- Timestamp:
- 27/08/08 11:48:57 (13 years ago)
- Location:
- TI12-security/trunk/python/ndg.security.test/ndg/security/test
- Files:
-
- 1 added
- 2 deleted
- 23 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.cfg
r3195 r4138 12 12 13 13 [test2Sign] 14 certFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt15 keyFile: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key14 signingCertFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.crt 15 signingPriKeyFilePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/test.key 16 16 filePath: $NDGSEC_XMLSECDOC_UNITTEST_DIR/ac-signed.xml 17 keyPwd:17 signingPriKeyPwd: 18 18 19 19 [test3Write] -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/XMLSecDoc/xmlSecDocTest.py
r3195 r4138 89 89 self.xmlSecDoc.filePath = xpdVars(self.cfg['test2Sign']['filepath']) 90 90 self.xmlSecDoc.certFilePathList = \ 91 xpdVars(self.cfg['test2Sign'][' certfile'])91 xpdVars(self.cfg['test2Sign']['signingCertFilePath']) 92 92 self.xmlSecDoc.signingKeyFilePath = \ 93 93 xpdVars(self.cfg['test2Sign']['keyfile']) 94 94 95 keyPwd = self.cfg['test2Sign'].get(' keypwd')95 keyPwd = self.cfg['test2Sign'].get('signingPriKeyPwd') 96 96 if keyPwd is None: 97 97 self.xmlSecDoc.signingKeyPwd = \ -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg
r4111 r4138 65 65 66 66 # Inclusive namespaces for Exclusive C14N 67 # wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns168 # wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec69 wssRefInclNS:70 wssSignedInfoInclNS:67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 69 refC14nInclNS: 70 signedInfoC14nInclNS: 71 71 72 72 [test3GetTrustedHostInfo] -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthority.cfg
r4131 r4138 33 33 sslCACertDir: $NDGSEC_AACLNT_UNITTEST_DIR/ca 34 34 35 # CA Certificates used to verify X.509 certs used in Attribute Certificates.36 # The CA certificates of other NDG trusted sites should go here. NB, multiple37 # values should be delimited by a space38 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem39 40 # Leave blank for NO SOAP signature41 useSignatureHandler: Yes42 43 # Set the certificate used to verify the signature of messages from the44 # client. This can usually be left blank since the client is expected to45 # include the cert with the signature in the inbound SOAP message46 clntCertFile:47 35 # Lifetime is measured in seconds 48 36 attCertLifetime: 28800 … … 70 58 # 71 59 # SOAP Signature Handler settings 60 # Leave blank for NO SOAP signature 72 61 [WS-Security] 73 62 # 74 63 # OUTBOUND MESSAGE CONFIG 64 65 # CA Certificates used to verify X.509 certs used in Attribute Certificates. 66 # The CA certificates of other NDG trusted sites should go here. NB, multiple 67 # values should be delimited by a space 68 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 75 69 76 70 # Signature of an outbound message … … 82 76 83 77 # PEM encoded cert 84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt78 signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 85 79 86 80 # ... or provide file path to PEM encoded private key file 87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key81 signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 88 82 89 83 # Password protecting private key. Leave blank if there is no password. 90 keyPwd= 84 signingPriKeyPwd= 85 86 # Pass a list of certificates ',' separated PEM encoded certs constituting a 87 # chain of trust from the certificate used to verifying the signature backward 88 # to the CA cert. The CA cert need not be included. To use this option, 89 # reqBinSecTokValType must be set to the X509PKIPathv1 90 signingCertChain= 91 91 92 92 # Inclusive namespace prefixes Canonicalisation of reference elements - 93 93 # space separated list e.g. refC14nInclNS=wsse ds ns1 94 wssRefInclNS:94 refC14nInclNS: 95 95 96 96 # Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 97 97 # same format as the above 98 wssSignedInfoInclNS:98 signedInfoC14nInclNS: 99 99 100 100 … … 114 114 115 115 116 # 117 # INBOUND MESSAGE CONFIG 118 119 # X.509 certificate used by verify method to verify a message. This argument 120 # can be omitted if the message to be verified contains the X.509 certificate 121 # in the BinarySecurityToken element. In this case, the cert read from the 122 # message will be assigned to the verifyingCert attribute. 123 124 # Provide the PEM encoded content here 125 verifyingCert= 126 127 # ... or provide file path PEM encode cert here 128 verifyingCertFilePath= 129 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteAAttAuthorityProperties.xml
