Changeset 4138


Ignore:
Timestamp:
27/08/08 11:48:57 (11 years ago)
Author:
cbyrom
Message:

Implement consistent use of keywords throughout the codebase - using
the wssecurity class as the guide - effectively changing the xml
property file key names to match those of the ini files. Also remove
useSignatureHandler keyword and replace with a check for the WS-Security
property + add better checking of properties in the tac and py files
+ add new config files and remove some unnecessary ones.

Location:
TI12-security/trunk/python
Files:
1 added
2 deleted
39 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py

    r4129 r4138  
    4747        # Derive designated holder cert differently according to whether 
    4848        # a signed message is expected from the client 
    49         if self.aa['useSignatureHandler']: 
     49        if self.aa.has_key('WS-Security'): 
    5050            # Get certificate corresponding to private key that signed the 
    5151            # message - i.e. the user's proxy 
     
    196196        request, response = _AttAuthorityService.soap_getX509Cert(self, ps) 
    197197         
    198         x509Cert = X509CertRead(self.aa['certFile']) 
     198        x509Cert = X509CertRead(self.aa['signingCertFilePath']) 
    199199        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    200200        return request, response 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/ConfigFileParsers.py

    r4134 r4138  
    2727expandEnvVars = lambda x: isinstance(x, basestring) and os.path.expandvars(x).strip() or x 
    2828 
    29 # since they are used across services, define the valid keys for the WS-Security section 
    30 # here for easy access 
    31 __wsSecurityValidKeys = { 
    32         'certFile':               None, 
    33         'keyFile':                None, 
    34         'keyPwd':                 None, 
    35         'clntCertFile':           None, 
    36         'caCertFileList':         [], 
    37         'wssRefInclNS':           [], 
    38         'wssSignedInfoInclNS':    [], 
    39         'reqBinSecTokValType':    'X509v3', 
    40         'applySignatureConfirmation': True, 
    41         'useSignatureHandler':    True 
    42         } 
    4329 
    4430class CaseSensitiveConfigParser(SafeConfigParser): 
     
    143129            keys = validKeys 
    144130            if section == 'WS-Security': 
    145                 keys = __wsSecurityValidKeys #WSSecurityConfig.defParam 
     131                keys = WSSecurityConfig.defParam 
    146132            properties[section] = _parseConfig(cfg, keys, section=section) 
    147133 
     
    262248                keys = validKeys 
    263249                if key == 'WS-Security': 
    264                     keys = __wsSecurityValidKeys #WSSecurityConfig.defParam 
     250                    keys = WSSecurityConfig.defParam 
    265251                val = readXMLPropertyFile(propFilePath, keys, rootElem=elem) 
    266252 
     
    309295        # using the properties listed here 
    310296        if key == 'WS-Security': 
    311             validateProperties(properties[key], __wsSecurityValidKeys) 
     297            validateProperties(properties[key], WSSecurityConfig.defParam) 
    312298        else: 
    313299            if key not in validKeys: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/AttAuthority/__init__.py

    r4135 r4138  
    115115                    } 
    116116     
     117    WS_SETTINGS_KEY = 'WS-Security' 
     118 
    117119    def __init__(self, propFilePath=None, bReadMapConfig=True): 
    118120        """Create new NDG Attribute Authority instance 
     
    149151        # Instantiate Certificate object 
    150152        log.debug("Reading and checking Attribute Authority X.509 cert. ...") 
    151         self.__cert = X509Cert(self.__prop['certFile']) 
     153        self.__cert = X509Cert(self.__prop['signingCertFilePath']) 
    152154        self.__cert.read() 
    153155 
     
    202204         
    203205        # add the WS-security properties to the main properties 
    204         self.__prop.update(self.__prop['WS-Security']) 
     206        if self.__prop.has_key(self.WS_SETTINGS_KEY): 
     207            self.__prop.update(self.__prop[self.WS_SETTINGS_KEY]) 
    205208 
    206209        # Ensure Certificate time parameters are converted to numeric type 
     
    457460 
    458461        # First cert in list corresponds to the private key 
    459         attCert.certFilePathList = [self.__prop['certFile']] + \ 
     462        attCert.certFilePathList = [self.__prop['signingCertFilePath']] + \ 
    460463                                    self.__prop['caCertFileList'] 
    461464         
    462         attCert.signingKeyFilePath = self.__prop['keyFile'] 
    463         attCert.signingKeyPwd = self.__prop['keyPwd'] 
     465        attCert.signingKeyFilePath = self.__prop['signingPriKeyFilePath'] 
     466        attCert.signingKeyPwd = self.__prop['signingPriKeyPwd'] 
    464467         
    465468         
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

    r4129 r4138  
    5454from ndg.security.common.sessionCookie import SessionCookie 
    5555 
     56# generic parser to read INI/XML properties file 
     57from ndg.security.common.utils.ConfigFileParsers import readAndValidateProperties 
     58 
    5659# Use in SessionMgr __redirectAttCertReq to retrieve and store Public  
    5760# key 
     
    317320getMissingElem = lambda targ, ref: [e for e in targ if e not in ref] 
    318321 
    319 # Expand environment variables for ElementTree Element type.  Use in  
    320 # readProperties. 
     322# Expand environment variables for ElementTree Element type. 
    321323filtElemTxt = lambda elem: isinstance(elem.text, basestring) and \ 
    322324                os.path.expandvars(elem.text).strip() or elem.text 
     
    348350        'sslKeyFile':             None, 
    349351        'sslCACertDir':           None, 
    350         'useSignatureHandler':    None, 
    351         'caCertFileList':         [], 
    352         'certFile':               None, 
    353         'keyFile':                None, 
    354         'keyPwd':                 None, 
    355         'clntCertFile':           None, 
    356         'wssRefInclNS':           [], 
    357         'wssSignedInfoInclNS':    [], 
    358352        'sessMgrEncrKey':         None,  
    359353        'sessMgrURI':             None, 
     
    369363    __propFileName = "sessionMgrProperties.xml" 
    370364      
     365    WS_SETTINGS_KEY = 'WS-Security' 
    371366     
    372367    #_________________________________________________________________________ 
     
    403398            raise SessionMgrError("Creating MyProxy interface: %s" % e) 
    404399     
    405         # Dictionary to hold properties       
    406         self.__prop = {} 
    407          
    408400        # Set from input or use defaults based or environment variables 
    409         self.setPropFilePath(propFilePath) 
     401        self.propFilePath = propFilePath 
    410402         
    411403        # Set properties from file 
     
    568560        """Set properties file from input or based on environment variable 
    569561        settings""" 
     562        log.debug("Setting property file path") 
    570563        if not val: 
    571564            if 'NDGSEC_SM_PROPFILEPATH' in os.environ: 
     
