Changeset 4246 for TI12-security/trunk


Ignore:
Timestamp:
30/09/08 09:46:54 (11 years ago)
Author:
pjkersha
Message:

Refactored AttAuthority? client unit tests to use standard WS-Security config

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/AttAuthorityClientTest.py

    r4171 r4246  
    66__author__ = "P J Kershaw" 
    77__date__ = "05/05/05, major update 16/01/07" 
    8 __copyright__ = "(C) 2007 STFC & NERC" 
     8__copyright__ = "(C) 2008 STFC & NERC" 
    99__license__ = \ 
    1010"""This software may be distributed under the terms of the Q Public  
     
    1919logging.basicConfig() 
    2020 
    21 from ndg.security.common.AttAuthority import AttAuthorityClient 
     21from ndg.security.common.AttAuthority import AttAuthorityClient, \ 
     22    NoMatchingRoleInTrustedHosts 
    2223from ndg.security.common.AttCert import AttCertRead 
    2324from ndg.security.common.X509 import X509CertParse, X509CertRead 
    2425from ndg.security.common.wssecurity.dom import SignatureHandler as SigHdlr 
    25  
     26from ndg.security.common.utils.ConfigFileParsers import \ 
     27    CaseSensitiveConfigParser 
     28     
    2629from os.path import expandvars as xpdVars 
    2730from os.path import join as jnPath 
     
