Ignore:
Timestamp:
30/10/08 09:32:02 (12 years ago)
Author:
pjkersha
Message:

Fixes to CredentialWallet?:

  • refactored _getAttCert, _getAATrustedHostInfo and added _getAAHostInfo - fixed capability to query a local AA instance instead of a remote service
  • added ability to configure WS-Security settings via a prefix in the config file in addition to a separate section
  • unittests re-run OK
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/credWallet.cfg

    r4318 r4397  
    4040# Section in this file from which to retrieve WS-Security settings for  
    4141# digital signature of SOAP messages to Attribute Authorities 
    42 wssCfgSection=WS-Security 
     42#wssCfgSection=WS-Security 
     43wssCfgPrefix=wssecurity 
    4344 
    44 [WS-Security] 
    45 # 
    46 # OUTBOUND MESSAGE CONFIG 
    47  
     45# WS-Security 
    4846# Signature of an outbound message 
    4947 
     
    5149# method will add this to the BinarySecurityToken element of the WSSE header.   
    5250# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    53 signingCertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.crt 
     51wssecurity.signingCertFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.crt 
    5452 
    5553# ... or provide file path to PEM encoded private key file 
    56 signingPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.key 
     54wssecurity.signingPriKeyFilePath=$NDGSEC_CREDWALLET_UNITTEST_DIR/clnt.key 
    5755 
    5856# Password protecting private key.  Leave blank if there is no password. 
    59 signingPriKeyPwd= 
     57wssecurity.signingPriKeyPwd= 
    6058 
    6159# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     
    6765# binSecTokValType determines whether signingCert or signingCertChain  
    6866# attributes will be used. 
    69 reqBinSecTokValType=X509v3 
     67wssecurity.reqBinSecTokValType=X509v3 
    7068 
    7169# Add a timestamp element to an outbound message 
    72 addTimestamp=True 
     70wssecurity.addTimestamp=True 
    7371 
    7472# For WSSE 1.1 - service returns signature confirmation containing signature  
    7573# value sent by client 
    76 applySignatureConfirmation=True 
     74wssecurity.applySignatureConfirmation=True 
    7775 
    7876# 
     
    8078 
    8179# Provide a space separated list of file paths 
    82 caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt  
     80wssecurity.caCertFilePathList=$NDGSEC_CREDWALLET_UNITTEST_DIR/ca/ndg-test-ca.crt  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/test_credentialwallet.py

    r4381 r4397  
    2121from ndg.security.common.X509 import X509CertParse 
    2222from ndg.security.common.credentialwallet import CredentialWallet, \ 
    23                                             CredentialWalletAttributeRequestDenied 
     23                                        CredentialWalletAttributeRequestDenied 
    2424 
    2525from os.path import expandvars as xpdVars 
     
    3232 
    3333class CredentialWalletTestCase(unittest.TestCase): 
    34     """Unit test case for ndg.security.common.credentialwallet.CredentialWallet class. 
    35      
     34    """Unit test case for ndg.security.common.credentialwallet.CredentialWallet 
     35    class. 
    3636    """ 
    3737     
     
    173173-----END RSA PRIVATE KEY----- 
    174174""" 
    175         credWallet.createAttributeAuthorityClnt() 
    176175        attCert = credWallet.getAttCert() 
    177176         
     
    185184    def test5GetAttCertRefusedWithUserCert(self): 
    186185         
    187         credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'))     
     186        # Keyword mapFromTrustedHosts overrides any setting in the config file 
     187        # This flag prevents role mapping from a trusted AA and so in this case 
     188        # forces refusal of the request 
     189        credWallet = CredentialWallet(cfg=self.cfg.get('setUp', 'cfgFilePath'), 
     190                                      mapFromTrustedHosts=False)     
    188191        credWallet.userX509CertFilePath = self.cfg.get('setUp', 
    189192                                                       'userX509CertFilePath') 
Note: See TracChangeset for help on using the changeset viewer.