r4111 r4138 12 12 --> 13 13 <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 14 <!-- NB, if no signature handling is required, do not include this element --> 14 15 <!-- 15 WS-Security settings leave 'useSignatureHandler' blank for no 16 signature 16 WS-Security settings 17 17 --> 18 <useSignatureHandler>Yes</useSignatureHandler> 19 <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 20 <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 21 <keyPwd></keyPwd> 22 <wssRefInclNS></wssRefInclNS> 23 <wssSignedInfoInclNS></wssSignedInfoInclNS> 24 <caCertFileList> 25 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 26 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 27 <!-- 28 To also trust certificates issued from your MyProxy CA, replace 29 "abcdef01.0" with the unique name for your CA certificate and uncomment 30 the following line: 31 <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 32 --> 33 </caCertFileList> 34 <!-- Set the value type of the server cert --> 35 <reqBinSecTokValType>X509v3</reqBinSecTokValType> 36 <!-- Set the response message header to include a SignatureConfirmation element --> 37 <applySignatureConfirmation>True</applySignatureConfirmation> 38 <!-- 39 Set the certificate used to verify the signature of messages from the 40 client. This can usually be left blank since the client is expected to 41 include the cert with the signature in the inbound SOAP message 42 --> 43 <clntCertFile></clntCertFile> 18 <WS-Security> 19 <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 20 <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 21 <signingPriKeyPwd></signingPriKeyPwd> 22 <refC14nInclNS></refC14nInclNS> 23 <signedInfoC14nInclNS></signedInfoC14nInclNS> 24 <caCertFileList> 25 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 26 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 27 <!-- 28 To also trust certificates issued from your MyProxy CA, replace 29 "abcdef01.0" with the unique name for your CA certificate and uncomment 30 the following line: 31 <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 32 --> 33 </caCertFileList> 34 <!-- Set the value type of the server cert --> 35 <reqBinSecTokValType>X509v3</reqBinSecTokValType> 36 <!-- Set the response message header to include a SignatureConfirmation element --> 37 <applySignatureConfirmation>True</applySignatureConfirmation> 38 <!-- 39 Set the certificate used to verify the signature of messages from the 40 client. This can usually be left blank since the client is expected to 41 include the cert with the signature in the inbound SOAP message 42 --> 43 <verifyingCertFilePath></verifyingCertFilePath> 44 </WS-Security> 44 45 <attCertLifetime>28800</attCertLifetime> 45 46 <attCertNotBeforeOff>0</attCertNotBeforeOff> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/siteBAttAuthorityProperties.xml
r4111 r4138 11 11 --> 12 12 <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 13 <!-- WS-Security settings --> 14 <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 15 <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</certFile> 16 <caCertFileList> 17 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 18 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 19 <!-- 20 To also trust certificates issued from your MyProxy CA, replace 21 "abcdef01.0" with the unique name for your CA certificate and uncomment 22 the following line: 23 <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 24 --> 25 </caCertFileList> 26 <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</keyFile> 27 <keyPwd></keyPwd> 28 <wssRefInclNS></wssRefInclNS> 29 <wssSignedInfoInclNS></wssSignedInfoInclNS> 30 <!-- 31 Set the certificate used to verify the signature of messages from the 32 client. This can usually be left blank since the client is expected to 33 include the cert with the signature in the inbound SOAP message 34 --> 35 <clntCertFile></clntCertFile> 13 <!-- NB, if no signature handling is required, do not include this element --> 14 <WS-Security> 15 <!-- WS-Security settings --> 16 <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.crt</signingCertFilePath> 17 <caCertFileList> 18 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 19 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem</caCertFile> 20 <!