Changeset 7153

Timestamp:

01/07/10 16:10:08 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• updated certs for new test CA

Location:

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test

Files:

• config/attributeauthority/sitea/siteA-aa.crt (modified) (2 diffs)
• config/ca/bc1332e6.0 (deleted)
• config/ca/bcaeadc0.0 (deleted)
• config/ca/d573507a.0 (added)
• config/ca/ndg-test-ca.crt (deleted)
• config/pki/localhost.crt (modified) (2 diffs)
• config/pki/test.crt (modified) (2 diffs)
• config/pki/user.crt (modified) (2 diffs)
• config/pki/wsse-clnt.crt (modified) (2 diffs)
• config/pki/wsse-server.crt (modified) (2 diffs)
• integration/authz_lite/securityservices.ini (modified) (2 diffs)
• integration/dap/template/server-pydap2.ini (modified) (2 diffs)
• integration/openid/securityservices.ini (modified) (4 diffs)
• integration/openidprovider/securityservices.ini (modified) (4 diffs)
• integration/openidrelyingparty_withapp/securedapp.ini (modified) (2 diffs)
• integration/openidrelyingparty_withapp/securityservices.ini (modified) (3 diffs)
• unit/configfileparsers/test.cfg (modified) (1 diff)
• unit/credentialwallet/credWallet.cfg (modified) (2 diffs)
• unit/myproxy/certificate_extapp/config.ini (modified) (1 diff)
• unit/myproxy/certificate_extapp/test_saml_attribute_assertion.py (modified) (4 diffs)
• unit/sslclientauthnmiddleware/test.ini (modified) (1 diff)
• unit/wsgi/authn/ssl-test.ini (modified) (1 diff)
• unit/wsgi/saml/attribute-interface.ini (modified) (1 diff)
• unit/wsgi/saml/test_soapauthzdecisioninterface.py (modified) (1 diff)
• unit/wsgi/ssl/test.ini (modified) (1 diff)
• unit/x509/x509Test.cfg (modified) (1 diff)

