31/10/08 14:48:47 (12 years ago)
  • Fix to ConfigFileParsers? validateProperties - don't attempt to validate a section that's missing
  • sessionmanagerclient unit test: Session Manager WSGI test harness now working.
  • Fix to Attribute Authority rotating file handler for Attribute Certificate log - backup count setting now enabled correctly.
1 deleted
4 edited
1 moved


  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/credentialwallet/README

    r4279 r4405  
    11Unit tests for NDG Credential Wallet Module 
    2 ================================================== 
     3Test Attribute Authorities services must be started for *AttCert* named tests. 
     51) Two test Attribute Authority services are required.  These can be run from  
     6the Attribute Authority Client unit test directory.  It's path relative to this  
     7directory is ../attributeauthorityclient/.  Run each service in a separate  
     8window so that the output can be monitored: 
     10$ ../attributeauthorityclient/wsgi/siteAServerApp.py 
     11$ ../attributeauthorityclient/wsgi/siteBServerApp.py 
     135) Run the tests with the command: 
     15$ python ./test_credentialwallet.py 
     176) To run individual tests give the test method name: 
     19$ python ./test_credentialwallet.py CredentialWalletTestCase.test1ReadOnlyClassVariables 
     22 * See credWalletTest.cfg sets the unittest configuration 
     23 * credWallet.cfg sets the Credential Wallet's configuration 
     26 * http_proxy environment variable settings can cause connection problems to 
     27the Attribute Authorities.  unset http_proxy or set no_proxy: 
     29$ export no_proxy=http://localhost:5000/AttributeAuthority,http://localhost:5100/AttributeAuthority 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/README

    r4403 r4405  
    771) Two test Attribute Authority services are required.  These can be run from  
    8 the Attribute Authority unit test directory.  It's path relative to this  
     8the Attribute Authority Client unit test directory.  It's path relative to this  
    99directory is ../attributeauthorityclient/.  Run each service in a separate  
    1010window so that the output can be monitored: 
    1313$ ../attributeauthorityclient/wsgi/siteBServerApp.py 
    15 5) Run the tests with the command: 
     152) Run the tests with the command: 
    1717$ python ./test_sessionmanager.py 
    19 6) To run individual tests give the test method name: 
     193) To run individual tests give the test method name: 
    2121$ python ./test_sessionmanager.py SessionManagerTestCase.test1Connect 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini

    r4318 r4405  
    2222# Flag for SSL - set to something to stipulate http, leave blank to use http  
    23 #SessionManager.useSSL:  
    2525# X.509 certificate for SSL connections - ignored if useSSL is blank  
    26 #SessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem 
     26#sessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem 
    2828# Private key file for SSL  - ignored if useSSL is blank  
    29 #SessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem 
     29#sessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem 
    3131# Directory containing CA cert.s to verify SSL peer cert against - ignored if  
    3232# useSSL is blank  
    33 #SessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca 
    35 # On receipt of Attribute Certificates from Attribute Authorities, the 
    36 # signature of the Attribute Certificate needs to be checked.  This list of 
    37 # CA certs. enables the X,509 certificate used in the signature to be  
    38 # validated 
    39 SessionManager.credentialWallet.caCertFilePathList: $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt 
     33#sessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca 
     35# Credential Wallet Settings - global to all user sessions 
     37# CA certificates for Attribute Certificate signature validation 
     40# CA certificates for SSL connection peer cert. validation - required if 
     41# connecting to an Attribute Authority over SSL 
     44# Allow Get Attribute Certificate calls to try to get a mapped certificate 
     45# from another organisation trusted by the target Attribute Authority 
     49# Refresh an Attribute Certificate, if an existing one in the wallet has only 
     50# this length of time left before it expires 
     53# Pointer to WS-Security settings.  IN this case, they're identified by a  
     54# prefix.   
     57# ...A section name could also be used. 
     60# SOAP Signature Handler settings for the Credential Wallet's Attribute  
     61# Authority interface 
     63# CA Certificates used to verify X.509 certs used in Attribute Certificates. 
     64# The CA certificates of other NDG trusted sites should go here.  NB, multiple 
     65# values should be delimited by a space 
     66sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt 
     68# Signature of an outbound message 
     70# Certificate associated with private key used to sign a message.  The sign  
     71# method will add this to the BinarySecurityToken element of the WSSE header.   
     72# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
     73# As an alternative, use signingCertChain - see below... 
     75# PEM encoded cert 
     76sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt 
     78# ... or provide file path to PEM encoded private key file 
     79sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key 
     81# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     82# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     83# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     84# give full namespace to alternative - see  
     85# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     87# binSecTokValType determines whether signingCert or signingCertChain  
     88# attributes will be used. 
     89sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3 
     91# Add a timestamp element to an outbound message 
     92sessionManager.credentialWallet.wssecurity.addTimestamp: True 
     94# For WSSE 1.1 - service returns signature confirmation containing signature  
     95# value sent by client 
     96sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True 
     98# Authentication service properties  
     100sessionManager.authNService.moduleName: ndg.security.server.authnservice.basicauthn 
     101sessionManager.authNService.className: BasicAuthN 
     103# Specific settings for BasicAuthN Session Manager authentication plugin 
     104# This sets up two test accounts.  Passwords are MD5 encrypted 
     105sessionManager.authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
    41107# Settings for the Credential Repository - NullCredRepos is  
    42 #SessionManager.credentialRepository.modFilePath:  
    43 #SessionManager.credentialRepository.modName: ndg.security.common.CredWallet 
    44 #SessionManager.credentialRepository.className: NullCredRepos 
    45 #SessionManager.credentialRepository.propFile: 
     109#sessionManager.credentialRepository.modName: ndg.security.common.CredWallet 
     110#sessionManager.credentialRepository.className: NullCredRepos 
    53 paste.app_factory = ndg.security.test.sessionMgrClient.wsgi.sessionManagerServerApp:app_factory 
     119paste.app_factory = ndg.security.test.sessionmanagerclient.wsgi.sessionManagerServerApp:app_factory 
    55121# Chain of SOAP Middleware filters 
    62128ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
    63129ServiceSOAPBindingPropPrefix = SessionManager 
    64 SessionManager.propPrefix = SessionManager 
     130SessionManager.propPrefix = sessionManager 
    65131SessionManager.propFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/wsgi/session-manager.ini 
    66132referencedFilters = wsseSignatureVerificationFilter01 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/sessionManagerServerApp.py

    r4404 r4405  
    3030    os.environ['NDGSEC_AA_PROPFILEPATH'] = \ 
    3131                        os.path.join(os.environ['NDGSEC_SMCLNT_UNITTEST_DIR'], 
    32 #                                     "sessionMgr.cfg") 
    33                                      "sessionMgrProperties.xml") 
     32                                     "sessionMgr.cfg") 
    3534# To start the Site A Session Manager run  
Note: See TracChangeset for help on using the changeset viewer.