Ignore:
Timestamp:
27/08/08 11:48:57 (12 years ago)
Author:
cbyrom
Message:

Implement consistent use of keywords throughout the codebase - using
the wssecurity class as the guide - effectively changing the xml
property file key names to match those of the ini files. Also remove
useSignatureHandler keyword and replace with a check for the WS-Security
property + add better checking of properties in the tac and py files
+ add new config files and remove some unnecessary ones.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
1 added
2 deleted
23 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.cfg

    r3195 r4138  
    1212 
    1313[test2Sign] 
    14 certFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 
    15 keyFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 
     14signingCertFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 
     15signingPriKeyFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 
    1616filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac-signed.xml 
    17 keyPwd: 
     17signingPriKeyPwd: 
    1818 
    1919[test3Write] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py

    r3195 r4138  
    8989        self.xmlSecDoc.filePath = xpdVars(self.cfg['test2Sign']['filepath']) 
    9090        self.xmlSecDoc.certFilePathList = \ 
    91                                 xpdVars(self.cfg['test2Sign']['certfile']) 
     91                                xpdVars(self.cfg['test2Sign']['signingCertFilePath']) 
    9292        self.xmlSecDoc.signingKeyFilePath = \ 
    9393                                xpdVars(self.cfg['test2Sign']['keyfile']) 
    9494         
    95         keyPwd = self.cfg['test2Sign'].get('keypwd') 
     95        keyPwd = self.cfg['test2Sign'].get('signingPriKeyPwd') 
    9696        if keyPwd is None: 
    9797            self.xmlSecDoc.signingKeyPwd = \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg

    r4111 r4138  
    6565 
    6666# Inclusive namespaces for Exclusive C14N 
    67 #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 wssRefInclNS:  
    70 wssSignedInfoInclNS:  
     67#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
     68#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
     69refC14nInclNS:  
     70signedInfoC14nInclNS:  
    7171 
    7272[test3GetTrustedHostInfo] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthority.cfg

    r4131 r4138  
    3333sslCACertDir: $NDGSEC_AACLNT_UNITTEST_DIR/ca 
    3434 
    35 # CA Certificates used to verify X.509 certs used in Attribute Certificates. 
    36 # The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    37 # values should be delimited by a space 
    38 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    39  
    40 # Leave blank for NO SOAP signature 
    41 useSignatureHandler: Yes  
    42  
    43 # Set the certificate used to verify the signature of messages from the  
    44 # client.  This can usually be left blank since the client is expected to  
    45 # include the cert with the signature in the inbound SOAP message 
    46 clntCertFile: 
    4735# Lifetime is measured in seconds 
    4836attCertLifetime: 28800  
     
    7058# 
    7159# SOAP Signature Handler settings 
     60# Leave blank for NO SOAP signature 
    7261[WS-Security] 
    7362# 
    7463# OUTBOUND MESSAGE CONFIG 
     64 
     65# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     66# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     67# values should be delimited by a space 
     68caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    7569 
    7670# Signature of an outbound message 
     
    8276 
    8377# PEM encoded cert 
    84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     78signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8579 
    8680# ... or provide file path to PEM encoded private key file 
    87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     81signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    8882 
    8983# Password protecting private key.  Leave blank if there is no password. 
    90 keyPwd= 
     84signingPriKeyPwd= 
     85 
     86# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     87# chain of trust from the certificate used to verifying the signature backward  
     88# to the CA cert.  The CA cert need not be included.  To use this option,  
     89# reqBinSecTokValType must be set to the X509PKIPathv1 
     90signingCertChain= 
    9191 
    9292# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9393# space separated list e.g. refC14nInclNS=wsse ds ns1 
    94 wssRefInclNS: 
     94refC14nInclNS: 
    9595 
    9696# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    9797# same format as the above 
    98 wssSignedInfoInclNS: 
     98signedInfoC14nInclNS: 
    9999 
    100100 
     
