Changeset 3189 for TI12-security


Ignore:
Timestamp:
09/01/08 13:37:16 (12 years ago)
Author:
pjkersha
Message:

Improvements to Attribute Authority SOAP client unit tests. Tests now include test PKI files

security/python/ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClient.py,
security/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClient.cfg:

  • improved comments and added NDGSEC_AACLNT_UNITTEST_DIR env to enable running of tests from any dir
  • simplified WSSE settings for use of proxy cert / non-proxy cert.

security/python/ndg.security.test/ndg/security/test/attAuthority/siteAServer.py,
security/python/ndg.security.test/ndg/security/test/attAuthority/siteBServer.py:
replace equivalent .sh shell scripts with python equivalents based on a hack of twistd source code.

security/python/ndg.security.test/ndg/security/test/attAuthority/siteAServer.sh,
security/python/ndg.security.test/ndg/security/test/attAuthority/siteBServer.sh:
removed and replaced with above python versions.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority
Files:
4 added
2 deleted
5 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClientTest.py

    r3141 r3189  
    2020from ndg.security.common.AttCert import AttCertRead 
    2121from ndg.security.common.X509 import X509CertParse, X509CertRead 
     22from ndg.security.common.wsSecurity import SignatureHandler as SigHdlr 
     23 
     24from os.path import expandvars as xpdVars 
     25from os.path import join as jnPath 
     26mkPath = lambda file: jnPath(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'], file) 
    2227 
    2328 
     
    4651    def setUp(self): 
    4752 
     53        if 'NDGSEC_INT_DEBUG' in os.environ: 
     54            import pdb 
     55            pdb.set_trace() 
     56         
     57        if 'NDGSEC_AACLNT_UNITTEST_DIR' not in os.environ: 
     58            os.environ['NDGSEC_AACLNT_UNITTEST_DIR'] = \ 
     59                os.path.abspath(os.path.dirname(__file__)) 
     60 
    4861        configParser = SafeConfigParser() 
    49         configParser.read("./attAuthorityClientTest.cfg") 
     62        configFilePath = jnPath(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'], 
     63                                'attAuthorityClientTest.cfg') 
     64        configParser.read(configFilePath) 
    5065         
    5166        self.cfg = {} 
     
    6883        # signature for server reponse 
    6984        try: 
    70             caCertFilePathList=self.cfg['setUp']['cacertfilepathlist'].split() 
     85            caCertFilePathList = [xpdVars(file) for file in \ 
     86                            self.cfg['setUp']['cacertfilepathlist'].split()] 
    7187        except KeyError: 
    7288            caCertFilePathList = [] 
    7389           
    7490        try: 
    75             sslCACertList = [X509CertRead(file) for file in \ 
     91            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
    7692                         self.cfg['setUp']['sslcacertfilepathlist'].split()] 
    7793        except KeyError: 
    7894            sslCACertList = [] 
    7995             
    80            
     96        clntCertFilePath = xpdVars(self.cfg['setUp'].get('clntcertfilepath'))          
     97        clntPriKeyFilePath=xpdVars(self.cfg['setUp'].get('clntprikeyfilepath')) 
    8198        reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    8299 
    83100        # Check certificate types proxy or standard 
    84         proxyCertFilePath = self.cfg['setUp'].get('proxycertfilepath') 
    85         if proxyCertFilePath: 
     101        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    86102            signingCertChain = \ 
    87                         self._getCertChainFromProxyCertFile(proxyCertFilePath) 
     103                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     104            signingCertFilePath = None 
    88105        else: 
    89106            signingCertChain = None 
     107            signingCertFilePath = clntCertFilePath 
    90108                 
    91109        setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
     
    97115            setSignatureHandler=setSignatureHandler, 
    98116            reqBinSecTokValType=reqBinSecTokValType, 
    99             signingCertFilePath=self.cfg['setUp'].get('clntcertfilepath'), 
     117            signingCertFilePath=signingCertFilePath, 
    100118            signingCertChain=signingCertChain, 
    101             signingPriKeyFilePath=self.cfg['setUp'].get('clntprikeyfilepath'), 
     119            signingPriKeyFilePath=clntPriKeyFilePath, 
    102120            signingPriKeyPwd=self.clntPriKeyPwd, 
    103121            caCertFilePathList=caCertFilePathList, 
    104122            tracefile=sys.stderr) 
    105          
    106         if 'NDGSEC_INT_DEBUG' in os.environ: 
    107             import pdb 
    108             pdb.set_trace() 
    109123             
    110124     
     