-- 21 To also trust certificates issued from your MyProxy CA, replace 22 "abcdef01.0" with the unique name for your CA certificate and uncomment 23 the following line: 24 <caCertFile>/etc/grid-security/certificates/abcdef01.0</caCertFile> 25 --> 26 </caCertFileList> 27 <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteB-aa.key</signingPriKeyFilePath> 28 <signingPriKeyPwd></signingPriKeyPwd> 29 <refC14nInclNS></refC14nInclNS> 30 <signedInfoC14nInclNS></signedInfoC14nInclNS> 31 <!-- 32 Set the certificate used to verify the signature of messages from the 33 client. This can usually be left blank since the client is expected to 34 include the cert with the signature in the inbound SOAP message 35 --> 36 <verifyingCertFilePath></verifyingCertFilePath> 37 </WS-Security> 36 38 <attCertLifetime>28800</attCertLifetime> 37 39 <attCertNotBeforeOff>0</attCertNotBeforeOff> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/AttCertTest.py
r3202 r4138 188 188 self.attCert.filePath = xpdVars(self.cfg['test9Sign']['filepath']) 189 189 self.attCert.certFilePathList = \ 190 xpdVars(self.cfg['test9Sign'][' certfile'])190 xpdVars(self.cfg['test9Sign']['signingCertFilePath']) 191 191 self.attCert.signingKeyFilePath = \ 192 xpdVars(self.cfg['test9Sign'][' keyfile'])193 194 signingKeyPwd = self.cfg['test9Sign'].get(' keypwd')192 xpdVars(self.cfg['test9Sign']['signingPriKeyFilePath']) 193 194 signingKeyPwd = self.cfg['test9Sign'].get('signingPriKeyPwd') 195 195 if signingKeyPwd is None: 196 196 try: … … 241 241 self.cfg['test13IsValidStressTest']['certfilepathlist'].split()] 242 242 self.attCert.signingKeyFilePath = \ 243 xpdVars(self.cfg['test13IsValidStressTest'][' keyfile'])244 245 signingKeyPwd = self.cfg['test13IsValidStressTest'].get(' keypwd')243 xpdVars(self.cfg['test13IsValidStressTest']['signingPriKeyFilePath']) 244 245 signingKeyPwd = self.cfg['test13IsValidStressTest'].get('signingPriKeyPwd') 246 246 if signingKeyPwd is None: 247 247 try: -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attCert/attCertTest.cfg
r3199 r4138 10 10 11 11 [test9Sign] 12 certFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt13 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key12 signingCertFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt 13 signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 14 14 filePath: $NDGSEC_ATTCERT_UNITTEST_DIR/ac-signed.xml 15 keyPwd:15 signingPriKeyPwd: 16 16 17 17 [test10Write] … … 28 28 # verification 29 29 certFilepathlist: $NDGSEC_ATTCERT_UNITTEST_DIR/test.crt $NDGSEC_ATTCERT_UNITTEST_DIR/ndg-test-ca.crt 30 keyFile: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key31 keyPwd:30 signingPriKeyFilePath: $NDGSEC_ATTCERT_UNITTEST_DIR/test.key 31 signingPriKeyPwd: 32 32 nruns: 10 33 33 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/browse.cfg
r4035 r4138 85 85 signingPriKeyPwd= 86 86 87 # Pass a list of certificates ',' separated PEM encoded certs constituting a 88 # chain of trust from the certificate used to verifying the signature backward 89 # to the CA cert. The CA cert need not be included. To use this option, 90 # reqBinSecTokValType must be set to the X509PKIPathv1 91 signingCertChain= 92 87 93 # Provide a space separated list of file paths. CA Certs should be included 88 94 # for all the sites this installation trusts -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml
r2148 r4138 6 6 <sslKeyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</sslKeyFile> 7 7 <caCertFile>$NDGSEC_CA_UNITTEST_DIR/cacert.pem</caCertFile> 8 <certFile>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</certFile> 9 <keyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</keyFile> 10 <keyPwd/> 11 <!-- 12 Set the certificate used to verify the signature of messages from the 13 client. This can usually be left blank since the client is expected to 14 include the cert with the signature in the inbound SOAP message 15 --> 16 <clntCertFile></clntCertFile> 8 <WS-Security> 9 <signingCertFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</signingCertFilePath> 10 <signingPriKeyFilePath>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</signingPriKeyFilePath> 11 <signingPriKeyPwd/> 12 <!-- 13 Set the certificate used to verify the signature of messages from the 14 client. This can usually be left blank since the client is expected to 15 include the cert with the signature in the inbound SOAP message 16 --> 17 <verifyingCertFilePath></verifyingCertFilePath> 18 </WS-Security> 17 19 <!-- 18 20 OpenSSL configuration file - omit to use globus default -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/MyProxyClientTest.py