    6164                os.path.abspath(os.path.dirname(__file__)) 
    6265 
    63         configParser = SafeConfigParser() 
    64         configFilePath = jnPath(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'], 
     66        self.cfgParser = CaseSensitiveConfigParser() 
     67        cfgFilePath = jnPath(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'], 
    6568                                'attAuthorityClientTest.cfg') 
    66         configParser.read(configFilePath) 
     69        self.cfgParser.read(cfgFilePath) 
    6770         
    6871        self.cfg = {} 
    69         for section in configParser.sections(): 
    70             self.cfg[section] = dict(configParser.items(section)) 
    71  
    72         tracefile = sys.stderr 
    73  
    74         if self.clntPriKeyPwd is None: 
    75             try: 
    76                 if self.cfg['setUp'].get('clntprikeypwd') is None: 
    77                     self.clntPriKeyPwd = getpass.getpass(\ 
    78                             prompt="\nsetUp - client private key password: ") 
    79                 else: 
    80                     self.clntPriKeyPwd=self.cfg['setUp'].get('clntprikeypwd') 
    81             except KeyboardInterrupt: 
    82                 sys.exit(0) 
    83  
    84         # List of CA certificates for use in validation of certs used in 
    85         # signature for server reponse 
    86         try: 
    87             caCertFilePathList = [xpdVars(file) for file in \ 
    88                             self.cfg['setUp']['cacertfilepathlist'].split()] 
    89         except KeyError: 
    90             caCertFilePathList = [] 
    91            
     72        for section in self.cfgParser.sections(): 
     73            self.cfg[section] = dict(self.cfgParser.items(section)) 
     74 
    9275        try: 
    9376            sslCACertList = [X509CertRead(xpdVars(file)) for file in \ 
    94                          self.cfg['setUp']['sslcacertfilepathlist'].split()] 
     77                         self.cfg['setUp']['sslcaCertFilePathList'].split()] 
    9578        except KeyError: 
    9679            sslCACertList = [] 
    9780             
    98         clntCertFilePath = xpdVars(self.cfg['setUp'].get('clntcertfilepath'))          
    99         clntPriKeyFilePath=xpdVars(self.cfg['setUp'].get('clntprikeyfilepath')) 
    100         reqBinSecTokValType = self.cfg['setUp'].get('reqbinsectokvaltype') 
    101  
    102         # Check certificate types proxy or standard 
    103         if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    104             signingCertChain = \ 
    105                         self._getCertChainFromProxyCertFile(clntCertFilePath) 
    106             signingCertFilePath = None 
    107         else: 
    108             signingCertChain = None 
    109             signingCertFilePath = clntCertFilePath 
    110  
    111         # Inclusive namespace prefixes for Exclusive C14N 
    112         try: 
    113             refC14nInclNS = self.cfg['setUp']['wssrefinclns'].split()            
    114         except KeyError: 
    115             refC14nInclNS = [] 
    116  
    117         try: 
    118             signedInfoC14nInclNS = self.cfg['setUp']['wsssignedinfoinclns'].split()           
    119         except KeyError: 
    120             signedInfoC14nInclNS = [] 
    121                  
    122         setSignatureHandler = eval(self.cfg['setUp']['setsignaturehandler']) 
    123  
    12481        # Instantiate WS proxy 
    125         self.clnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 
    126                         sslPeerCertCN=self.cfg['setUp'].get('sslpeercertcn'), 
     82        self.siteAClnt = AttAuthorityClient(uri=self.cfg['setUp']['uri'], 
     83                        sslPeerCertCN=self.cfg['setUp'].get('sslPeerCertCN'), 
    12784                        sslCACertList=sslCACertList, 
    128                         setSignatureHandler=setSignatureHandler, 
    129                         reqBinSecTokValType=reqBinSecTokValType, 
    130                         signingCertFilePath=signingCertFilePath, 
    131                         signingCertChain=signingCertChain, 
    132                         signingPriKeyFilePath=clntPriKeyFilePath, 
    133                         signingPriKeyPwd=self.clntPriKeyPwd, 
    134                         caCertFilePathList=caCertFilePathList, 
    135                         refC14nInclNS=refC14nInclNS, 
    136                         signedInfoC14nInclNS=signedInfoC14nInclNS, 
    137                         tracefile=sys.stderr) 
    138              
     85                        cfgFileSection='wsse', 
     86                        cfg=self.cfgParser)             
    13987     
    14088    def test1GetX509Cert(self): 
    14189        '''test1GetX509Cert: retrieve Attribute Authority's X.509 cert.''' 
    142         resp = self.clnt.getX509Cert() 
     90        resp = self.siteAClnt.getX509Cert() 
    14391        print "Attribute Authority X.509 cert.:\n" + resp 
    14492 
    14593    def test2GetHostInfo(self): 
    14694        """test2GetHostInfo: retrieve info for AA host""" 
    147         hostInfo = self.clnt.getHostInfo() 
    148         print "Host Info:\n %s" % hostInfo 
    149          
     95        hostInfo = self.siteAClnt.getHostInfo() 
     96        print "Host Info:\n %s" % hostInfo         
    15097 
    15198    def test3GetTrustedHostInfo(self): 
    15299        """test3GetTrustedHostInfo: retrieve trusted host info matching a 
    153100        given role""" 
    154         trustedHostInfo = self.clnt.getTrustedHostInfo(\ 
     101        trustedHostInfo = self.siteAClnt.getTrustedHostInfo(\ 
    155102                                 self.cfg['test3GetTrustedHostInfo']['role']) 
    156103        for hostname, hostInfo in trustedHostInfo.items(): 
     
    161108        print "Trusted Host Info:\n %s" % trustedHostInfo 
    162109 
     110    def test3aGetTrustedHostInfoWithNoMatchingRoleFound(self): 
     111        """test3aGetTrustedHostInfoWithNoMatchingRoleFound: test the case  
     112        where the input role doesn't match any roles in the target AA's map  
     113        config file""" 
     114        _cfg = self.cfg['test3aGetTrustedHostInfoWithNoMatchingRoleFound'] 
     115        try: 
     116            trustedHostInfo = self.siteAClnt.getTrustedHostInfo(_cfg['role']) 
     117        except NoMatchingRoleInTrustedHosts, e: 
     118            print 'As expected - no match for role "%s": %s' % \ 
     119                (_cfg['role'], e) 
     120 
    163121 
    164122    def test4GetTrustedHostInfoWithNoRole(self): 
    165123        """test4GetTrustedHostInfoWithNoRole: retrieve trusted host info  
    166124        irrespective of role""" 
    167         trustedHostInfo = self.clnt.getTrustedHostInfo() 
     125        trustedHostInfo = self.siteAClnt.getTrustedHostInfo() 
    168126        for hostname, hostInfo in trustedHostInfo.items(): 
    169127            assert hostname, "Hostname not set" 
     