    594587                                 "string.") 
    595588       
    596         self.__propFilePath = val 
     589        self._propFilePath = val 
     590        log.debug("Path set to: %s" %val) 
     591         
     592    def getPropFilePath(self): 
     593        log.debug("Getting property file path") 
     594        if hasattr(self, '_propFilePath'): 
     595            return self._propFilePath 
     596        else: 
     597            return "" 
    597598         
    598599    # Also set up as a property 
    599600    propFilePath = property(fset=setPropFilePath, 
     601                            fget=getPropFilePath, 
    600602                            doc="Set the path to the properties file")    
    601603             
    602604 
    603605    #_________________________________________________________________________ 
    604     def readProperties(self, propElem=None): 
    605         """Read Session Manager properties from an XML file or cElementTree 
    606         node 
    607          
    608         @type propElem: Element 
    609         @param propElem: pass in existing ElementTree treeroot 
    610         """ 
    611  
    612         log.debug("Reading properties file ...") 
    613          
    614         if not propElem: 
    615             try: 
    616                 tree = ElementTree.parse(self.__propFilePath) 
    617                 propElem = tree.getroot() 
    618  
    619             except IOError, e: 
    620                 raise SessionMgrError( 
    621                                 "Error parsing properties file \"%s\": %s" % \ 
    622                                 (e.filename, e.strerror))               
    623             except Exception, e: 
    624                 raise SessionMgrError( 
    625                     "Error parsing properties file: \"%s\": %s" % \ 
    626                     (self.__propFilePath, e)) 
    627  
    628         if propElem is None: 
    629             raise SessionMgrError( 
    630                             "Parsing properties: root element is not defined") 
    631   
     606    def readProperties(self): 
     607        ''' 
     608        Read the properties files and do some checking/converting of input values 
     609        ''' 
     610        # Configuration file properties are held together in a dictionary 
     611        self.__prop = readAndValidateProperties(self.propFilePath, validKeys=SessionMgr.__validElem) 
     612        #, \ 
     613                                     #sections = ['myProxyProp', 'credReposProp', 'simpleCACltProp']) 
     614         
     615        # add the WS-security properties to the main properties 
     616        if self.__prop.has_key(self.WS_SETTINGS_KEY): 
     617            self.__prop.update(self.__prop[self.WS_SETTINGS_KEY]) 
     618 
    632619        missingElem = [] 
    633         invalidElem = [] 
    634         try: 
    635             for elem in propElem: 
    636                 if elem.tag == 'myProxyProp': 
    637                     self.__myPx.readProperties(propElem=elem) 
    638      
    639                 elif elem.tag == 'credReposProp': 
    640                     self.__prop['credReposProp'] = \ 
    641                                 dict([(e.tag, filtElemTxt(e)) for e in elem]) 
     620        # Further process the input config detail - to ensure subelement details 
     621        # are properly set up 
     622        for key, val in self.__prop.items(): 
     623            if key == 'myProxyProp': 
     624                self.__myPx.readProperties(propElem = val) 
     625                 
     626            elif key == 'credReposProp': 
     627                self.__prop['credReposProp'] = \ 
     628                    dict([(e.tag, filtElemTxt(e)) for e in val]) 
    642629                             
    643                     # Check for missing elements 
    644                     missingElem.extend(getMissingElem(\ 
     630                # Check for missing elements 
     631                missingElem.extend(getMissingElem(\ 
    645632                                           self.__validElem['credReposProp'], 
    646633                                           self.__prop['credReposProp'])) 
    647634                     
    648                 elif elem.tag == 'simpleCACltProp': 
    649                     self.__prop['simpleCACltProp'] = \ 
    650                                 dict([(e.tag, filtElemTxt(e)) for e in elem]) 
     635            elif key == 'simpleCACltProp': 
     636                self.__prop['simpleCACltProp'] = \ 
     637                    dict([(e.tag, filtElemTxt(e)) for e in val]) 
    651638                             
    652                     # Check for missing elements 
    653                     missingElem.extend(getMissingElem(\ 
     639                # Check for missing elements 
     640                missingElem.extend(getMissingElem(\ 
    654641                                       self.__validElem['simpleCACltProp'], 
    655642                                       self.__prop['simpleCACltProp'])) 
    656643                     
    657                 elif elem.tag in self.__validElem: 
    658                     # Strip white space but not in the case of password  
    659                     # field as password might contain leading or  
    660                     # trailing white space 
    661                     if isinstance(self.__validElem[elem.tag], list): 
    662                         if len(elem) == 0 and elem.text is not None: 
    663                             # Treat as a list of space separated elements 
    664                             self.__prop[elem.tag] = elem.text.split() 
    665                         else: 
    666                             # Parse from a list of sub-elements 
    667                             self.__prop[elem.tag] = [filtElemTxt(subElem) \ 
    668                                                      for subElem in elem] 
    669                          
    670                     elif elem.text is not None and elem.tag != 'keyPwd':                         
    671                         if elem.text.isdigit(): 
    672                             self.__prop[elem.tag] = int(elem.text) 
    673                         else:                             
    674                             # Check for environment variables in file paths 
    675                             self.__prop[elem.tag] = filtElemTxt(elem)         
    676                     else: 
    677                         self.__prop[elem.tag] = elem.text 
    678                 else: 
    679                     invalidElem.append(elem.tag) 
    680                  
    681         except Exception, e: 
    682             raise SessionMgrError( 
    683                 'Error parsing tag "%s" in properties file: %s' % (elem.tag,e)) 
    684644 
    685645        missingElem.extend(getMissingElem(self.__prop, self.__validElem)) 
    686646        errMsg = '' 
    687647         
    688         if invalidElem != []: 
    689             errMsg = 'Invalid elements: "%s"\n' % '", "'.join(invalidElem) 
    690  
    691         if missingElem != []: 
    692             errMsg += 'Missing elements: "%s"\n' % '", "'.join(missingElem) 
    693  
    694         if errMsg: 
    695             raise SessionMgrError(errMsg +  " for properties file") 
    696  
    697         log.info('Loaded properties from "%s"' % self.__propFilePath) 
     648        if missingElem: 
     649            raise SessionMgrError('Missing elements: "%s"\n' %  
     650                                  '", "'.join(missingElem) + \ 
     651                                  " for properties file") 
     652 
     653        log.info('Loaded properties from "%s"' % self._propFilePath) 
    698654        
    699655 
     
    940896            # 
    941897            wssSignatureHandlerKw = { 
    942             'refC14nInclNS': self.__prop.get('wssRefInclNS', []), 
    943             'signedInfoC14nInclNS': self.__prop.get('wssSignedInfoInclNS', [])} 
     898            'refC14nInclNS': self.__prop.get('refC14nInclNS', []), 
     899            'signedInfoC14nInclNS': self.__prop.get('signedInfoC14nInclNS', [])} 
    944900 
    945901            try:    
     
    12301186        try: 
    12311187            sessMgrClnt = SessionMgrClient(uri=userSessMgrURI, 
    1232                                  signingCertFilePath=self.__prop['certFile'], 
    1233                                  signingPriKeyFilePath=self.__prop['keyFile'], 
    1234                                  signingPriKeyPwd=self.__prop['keyPwd'])            
     1188                                 signingCertFilePath=self.__prop['signingCertFilePath'], 
     1189                                 signingPriKeyFilePath=self.__prop['signingPriKeyFilePath'], 
     1190                                 signingPriKeyPwd=self.__prop['signingPriKeyPwd'])            
    12351191        except Exception, e: 
    12361192            raise SessionMgrError( 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/ca/__init__.py

    r2954 r4138  
    7878                    'sslCertFile', 
    7979                    'sslKeyFile', 
    80                     'caCertFile', 
    81                     'certFile', 
    82                     'keyFile', 
    83                     'keyPwd', 
    84                     'clntCertFile', 
    8580                    'openSSLConfigFilePath', 
    8681                    'certLifetimeDays', 
     