r3176 r4138 64 64 prompt="\ntest1Store cred. owner pass-phrase: ") 65 65 66 certFile = xpdVars(self.cfg['test1Store'][' certfile'])67 keyFile = xpdVars(self.cfg['test1Store'][' keyfile'])66 certFile = xpdVars(self.cfg['test1Store']['signingCertFilePath']) 67 keyFile = xpdVars(self.cfg['test1Store']['signingPriKeyFilePath']) 68 68 ownerCertFile = xpdVars(self.cfg['test1Store']['ownercertfile']) 69 69 ownerKeyFile = xpdVars(self.cfg['test1Store']['ownerkeyfile']) -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/myProxy/myProxyClientTest.cfg
r3176 r4138 16 16 username: testuser 17 17 passphrase: testpassword 18 certFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt19 keyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key18 signingCertFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 19 signingPriKeyFilePath: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key 20 20 ownerCertFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.crt 21 21 ownerKeyFile: $NDGSEC_MYPROXY_UNITTEST_DIR/user.key -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml
r3652 r4138 13 13 <!-- 14 14 WS-Security settings for signature of outbound SOAP messages 15 NB, if no signature handling is required, do not include this element 15 16 --> 16 <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 17 <!-- 18 CA Certificates used to verify X.509 certs used in peer SOAP messages, 19 SSL connections and Attribute Certificates 20 --> 21 <caCertFileList> 22 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 23 </caCertFileList> 24 <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile> 25 <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile> 26 <keyPwd/> 27 <!-- 28 Inclusive namespace prefixes for reference and SignedInfo sections of 29 WS-Security digital signature 30 --> 31 <wssRefInclNS></wssRefInclNS> 32 <wssSignedInfoInclNS></wssSignedInfoInclNS> 33 <!-- 34 Set the certificate used to verify the signature of messages from the 35 client. This can usually be left blank since the client is expected to 36 include the cert with the signature in the inbound SOAP message 37 --> 38 <clntCertFile></clntCertFile> 17 <WS-Security> 18 <!-- 19 CA Certificates used to verify X.509 certs used in peer SOAP messages, 20 SSL connections and Attribute Certificates 21 --> 22 <caCertFileList> 23 <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 24 </caCertFileList> 25 <signingCertFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.crt</signingCertFilePath> 26 <signingPriKeyFilePath>$NDGSEC_SM_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 27 <signingPriKeyPwd/> 28 <!-- 29 Inclusive namespace prefixes for reference and SignedInfo sections of 30 WS-Security digital signature 31 --> 32 <refC14nInclNS></refC14nInclNS> 33 <signedInfoC14nInclNS></signedInfoC14nInclNS> 34 <!-- 35 Set the certificate used to verify the signature of messages from the 36 client. This can usually be left blank since the client is expected to 37 include the cert with the signature in the inbound SOAP message 38 --> 39 <verifyingCertFilePath></verifyingCertFilePath> 40 </WS-Security> 39 41 <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 40 42 <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrClientTest.cfg
r3652 r4138 65 65 66 66 # Inclusive namespaces for Exclusive C14N 67 # wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns168 # wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec69 wssRefInclNS:70 wssSignedInfoInclNS:67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 69 refC14nInclNS: 70 signedInfoC14nInclNS: 71 71 72 72 [test1Connect] -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgrClient/sessionMgrProperties.xml