    177135    def test4aGetAllHostsInfo(self): 
    178136        """test4aGetAllHostsInfo: retrieve info for all hosts""" 
    179         allHostInfo = self.clnt.getAllHostsInfo() 
     137        allHostInfo = self.siteAClnt.getAllHostsInfo() 
    180138        for hostname, hostInfo in allHostInfo.items(): 
    181139            assert hostname, "Hostname not set" 
     
    189147        """test5GetAttCert: Request attribute certificate from NDG Attribute  
    190148        Authority Web Service.""" 
    191      
     149        _cfg = self.cfg['test5GetAttCert'] 
     150         
    192151        # Read user Certificate into a string ready for passing via WS 
    193152        try: 
    194             userCertFilePath = \ 
    195             xpdVars(self.cfg['test5GetAttCert'].get('issuingclntcertfilepath')) 
     153            userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    196154            userCertTxt = open(userCertFilePath, 'r').read() 
    197155         
     
    201159                 
    202160        except IOError, ioErr: 
    203             raise "Error reading certificate file \"%s\": %s" % \ 
    204                                     (ioErr.filename, ioErr.strerror) 
     161            raise Exception("Error reading certificate file \"%s\": %s" % \ 
     162                                    (ioErr.filename, ioErr.strerror)) 
    205163 
    206164        # Make attribute certificate request 
    207         attCert = self.clnt.getAttCert(userCert=userCertTxt) 
     165        attCert = self.siteAClnt.getAttCert(userCert=userCertTxt) 
    208166         
    209167        print "Attribute Certificate: \n\n:" + str(attCert) 
    210168         
    211         attCert.filePath = \ 
    212                         xpdVars(self.cfg['test5GetAttCert']['attcertfilepath']) 
     169        attCert.filePath = xpdVars(_cfg['attCertFilePath']) 
    213170        attCert.write() 
    214171         
     
    218175        NDG Attribute Authority Web Service setting a specific user Id  
    219176        independent of the signer of the SOAP request.""" 
    220      
     177        _cfg = self.cfg['test6GetAttCertWithUserIdSet'] 
     178         
    221179        # Read user Certificate into a string ready for passing via WS 
    222180        try: 
    223             userCertFilePath = xpdVars(\ 
    224     self.cfg['test6GetAttCertWithUserIdSet'].get('issuingclntcertfilepath')) 
     181            userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    225182            userCertTxt = open(userCertFilePath, 'r').read() 
    226183         
     
    230187                 
    231188        except IOError, ioErr: 
    232             raise "Error reading certificate file \"%s\": %s" % \ 
    233                                     (ioErr.filename, ioErr.strerror) 
     189            raise Exception("Error reading certificate file \"%s\": %s" % \ 
     190                                    (ioErr.filename, ioErr.strerror)) 
    234191 
    235192        # Make attribute certificate request 
    236         userId = self.cfg['test6GetAttCertWithUserIdSet']['userid'] 
    237         attCert = self.clnt.getAttCert(userId=userId, 
    238                                        userCert=userCertTxt) 
     193        userId = _cfg['userId'] 
     194        attCert = self.siteAClnt.getAttCert(userId=userId, 
     195                                            userCert=userCertTxt) 
    239196         
    240197        print "Attribute Certificate: \n\n:" + str(attCert) 
    241198         
    242         attCert.filePath = \ 
    243                         xpdVars(self.cfg['test5GetAttCert']['attcertfilepath']) 
     199        attCert.filePath = xpdVars(_cfg['attCertFilePath']) 
    244200        attCert.write() 
    245201 
     
    248204        """test7GetMappedAttCert: Request mapped attribute certificate from  
    249205        NDG Attribute Authority Web Service.""" 
    250      
     206        _cfg = self.cfg['test7GetMappedAttCert'] 
     207         
    251208        # Read user Certificate into a string ready for passing via WS 
    252209        try: 
    253             userCertFilePath = xpdVars(\ 
    254             self.cfg['test7GetMappedAttCert'].get('issuingclntcertfilepath')) 
     210            userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    255211            userCertTxt = open(userCertFilePath, 'r').read() 
    256212         
     