    164178        try: 
    165179            userCertFilePath = \ 
    166                 self.cfg['test5GetAttCert'].get('issuingclntcertfilepath') 
     180            xpdVars(self.cfg['test5GetAttCert'].get('issuingclntcertfilepath')) 
    167181            userCertTxt = open(userCertFilePath, 'r').read() 
    168182         
     
    180194        print "Attribute Certificate: \n\n:" + str(attCert) 
    181195         
    182         attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath'] 
     196        attCert.filePath = \ 
     197                        xpdVars(self.cfg['test5GetAttCert']['attcertfilepath']) 
    183198        attCert.write() 
     199         
    184200         
    185201    def test6GetAttCertWithUserIdSet(self):         
     
    190206        # Read user Certificate into a string ready for passing via WS 
    191207        try: 
    192             userCertFilePath = \ 
    193     self.cfg['test6GetAttCertWithUserIdSet'].get('issuingclntcertfilepath') 
     208            userCertFilePath = xpdVars(\ 
     209    self.cfg['test6GetAttCertWithUserIdSet'].get('issuingclntcertfilepath')) 
    194210            userCertTxt = open(userCertFilePath, 'r').read() 
    195211         
     
    209225        print "Attribute Certificate: \n\n:" + str(attCert) 
    210226         
    211         attCert.filePath = self.cfg['test5GetAttCert']['attcertfilepath'] 
     227        attCert.filePath = \ 
     228                        xpdVars(self.cfg['test5GetAttCert']['attcertfilepath']) 
    212229        attCert.write() 
     230 
    213231 
    214232    def test7GetMappedAttCert(self):         
     
    218236        # Read user Certificate into a string ready for passing via WS 
    219237        try: 
    220             userCertFilePath = \ 
    221             self.cfg['test7GetMappedAttCert'].get('issuingclntcertfilepath') 
     238            userCertFilePath = xpdVars(\ 
     239            self.cfg['test7GetMappedAttCert'].get('issuingclntcertfilepath')) 
    222240            userCertTxt = open(userCertFilePath, 'r').read() 
    223241         
     
    233251        # Simlarly for Attribute Certificate  
    234252        try: 
    235             userAttCert = AttCertRead(\ 
    236                 self.cfg['test7GetMappedAttCert']['userattcertfilepath']) 
     253            userAttCert = AttCertRead(xpdVars(\ 
     254                self.cfg['test7GetMappedAttCert']['userattcertfilepath'])) 
    237255             
    238256        except IOError, ioErr: 
     
    253271        # signature for server reponse 
    254272        try: 
    255             caCertFilePathList=\ 
    256             self.cfg['test7GetMappedAttCert']['cacertfilepathlist'].split() 
     273            caCertFilePathList = [xpdVars(file) for file in \ 
     274            self.cfg['test7GetMappedAttCert']['cacertfilepathlist'].split()] 
    257275        except: 
    258276            caCertFilePathList = [] 
    259277             
     278             
     279        clntCertFilePath = xpdVars(\ 
     280                self.cfg['test7GetMappedAttCert'].get('clntcertfilepath')) 
     281        clntPriKeyFilePath = xpdVars(\ 
     282                self.cfg['test7GetMappedAttCert'].get('clntprikeyfilepath')) 
     283                 
    260284        reqBinSecTokValType = \ 
    261285                self.cfg['test7GetMappedAttCert'].get('reqbinsectokvaltype') 
    262          
     286 
    263287        # Check certificate types proxy or standard 
    264         proxyCertFilePath = \ 
    265                     self.cfg['test7GetMappedAttCert'].get('proxycertfilepath') 
    266         if proxyCertFilePath: 
     288        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    267289            signingCertChain = \ 
    268                         self._getCertChainFromProxyCertFile(proxyCertFilePath)        
     290                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     291            signingCertFilePath = None 
    269292        else: 
    270293            signingCertChain = None 
     294            signingCertFilePath = clntCertFilePath 
    271295 
    272296        setSignatureHandler = \ 
     