    114114 
    115115 
     116# 
     117# INBOUND MESSAGE CONFIG 
     118 
     119# X.509 certificate used by verify method to verify a message.  This argument  
     120# can be omitted if the message to be verified contains the X.509 certificate  
     121# in the BinarySecurityToken element.  In this case, the cert read from the 
     122# message will be assigned to the verifyingCert attribute. 
     123 
     124# Provide the PEM encoded content here 
     125verifyingCert= 
     126 
     127# ... or provide file path PEM encode cert here 
     128verifyingCertFilePath= 
     129 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml

    r4111 r4138  
    1212    --> 
    1313    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
     14    <!--  NB, if no signature handling is required, do not include this element --> 
    1415    <!--  
    15         WS-Security settings leave 'useSignatureHandler' blank for no  
    16         signature  
     16        WS-Security settings  
    1717        --> 
    18     <useSignatureHandler>Yes</useSignatureHandler>  
    19     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21     <keyPwd></keyPwd> 
    22         <wssRefInclNS></wssRefInclNS> 
    23         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    24     <caCertFileList> 
    25         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    26         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    27         <!--  
    28         To also trust certificates issued from your MyProxy CA, replace  
    29         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    30         the following line: 
    31         <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
    32         --> 
    33     </caCertFileList> 
    34     <!-- Set the value type of the server cert --> 
    35     <reqBinSecTokValType>X509v3</reqBinSecTokValType> 
    36     <!-- Set the response message header to include a SignatureConfirmation element --> 
    37     <applySignatureConfirmation>True</applySignatureConfirmation> 
    38     <!--  
    39     Set the certificate used to verify the signature of messages from the  
    40     client.  This can usually be left blank since the client is expected to  
    41     include the cert with the signature in the inbound SOAP message 
    42     --> 
    43     <clntCertFile></clntCertFile>     
     18    <WS-Security> 
     19        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     20            <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     21        <signingPriKeyPwd></signingPriKeyPwd> 
     22                <refC14nInclNS></refC14nInclNS> 
     23                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     24            <caCertFileList> 
     25            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     26                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     27                <!--  
     28            To also trust certificates issued from your MyProxy CA, replace  
     29                "abcdef01.0" with the unique name for your CA certificate and uncomment 
     30                the following line: 
     31            <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     32                --> 
     33            </caCertFileList> 
     34            <!-- Set the value type of the server cert --> 
     35        <reqBinSecTokValType>X509v3</reqBinSecTokValType> 
     36            <!-- Set the response message header to include a SignatureConfirmation element --> 
     37            <applySignatureConfirmation>True</applySignatureConfirmation> 
     38            <!--  
     39        Set the certificate used to verify the signature of messages from the  
     40            client.  This can usually be left blank since the client is expected to  
     41        include the cert with the signature in the inbound SOAP message 
     42            --> 
     43        <verifyingCertFilePath></verifyingCertFilePath>     
     44    </WS-Security> 
    4445    <attCertLifetime>28800</attCertLifetime> 
    4546    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml

    r4111 r4138  
    1111    --> 
    1212    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
    13         <!-- WS-Security settings --> 
    14     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    15     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</certFile> 
    16     <caCertFileList> 
    17         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    18         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
    19         <!--  
    20         To also trust certificates issued from your MyProxy CA, replace  
    21         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    22         the following line: 
    23         <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
    24         --> 
    25     </caCertFileList> 
    26     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</keyFile> 
    27     <keyPwd></keyPwd> 
    28         <wssRefInclNS></wssRefInclNS> 
    29         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    30     <!--  
    31     Set the certificate used to verify the signature of messages from the  
    32     client.  This can usually be left blank since the client is expected to  
    33     include the cert with the signature in the inbound SOAP message 
    34     --> 
    35     <clntCertFile></clntCertFile>     
     13    <!--  NB, if no signature handling is required, do not include this element --> 
     14    <WS-Security> 
     15                <!-- WS-Security settings --> 
     16        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</signingCertFilePath> 
     17            <caCertFileList> 
     18            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     19                <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 
     20                <!--  
     21            To also trust certificates issued from your MyProxy CA, replace  
     22                "abcdef01.0" with the unique name for your CA certificate and uncomment 
     23                the following line: 
     24            <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 
     25                --> 
     26            </caCertFileList> 
     27        <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</signingPriKeyFilePath> 
     28            <signingPriKeyPwd></signingPriKeyPwd> 
     29                <refC14nInclNS></refC14nInclNS> 
     30                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     31        <!--  
     32            Set the certificate used to verify the signature of messages from the  
     33        client.  This can usually be left blank since the client is expected to  
     34            include the cert with the signature in the inbound SOAP message 
     35        --> 
     36            <verifyingCertFilePath></verifyingCertFilePath> 
     37        </WS-Security>     
    3638    <attCertLifetime>28800</attCertLifetime> 
    3739    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py