    260216                 
    261217        except IOError, ioErr: 
    262             raise "Error reading certificate file \"%s\": %s" % \ 
    263                                     (ioErr.filename, ioErr.strerror) 
    264      
     218            raise Exception("Error reading certificate file \"%s\": %s" % \ 
     219                                    (ioErr.filename, ioErr.strerror)) 
    265220     
    266221        # Simlarly for Attribute Certificate  
    267222        try: 
    268             userAttCert = AttCertRead(xpdVars(\ 
    269                 self.cfg['test7GetMappedAttCert']['userattcertfilepath'])) 
     223            userAttCert = AttCertRead(xpdVars(_cfg['userAttCertFilePath'])) 
    270224             
    271225        except IOError, ioErr: 
    272             raise "Error reading attribute certificate file \"%s\": %s" %\ 
    273                                     (ioErr.filename, ioErr.strerror) 
    274  
    275         try: 
    276             if self.cfg['test7GetMappedAttCert'].get('clntprikeypwd') is None: 
    277                 clntPriKeyPwd = getpass.getpass(\ 
    278                             prompt="\nsetUp - client private key password: ") 
    279             else: 
    280                 clntPriKeyPwd = \ 
    281                         self.cfg['test7GetMappedAttCert'].get('clntprikeypwd') 
    282         except KeyboardInterrupt: 
    283             sys.exit(0) 
    284  
    285         # List of CA certificates for use in validation of certs used in 
    286         # signature for server reponse 
    287         try: 
    288             caCertFilePathList = [xpdVars(file) for file in \ 
    289             self.cfg['test7GetMappedAttCert']['cacertfilepathlist'].split()] 
    290         except: 
    291             caCertFilePathList = [] 
    292              
    293              
    294         clntCertFilePath = xpdVars(\ 
    295                 self.cfg['test7GetMappedAttCert'].get('clntcertfilepath')) 
    296         clntPriKeyFilePath = xpdVars(\ 
    297                 self.cfg['test7GetMappedAttCert'].get('clntprikeyfilepath')) 
    298                  
    299         reqBinSecTokValType = \ 
    300                 self.cfg['test7GetMappedAttCert'].get('reqbinsectokvaltype') 
    301  
    302         # Check certificate types proxy or standard 
    303         if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    304             signingCertChain = \ 
    305                         self._getCertChainFromProxyCertFile(clntCertFilePath) 
    306             signingCertFilePath = None 
    307         else: 
    308             signingCertChain = None 
    309             signingCertFilePath = clntCertFilePath 
    310  
    311         setSignatureHandler = \ 
    312                 eval(self.cfg['test7GetMappedAttCert']['setsignaturehandler']) 
     226            raise Exception("Error reading attribute certificate file \"%s\": " 
     227                            "%s" % (ioErr.filename, ioErr.strerror)) 
    313228         
    314229        # Make client to site B Attribute Authority 
    315         clnt = AttAuthorityClient(\ 
    316                                 uri=self.cfg['test7GetMappedAttCert']['uri'],  
    317                                 setSignatureHandler=setSignatureHandler, 
    318                                 reqBinSecTokValType=reqBinSecTokValType, 
    319                                 signingCertFilePath=signingCertFilePath, 
    320                                 signingCertChain=signingCertChain, 
    321                                 signingPriKeyFilePath=clntPriKeyFilePath, 
    322                                 signingPriKeyPwd=clntPriKeyPwd, 
    323                                 caCertFilePathList=caCertFilePathList, 
    324                                 tracefile=sys.stderr) 
     230        siteBClnt = AttAuthorityClient(uri=_cfg['uri'],  
     231                                       cfgFileSection='wsse', 
     232                                       cfg=self.cfgParser) 
    325233     
    326234        # Make attribute certificate request 
    327         attCert = clnt.getAttCert(userCert=userCertTxt, 
    328                                   userAttCert=userAttCert) 
     235        attCert = siteBClnt.getAttCert(userCert=userCertTxt, 
     236                                       userAttCert=userAttCert) 
    329237        print "Attribute Certificate: \n\n:" + str(attCert) 
    330238         
    331         attCert.filePath = xpdVars(\ 
    332                     self.cfg['test7GetMappedAttCert']['mappedattcertfilepath']) 
     239        attCert.filePath = xpdVars(_cfg['mappedAttCertFilePath']) 
    333240        attCert.write() 
    334241         
     