    326321                return int(txt) 
    327322             
    328             elif tag != 'keyPwd':  
     323            elif tag != 'signingPriKeyPwd':  
    329324                # Password may contain leading/trailing spaces 
    330325                return os.path.expandvars(txt.strip()) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.cfg

    r4131 r4138  
    3838caCertFileList: $NDGSEC_DIR/conf/certs/ca/cacert.pem   
    3939 
    40 # Leave blank for NO SOAP signature 
    41 useSignatureHandler: Yes  
    42  
    43 # Set the certificate used to verify the signature of messages from the  
    44 # client.  This can usually be left blank since the client is expected to  
    45 # include the cert with the signature in the inbound SOAP message 
    46 clntCertFile: 
    4740# Lifetime is measured in seconds 
    4841attCertLifetime: 86400  
     
    9184signingPriKeyPwd= 
    9285 
     86# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     87# chain of trust from the certificate used to verifying the signature backward  
     88# to the CA cert.  The CA cert need not be included.  To use this option,  
     89# reqBinSecTokValType must be set to the X509PKIPathv1 
     90signingCertChain= 
     91 
    9392# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    9493# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     
    127126# message will be assigned to the verifyingCert attribute. 
    128127 
     128verifyingCert: 
    129129# ... or provide file path PEM encode cert here 
    130130verifyingCertFilePath:  
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.tac

    r4129 r4138  
    8484 
    8585        # Derive designated holder cert differently according to whether 
    86         # a signed message is expected from the client 
    87         if srv.aa['useSignatureHandler']: 
     86        # a signed message is expected from the client - NB, this is dependent 
     87        # on WS-Security properties having been set 
     88        if srv.aa.has_key('WS-Security'): 
    8889            # Get certificate corresponding to private key that signed the 
    8990            # message - i.e. the user's proxy 
     
    234235        request, response = AttAuthorityService.soap_getX509Cert(self, ps) 
    235236         
    236         x509Cert = X509CertRead(srv.aa['certFile']) 
     237        x509Cert = X509CertRead(srv.aa['signingCertFilePath']) 
    237238        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    238239        return request, response 
     
    243244# Create Service 
    244245srv = AttAuthorityServiceSub() 
    245 if srv.aa['useSignatureHandler']: 
     246if srv.aa.has_key('WS-Security'): 
    246247    # Initialise WS-Security signature handler passing Attribute Authority 
    247248    # public and private keys 
    248249     
    249250    # Inclusive namespaces for Exclusive C14N 
    250     refC14nInclNS = srv.aa['wssRefInclNS'] 
    251     signedInfoC14nInclNS = srv.aa['wssSignedInfoInclNS'] 
     251    refC14nInclNS = srv.aa['refC14nInclNS'] 
     252    signedInfoC14nInclNS = srv.aa['signedInfoC14nInclNS'] 
    252253     
    253254    WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    254                                         verifyingCertFilePath=srv.aa['clntCertFile'], 
    255                                         signingCertFilePath=srv.aa['certFile'], 
    256                                         signingPriKeyFilePath=srv.aa['keyFile'], 
    257                                         signingPriKeyPwd=srv.aa['keyPwd'], 
     255                                        verifyingCertFilePath=srv.aa['verifyingCertFilePath'], 
     256                                        signingCertFilePath=srv.aa['signingCertFilePath'], 
     257                                        signingPriKeyFilePath=srv.aa['signingPriKeyFilePath'], 
     258                                        signingPriKeyPwd=srv.aa['signingPriKeyPwd'], 
    258259                                        caCertFilePathList=srv.aa.get('caCertFileList'), 
    259260                                        refC14nInclNS=refC14nInclNS, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml

    r4035 r4138  
    1818     - ignored if useSSL is blank --> 
    1919    <sslCACertDir>$NDGSEC_DIR/conf/certs/ca</sslCACertDir> 
     20    <!--  NB, if no signature handling is required, do not include this element --> 
     21    <WS-Security> 
    2022    <!-- 
    2123    WS-Security settings for signature of outbound SOAP messages 
    2224    --> 
    23     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    24     <certFile>$NDGSEC_DIR/conf/certs/aa-cert.pem</certFile> 
    25     <keyFile>$NDGSEC_DIR/conf/certs/aa-key.pem</keyFile> 
    26     <keyPwd></keyPwd> 
    27         <!--  
    28         Inclusive namespace prefixes for reference and SignedInfo sections of 
    29         WS-Security digital signature 
    30         --> 
    31         <wssRefInclNS></wssRefInclNS> 
    32         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    33     <!--  
    34     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    35     and Attribute Certificates. 
    36      
    37     The CA certificates of other NDG trusted sites should go here. 
    38     --> 
    39     <caCertFileList> 
    40         <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile> 
    41     </caCertFileList> 
    42     <!--  
    43     Set the certificate used to verify the signature of messages from the  
    44     client.  This can usually be left blank since the client is expected to  
    45     include the cert with the signature in the inbound SOAP message 
    46     --> 
    47     <clntCertFile></clntCertFile>     
     25            <signingCertFilePath>$NDGSEC_DIR/conf/certs/aa-cert.pem</signingCertFilePath> 
     26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/aa-key.pem</signingPriKeyFilePath> 
     27            <signingPriKeyPwd></signingPriKeyPwd> 
     28                <!--  
     29                Inclusive namespace prefixes for reference and SignedInfo sections of 
     30                WS-Security digital signature 
     31                --> 
     32                <refC14nInclNS></refC14nInclNS> 
     33                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     34            <!--  
     35        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     36            and Attribute Certificates. 
     37         
     38            The CA certificates of other NDG trusted sites should go here. 
     39        --> 
     40            <caCertFileList> 
     41            <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile> 
     42            </caCertFileList> 
     43            <!-- Set the value type of the server cert --> 
     44        <reqBinSecTokValType>X509v3</reqBinSecTokValType> 
     45            <!-- Set the response message header to include a SignatureConfirmation element --> 
     46            <applySignatureConfirmation>True</applySignatureConfirmation> 
     47        <!--  
     48            Set the certificate used to verify the signature of messages from the  
     49            client.  This can usually be left blank since the client is expected to  
     50            include the cert with the signature in the inbound SOAP message 
     51        --> 
     52            <verifyingCertPath></verifyingCertPath>    
     53        </WS-Security> 
    4854    <attCertLifetime>86400</attCertLifetime> <!-- Measured in seconds --> 
    4955        <!--  
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/ca.tac

    r4129 r4138  
    9696# public and private keys 
    9797WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    98                                                         verifyingCertFilePath=srv.ca.get('clntCertFile'), 
    99                             signingCertFilePath=srv.ca['certFile'], 
    100                             signingPriKeyFilePath=srv.ca['keyFile'], 
    101                             signingPriKeyPwd=srv.ca['keyPwd']) 
     98                                                        verifyingCertFilePath=srv.ca.get('verifyingCertPath'), 
     99                            signingCertFilePath=srv.ca['signingCertFilePath'], 
     100                            signingPriKeyFilePath=srv.ca['signingPriKeyFilePath'], 
     101                            signingPriKeyPwd=srv.ca['signingPriKeyPwd']) 
    102102 
    103103# Add Service to Session Manager branch 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.cfg

    r4115 r4138  
    1010# version 1.0 or later. 
    1111# 
    12  
     12[DEFAULT] 
    1313# the port number the service is to run on  
    1414portNum:   
     
