Ignore:
Timestamp:
03/12/08 16:15:56 (12 years ago)
Author:
pjkersha
Message:

Updated BaseSignatureHandler? and WSSecurityconfig classes to correctly handle config via keywords:

  • keywords can be prefixed to delimit them from other non-WS-Security related options
  • Changed services.ini in Combined Services tests to separate out inbound and message sig handler config into WSGI verification and siganture application filters respectively.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4526 r4527  
    244244 
    245245# Settings for WS-Security SignatureHandler class used by this filter 
    246 wsseCfgFilePath = %(here)s/services.ini 
    247 wsseCfgFileSection = WS-Security 
     246#wsseCfgFilePath = %(here)s/services.ini 
     247#wsseCfgFileSection = WS-Security 
     248wsseCfgFilePrefix = wssecurity 
     249 
     250# Verify against known CAs - Provide a space separated list of file paths 
     251wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
     252#wssecurity.caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt 
    248253 
    249254#______________________________________________________________________________ 
     
    261266 
    262267# Settings for WS-Security SignatureHandler class used by this filter 
    263 wsseCfgFilePath = %(here)s/services.ini 
    264 wsseCfgFileSection = WS-Security 
     268wsseCfgFilePrefix = wssecurity 
     269 
     270# Certificate associated with private key used to sign a message.  The sign  
     271# method will add this to the BinarySecurityToken element of the WSSE header.   
     272wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 
     273#wssecurity.signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.crt 
     274 
     275# PEM encoded private key file 
     276wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 
     277#wssecurity.signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.key 
     278 
     279# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     280# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     281# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     282# give full namespace to alternative - see  
     283# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     284# 
     285# binSecTokValType determines whether signingCert or signingCertChain  
     286# attributes will be used. 
     287wssecurity.reqBinSecTokValType=X509v3 
     288 
     289# Add a timestamp element to an outbound message 
     290wssecurity.addTimestamp=True 
     291 
     292# For WSSE 1.1 - service returns signature confirmation containing signature  
     293# value sent by client 
     294wssecurity.applySignatureConfirmation=True 
    265295 
    266296#______________________________________________________________________________ 
     
    305335paste.filter_app_factory=beaker.middleware:SessionMiddleware 
    306336 
    307 #______________________________________________________________________________ 
    308 # Common WS-Security settings for wsseSignatureFilter and  
    309 # wsseSignatureVerificationFilter 
    310 [WS-Security] 
    311 # 
    312 # OUTBOUND MESSAGE CONFIG 
    313  
    314 # Signature of an outbound message 
    315  
    316 # Certificate associated with private key used to sign a message.  The sign  
    317 # method will add this to the BinarySecurityToken element of the WSSE header.   
    318 signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.crt 
    319 #signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.crt 
    320  
    321 # PEM encoded private key file 
    322 signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/siteA-aa.key 
    323 #signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/siteAAttributeAuthority/java-ca-server.key 
    324  
    325 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    326 # signed message.  See __setReqBinSecTokValType method and binSecTokValType  
    327 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
    328 # give full namespace to alternative - see  
    329 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 
    330 # 
    331 # binSecTokValType determines whether signingCert or signingCertChain  
    332 # attributes will be used. 
    333 reqBinSecTokValType=X509v3 
    334  
    335 # Add a timestamp element to an outbound message 
    336 addTimestamp=True 
    337  
    338 # For WSSE 1.1 - service returns signature confirmation containing signature  
    339 # value sent by client 
    340 applySignatureConfirmation=True 
    341  
    342 # 
    343 # INBOUND MESSAGE CONFIG 
    344  
    345 # Provide a space separated list of file paths 
    346 caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt 
    347 #caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/ca/java-ca.crt 
    348  
    349  
    350337# Logging configuration 
    351338[loggers] 
Note: See TracChangeset for help on using the changeset viewer.