r3652 r4138 13 13 <!-- 14 14 PKI settings for WS-Security signature of outbound SOAP messages 15 NB, if no signature handling is required, do not include this element 15 16 --> 16 <!-- 17 PKI settings for signature of outbound SOAP messages 18 --> 19 <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature --> 20 <!-- 21 CA Certificates used to verify X.509 certs used in peer SOAP messages, 22 SSL connections and Attribute Certificates 23 --> 24 <caCertFileList> 25 <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 26 <!-- 27 To also trust certificates issued from your MyProxy CA, replace 28 "abcdef01.0" with the unique name for your CA certificate and uncomment 29 the following line: 30 <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 31 --> 32 </caCertFileList> 33 <certFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</certFile> 34 <keyFile>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</keyFile> 35 <keyPwd/> 36 <!-- 37 Inclusive namespace prefixes for reference and SignedInfo sections of 38 WS-Security digital signature 39 --> 40 <wssRefInclNS></wssRefInclNS> 41 <wssSignedInfoInclNS></wssSignedInfoInclNS> 42 <!-- 43 Set the certificate used to verify the signature of messages from the 44 client. This can usually be left blank since the client is expected to 45 include the cert with the signature in the inbound SOAP message 46 --> 47 <clntCertFile></clntCertFile> 17 <WS-Security> 18 <!-- 19 CA Certificates used to verify X.509 certs used in peer SOAP messages, 20 SSL connections and Attribute Certificates 21 --> 22 <caCertFileList> 23 <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 24 <!-- 25 To also trust certificates issued from your MyProxy CA, replace 26 "abcdef01.0" with the unique name for your CA certificate and uncomment 27 the following line: 28 <caCertFile>$NDGSEC_SMCLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 29 --> 30 </caCertFileList> 31 <signingCertFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt</signingCertFilePath> 32 <signingPriKeyFilePath>$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key</signingPriKeyFilePath> 33 <signingPriKeyPwd/> 34 <!-- 35 Inclusive namespace prefixes for reference and SignedInfo sections of 36 WS-Security digital signature 37 --> 38 <refC14nInclNS></refC14nInclNS> 39 <signedInfoC14nInclNS></signedInfoC14nInclNS> 40 <!-- 41 Set the certificate used to verify the signature of messages from the 42 client. This can usually be left blank since the client is expected to 43 include the cert with the signature in the inbound SOAP message 44 --> 45 <verifyingCertFilePath></verifyingCertFilePath> 46 </WS-Security> 48 47 <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey> 49 48 <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthority.cfg
r4136 r4138 58 58 # 59 59 # SOAP Signature Handler settings 60 # Leave blank for NO SOAP signature 60 61 [WS-Security] 61 62 # 62 63 # OUTBOUND MESSAGE CONFIG 63 64 65 # Set the certificate used to verify the signature of messages from the66 # client. This can usually be left blank since the client is expected to67 # include the cert with the signature in the inbound SOAP message68 clntCertFile:69 64 70 65 # CA Certificates used to verify X.509 certs used in Attribute Certificates. … … 72 67 # values should be delimited by a space 73 68 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 74 75 # Leave blank for NO SOAP signature76 useSignatureHandler: Yes77 69 78 70 # Signature of an outbound message … … 84 76 85 77 # PEM encoded cert 86 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt78 signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 87 79 88 80 # ... or provide file path to PEM encoded private key file 89 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key81 signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 90 82 91 83 # Password protecting private key. Leave blank if there is no password. 92 keyPwd= 84 signingPriKeyPwd= 85 86 # Pass a list of certificates ',' separated PEM encoded certs constituting a 87 # chain of trust from the certificate used to verifying the signature backward 88 # to the CA cert. The CA cert need not be included. To use this option, 89 # reqBinSecTokValType must be set to the X509PKIPathv1 90 signingCertChain= 93 91 94 92 # Inclusive namespace prefixes Canonicalisation of reference elements - 95 93 # space separated list e.g. refC14nInclNS=wsse ds ns1 96 wssRefInclNS:94 refC14nInclNS: 97 95 98 96 # Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 99 97 # same format as the above 100 wssSignedInfoInclNS:98 signedInfoC14nInclNS: 101 99 102 100 … … 116 114 117 115 116 # 117 # INBOUND MESSAGE CONFIG 118 119 # X.509 certificate used by verify method to verify a message. This argument 120 # can be omitted if the message to be verified contains the X.509 certificate 121 # in the BinarySecurityToken element. In this case, the cert read from the 122 # message will be assigned to the verifyingCert attribute. 123 124 # Provide the PEM encoded content here 125 verifyingCert= 126 127 # ... or provide file path PEM encode cert here 128 verifyingCertFilePath= 129 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/attAuthorityProperties.xml