    2828 
    2929# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
    30 # The CA certificates of other NDG trusted sites should go here. 
     30# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     31# values should be delimited by a space 
    3132caCertFileList: $NDGSEC_DIR/conf/certs/ca/cacert.pem   
    3233  
     
    3637cookieDomain:  
    3738 
    38 # Leave blank for NO SOAP signature 
    39 useSignatureHandler: Yes  
    40  
    4139# 
    4240# SOAP Signature Handler settings 
     41# Leave blank for NO SOAP signature 
    4342[WS-Security] 
    4443# 
     
    6059# Password protecting private key.  Leave blank if there is no password. 
    6160signingPriKeyPwd= 
     61 
     62# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     63# chain of trust from the certificate used to verifying the signature backward  
     64# to the CA cert.  The CA cert need not be included.  To use this option,  
     65# reqBinSecTokValType must be set to the X509PKIPathv1 
     66signingCertChain= 
    6267 
    6368# Provide a space separated list of file paths 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgr.tac

    r4129 r4138  
    116116        sessID = request.SessID or None 
    117117                 
    118         if srv.sm['useSignatureHandler']: 
     118        if srv.sm.has_key('WS-Security'): 
    119119            # Get certificate corresponding to private key that signed the 
    120120            # message - i.e. the user's proxy 
     
    164164        # Get certificate corresponding to private key that signed the 
    165165        # message - i.e. the user's              
    166         if srv.sm['useSignatureHandler']: 
     166        if srv.sm.has_key('WS-Security'): 
    167167            # Get certificate corresponding to private key that signed the 
    168168            # message - i.e. the user's proxy 
     
    205205        request, response = _SessionMgrService.soap_getX509Cert(self, ps) 
    206206 
    207         x509Cert = X509CertRead(srv.sm['certFile']) 
     207        x509Cert = X509CertRead(srv.sm['signingCertFilePath']) 
    208208        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    209209        return request, response 
     
    213213srv = SessionMgrService() 
    214214 
    215 if srv.sm['useSignatureHandler']: 
     215if srv.sm.has_key('WS-Security'): 
    216216        # Initialise WS-Security signature handler passing Session Manager 
    217217        # public and private keys 
    218218     
    219219    # Inclusive namespaces for Exclusive C14N 
    220         refC14nInclNS = srv.sm['wssRefInclNS'] 
    221         signedInfoC14nInclNS = srv.sm['wssSignedInfoInclNS'] 
     220        refC14nInclNS = srv.sm['refC14nInclNS'] 
     221        signedInfoC14nInclNS = srv.sm['signedInfoC14nInclNS'] 
    222222 
    223223        WSSecurityHandler.signatureHandler = SignatureHandler(\ 
    224                                                         verifyingCertFilePath=srv.sm['clntCertFile'], 
    225                             signingCertFilePath=srv.sm['certFile'], 
    226                             signingPriKeyFilePath=srv.sm['keyFile'], 
    227                             signingPriKeyPwd=srv.sm['keyPwd'], 
     224                                                        verifyingCertFilePath=srv.sm['verifyingCertPath'], 
     225                            signingCertFilePath=srv.sm['signingCertFilePath'], 
     226                            signingPriKeyFilePath=srv.sm['signingPriKeyFilePath'], 
     227                            signingPriKeyPwd=srv.sm['signingPriKeyPwd'], 
    228228                            caCertFilePathList=srv.sm.get('caCertFileList'), 
    229229                                        refC14nInclNS=refC14nInclNS, 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml

    r4035 r4138  
    1919    PKI settings for WS-Security signature of outbound SOAP messages 
    2020    --> 
    21     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    22     <!-- X.509 certificate included in SOAP header --> 
    23     <certFile>$NDGSEC_DIR/conf/certs/sm-cert.pem</certFile> 
    24     <!-- corresponding private key used to sign the SOAP message --> 
    25     <keyFile>$NDGSEC_DIR/conf/certs/sm-key.pem</keyFile> 
    26     <!-- Password protecting private key file - leave blank if none set --> 
    27     <keyPwd></keyPwd> 
    28     <!--  
    29         Inclusive namespace prefixes for reference and SignedInfo sections of 
    30         WS-Security digital signature 
    31     --> 
    32     <wssRefInclNS></wssRefInclNS> 
    33         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    34     <!--  
    35     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    36     and Attribute Certificates. 
     21    <!--  NB, if no signature handling is required, do not include this element --> 
     22    <WS-Security> 
     23            <!-- X.509 certificate included in SOAP header --> 
     24            <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath> 
     25            <!-- corresponding private key used to sign the SOAP message --> 
     26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath> 
     27            <!-- Password protecting private key file - leave blank if none set --> 
     28            <signingPriKeyPwd></signingPriKeyPwd> 
     29            <!--  
     30            Inclusive namespace prefixes for reference and SignedInfo sections of 
     31                WS-Security digital signature 
     32            --> 
     33        <refC14nInclNS></refC14nInclNS> 
     34                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     35        <!--  
     36        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     37            and Attribute Certificates. 
    3738     
    38     The CA certificates of other NDG trusted sites should go here. 
    39     --> 
    40     <caCertFileList> 
    41         <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile> 
    42     </caCertFileList> 
    43     <!--  
    44     Set the certificate used to verify the signature of messages from the  
    45     client.  This can usually be left blank since the client is expected to  
    46     include the cert with the signature in the inbound SOAP message 
    47     --> 
    48     <clntCertFile></clntCertFile>  
     39            The CA certificates of other NDG trusted sites should go here. 
     40            --> 
     41        <caCertFileList> 
     42                <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile> 
     43        </caCertFileList> 
     44            <!--  
     45        Set the certificate used to verify the signature of messages from the  
     46            client.  This can usually be left blank since the client is expected to  
     47        include the cert with the signature in the inbound SOAP message 
     48            --> 
     49            <verifyingCertPath></verifyingCertPath> 
     50        </WS-Security>  
    4951    <!-- 
    5052    Following two settings may be left blank.  These fields are likely to be 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/simpleCAProperties.xml

    r3652 r4138  
    66    <sslKeyFile></sslKeyFile> 
    77    <caCertFile></caCertFile> 
    8     <certFile></certFile> 
    9     <keyFile></keyFile> 
    10     <keyPwd></keyPwd> 
    11         <wssRefInclNS></wssRefInclNS> 
    12         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    13     <!--  
    14     Set the certificate used to verify the signature of messages from the  
    15     client.  This can usually be left blank since the client is expected to  
    16     include the cert with the signature in the inbound SOAP message 
    17     --> 
    18     <clntCertFile></clntCertFile>     
     8    <WS-Security> 
     9            <signingCertFilePath></signingCertFilePath> 
     10        <signingPriKeyFilePath></signingPriKeyFilePath> 
     11            <signingPriKeyPwd></signingPriKeyPwd> 
     12                <refC14nInclNS></refC14nInclNS> 
     13                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     14        <!--  
     15            Set the certificate used to verify the signature of messages from the  
     16        client.  This can usually be left blank since the client is expected to  
     17            include the cert with the signature in the inbound SOAP message 
     18        --> 
     19            <verifyingCertPath></verifyingCertPath> 
     20        </WS-Security>     
    1921        <!--  
    2022        OpenSSL configuration file - omit to use globus default 
     
    3133    <certExpiryDate>2006 08 31 00 00</certExpiryDate> 
    3234    --> 
    33     <certLifetimeDays>365*2<certLifetimeDays/> 
     35    <certLifetimeDays>365*2</certLifetimeDays> 
    3436    <!-- Directory for temporary files generated during processing --> 
    35     <certTmpDir>/tmp<certTmpDir/> 
     37    <certTmpDir>/tmp</certTmpDir> 
    3638    <!-- Executable for checking the CA pass-phrase set --> 
    3739    <chkCAPassphraseExe>openssl</chkCAPassphraseExe> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg

    r3914 r4138  
    5050enableOpenID: True 
    5151 
    52 [WSSecurity] 
     52[WS-Security] 
    5353 
    5454# Settings for signature of an outbound message ... 
     