    337244        """test8GetMappedAttCertStressTest: Request mapped attribute  
    338245        certificate from NDG Attribute Authority Web Service.""" 
    339      
     246        _cfg = self.cfg['test8GetMappedAttCertStressTest'] 
     247         
    340248        # Read user Certificate into a string ready for passing via WS 
    341249        try: 
    342             userCertFilePath = xpdVars(\ 
    343     self.cfg['test8GetMappedAttCertStressTest'].get('issuingclntcertfilepath')) 
     250            userCertFilePath = xpdVars(_cfg.get('issuingClntCertFilePath')) 
    344251            userCertTxt = open(userCertFilePath, 'r').read() 
    345252         
     
    349256                 
    350257        except IOError, ioErr: 
    351             raise "Error reading certificate file \"%s\": %s" % \ 
    352                                     (ioErr.filename, ioErr.strerror) 
    353  
    354         try: 
    355             clntPriKeyPwd = \ 
    356             self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeypwd') 
    357             if clntPriKeyPwd is None: 
    358                 clntPriKeyPwd = getpass.getpass(\ 
    359                             prompt="\nsetUp - client private key password: ") 
    360         except KeyboardInterrupt: 
    361             sys.exit(0) 
    362  
    363         # List of CA certificates for use in validation of certs used in 
    364         # signature for server reponse 
    365         try: 
    366             caCertFilePathList = [xpdVars(file) for file in \ 
    367     self.cfg['test8GetMappedAttCertStressTest']['cacertfilepathlist'].split()] 
    368         except: 
    369             caCertFilePathList = [] 
    370  
    371  
    372         clntCertFilePath = xpdVars(\ 
    373         self.cfg['test8GetMappedAttCertStressTest'].get('clntcertfilepath'))            
    374  
    375         clntPriKeyFilePath = xpdVars(\ 
    376         self.cfg['test8GetMappedAttCertStressTest'].get('clntprikeyfilepath')) 
    377  
    378         reqBinSecTokValType = \ 
    379         self.cfg['test8GetMappedAttCertStressTest'].get('reqbinsectokvaltype') 
    380          
    381         # Check certificate types proxy or standard 
    382         if reqBinSecTokValType == SigHdlr.binSecTokValType["X509PKIPathv1"]: 
    383             signingCertChain = \ 
    384                         self._getCertChainFromProxyCertFile(clntCertFilePath) 
    385             signingCertFilePath = None 
    386         else: 
    387             signingCertChain = None 
    388             signingCertFilePath = clntCertFilePath 
    389  
    390         setSignatureHandler = \ 
    391     eval(self.cfg['test8GetMappedAttCertStressTest']['setsignaturehandler']) 
    392          
     258            raise Exception("Error reading certificate file \"%s\": %s" %  
     259                                    (ioErr.filename, ioErr.strerror)) 
     260 
    393261        # Make client to site B Attribute Authority 
    394         clnt = AttAuthorityClient(\ 
    395                         uri=self.cfg['test8GetMappedAttCertStressTest']['uri'],  
    396                         setSignatureHandler=setSignatureHandler, 
    397                         reqBinSecTokValType=reqBinSecTokValType, 
    398                         signingCertChain=signingCertChain, 
    399                         signingCertFilePath=clntCertFilePath, 
    400                         signingPriKeyFilePath=clntPriKeyFilePath, 
    401                         signingPriKeyPwd=clntPriKeyPwd, 
    402                         caCertFilePathList=caCertFilePathList, 
    403                         tracefile=sys.stderr) 
     262        siteBClnt = AttAuthorityClient(uri=_cfg['uri'],  
     263                                       cfgFileSection='wsse', 
     264                                       cfg=self.cfgParser) 
    404265 
    405266        acFilePathList = [xpdVars(file) for file in \ 
    406 self.cfg['test8GetMappedAttCertStressTest']['userattcertfilepathlist'].split()] 
     267                          _cfg['userAttCertFilePathList'].split()] 
    407268 
    408269        for acFilePath in acFilePathList: 
     