r4136 r4138 14 14 <WS-Security> 15 15 <!-- 16 WS-Security settings leave 'useSignatureHandler' blank for no signature 16 WS-Security settings 17 NB, if no signature handling is required, do not include this element 17 18 --> 18 <useSignatureHandler>Yes</useSignatureHandler> 19 <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 20 <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 21 <keyPwd></keyPwd> 22 <wssRefInclNS></wssRefInclNS> 23 <wssSignedInfoInclNS></wssSignedInfoInclNS> 19 <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 20 <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 21 <signingPriKeyPwd></signingPriKeyPwd> 22 <refC14nInclNS></refC14nInclNS> 23 <signedInfoC14nInclNS></signedInfoC14nInclNS> 24 24 <caCertFileList> 25 25 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> … … 41 41 include the cert with the signature in the inbound SOAP message 42 42 --> 43 < clntCertFile></clntCertFile>43 <verifyingCertFilePath></verifyingCertFilePath> 44 44 </WS-Security> 45 45 <attCertLifetime>28800</attCertLifetime> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthority.cfg
r4136 r4138 13 13 <sslCACertDir>$NDGSEC_AACLNT_UNITTEST_DIR/ca</sslCACertDir> 14 14 <!-- 15 WS-Security settings leave 'useSignatureHandler' blank for no 16 signature 15 WS-Security settings - remove for no signature 17 16 --> 18 <useSignatureHandler>Yes</useSignatureHandler> 19 <certFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</certFile> 20 <keyFile>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</keyFile> 21 <keyPwd></keyPwd> 22 <wssRefInclNS></wssRefInclNS> 23 <wssSignedInfoInclNS></wssSignedInfoInclNS> 17 <signingCertFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt</signingCertFilePath> 18 <signingPriKeyFilePath>$NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key</signingPriKeyFilePath> 19 <signingPriKeyPwd></signingPriKeyPwd> 20 <refC14nInclNS></refC14nInclNS> 21 <signedInfoC14nInclNS></signedInfoC14nInclNS> 24 22 <caCertFileList> 25 23 <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> … … 41 39 include the cert with the signature in the inbound SOAP message 42 40 --> 43 < clntCertFile></clntCertFile>41 <verifyingCertFilePath></verifyingCertFilePath> 44 42 <attCertLifetime>28800</attCertLifetime> 45 43 <attCertNotBeforeOff>0</attCertNotBeforeOff> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/invalidAttAuthorityProperties.xml
r4136 r4138 38 38 caCertFileList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 39 39 40 # Leave blank for NO SOAP signature41 useSignatureHandler: Yes42 43 40 # Set the certificate used to verify the signature of messages from the 44 41 # client. This can usually be left blank since the client is expected to 45 42 # include the cert with the signature in the inbound SOAP message 46 clntCertFile:43 verifyingCertFilePath: 47 44 # Lifetime is measured in seconds 48 45 attCertLifetime: 28800 … … 82 79 83 80 # PEM encoded cert 84 certFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt81 signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 85 82 86 83 # ... or provide file path to PEM encoded private key file 87 keyFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key84 signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.key 88 85 89 86 # Password protecting private key. Leave blank if there is no password. 90 keyPwd= 87 signingPriKeyPwd= 88 89 # Pass a list of certificates ',' separated PEM encoded certs constituting a 90 # chain of trust from the certificate used to verifying the signature backward 91 # to the CA cert. The CA cert need not be included. To use this option, 92 # reqBinSecTokValType must be set to the X509PKIPathv1 93 signingCertChain= 91 94 92 95 # Inclusive namespace prefixes Canonicalisation of reference elements - 93 96 # space separated list e.g. refC14nInclNS=wsse ds ns1 94 wssRefInclNS:97 refC14nInclNS: 95 98 96 99 # Inclusive namespaces prefixes for Canonicalisation of SignedInfo element - 97 100 # same format as the above 98 wssSignedInfoInclNS:101 signedInfoC14nInclNS: 99 102 100 103 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg
r4136 r4138 32 32 cookieDomain: 33 33 34 # Leave blank for NO SOAP signature35 useSignatureHandler: Yes36 37 34 # 38 35 # SOAP Signature Handler settings 36 # Leave blank for NO SOAP signature 39 37 [WS-Security] 40 38 # … … 61 59 # Password protecting private key. Leave blank if there is no password. 62 60 signingPriKeyPwd= 61 62 # Pass a list of certificates ',' separated PEM encoded certs constituting a 63 # chain of trust from the certificate used to verifying the signature backward 64 # to the CA cert. The CA cert need not be included. To use this option, 65 # reqBinSecTokValType must be set to the X509PKIPathv1 66 signingCertChain= 63 67 64 68 # Provide a space separated list of file paths -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgrProperties.xml
r4136 r4138 18 18 <!-- 19 19 PKI settings for WS-Security signature of outbound SOAP messages 20 - remove element for no signature handling 20 21 --> 21 22 <WS-Security> 22 <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->23 23 <!-- X.509 certificate included in SOAP header --> 24 < certFile>$NDGSEC_DIR/conf/certs/sm-cert.pem</certFile>24 <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath> 25 25 <!-- corresponding private key used to sign the SOAP message --> 26 < keyFile>$NDGSEC_DIR/conf/certs/sm-key.pem</keyFile>26 <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath> 27 27 <!-- Password protecting private key file - leave blank if none set --> 28 < keyPwd></keyPwd>28 <signingPriKeyPwd></signingPriKeyPwd> 29 29 <!-- 30 30 Inclusive namespace prefixes for reference and SignedInfo sections of 31 31 WS-Security digital signature 32 32 --> 33 < wssRefInclNS></wssRefInclNS>34 < wssSignedInfoInclNS></wssSignedInfoInclNS>33 <refC14nInclNS></refC14nInclNS> 34 <signedInfoC14nInclNS></signedInfoC14nInclNS> 35 35 <!-- 36 36 CA Certificates used to verify X.509 certs used in peer SOAP messages, … … 47 47 include the cert with the signature in the inbound SOAP message 48 48 --> 49 < clntCertFile></clntCertFile>49 <verifyingCertFilePath></verifyingCertFilePath> 50 50 </WS-Security> 51 51 <!-- -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/etree.cfg
r4069 r4138 12 12 13 13 [test2SignWithInclC14N] 14 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt15 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key14 signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 15 signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 16 16 filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-incl-c14n-signed.xml 17 keyPwd:17 signingPriKeyPwd: 18 18 19 19 [test3SignWithExclC14N] 20 certFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt21 keyFile: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key20 signingCertFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.crt 21 signingPriKeyFilePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test.key 22 22 filePath: $NDGSEC_XMLSEC_ETREE_UNITTEST_DIR/test-excl-c14n-signed.xml 23 keyPwd:23 signingPriKeyPwd: 24 24 25 25 [test4Write] -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/xmlsec/etree/test_etree.py
r4069 r4138 86 86 xpdVars(self.cfg['test2SignWithInclC14N']['filepath']) 87 87 self.xmlSecDoc.certFilePathList = \ 88 xpdVars(self.cfg['test2SignWithInclC14N'][' certfile'])88 xpdVars(self.cfg['test2SignWithInclC14N']['signingCertFilePath']) 89 89 self.xmlSecDoc.signingKeyFilePath = \ 90 90 xpdVars(self.cfg['test2SignWithInclC14N']['keyfile']) 91 91 92 keyPwd = self.cfg['test2SignWithInclC14N'].get(' keypwd')92 keyPwd = self.cfg['test2SignWithInclC14N'].get('signingPriKeyPwd') 93 93 if keyPwd is None: 94 94 self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\ … … 106 106 xpdVars(self.cfg['test3SignWithExclC14N']['filepath']) 107 107 self.xmlSecDoc.certFilePathList = \ 108 xpdVars(self.cfg['test3SignWithExclC14N'][' certfile'])108 xpdVars(self.cfg['test3SignWithExclC14N']['signingCertFilePath']) 109 109 self.xmlSecDoc.signingKeyFilePath = \ 110 110 xpdVars(self.cfg['test3SignWithExclC14N']['keyfile']) 111 111 112 keyPwd = self.cfg['test3SignWithExclC14N'].get(' keypwd')112 keyPwd = self.cfg['test3SignWithExclC14N'].get('signingPriKeyPwd') 113 113 if keyPwd is None: 114 114 self.xmlSecDoc.signingKeyPwd = getpass.getpass(prompt=\
Note: See TracChangeset
for help on using the changeset viewer.