    6767# Password protecting private key.  Leave blank if there is no password. 
    6868signingPriKeyPwd= 
     69 
     70# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     71# chain of trust from the certificate used to verifying the signature backward  
     72# to the CA cert.  The CA cert need not be included.  To use this option,  
     73# reqBinSecTokValType must be set to the X509PKIPathv1 
     74signingCertChain= 
    6975 
    7076# Provide a space separated list of file paths.  CA Certs should be included  
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

    r3994 r4138  
    103103              defSection='DEFAULT',  
    104104              layoutSection='layout', 
    105               wssSection='WSSecurity'): 
     105              wssSection='WS-Security'): 
    106106        '''Extract content of config file object into self''' 
    107107               
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/zsi/attributeauthority.py

    r4129 r4138  
    4747 
    4848        # Derive designated holder cert differently according to whether 
    49         # a signed message is expected from the client 
    50         if self.aa['useSignatureHandler']: 
     49        # a signed message is expected from the client - NB, this is dependent 
     50        # on WS-Security properties having been set 
     51        if self.aa.has_key('WS-Security'): 
    5152            # Get certificate corresponding to private key that signed the 
    5253            # message - i.e. the user's proxy 
     
    197198        request, response = _AttAuthorityService.soap_getX509Cert(self, ps) 
    198199         
    199         x509Cert = X509CertRead(self.aa['certFile']) 
     200        x509Cert = X509CertRead(self.aa['signingCertFilePath']) 
    200201        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    201202        return request, response 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.cfg

    r3195 r4138  
    1212 
    1313[test2Sign] 
    14 certFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 
    15 keyFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 
     14signingCertFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 
     15signingPriKeyFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 
    1616filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac-signed.xml 
    17 keyPwd: 
     17signingPriKeyPwd: 
    1818 
    1919[test3Write] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py

    r3195 r4138  
    8989        self.xmlSecDoc.filePath = xpdVars(self.cfg['test2Sign']['filepath']) 
    9090        self.xmlSecDoc.certFilePathList = \ 
    91                                 xpdVars(self.cfg['test2Sign']['certfile']) 
     91                                xpdVars(self.cfg['test2Sign']['signingCertFilePath']) 
    9292        self.xmlSecDoc.signingKeyFilePath = \ 
    9393                                xpdVars(self.cfg['test2Sign']['keyfile']) 
    9494         
    95         keyPwd = self.cfg['test2Sign'].get('keypwd') 
     95        keyPwd = self.cfg['test2Sign'].get('signingPriKeyPwd') 
    9696        if keyPwd is None: 
    9797            self.xmlSecDoc.signingKeyPwd = \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg

    r4111 r4138  
    6565 
    6666# Inclusive namespaces for Exclusive C14N 
    67 #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 wssRefInclNS:  
    70 wssSignedInfoInclNS:  
     67#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
     68#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
     69refC14nInclNS:  
     70signedInfoC14nInclNS:  
    7171 
    7272[test3GetTrustedHostInfo] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthority.cfg

    r4131 r4138  
    3333sslCACertDir: $NDGSEC_AACLNT_UNITTEST_DIR/ca 
    3434 
    35 # CA Certificates used to verify X.509 certs used in Attribute Certificates. 
    36 # The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    37 # values should be delimited by a space 
    38 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    39  
    40 # Leave blank for NO SOAP signature 
    41 useSignatureHandler: Yes  
    42  
    43 # Set the certificate used to verify the signature of messages from the  
    44 # client.  This can usually be left blank since the client is expected to  
    45 # include the cert with the signature in the inbound SOAP message 
    46 clntCertFile: 
    4735# Lifetime is measured in seconds 
    4836attCertLifetime: 28800  
     
    7058# 
    7159# SOAP Signature Handler settings 
     60# Leave blank for NO SOAP signature 
    7261[WS-Security] 
    7362# 
    7463# OUTBOUND MESSAGE CONFIG 
     64 
     65# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     66# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     67# values should be delimited by a space 
     68caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    7569 
    7670# Signature of an outbound message 
     
    8276 
    8377# PEM encoded cert 
    84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     78signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8579 
    8680# ... or provide file path to PEM encoded private key file 
    87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     81signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    8882 
    8983# Password protecting private key.  Leave blank if there is no password. 
    90 keyPwd= 
     84signingPriKeyPwd= 
     85 
     86# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     87# chain of trust from the certificate used to verifying the signature backward  
     88# to the CA cert.  The CA cert need not be included.  To use this option,  
     89# reqBinSecTokValType must be set to the X509PKIPathv1 
     90signingCertChain= 
    9191 
    9292# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9393# space separated list e.g. refC14nInclNS=wsse ds ns1 
    94 wssRefInclNS: 
     94refC14nInclNS: 
    9595 
    9696# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    9797# same format as the above 
    98 wssSignedInfoInclNS: 
     98signedInfoC14nInclNS: 
    9999 
    100100 
     
    114114 
    115115 
     116# 
     117# INBOUND MESSAGE CONFIG 
     118 
     119# X.509 certificate used by verify method to verify a message.  This argument  
     120# can be omitted if the message to be verified contains the X.509 certificate  
     121# in the BinarySecurityToken element.  In this case, the cert read from the 
     122# message will be assigned to the verifyingCert attribute. 
     123 
     124# Provide the PEM encoded content here 
     125verifyingCert= 
     126 
     127# ... or provide file path PEM encode cert here 
     128verifyingCertFilePath= 
     129 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml

    r4111 r4138  
    1212    --> 
    1313    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
     14    <!--  NB, if no signature handling is required, do not include this element --> 
    1415    <!--  
    15         WS-Security settings leave 'useSignatureHandler' blank for no  
    16         signature  
     16        WS-Security settings  
    1717        --> 
    18     <useSignatureHandler>Yes</useSignatureHandler>  
    19     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21     <keyPwd></keyPwd> 
    22         <wssRefInclNS></wssRefInclNS> 
    23         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    24     <caCertFileList> 
    25         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    26         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    27         <!--  
    28         To also trust certificates issued from your MyProxy CA, replace  
    29         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    30         the following line: 
    31         <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
    32         --> 
    33     </caCertFileList> 
    34     <!-- Set the value type of the server cert --> 
    35     <reqBinSecTokValType>X509v3</reqBinSecTokValType> 
    36     <!-- Set the response message header to include a SignatureConfirmation element --> 
    37     <applySignatureConfirmation>True</applySignatureConfirmation> 
    38     <!--  
    39     Set the certificate used to verify the signature of messages from the  
    40     client.  This can usually be left blank since the client is expected to  
    41     include the cert with the signature in the inbound SOAP message 
    42     --> 
    43     <clntCertFile></clntCertFile>     
     18    <WS-Security> 
     19        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     20            <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     21        <signingPriKeyPwd></signingPriKeyPwd> 
     22                <refC14nInclNS></refC14nInclNS> 
     23                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     24            <caCertFileList> 
     25            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     26                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     27                <!--  
     28            To also trust certificates issued from your MyProxy CA, replace  
     29                "abcdef01.0" with the unique name for your CA certificate and uncomment 
     30                the following line: 
     31            <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     32                --> 
     33            </caCertFileList> 
     34            <!-- Set the value type of the server cert --> 
     35        <reqBinSecTokValType>X509v3</reqBinSecTokValType> 
     36            <!-- Set the response message header to include a SignatureConfirmation element --> 
     37            <applySignatureConfirmation>True</applySignatureConfirmation> 
     38            <!--  
     39        Set the certificate used to verify the signature of messages from the  
     40            client.  This can usually be left blank since the client is expected to  
     41        include the cert with the signature in the inbound SOAP message 
     42            --> 
     43        <verifyingCertFilePath></verifyingCertFilePath>     
     44    </WS-Security> 
    4445    <attCertLifetime>28800</attCertLifetime> 
    4546    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml

    r4111 r4138  
    1111    --> 
    1212    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
    13         <!-- WS-Security settings --> 
    14     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    15     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</certFile> 
    16     <caCertFileList> 
    17         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    18         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    19         <!--  
    20         To also trust certificates issued from your MyProxy CA, replace  
    21         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    22         the following line: 
    23         <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
    24         --> 
    25     </caCertFileList> 
    26     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</keyFile> 
    27     <keyPwd></keyPwd> 
    28         <wssRefInclNS></wssRefInclNS> 
    29         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    30     <!--  
    31     Set the certificate used to verify the signature of messages from the  
    32     client.  This can usually be left blank since the client is expected to  
    33     include the cert with the signature in the inbound SOAP message 
    34     --> 
    35     <clntCertFile></clntCertFile>     
     13    <!--  NB, if no signature handling is required, do not include this element --> 
     14    <WS-Security> 
     15                <!-- WS-Security settings --> 
     16        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</signingCertFilePath> 
     17            <caCertFileList> 
     18            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     19                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     20                <!--  
     21            To also trust certificates issued from your MyProxy CA, replace  
     22                "abcdef01.0" with the unique name for your CA certificate and uncomment 
     23                the following line: 
     24            <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     25                --> 
     26            </caCertFileList> 
     27        <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</signingPriKeyFilePath> 
     28            <signingPriKeyPwd></signingPriKeyPwd> 
     29                <refC14nInclNS></refC14nInclNS> 
     30                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     31        <!--  
     32            Set the certificate used to verify the signature of messages from the  
     33        client.  This can usually be left blank since the client is expected to  
     34            include the cert with the signature in the inbound SOAP message 
     35        --> 
     36            <verifyingCertFilePath></verifyingCertFilePath> 
     37        </WS-Security>     
    3638    <attCertLifetime>28800</attCertLifetime> 
    3739    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py

    r3202 r4138  
    188188        self.attCert.filePath = xpdVars(self.cfg['test9Sign']['filepath']) 
    189189        self.attCert.certFilePathList = \ 
    190             xpdVars(self.cfg['test9Sign']['certfile']) 
     190            xpdVars(self.cfg['test9Sign']['signingCertFilePath']) 
    191191        self.attCert.signingKeyFilePath = \ 
    192             xpdVars(self.cfg['test9Sign']['keyfile']) 
    193          
    194         signingKeyPwd = self.cfg['test9Sign'].get('keypwd') 
     192            xpdVars(self.cfg['test9Sign']['signingPriKeyFilePath']) 
     193         
     194        signingKeyPwd = self.cfg['test9Sign'].get('signingPriKeyPwd') 
    195195        if signingKeyPwd is None: 
    196196            try: 
     
    241241            self.cfg['test13IsValidStressTest']['certfilepathlist'].split()] 
    242242        self.attCert.signingKeyFilePath = \ 
    243                         xpdVars(self.cfg['test13IsValidStressTest']['keyfile']) 
    244          
    245         signingKeyPwd = self.cfg['test13IsValidStressTest'].get('keypwd') 
     243                        xpdVars(self.cfg['test13IsValidStressTest']['signingPriKeyFilePath']) 
     244         
     245        signingKeyPwd = self.cfg['test13IsValidStressTest'].get('signingPriKeyPwd') 
    246246        if signingKeyPwd is None: 
    247247            try: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg

    r3199 r4138  
    1010 
    1111[test9Sign] 
    12 certFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 
    13 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
     12signingCertFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 
     13signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
    1414filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac-signed.xml 
    15 keyPwd: 
     15signingPriKeyPwd: 
    1616 
    1717[test10Write] 
     
    2828# verification 
    2929certFilepathlist: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 
    30 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
    31 keyPwd: 
     30signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
     31signingPriKeyPwd: 
    3232nruns: 10 
    3333 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/browse.cfg

    r4035 r4138  
    8585signingPriKeyPwd= 
    8686 
     87# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     88# chain of trust from the certificate used to verifying the signature backward  
     89# to the CA cert.  The CA cert need not be included.  To use this option,  
     90# reqBinSecTokValType must be set to the X509PKIPathv1 
     91signingCertChain= 
     92 
    8793# Provide a space separated list of file paths.  CA Certs should be included  
    8894# for all the sites this installation trusts 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml

    r2148 r4138  
    66    <sslKeyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</sslKeyFile> 
    77    <caCertFile>$NDGSEC_CA_UNITTEST_DIR/cacert.pem</caCertFile> 
    8     <certFile>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</certFile> 
    9     <keyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</keyFile> 
    10     <keyPwd/> 
    11     <!--  
    12     Set the certificate used to verify the signature of messages from the  
    13     client.  This can usually be left blank since the client is expected to  
    14     include the cert with the signature in the inbound SOAP message 
    15     --> 
    16     <clntCertFile></clntCertFile>     
     8    <WS-Security> 
     9            <signingCertFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</signingCertFilePath> 
     10        <signingPriKeyFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</signingPriKeyFilePath> 
     11            <signingPriKeyPwd/> 
     12        <!--  
     13            Set the certificate used to verify the signature of messages from the  
     14        client.  This can usually be left blank since the client is expected to  
     15            include the cert with the signature in the inbound SOAP message 
     16        --> 
     17            <verifyingCertFilePath></verifyingCertFilePath> 
     18        </WS-Security>     
    1719        <!--  
    1820        OpenSSL configuration file - omit to use globus default 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/MyProxyClientTest.py

    r3176 r4138  
    6464                              prompt="\ntest1Store cred. owner pass-phrase: ") 
    6565 
    66         certFile = xpdVars(self.cfg['test1Store']['certfile']) 
    67         keyFile = xpdVars(self.cfg['test1Store']['keyfile']) 
     66        certFile = xpdVars(self.cfg['test1Store']['signingCertFilePath']) 
     67        keyFile = xpdVars(self.cfg['test1Store']['signingPriKeyFilePath']) 
    6868        ownerCertFile = xpdVars(self.cfg['test1Store']['ownercertfile']) 
    6969        ownerKeyFile = xpdVars(self.cfg['test1Store']['ownerkeyfile']) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/myProxyClientTest.cfg