    411272                 
    412273            except IOError, ioErr: 
    413                 raise "Error reading attribute certificate file \"%s\": %s" %\ 
    414                                         (ioErr.filename, ioErr.strerror) 
     274                raise Exception("Error reading attribute certificate file " 
     275                                '"%s": %s' % (ioErr.filename, ioErr.strerror)) 
    415276         
    416277            # Make attribute certificate request 
    417278            try: 
    418                 attCert = clnt.getAttCert(userCert=userCertTxt, 
    419                                           userAttCert=userAttCert) 
     279                attCert = siteBClnt.getAttCert(userCert=userCertTxt, 
     280                                               userAttCert=userAttCert) 
    420281            except Exception, e: 
    421282                outFilePfx = 'test8GetMappedAttCertStressTest-%s' % \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg

    r4245 r4246  
    1616# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the  
    1717# same as peer hostname.  
    18 sslpeercertcn = AttributeAuthority 
    19 sslcacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    20  
    21 # Site A Attribute Authority X.509 certificate used by WS-Security signature 
    22 # handler to verify signature of messages returned from the Attribute Authority 
    23 # This can normally be omitted because the Attribute Authority returns this 
    24 # certificate in it's response anyway 
    25 #aacertfilepath =  
    26  
    27 # Set to False to test service without WS-Security signature 
    28 setsignaturehandler = True 
    29  
    30 # ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
    31 # one which applies ... 
    32  
    33 # Specifies token is an X.509 certificate 
    34 #reqbinsectokvaltype = X509 
    35  
    36 # Stipulate X.509 version 3 format 
    37 reqbinsectokvaltype = X509v3 
    38  
    39 # Specify multiple certificates in a chain of trust.  Use this setting for  
    40 # proxy certificates where a certificate chain consisting of user certificate 
    41 # and proxy certificate is required to secure trust back to the 
    42 # CA: <- User Certificate <- Proxy Certificate 
    43 #reqbinsectokvaltype = X509PKIPathv1 
    44  
    45 # Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
    46 # This certificate is expected to contain a certificate chain of proxy 
    47 # certificate and user certificate that issued it.  The default is test.crt, 
    48 # a standard certificate.  The certificate returned from the MyProxy unit test 
    49 # could be used in place of it here. 
    50 # 
    51 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
    52 # AttAuthorityClientTest.py to default to the same directory as the script 
    53 clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    54  
    55 # Client private key 
    56 clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    57  
    58 # Set password for private key - leave blank if no password is set or comment  
    59 # out to be prompted for it from the command line 
    60 clntprikeypwd =  
    61  
    62 # Space separated list of CA certificate files used to verify certificate used 
    63 # in message signature / peer cert in SSL connection 
    64 cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/cacert.pem 
    65  
    66 # Inclusive namespaces for Exclusive C14N 
    67 #refC14nInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 
    68 #signedInfoC14nInclNS: xsi xsd SOAP-ENV ds wsse ec 
    69 refC14nInclNS:  
    70 signedInfoC14nInclNS:  
     18sslPeerCertCN = AttributeAuthority 
     19sslCACertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    7120 
    7221[test3GetTrustedHostInfo] 
    7322role = postgrad 
    74 # Set an alternative role here to test no matching role found exception 
    75 #role = blah 
     23 
     24[test3aGetTrustedHostInfoWithNoMatchingRoleFound] 
     25# Set an alternative role to test no matching role found exception 
     26role = blah 
    7627  
    7728[test5GetAttCert] 
     
