCertFile'], 
     220                            signingCertFilePath=srv.sm['certFile'], 
     221                            signingPriKeyFilePath=srv.sm['keyFile'], 
     222                            signingPriKeyPwd=srv.sm['keyPwd'], 
     223                            caCertFilePathList=srv.aa.get('caCertFileList')) 
    232224 
    233225# Add Service to Session Manager branch 
     
    267259        ctx.set_verify(SSL.verify_client_once, 1) 
    268260 
    269         ctx.load_verify_locations(capath=srv.sm['sslCACertDir'])) 
     261        ctx.load_verify_locations(capath=srv.sm['sslCACertDir']) 
    270262 
    271263        class ContextFactory: 
Note: See TracChangeset for help on using the changeset viewer.