    275299        # Make client to site B Attribute Authority 
    276300        clnt = AttAuthorityClient(\ 
    277 uri=self.cfg['test7GetMappedAttCert']['uri'],  
    278 setSignatureHandler=setSignatureHandler, 
    279 reqBinSecTokValType=reqBinSecTokValType, 
    280 signingCertFilePath=self.cfg['test7GetMappedAttCert'].get('clntcertfilepath'), 
    281 signingCertChain=signingCertChain, 
    282 signingPriKeyFilePath=self.cfg['test7GetMappedAttCert'].get('clntprikeyfilepath'), 
    283 signingPriKeyPwd=clntPriKeyPwd, 
    284 caCertFilePathList=caCertFilePathList, 
    285 tracefile=sys.stderr) 
     301                                uri=self.cfg['test7GetMappedAttCert']['uri'],  
     302                                setSignatureHandler=setSignatureHandler, 
     303                                reqBinSecTokValType=reqBinSecTokValType, 
     304                                signingCertFilePath=signingCertFilePath, 
     305                                signingCertChain=signingCertChain, 
     306                                signingPriKeyFilePath=clntPriKeyFilePath, 
     307                                signingPriKeyPwd=clntPriKeyPwd, 
     308                                caCertFilePathList=caCertFilePathList, 
     309                                tracefile=sys.stderr) 
    286310     
    287311        # Make attribute certificate request 
     
    290314        print "Attribute Certificate: \n\n:" + str(attCert) 
    291315         
    292         attCert.filePath = \ 
    293                     self.cfg['test7GetMappedAttCert']['mappedattcertfilepath'] 
     316        attCert.filePath = xpdVars(\ 
     317                    self.cfg['test7GetMappedAttCert']['mappedattcertfilepath']) 
    294318        attCert.write() 
    295319         
    296320         
    297321    def test8GetMappedAttCertStressTest(self):         
    298         """test8GetMappedAttCertStressTest: Request mapped attribute certificate from  
    299         NDG Attribute Authority Web Service.""" 
     322        """test8GetMappedAttCertStressTest: Request mapped attribute  
     323        certificate from NDG Attribute Authority Web Service.""" 
    300324     
    301325        # Read user Certificate into a string ready for passing via WS 
    302326        try: 
    303             userCertFilePath = \ 
    304     self.cfg['test8GetMappedAttCertStressTest'].get('issuingclntcertfilepath') 
     327            userCertFilePath = xpdVars(\ 
     328    self.cfg['test8GetMappedAttCertStressTest'].get('issuingclntcertfilepath')) 
    305329            userCertTxt = open(userCertFilePath, 'r').read() 
    306330         
     
    314338 
    315339        try: 
    316             if self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeypwd') is None: 
     340            clntPriKeyPwd = \ 
     341            self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeypwd') 
     342            if clntPriKeyPwd is None: 
    317343                clntPriKeyPwd = getpass.getpass(\ 
    318344                            prompt="\nsetUp - client private key password: ") 
    319             else: 
    320                 clntPriKeyPwd = \ 
    321             self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeypwd') 
    322345        except KeyboardInterrupt: 
    323346            sys.exit(0) 
     