    r3176 r4138  
    1616username: testuser 
    1717passphrase: testpassword 
    18 certFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
    19 keyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
     18signingCertFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
     19signingPriKeyFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
    2020ownerCertFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
    2121ownerKeyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml

    r3652 r4138  
    1313    <!-- 
    1414    WS-Security settings for signature of outbound SOAP messages 
     15    NB, if no signature handling is required, do not include this element  
    1516    --> 
    16     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    17     <!--  
    18     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    19     SSL connections and Attribute Certificates 
    20     --> 
    21     <caCertFileList> 
    22         <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    23     </caCertFileList> 
    24     <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 
    25     <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 
    26     <keyPwd/> 
    27         <!--  
    28         Inclusive namespace prefixes for reference and SignedInfo sections of 
    29         WS-Security digital signature 
    30         --> 
    31         <wssRefInclNS></wssRefInclNS> 
    32         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    33     <!--  
    34     Set the certificate used to verify the signature of messages from the  
    35     client.  This can usually be left blank since the client is expected to  
    36     include the cert with the signature in the inbound SOAP message 
    37     --> 
    38     <clntCertFile></clntCertFile>     
     17    <WS-Security> 
     18            <!--  
     19            CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     20            SSL connections and Attribute Certificates 
     21        --> 
     22            <caCertFileList> 
     23            <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     24        </caCertFileList> 
     25            <signingCertFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.crt</signingCertFilePath> 
     26        <signingPriKeyFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 
     27            <signingPriKeyPwd/> 
     28                <!--  
     29                Inclusive namespace prefixes for reference and SignedInfo sections of 
     30                WS-Security digital signature 
     31                --> 
     32                <refC14nInclNS></refC14nInclNS> 
     33                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     34        <!--  
     35            Set the certificate used to verify the signature of messages from the  
     36        client.  This can usually be left blank since the client is expected to  
     37            include the cert with the signature in the inbound SOAP message 
     38        --> 
     39        <verifyingCertFilePath></verifyingCertFilePath> 
     40    </WS-Security>     
    3941    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 
    4042    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg

    r3652 r4138  
    6565 
    6666# Inclusive namespaces for Exclusive C14N 
    67 #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 wssRefInclNS:  
    70 wssSignedInfoInclNS:  
     67#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
     68#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
     69refC14nInclNS:  
     70signedInfoC14nInclNS:  
    7171 
    7272[test1Connect]  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

    r3652 r4138  
    1313    <!-- 
    1414    PKI settings for WS-Security signature of outbound SOAP messages 
     15    NB, if no signature handling is required, do not include this element 
    1516    --> 
    16     <!-- 
    17     PKI settings for signature of outbound SOAP messages 
    18     --> 
    19     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    20     <!--  
    21     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    22     SSL connections and Attribute Certificates 
    23     --> 
    24     <caCertFileList> 
    25         <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    26         <!--  
    27         To also trust certificates issued from your MyProxy CA, replace  
    28         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    29         the following line: 
    30         <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    31         --> 
    32     </caCertFileList> 
    33     <certFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</certFile> 
    34     <keyFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</keyFile> 
    35     <keyPwd/> 
    36         <!--  
    37         Inclusive namespace prefixes for reference and SignedInfo sections of 
    38         WS-Security digital signature 
    39         --> 
    40         <wssRefInclNS></wssRefInclNS> 
    41         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    42     <!--  
    43     Set the certificate used to verify the signature of messages from the  
    44     client.  This can usually be left blank since the client is expected to  
    45     include the cert with the signature in the inbound SOAP message 
    46     --> 
    47     <clntCertFile></clntCertFile>     
     17    <WS-Security> 
     18            <!--  
     19        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     20        SSL connections and Attribute Certificates 
     21        --> 
     22            <caCertFileList> 
     23            <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     24                <!--  
     25                To also trust certificates issued from your MyProxy CA, replace  
     26            "abcdef01.0" with the unique name for your CA certificate and uncomment 
     27                the following line: 
     28                <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
     29            --> 
     30            </caCertFileList> 
     31        <signingCertFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</signingCertFilePath> 
     32            <signingPriKeyFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 
     33        <signingPriKeyPwd/> 
     34                <!--  
     35                Inclusive namespace prefixes for reference and SignedInfo sections of 
     36                WS-Security digital signature 
     37                --> 
     38                <refC14nInclNS></refC14nInclNS> 
     39                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     40            <!--  
     41        Set the certificate used to verify the signature of messages from the  
     42            client.  This can usually be left blank since the client is expected to  
     43        include the cert with the signature in the inbound SOAP message 
     44            --> 
     45        <verifyingCertFilePath></verifyingCertFilePath> 
     46    </WS-Security>     
    4847    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 
    4948    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthority.cfg

    r4136 r4138  
    5858# 
    5959# SOAP Signature Handler settings 
     60# Leave blank for NO SOAP signature 
    6061[WS-Security] 
    6162# 
    6263# OUTBOUND MESSAGE CONFIG 
    63  
    64  
    65 # Set the certificate used to verify the signature of messages from the  
    66 # client.  This can usually be left blank since the client is expected to  
    67 # include the cert with the signature in the inbound SOAP message 
    68 clntCertFile: 
    6964 
    7065# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     
    7267# values should be delimited by a space 
    7368caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    74  
    75 # Leave blank for NO SOAP signature 
    76 useSignatureHandler: Yes  
    7769 
    7870# Signature of an outbound message 
     
    8476 
    8577# PEM encoded cert 
    86 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     78signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8779 
    8880# ... or provide file path to PEM encoded private key file 
    89 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     81signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    9082 
    9183# Password protecting private key.  Leave blank if there is no password. 
    92 keyPwd= 
     84signingPriKeyPwd= 
     85 
     86# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     87# chain of trust from the certificate used to verifying the signature backward  
     88# to the CA cert.  The CA cert need not be included.  To use this option,  
     89# reqBinSecTokValType must be set to the X509PKIPathv1 
     90signingCertChain= 
    9391 
    9492# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9593# space separated list e.g. refC14nInclNS=wsse ds ns1 
    96 wssRefInclNS: 
     94refC14nInclNS: 
    9795 
    9896# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    9997# same format as the above 
    100 wssSignedInfoInclNS: 
     98signedInfoC14nInclNS: 
    10199 
    102100 
     