    8233# Test with no digital signature applied 
    8334#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem 
    84 # Setup for use by testGetMappedAttCert test 
     35 
     36# Setup for use by test7GetMappedAttCert test 
    8537attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    8638 
    8739[test6GetAttCertWithUserIdSet] 
    8840userId = system 
    89 # Comment out if SignatureHandler is being used 
    90 #issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt 
     41attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt-test6.xml 
    9142 
    9243[test7GetMappedAttCert] 
    93 # Set to False to test service without WS-Security signature 
    94 setsignaturehandler = True 
    95  
    96 # ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
    97 # one which applies ... 
    98  
    99 # Specifies token is an X.509 certificate 
    100 #reqbinsectokvaltype = X509 
    101  
    102 # Stipulate X.509 version 3 format 
    103 reqbinsectokvaltype = X509v3 
    104  
    105 # Specify multiple certificates in a chain of trust.  Use this setting for  
    106 # proxy certificates where a certificate chain consisting of user certificate 
    107 # and proxy certificate is required to secure trust back to the 
    108 # CA: <- User Certificate <- Proxy Certificate 
    109 #reqbinsectokvaltype = X509PKIPathv1 
    110  
    111 # Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
    112 # This certificate is expected to contain a certificate chain of proxy 
    113 # certificate and user certificate that issued it.  The default is test.crt, 
    114 # a standard certificate.  The certificate returned from the MyProxy unit test 
    115 # could be used in place of it here. 
    116 # 
    117 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
    118 # AttAuthorityClientTest.py to default to the same directory as the script 
    119 clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    120  
    121 # Set password for private key - leave blank if no password is set or comment  
    122 # out to be prompted for it from the command line 
    123 clntprikeypwd =  
    124 clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    125  
    126 # Space separated list of CA certificate files used to verify certificate used 
    127 # in message signature 
    128 cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    129  
    13044uri = http://localhost:5100/AttributeAuthority 
    13145userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    132  
    13346mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml 
    13447 
    13548[test8GetMappedAttCertStressTest] 
    136 # Set to False for no signature handling 
    137 setSignatureHandler = True 
    138  
    139 # ValueType for BinarySecurityToken element of WSSE header.  Uncomment the 
    140 # one which applies ... 
    141  
    142 # Specifies token is an X.509 certificate 
    143 #reqbinsectokvaltype = X509 
    144  
    145 # Stipulate X.509 version 3 format 
    146 reqbinsectokvaltype = X509v3 
    147  
    148 # Specify multiple certificates in a chain of trust.  Use this setting for  
    149 # proxy certificates where a certificate chain consisting of user certificate 
    150 # and proxy certificate is required to secure trust back to the 
    151 # CA: <- User Certificate <- Proxy Certificate 
    152 #reqbinsectokvaltype = X509PKIPathv1 
    153  
    154 # Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then 
    155 # This certificate is expected to contain a certificate chain of proxy 
    156 # certificate and user certificate that issued it.  The default is test.crt, 
    157 # a standard certificate.  The certificate returned from the MyProxy unit test 
    158 # could be used in place of it here. 
    159 # 
    160 # $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script  
    161 # AttAuthorityClientTest.py to default to the same directory as the script 
    162 clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
    163  
    164 # Set password for private key - leave blank if no password is set or comment  
    165 # out to be prompted for it from the command line 
    166 clntprikeypwd =  
    167 clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key 
    168  
    169 # Space separated list of CA certificate files used to verify certificate used 
    170 # in message signature 
    171 cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
    172  
    17349uri = http://localhost:5100/AttributeAuthority 
    17450userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml 
    17551 
     52[wsse] 
     53# WS-Security settings for unit test AA clients 
     54# 
     55# OUTBOUND MESSAGE CONFIG 
    17656 
     57# Signature of an outbound message 
     58 
     59# Certificate associated with private key used to sign a message.  The sign  
     60# method will add this to the BinarySecurityToken element of the WSSE header.   
     61signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/test.crt 
     62 
     63# PEM encoded private key file 
     64signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/test.key 
     65 
     66# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     67# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     68# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     69# give full namespace to alternative - see  
     70# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     71# 
     72# binSecTokValType determines whether signingCert or signingCertChain  
     73# attributes will be used. 
     74reqBinSecTokValType=X509v3 
     75 
     76# Add a timestamp element to an outbound message 
     77addTimestamp=True 
     78 
     79# For WSSE 1.1 - service returns signature confirmation containing signature  
     80# value sent by client 
     81applySignatureConfirmation=False 
     82 
     83# 
     84# INBOUND MESSAGE CONFIG 
     85 
     86# Provide a space separated list of file paths 
     87caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
     88 
Note: See TracChangeset for help on using the changeset viewer.