    326349        # signature for server reponse 
    327350        try: 
    328             caCertFilePathList=\ 
    329     self.cfg['test8GetMappedAttCertStressTest']['cacertfilepathlist'].split() 
     351            caCertFilePathList = [xpdVars(file) for file in \ 
     352    self.cfg['test8GetMappedAttCertStressTest']['cacertfilepathlist'].split()] 
    330353        except: 
    331354            caCertFilePathList = [] 
    332              
     355 
     356 
     357        clntCertFilePath = xpdVars(\ 
     358        self.cfg['test8GetMappedAttCertStressTest'].get('clntcertfilepath'))            
     359 
     360        clntPriKeyFilePath = xpdVars(\ 
     361        self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeyfilepath')) 
     362 
    333363        reqBinSecTokValType = \ 
    334364        self.cfg['test8GetMappedAttCertStressTest'].get('reqbinsectokvaltype') 
    335365         
    336366        # Check certificate types proxy or standard 
    337         proxyCertFilePath = \ 
    338         self.cfg['test8GetMappedAttCertStressTest'].get('proxycertfilepath') 
    339         if proxyCertFilePath: 
     367        if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    340368            signingCertChain = \ 
    341                         self._getCertChainFromProxyCertFile(proxyCertFilePath)        
     369                        self._getCertChainFromProxyCertFile(clntCertFilePath) 
     370            signingCertFilePath = None 
    342371        else: 
    343372            signingCertChain = None 
     373            signingCertFilePath = clntCertFilePath 
    344374 
    345375        setSignatureHandler = \ 
    346376    eval(self.cfg['test8GetMappedAttCertStressTest']['setsignaturehandler']) 
    347         
     377         
    348378        # Make client to site B Attribute Authority 
    349379        clnt = AttAuthorityClient(\ 
    350 uri=self.cfg['test8GetMappedAttCertStressTest']['uri'],  
    351 setSignatureHandler=setSignatureHandler, 
    352 reqBinSecTokValType=reqBinSecTokValType, 
    353 signingCertChain=signingCertChain, 
    354 signingCertFilePath=self.cfg['test8GetMappedAttCertStressTest'].get('clntcertfilepath'), 
    355 signingPriKeyFilePath=self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeyfilepath'), 
    356 signingPriKeyPwd=clntPriKeyPwd, 
    357 caCertFilePathList=caCertFilePathList, 
    358 tracefile=sys.stderr) 
    359  
    360         acFilePathList = \ 
    361 self.cfg['test8GetMappedAttCertStressTest']['userattcertfilepathlist'].split() 
     380                        uri=self.cfg['test8GetMappedAttCertStressTest']['uri'],  
     381                        setSignatureHandler=setSignatureHandler, 
     382                        reqBinSecTokValType=reqBinSecTokValType, 
     383                        signingCertChain=signingCertChain, 
     384                        signingCertFilePath=clntCertFilePath, 
     385                        signingPriKeyFilePath=clntPriKeyFilePath, 
     386                        signingPriKeyPwd=clntPriKeyPwd, 
     387                        caCertFilePathList=caCertFilePathList, 
     388                        tracefile=sys.stderr) 
     389 
     390        acFilePathList = [xpdVars(file) for file in \ 
     391self.cfg['test8GetMappedAttCertStressTest']['userattcertfilepathlist'].split()] 
    362392 
    363393        for acFilePath in acFilePathList: 
     
    378408                msgFile = open(outFilePfx+".msg", 'w') 
    379409                msgFile.write('Failed for "%s": %s\n' % (acFilePath, e)) 
     410              
    380411              
    381412#_____________________________________________________________________________        
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/README

    r2058 r3189  
    11Unit tests for Attribute Authority Web Service Client 
    2 _____________________________________________________ 
     2===================================================== 
     3The test client connects to two different test Attribute Authorities 
     4corresponding to the fictitious Service Providers Site "A" and Site "B".  These 
     5services must be started before running the unit tests.  Start a terminal in 
     6this directory and run 
    37 
    4 Before running the tests start the Attribute Authority web services running: 
    58 
    6 $ ./siteAServer.sh 
     9$ python ./siteAServer.py 
    710 
    8 and in a separate terminal: 
     11...and in a separate terminal: 
    912 
    10 $ ./siteBServer.sh 
     13$ python ./siteBServer.py 
    1114 
    12 The siteBServer is only needed for tests for getting mapped certificates: 
    13 test6GetMappedCert 
     15Note however that the siteBServer is only needed for tests for getting mapped  
     16certificates: test7GetMappedAttCert and test8GetMappedAttCertStressTest 
    1417 
    15 Run the unit tests script AttAuthorityClientTest.py from another terminal. 
     18Run the unit tests script AttAuthorityClientTest.py from another terminal: 
     19 
     20$ python ./AttAuthorityClientTest.py 
     21 
     22Tests can be run individually e.g. 
     23 
     24$ python ./AttAuthorityClientTest.py AttAuthorityClientTestCase.test1GetX509Cert 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg

    r3141 r3189  
    77# This software may be distributed under the terms of the Q Public License, 
    88# version 1.0 or later. 
     9 
    910[setUp] 
    1011# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this  
     