    116114 
    117115 
     116# 
     117# INBOUND MESSAGE CONFIG 
     118 
     119# X.509 certificate used by verify method to verify a message.  This argument  
     120# can be omitted if the message to be verified contains the X.509 certificate  
     121# in the BinarySecurityToken element.  In this case, the cert read from the 
     122# message will be assigned to the verifyingCert attribute. 
     123 
     124# Provide the PEM encoded content here 
     125verifyingCert= 
     126 
     127# ... or provide file path PEM encode cert here 
     128verifyingCertFilePath= 
     129 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthorityProperties.xml

    r4136 r4138  
    1414    <WS-Security> 
    1515    <!--  
    16         WS-Security settings leave 'useSignatureHandler' blank for no signature  
     16        WS-Security settings  
     17    NB, if no signature handling is required, do not include this element 
    1718        --> 
    18             <useSignatureHandler>Yes</useSignatureHandler>  
    19         <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20             <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21         <keyPwd></keyPwd> 
    22                 <wssRefInclNS></wssRefInclNS> 
    23                 <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     19        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     20            <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     21        <signingPriKeyPwd></signingPriKeyPwd> 
     22                <refC14nInclNS></refC14nInclNS> 
     23                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    2424            <caCertFileList> 
    2525            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     
    4141        include the cert with the signature in the inbound SOAP message 
    4242            --> 
    43         <clntCertFile></clntCertFile>     
     43        <verifyingCertFilePath></verifyingCertFilePath>     
    4444    </WS-Security> 
    4545    <attCertLifetime>28800</attCertLifetime> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthority.cfg

    r4136 r4138  
    1313    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
    1414    <!--  
    15         WS-Security settings leave 'useSignatureHandler' blank for no  
    16         signature  
     15        WS-Security settings - remove for no signature  
    1716        --> 
    18     <useSignatureHandler>Yes</useSignatureHandler>  
    19     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21     <keyPwd></keyPwd> 
    22         <wssRefInclNS></wssRefInclNS> 
    23         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     17    <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     18    <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     19    <signingPriKeyPwd></signingPriKeyPwd> 
     20        <refC14nInclNS></refC14nInclNS> 
     21        <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    2422    <caCertFileList> 
    2523        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     
    4139    include the cert with the signature in the inbound SOAP message 
    4240    --> 
    43     <clntCertFile></clntCertFile>     
     41    <verifyingCertFilePath></verifyingCertFilePath>     
    4442    <attCertLifetime>28800</attCertLifetime> 
    4543    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthorityProperties.xml

    r4136 r4138  
    3838caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    3939 
    40 # Leave blank for NO SOAP signature 
    41 useSignatureHandler: Yes  
    42  
    4340# Set the certificate used to verify the signature of messages from the  
    4441# client.  This can usually be left blank since the client is expected to  
    4542# include the cert with the signature in the inbound SOAP message 
    46 clntCertFile: 
     43verifyingCertFilePath: 
    4744# Lifetime is measured in seconds 
    4845attCertLifetime: 28800  
     
    8279 
    8380# PEM encoded cert 
    84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     81signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8582 
    8683# ... or provide file path to PEM encoded private key file 
    87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     84signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    8885 
    8986# Password protecting private key.  Leave blank if there is no password. 
    90 keyPwd= 
     87signingPriKeyPwd= 
     88 
     89# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     90# chain of trust from the certificate used to verifying the signature backward  
     91# to the CA cert.  The CA cert need not be included.  To use this option,  
     92# reqBinSecTokValType must be set to the X509PKIPathv1 
     93signingCertChain= 
    9194 
    9295# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9396# space separated list e.g. refC14nInclNS=wsse ds ns1 
    94 wssRefInclNS: 
     97refC14nInclNS: 
    9598 
    9699# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    97100# same format as the above 
    98 wssSignedInfoInclNS: 
     101signedInfoC14nInclNS: 
    99102 
    100103 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg

    r4136 r4138  
    3232cookieDomain:  
    3333 
    34 # Leave blank for NO SOAP signature 
    35 useSignatureHandler: Yes  
    36  
    3734# 
    3835# SOAP Signature Handler settings 
     36# Leave blank for NO SOAP signature 
    3937[WS-Security] 
    4038# 
     
    6159# Password protecting private key.  Leave blank if there is no password. 
    6260signingPriKeyPwd= 
     61 
     62# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     63# chain of trust from the certificate used to verifying the signature backward  
     64# to the CA cert.  The CA cert need not be included.  To use this option,  
     65# reqBinSecTokValType must be set to the X509PKIPathv1 
     66signingCertChain= 
    6367 
    6468# Provide a space separated list of file paths 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgrProperties.xml

    r4136 r4138  
    1818    <!-- 
    1919    PKI settings for WS-Security signature of outbound SOAP messages 
     20    - remove element for no signature handling 
    2021    --> 
    2122    <WS-Security> 
    22             <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    2323        <!-- X.509 certificate included in SOAP header --> 
    24             <certFile>$NDGSEC_DIR/conf/certs/sm-cert.pem</certFile> 
     24            <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath> 
    2525        <!-- corresponding private key used to sign the SOAP message --> 
    26             <keyFile>$NDGSEC_DIR/conf/certs/sm-key.pem</keyFile> 
     26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath> 
    2727        <!-- Password protecting private key file - leave blank if none set --> 
    28             <keyPwd></keyPwd> 
     28            <signingPriKeyPwd></signingPriKeyPwd> 
    2929        <!--  
    3030                Inclusive namespace prefixes for reference and SignedInfo sections of 
    3131                WS-Security digital signature 
    3232        --> 
    33             <wssRefInclNS></wssRefInclNS> 
    34                 <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     33            <refC14nInclNS></refC14nInclNS> 
     34                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    3535            <!--  
    3636        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     
    4747            include the cert with the signature in the inbound SOAP message 
    4848            --> 
    49         <clntCertFile></clntCertFile>  
     49        <verifyingCertFilePath></verifyingCertFilePath>  
    5050    </WS-Security> 
    5151    <!-- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/etree.cfg

    r4069 r4138  
    1212 
    1313[test2SignWithInclC14N] 
    14 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
    15 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
     14signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
     15signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
    1616filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-incl-c14n-signed.xml 
    17 keyPwd: 
     17signingPriKeyPwd: 
    1818 
    1919[test3SignWithExclC14N] 
    20 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
    21 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
     20signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
     21signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
    2222filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-excl-c14n-signed.xml 
    23 keyPwd: 
     23signingPriKeyPwd: 
    2424 
    2525[test4Write] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/test_etree.py

    r4069 r4138  
    8686                    xpdVars(self.cfg['test2SignWithInclC14N']['filepath']) 
    8787        self.xmlSecDoc.certFilePathList = \ 
    88                     xpdVars(self.cfg['test2SignWithInclC14N']['certfile']) 
     88                    xpdVars(self.cfg['test2SignWithInclC14N']['signingCertFilePath']) 
    8989        self.xmlSecDoc.signingKeyFilePath = \ 
    9090                    xpdVars(self.cfg['test2SignWithInclC14N']['keyfile']) 
    9191 
    92         keyPwd = self.cfg['test2SignWithInclC14N'].get('keypwd') 
     92        keyPwd = self.cfg['test2SignWithInclC14N'].get('signingPriKeyPwd') 
    9393        if keyPwd is None: 
    9494            self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\ 
     
    106106                    xpdVars(self.cfg['test3SignWithExclC14N']['filepath']) 
    107107        self.xmlSecDoc.certFilePathList = \ 
    108                     xpdVars(self.cfg['test3SignWithExclC14N']['certfile']) 
     108                    xpdVars(self.cfg['test3SignWithExclC14N']['signingCertFilePath']) 
    109109        self.xmlSecDoc.signingKeyFilePath = \ 
    110110                    xpdVars(self.cfg['test3SignWithExclC14N']['keyfile']) 
    111111 
    112         keyPwd = self.cfg['test3SignWithExclC14N'].get('keypwd') 
     112        keyPwd = self.cfg['test3SignWithExclC14N'].get('signingPriKeyPwd') 
    113113        if keyPwd is None: 
    114114            self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\ 
Note: See TracChangeset for help on using the changeset viewer.