    r3202 r4138  
    188188        self.attCert.filePath = xpdVars(self.cfg['test9Sign']['filepath']) 
    189189        self.attCert.certFilePathList = \ 
    190             xpdVars(self.cfg['test9Sign']['certfile']) 
     190            xpdVars(self.cfg['test9Sign']['signingCertFilePath']) 
    191191        self.attCert.signingKeyFilePath = \ 
    192             xpdVars(self.cfg['test9Sign']['keyfile']) 
    193          
    194         signingKeyPwd = self.cfg['test9Sign'].get('keypwd') 
     192            xpdVars(self.cfg['test9Sign']['signingPriKeyFilePath']) 
     193         
     194        signingKeyPwd = self.cfg['test9Sign'].get('signingPriKeyPwd') 
    195195        if signingKeyPwd is None: 
    196196            try: 
     
    241241            self.cfg['test13IsValidStressTest']['certfilepathlist'].split()] 
    242242        self.attCert.signingKeyFilePath = \ 
    243                         xpdVars(self.cfg['test13IsValidStressTest']['keyfile']) 
    244          
    245         signingKeyPwd = self.cfg['test13IsValidStressTest'].get('keypwd') 
     243                        xpdVars(self.cfg['test13IsValidStressTest']['signingPriKeyFilePath']) 
     244         
     245        signingKeyPwd = self.cfg['test13IsValidStressTest'].get('signingPriKeyPwd') 
    246246        if signingKeyPwd is None: 
    247247            try: 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg

    r3199 r4138  
    1010 
    1111[test9Sign] 
    12 certFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 
    13 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
     12signingCertFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 
     13signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
    1414filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac-signed.xml 
    15 keyPwd: 
     15signingPriKeyPwd: 
    1616 
    1717[test10Write] 
     
    2828# verification 
    2929certFilepathlist: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 
    30 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
    31 keyPwd: 
     30signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 
     31signingPriKeyPwd: 
    3232nruns: 10 
    3333 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/browse.cfg

    r4035 r4138  
    8585signingPriKeyPwd= 
    8686 
     87# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     88# chain of trust from the certificate used to verifying the signature backward  
     89# to the CA cert.  The CA cert need not be included.  To use this option,  
     90# reqBinSecTokValType must be set to the X509PKIPathv1 
     91signingCertChain= 
     92 
    8793# Provide a space separated list of file paths.  CA Certs should be included  
    8894# for all the sites this installation trusts 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml

    r2148 r4138  
    66    <sslKeyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</sslKeyFile> 
    77    <caCertFile>$NDGSEC_CA_UNITTEST_DIR/cacert.pem</caCertFile> 
    8     <certFile>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</certFile> 
    9     <keyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</keyFile> 
    10     <keyPwd/> 
    11     <!--  
    12     Set the certificate used to verify the signature of messages from the  
    13     client.  This can usually be left blank since the client is expected to  
    14     include the cert with the signature in the inbound SOAP message 
    15     --> 
    16     <clntCertFile></clntCertFile>     
     8    <WS-Security> 
     9            <signingCertFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</signingCertFilePath> 
     10        <signingPriKeyFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</signingPriKeyFilePath> 
     11            <signingPriKeyPwd/> 
     12        <!--  
     13            Set the certificate used to verify the signature of messages from the  
     14        client.  This can usually be left blank since the client is expected to  
     15            include the cert with the signature in the inbound SOAP message 
     16        --> 
     17            <verifyingCertFilePath></verifyingCertFilePath> 
     18        </WS-Security>     
    1719        <!--  
    1820        OpenSSL configuration file - omit to use globus default 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/MyProxyClientTest.py