    1617# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    1718# same as peer hostname.  
    18 sslpeercertcn = Junk 
    19 sslcacertfilepathlist = ./ca/cacert.pem 
     19sslpeercertcn = AttributeAuthority 
     20sslcacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    2021 
    21 # X.509 certificate for Attribute Authority - to verify the signature of 
    22 # returned responses 
     22# Site A Attribute Authority X.509 certificate used by WS-Security signature 
     23# handler to verify signature of messages returned from the Attribute Authority 
     24# This can normally be omitted because the Attribute Authority returns this 
     25# certificate in it's response anyway 
    2326#aacertfilepath =  
    24  
    25 # Password protecting client private key - if omitted it will be prompted for 
    26 # from tty 
    27 clntprikeypwd =  
    2827 
    2928# Set to False to test service without WS-Security signature 
    3029setsignaturehandler = True 
    3130 
    32 # ValueType for BinarySecurityToken element of WSSE header.  Specify 
    33 # 'X509PKIPathv1' for use with proxy certificates 
     31# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
     32# one which applies ... 
     33 
     34# Specifies token is an X.509 certificate 
     35#reqbinsectokvaltype = X509 
     36 
     37# Stipulate X.509 version 3 format 
    3438reqbinsectokvaltype = X509v3 
    35 #reqbinsectokvaltype = X509 
     39 
     40# Specify multiple certificates in a chain of trust.  Use this setting for  
     41# proxy certificates where a certificate chain consisting of user certificate 
     42# and proxy certificate is required to secure trust back to the 
     43# CA: <- User Certificate <- Proxy Certificate 
    3644#reqbinsectokvaltype = X509PKIPathv1 
    3745 
    38 # Test with proxy certificates or with standard certs.  Comment out as  
    39 # appropriate 
    40 #proxycertfilepath = ./proxy-cert.pem 
     46# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
     47# This certificate is expected to contain a certificate chain of proxy 
     48# certificate and user certificate that issued it.  The default is test.crt, 
     49# a standard certificate.  The certificate returned from the MyProxy unit test 
     50# could be used in place of it here. 
     51# 
     52# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
     53# AttAuthorityClientTest.py to default to the same directory as the script 
     54clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    4155 
    42 # Test without proxy certificates - uses AA server side cert/private key for 
    43 # client side too (!) 
    44 clntcertfilepath = ./aa-cert.pem 
     56# Client private key 
     57clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    4558 
    46 clntprikeyfilepath = ./aa-key.pem 
    47 #clntprikeyfilepath = ./proxy-key.pem 
     59# Set password for private key - leave blank if no password is set or comment  
     60# out to be prompted for it from the command line 
     61clntprikeypwd =  
    4862 
    4963# Space separated list of CA certificate files used to verify certificate used 
    5064# in message signature / peer cert in SSL connection 
    51 cacertfilepathlist = ./ca/cacert.pem ./ca/ndg-test-ca.crt 
     65cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    5266 
    5367[test3GetTrustedHostInfo] 
    5468role = postgrad 
    55 # Test no matching role exception 
     69# Set an alternative role here to test no matching role found exception 
    5670#role = blah 
    5771  
     
    5973# If clntcertfilepath is a proxy set this cert as the one that issued the  
    6074# proxy.  Comment out if clntcertfilepath is a standard X.509 cert. 
    61 #issuingclntcertfilepath = ./user-cert.pem 
     75#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/user-cert.pem 
    6276 
    6377# Test with no digital signature applied 
    64 #issuingclntcertfilepath = ./proxy-cert.pem 
     78#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem 
    6579# Setup for use by testGetMappedAttCert test 
    66 attCertFilePath = ./ac-clnt.xml 
     80attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    6781 
    6882[test6GetAttCertWithUserIdSet] 
    6983userId = system 
    7084# Comment out if SignatureHandler is being used 
    71 #issuingclntcertfilepath = ./aa-cert.pem 
     85#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    7286 
    7387[test7GetMappedAttCert] 
     