    r3176 r4138  
    6464                              prompt="\ntest1Store cred. owner pass-phrase: ") 
    6565 
    66         certFile = xpdVars(self.cfg['test1Store']['certfile']) 
    67         keyFile = xpdVars(self.cfg['test1Store']['keyfile']) 
     66        certFile = xpdVars(self.cfg['test1Store']['signingCertFilePath']) 
     67        keyFile = xpdVars(self.cfg['test1Store']['signingPriKeyFilePath']) 
    6868        ownerCertFile = xpdVars(self.cfg['test1Store']['ownercertfile']) 
    6969        ownerKeyFile = xpdVars(self.cfg['test1Store']['ownerkeyfile']) 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/myProxyClientTest.cfg

    r3176 r4138  
    1616username: testuser 
    1717passphrase: testpassword 
    18 certFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
    19 keyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
     18signingCertFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
     19signingPriKeyFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
    2020ownerCertFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 
    2121ownerKeyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml

    r3652 r4138  
    1313    <!-- 
    1414    WS-Security settings for signature of outbound SOAP messages 
     15    NB, if no signature handling is required, do not include this element  
    1516    --> 
    16     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    17     <!--  
    18     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    19     SSL connections and Attribute Certificates 
    20     --> 
    21     <caCertFileList> 
    22         <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    23     </caCertFileList> 
    24     <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 
    25     <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 
    26     <keyPwd/> 
    27         <!--  
    28         Inclusive namespace prefixes for reference and SignedInfo sections of 
    29         WS-Security digital signature 
    30         --> 
    31         <wssRefInclNS></wssRefInclNS> 
    32         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    33     <!--  
    34     Set the certificate used to verify the signature of messages from the  
    35     client.  This can usually be left blank since the client is expected to  
    36     include the cert with the signature in the inbound SOAP message 
    37     --> 
    38     <clntCertFile></clntCertFile>     
     17    <WS-Security> 
     18            <!--  
     19            CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     20            SSL connections and Attribute Certificates 
     21        --> 
     22            <caCertFileList> 
     23            <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     24        </caCertFileList> 
     25            <signingCertFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.crt</signingCertFilePath> 
     26        <signingPriKeyFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 
     27            <signingPriKeyPwd/> 
     28                <!--  
     29                Inclusive namespace prefixes for reference and SignedInfo sections of 
     30                WS-Security digital signature 
     31                --> 
     32                <refC14nInclNS></refC14nInclNS> 
     33                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     34        <!--  
     35            Set the certificate used to verify the signature of messages from the  
     36        client.  This can usually be left blank since the client is expected to  
     37            include the cert with the signature in the inbound SOAP message 
     38        --> 
     39        <verifyingCertFilePath></verifyingCertFilePath> 
     40    </WS-Security>     
    3941    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 
    4042    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg

    r3652 r4138  
    6565 
    6666# Inclusive namespaces for Exclusive C14N 
    67 #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 wssRefInclNS:  
    70 wssSignedInfoInclNS:  
     67#refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
     68#signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
     69refC14nInclNS:  
     70signedInfoC14nInclNS:  
    7171 
    7272[test1Connect]  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml

    r3652 r4138  
    1313    <!-- 
    1414    PKI settings for WS-Security signature of outbound SOAP messages 
     15    NB, if no signature handling is required, do not include this element 
    1516    --> 
    16     <!-- 
    17     PKI settings for signature of outbound SOAP messages 
    18     --> 
    19     <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    20     <!--  
    21     CA Certificates used to verify X.509 certs used in peer SOAP messages, 
    22     SSL connections and Attribute Certificates 
    23     --> 
    24     <caCertFileList> 
    25         <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    26         <!--  
    27         To also trust certificates issued from your MyProxy CA, replace  
    28         "abcdef01.0" with the unique name for your CA certificate and uncomment 
    29         the following line: 
    30         <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    31         --> 
    32     </caCertFileList> 
    33     <certFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</certFile> 
    34     <keyFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</keyFile> 
    35     <keyPwd/> 
    36         <!--  
    37         Inclusive namespace prefixes for reference and SignedInfo sections of 
    38         WS-Security digital signature 
    39         --> 
    40         <wssRefInclNS></wssRefInclNS> 
    41         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
    42     <!--  
    43     Set the certificate used to verify the signature of messages from the  
    44     client.  This can usually be left blank since the client is expected to  
    45     include the cert with the signature in the inbound SOAP message 
    46     --> 
    47     <clntCertFile></clntCertFile>     
     17    <WS-Security> 
     18            <!--  
     19        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     20        SSL connections and Attribute Certificates 
     21        --> 
     22            <caCertFileList> 
     23            <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     24                <!--  
     25                To also trust certificates issued from your MyProxy CA, replace  
     26            "abcdef01.0" with the unique name for your CA certificate and uncomment 
     27                the following line: 
     28                <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
     29            --> 
     30            </caCertFileList> 
     31        <signingCertFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</signingCertFilePath> 
     32            <signingPriKeyFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 
     33        <signingPriKeyPwd/> 
     34                <!--  
     35                Inclusive namespace prefixes for reference and SignedInfo sections of 
     36                WS-Security digital signature 
     37                --> 
     38                <refC14nInclNS></refC14nInclNS> 
     39                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
     40            <!--  
     41        Set the certificate used to verify the signature of messages from the  
     42            client.  This can usually be left blank since the client is expected to  
     43        include the cert with the signature in the inbound SOAP message 
     44            --> 
     45        <verifyingCertFilePath></verifyingCertFilePath> 
     46    </WS-Security>     
    4847    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 
    4948    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthority.cfg

    r4136 r4138  
    5858# 
    5959# SOAP Signature Handler settings 
     60# Leave blank for NO SOAP signature 
    6061[WS-Security] 
    6162# 
    6263# OUTBOUND MESSAGE CONFIG 
    63  
    64  
    65 # Set the certificate used to verify the signature of messages from the  
    66 # client.  This can usually be left blank since the client is expected to  
    67 # include the cert with the signature in the inbound SOAP message 
    68 clntCertFile: 
    6964 
    7065# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     
    7267# values should be delimited by a space 
    7368caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    74  
    75 # Leave blank for NO SOAP signature 
    76 useSignatureHandler: Yes  
    7769 
    7870# Signature of an outbound message 
     
    8476 
    8577# PEM encoded cert 
    86 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     78signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8779 
    8880# ... or provide file path to PEM encoded private key file 
    89 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     81signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    9082 
    9183# Password protecting private key.  Leave blank if there is no password. 
    92 keyPwd= 
     84signingPriKeyPwd= 
     85 
     86# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     87# chain of trust from the certificate used to verifying the signature backward  
     88# to the CA cert.  The CA cert need not be included.  To use this option,  
     89# reqBinSecTokValType must be set to the X509PKIPathv1 
     90signingCertChain= 
    9391 
    9492# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9593# space separated list e.g. refC14nInclNS=wsse ds ns1 
    96 wssRefInclNS: 
     94refC14nInclNS: 
    9795 
    9896# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    9997# same format as the above 
    100 wssSignedInfoInclNS: 
     98signedInfoC14nInclNS: 
    10199 
    102100 
     
    116114 
    117115 
     116# 
     117# INBOUND MESSAGE CONFIG 
     118 
     119# X.509 certificate used by verify method to verify a message.  This argument  
     120# can be omitted if the message to be verified contains the X.509 certificate  
     121# in the BinarySecurityToken element.  In this case, the cert read from the 
     122# message will be assigned to the verifyingCert attribute. 
     123 
     124# Provide the PEM encoded content here 
     125verifyingCert= 
     126 
     127# ... or provide file path PEM encode cert here 
     128verifyingCertFilePath= 
     129 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthorityProperties.xml

    r4136 r4138  
    1414    <WS-Security> 
    1515    <!--  
    16         WS-Security settings leave 'useSignatureHandler' blank for no signature  
     16        WS-Security settings  
     17    NB, if no signature handling is required, do not include this element 
    1718        --> 
    18             <useSignatureHandler>Yes</useSignatureHandler>  
    19         <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20             <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21         <keyPwd></keyPwd> 
    22                 <wssRefInclNS></wssRefInclNS> 
    23                 <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     19        <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     20            <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     21        <signingPriKeyPwd></signingPriKeyPwd> 
     22                <refC14nInclNS></refC14nInclNS> 
     23                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    2424            <caCertFileList> 
    2525            <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     
    4141        include the cert with the signature in the inbound SOAP message 
    4242            --> 
    43         <clntCertFile></clntCertFile>     
     43        <verifyingCertFilePath></verifyingCertFilePath>     
    4444    </WS-Security> 
    4545    <attCertLifetime>28800</attCertLifetime> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthority.cfg

    r4136 r4138  
    1313    <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 
    1414    <!--  
    15         WS-Security settings leave 'useSignatureHandler' blank for no  
    16         signature  
     15        WS-Security settings - remove for no signature  
    1716        --> 
    18     <useSignatureHandler>Yes</useSignatureHandler>  
    19     <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 
    20     <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 
    21     <keyPwd></keyPwd> 
    22         <wssRefInclNS></wssRefInclNS> 
    23         <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     17    <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 
     18    <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 
     19    <signingPriKeyPwd></signingPriKeyPwd> 
     20        <refC14nInclNS></refC14nInclNS> 
     21        <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    2422    <caCertFileList> 
    2523        <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
     
    4139    include the cert with the signature in the inbound SOAP message 
    4240    --> 
    43     <clntCertFile></clntCertFile>     
     41    <verifyingCertFilePath></verifyingCertFilePath>     
    4442    <attCertLifetime>28800</attCertLifetime> 
    4543    <attCertNotBeforeOff>0</attCertNotBeforeOff> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthorityProperties.xml

    r4136 r4138  
    3838caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    3939 
    40 # Leave blank for NO SOAP signature 
    41 useSignatureHandler: Yes  
    42  
    4340# Set the certificate used to verify the signature of messages from the  
    4441# client.  This can usually be left blank since the client is expected to  
    4542# include the cert with the signature in the inbound SOAP message 
    46 clntCertFile: 
     43verifyingCertFilePath: 
    4744# Lifetime is measured in seconds 
    4845attCertLifetime: 28800  
     
    8279 
    8380# PEM encoded cert 
    84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     81signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
    8582 
    8683# ... or provide file path to PEM encoded private key file 
    87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
     84signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 
    8885 
    8986# Password protecting private key.  Leave blank if there is no password. 
    90 keyPwd= 
     87signingPriKeyPwd= 
     88 
     89# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     90# chain of trust from the certificate used to verifying the signature backward  
     91# to the CA cert.  The CA cert need not be included.  To use this option,  
     92# reqBinSecTokValType must be set to the X509PKIPathv1 
     93signingCertChain= 
    9194 
    9295# Inclusive namespace prefixes Canonicalisation of reference elements -  
    9396# space separated list e.g. refC14nInclNS=wsse ds ns1 
    94 wssRefInclNS: 
     97refC14nInclNS: 
    9598 
    9699# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 
    97100# same format as the above 
    98 wssSignedInfoInclNS: 
     101signedInfoC14nInclNS: 
    99102 
    100103 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg

    r4136 r4138  
    3232cookieDomain:  
    3333 
    34 # Leave blank for NO SOAP signature 
    35 useSignatureHandler: Yes  
    36  
    3734# 
    3835# SOAP Signature Handler settings 
     36# Leave blank for NO SOAP signature 
    3937[WS-Security] 
    4038# 
     