    7589setsignaturehandler = True 
    7690 
    77 # ValueType for BinarySecurityToken element of WSSE header.  Specify 
    78 # 'X509PKIPathv1' for use with proxy certificates 
     91# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
     92# one which applies ... 
     93 
     94# Specifies token is an X.509 certificate 
     95#reqbinsectokvaltype = X509 
     96 
     97# Stipulate X.509 version 3 format 
    7998reqbinsectokvaltype = X509v3 
    80 #reqbinsectokvaltype = X509 
     99 
     100# Specify multiple certificates in a chain of trust.  Use this setting for  
     101# proxy certificates where a certificate chain consisting of user certificate 
     102# and proxy certificate is required to secure trust back to the 
     103# CA: <- User Certificate <- Proxy Certificate 
    81104#reqbinsectokvaltype = X509PKIPathv1 
    82105 
    83 # Test with proxy certificates or with standard certs.  Comment out as  
    84 # appropriate 
    85 #proxycertfilepath = ./proxy-cert.pem 
    86 clntcertfilepath = ./aa-cert.pem 
     106# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
     107# This certificate is expected to contain a certificate chain of proxy 
     108# certificate and user certificate that issued it.  The default is test.crt, 
     109# a standard certificate.  The certificate returned from the MyProxy unit test 
     110# could be used in place of it here. 
     111# 
     112# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
     113# AttAuthorityClientTest.py to default to the same directory as the script 
     114clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    87115 
     116# Set password for private key - leave blank if no password is set or comment  
     117# out to be prompted for it from the command line 
    88118clntprikeypwd =  
    89 clntprikeyfilepath = ./proxy-key.pem 
    90 clntprikeyfilepath = ./aa-key.pem 
     119clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    91120 
    92121# Space separated list of CA certificate files used to verify certificate used 
    93122# in message signature 
    94 cacertfilepathlist = ./ca/cacert.pem 
     123cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    95124 
    96125uri = http://localhost:5100/AttributeAuthority 
     
    99128# Marine Data Server 
    100129#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority 
    101 userAttCertFilePath = ./ac-clnt.xml 
     130userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    102131 
    103 mappedAttCertFilePath = ./mapped-ac.xml 
     132mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml 
    104133 
    105134[test8GetMappedAttCertStressTest] 
     
    107136setSignatureHandler = True 
    108137 
    109 # ValueType for BinarySecurityToken element of WSSE header.  Specify 
    110 # 'X509PKIPathv1' for use with proxy certificates 
     138# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
     139# one which applies ... 
     140 
     141# Specifies token is an X.509 certificate 
     142#reqbinsectokvaltype = X509 
     143 
     144# Stipulate X.509 version 3 format 
    111145reqbinsectokvaltype = X509v3 
    112 #reqbinsectokvaltype = X509 
     146 
     147# Specify multiple certificates in a chain of trust.  Use this setting for  
     148# proxy certificates where a certificate chain consisting of user certificate 
     149# and proxy certificate is required to secure trust back to the 
     150# CA: <- User Certificate <- Proxy Certificate 
    113151#reqbinsectokvaltype = X509PKIPathv1 
    114152 
    115 # Test with proxy certificates or with standard certs.  Comment out as  
    116 # appropriate 
    117 #proxycertfilepath = ./proxy-cert.pem 
    118 clntcertfilepath = ./aa-cert.pem 
     153# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
     154# This certificate is expected to contain a certificate chain of proxy 
     155# certificate and user certificate that issued it.  The default is test.crt, 
     156# a standard certificate.  The certificate returned from the MyProxy unit test 
     157# could be used in place of it here. 
     158# 
     159# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
     160# AttAuthorityClientTest.py to default to the same directory as the script 
     161clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    119162 
     163# Set password for private key - leave blank if no password is set or comment  
     164# out to be prompted for it from the command line 
    120165clntprikeypwd =  
    121 clntprikeyfilepath = ./aa-key.pem 
     166clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    122167 
    123168# Space separated list of CA certificate files used to verify certificate used 
    124169# in message signature 
    125 cacertfilepathlist = ./ca/cacert.pem 
     170cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    126171 
    127172uri = http://localhost:5000/AttributeAuthority 
    128 userAttCertFilePathList = ./ac-clnt.xml 
     173userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    129174 
    130175 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml

    r3141 r3189  
    44    <portNum>5000</portNum> 
    55    <useSSL></useSSL> <!-- leave blank to use http --> 
    6     <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile> 
    7     <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile> 
     6    <sslCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</sslCertFile> 
     7    <sslKeyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</sslKeyFile> 
    88    <sslKeyPwd></sslKeyPwd> 
    99    <!--  
     
    1111     - ignored if useSSL is blank 
    1212    --> 
    13     <sslCACertDir>$NDGSEC_AA_UNITTEST_DIR/ca</sslCACertDir> 
    14     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    15     <certFile>$NDGSEC_AA_UNITTEST_DIR/siteA-aa.crt</certFile> 
    16     <keyFile>$NDGSEC_AA_UNITTEST_DIR/siteA-aa.key</keyFile> 
     13    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
     14    <!-- leave blank for no signature --> 
     15    <useSignatureHandler>Yes</useSignatureHandler>  
     16    <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
     17    <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    1718    <keyPwd></keyPwd> 
    1819    <caCertFileList> 
    19         <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    20         <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     20        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    2121    </caCertFileList> 
    2222    <!--  
     
    3030    <attCertFileName>ac.xml</attCertFileName> 
    3131    <attCertFileLogCnt>16</attCertFileLogCnt> 
    32     <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile> 
    33     <attCertDir>$NDGSEC_AA_UNITTEST_DIR/attCertLog</attCertDir> 
     32    <mapConfigFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile> 
     33    <attCertDir>$NDGSEC_AACLNT_UNITTEST_DIR/attCertLog</attCertDir> 
    3434    <dnSeparator>/</dnSeparator> 
    35     <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath> 
     35    <userRolesModFilePath>$NDGSEC_AACLNT_UNITTEST_DIR</userRolesModFilePath> 
    3636    <userRolesModName>siteAUserRoles</userRolesModName> 
    3737    <userRolesClassName>TestUserRoles</userRolesClassName> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml

    r3141 r3189  
    1010     - ignored if useSSL is blank  
    1111    --> 
    12     <sslCACertDir>$NDGSEC_AA_UNITTEST_DIR/ca</sslCACertDir> 
     12    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
    1313    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    14     <certFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</certFile> 
     14    <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</certFile> 
    1515    <caCertFileList> 
    16         <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    17         <caCertFile>$NDGSEC_AA_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     16        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    1817    </caCertFileList> 
    19     <keyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</keyFile> 
     18    <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</keyFile> 
    2019    <keyPwd></keyPwd> 
    2120    <!--  
     
    2928    <attCertFileName>ac.xml</attCertFileName> 
    3029    <attCertFileLogCnt>16</attCertFileLogCnt> 
    31     <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteBMapConfig.xml</mapConfigFile> 
    32     <attCertDir>$NDGSEC_AA_UNITTEST_DIR/attCertLog</attCertDir> 
     30    <mapConfigFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteBMapConfig.xml</mapConfigFile> 
     31    <attCertDir>$NDGSEC_AACLNT_UNITTEST_DIR/attCertLog</attCertDir> 
    3332    <dnSeparator>/</dnSeparator> 
    34     <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath> 
     33    <userRolesModFilePath>$NDGSEC_AACLNT_UNITTEST_DIR</userRolesModFilePath> 
    3534    <userRolesModName>siteBUserRoles</userRolesModName> 
    3635    <userRolesClassName>TestUserRoles</userRolesClassName> 
Note: See TracChangeset for help on using the changeset viewer.