    6159# Password protecting private key.  Leave blank if there is no password. 
    6260signingPriKeyPwd= 
     61 
     62# Pass a list of certificates ',' separated PEM encoded certs constituting a  
     63# chain of trust from the certificate used to verifying the signature backward  
     64# to the CA cert.  The CA cert need not be included.  To use this option,  
     65# reqBinSecTokValType must be set to the X509PKIPathv1 
     66signingCertChain= 
    6367 
    6468# Provide a space separated list of file paths 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgrProperties.xml

    r4136 r4138  
    1818    <!-- 
    1919    PKI settings for WS-Security signature of outbound SOAP messages 
     20    - remove element for no signature handling 
    2021    --> 
    2122    <WS-Security> 
    22             <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 
    2323        <!-- X.509 certificate included in SOAP header --> 
    24             <certFile>$NDGSEC_DIR/conf/certs/sm-cert.pem</certFile> 
     24            <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath> 
    2525        <!-- corresponding private key used to sign the SOAP message --> 
    26             <keyFile>$NDGSEC_DIR/conf/certs/sm-key.pem</keyFile> 
     26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath> 
    2727        <!-- Password protecting private key file - leave blank if none set --> 
    28             <keyPwd></keyPwd> 
     28            <signingPriKeyPwd></signingPriKeyPwd> 
    2929        <!--  
    3030                Inclusive namespace prefixes for reference and SignedInfo sections of 
    3131                WS-Security digital signature 
    3232        --> 
    33             <wssRefInclNS></wssRefInclNS> 
    34                 <wssSignedInfoInclNS></wssSignedInfoInclNS> 
     33            <refC14nInclNS></refC14nInclNS> 
     34                <signedInfoC14nInclNS></signedInfoC14nInclNS> 
    3535            <!--  
    3636        CA Certificates used to verify X.509 certs used in peer SOAP messages, 
     
    4747            include the cert with the signature in the inbound SOAP message 
    4848            --> 
    49         <clntCertFile></clntCertFile>  
     49        <verifyingCertFilePath></verifyingCertFilePath>  
    5050    </WS-Security> 
    5151    <!-- 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/etree.cfg

    r4069 r4138  
    1212 
    1313[test2SignWithInclC14N] 
    14 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
    15 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
     14signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
     15signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
    1616filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-incl-c14n-signed.xml 
    17 keyPwd: 
     17signingPriKeyPwd: 
    1818 
    1919[test3SignWithExclC14N] 
    20 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
    21 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
     20signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 
     21signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 
    2222filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-excl-c14n-signed.xml 
    23 keyPwd: 
     23signingPriKeyPwd: 
    2424 
    2525[test4Write] 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/test_etree.py

    r4069 r4138  
    8686                    xpdVars(self.cfg['test2SignWithInclC14N']['filepath']) 
    8787        self.xmlSecDoc.certFilePathList = \ 
    88                     xpdVars(self.cfg['test2SignWithInclC14N']['certfile']) 
     88                    xpdVars(self.cfg['test2SignWithInclC14N']['signingCertFilePath']) 
    8989        self.xmlSecDoc.signingKeyFilePath = \ 
    9090                    xpdVars(self.cfg['test2SignWithInclC14N']['keyfile']) 
    9191 
    92         keyPwd = self.cfg['test2SignWithInclC14N'].get('keypwd') 
     92        keyPwd = self.cfg['test2SignWithInclC14N'].get('signingPriKeyPwd') 
    9393        if keyPwd is None: 
    9494            self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\ 
     
    106106                    xpdVars(self.cfg['test3SignWithExclC14N']['filepath']) 
    107107        self.xmlSecDoc.certFilePathList = \ 
    108                     xpdVars(self.cfg['test3SignWithExclC14N']['certfile']) 
     108                    xpdVars(self.cfg['test3SignWithExclC14N']['signingCertFilePath']) 
    109109        self.xmlSecDoc.signingKeyFilePath = \ 
    110110                    xpdVars(self.cfg['test3SignWithExclC14N']['keyfile']) 
    111111 
    112         keyPwd = self.cfg['test3SignWithExclC14N'].get('keypwd') 
     112        keyPwd = self.cfg['test3SignWithExclC14N'].get('signingPriKeyPwd') 
    113113        if keyPwd is None: 
    114114            self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\ 
Note: See TracChangeset for help on using the changeset viewer.