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/siteA-aa.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 253 (0xfd)
+        Serial Number: 20 (0x14)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Dec 15 16:35:24 2008 GMT
-            Not After : Dec 14 16:35:24 2013 GMT
-        Subject: O=NDG Security Test, OU=Site A, CN=AttributeAuthority
+            Not Before: Jun 29 10:54:18 2010 GMT
+            Not After : Jun 29 10:54:18 2011 GMT
+        Subject: O=NDG, OU=Site A, CN=AttributeAuthority
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -27 +27 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        58:3d:38:b1:c0:41:f7:59:16:4f:ca:97:29:9c:8d:d8:46:79:
-        9c:11:6a:b3:a4:44:5e:d2:3e:75:d3:9a:66:de:d5:b6:26:87:
-        60:c5:c0:99:c4:56:fe:40:b0:f1:88:12:f9:49:65:fa:66:69:
-        03:0a:56:51:4f:64:47:f0:39:75:b8:88:0c:34:5b:c6:5c:f8:
-        04:90:9e:32:09:0e:fc:ec:54:df:5c:e6:be:aa:9a:db:75:32:
-        19:73:e1:b5:a4:ee:a3:c0:c6:da:e4:ab:e5:70:e4:e8:69:c9:
-        e6:c6:f4:58:1d:d4:82:c4:61:ed:5e:2b:c9:69:12:b4:89:82:
-        48:66
+        11:94:83:d8:1e:09:2a:1f:48:c8:a2:a2:11:c9:ad:f8:8e:e6:
+        62:cb:30:18:18:3e:ea:61:12:36:6b:5b:f6:d2:01:3c:fc:04:
+        92:9b:e0:c3:a4:9c:fd:00:a2:74:48:52:68:8a:7d:32:d6:04:
+        29:ca:3b:db:7c:aa:cb:99:4d:b6:8e:1a:27:33:b9:1e:f7:97:
+        14:12:72:80:16:a6:28:63:04:27:db:1d:8c:08:ca:ae:47:70:
+        e5:6d:c1:d9:27:85:c6:ba:dc:cc:bc:37:01:22:39:24:48:2f:
+        ca:7f:92:dd:3a:15:68:f7:c1:df:83:c1:f9:6a:72:7a:3d:b4:
+        d4:47
 -----BEGIN CERTIFICATE-----
-MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy
-NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
-DzANBgNVBAsTBlNpdGUgQTEbMBkGA1UEAxMSQXR0cmlidXRlQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCntf+hUxFKXx/KY3LXy/RYc/yqhfIL
-M8h95c14n/WdSqh8rK3VxkUu5gujlEgCHafI2AjNZJZqJfKG7ZucYmRcnXbCX1qP
-IGKa+TllbIWdsa5y/IF/Do2AoPMJnTNJ2U1IBfPQXbO5Sd49OvfTi4Cldk89872R
-IuzPmLIDcFydgQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcN
-AQEEBQADgYEAWD04scBB91kWT8qXKZyN2EZ5nBFqs6REXtI+ddOaZt7VtiaHYMXA
-mcRW/kCw8YgS+Ull+mZpAwpWUU9kR/A5dbiIDDRbxlz4BJCeMgkO/OxU31zmvqqa
-23UyGXPhtaTuo8DG2uSr5XDk6GnJ5sb0WB3UgsRh7V4ryWkStImCSGY=
+MIIB+jCCAWOgAwIBAgIBFDANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYyOTEw
+NTQxOFoXDTExMDYyOTEwNTQxOFowPDEMMAoGA1UEChMDTkRHMQ8wDQYDVQQLEwZT
+aXRlIEExGzAZBgNVBAMTEkF0dHJpYnV0ZUF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp7X/oVMRSl8fymNy18v0WHP8qoXyCzPIfeXNeJ/1nUqo
+fKyt1cZFLuYLo5RIAh2nyNgIzWSWaiXyhu2bnGJkXJ12wl9ajyBimvk5ZWyFnbGu
+cvyBfw6NgKDzCZ0zSdlNSAXz0F2zuUnePTr304uApXZPPfO9kSLsz5iyA3BcnYEC
+AwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgTwMA0GCSqGSIb3DQEBBAUAA4GBABGU
+g9geCSofSMiiohHJrfiO5mLLMBgYPuphEjZrW/bSATz8BJKb4MOknP0AonRIUmiK
+fTLWBCnKO9t8qsuZTbaOGiczuR73lxQScoAWpihjBCfbHYwIyq5HcOVtwdknhca6
+3My8NwEiOSRIL8p/kt06FWj3wd+Dwflqcno9tNRH
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/pki/localhost.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 263 (0x107)
+        Serial Number: 2 (0x2)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Jun  9 09:28:37 2009 GMT
-            Not After : Jun  9 09:28:37 2010 GMT
-        Subject: C=UK, ST=Oxfordshire, O=BADC, OU=Security, CN=localhost
+            Not Before: Jun 11 09:04:56 2010 GMT
+            Not After : Jun 11 09:04:56 2011 GMT
+        Subject: O=NDG, OU=Security, CN=localhost
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36 +36 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        8b:8c:45:03:bb:90:4a:70:54:28:69:b7:02:3e:50:95:12:10:
-        ef:c7:d4:48:c2:56:be:7a:4d:0a:6e:28:9f:07:4d:71:8c:01:
-        fc:e0:e0:dd:6e:ef:5a:d7:b0:0c:df:14:be:af:e4:20:11:4c:
-        ca:9b:4b:ae:ce:4b:0f:1f:46:b0:57:74:e0:86:ff:94:b2:27:
-        0b:2a:7b:e9:09:d5:2b:72:14:fe:99:5c:66:12:87:31:2f:e0:
-        7b:5c:47:b5:52:09:bb:18:09:d8:0a:c2:95:8e:bf:23:e6:ac:
-        0d:ea:48:19:c8:11:e6:8f:da:10:d2:cd:a2:de:72:e7:b1:75:
-        c0:d8
+        70:9e:28:be:0e:7e:b2:af:0b:95:e9:60:ea:1b:51:bc:02:76:
+        f3:67:69:47:ba:99:a1:4e:0f:2f:cb:2c:e8:ac:0e:20:b8:dd:
+        e0:70:9f:d0:5b:a6:5f:cd:42:3f:a6:aa:98:ef:f8:39:4a:ac:
+        79:8d:71:79:a4:98:19:00:e4:87:34:e6:c4:f6:8d:b5:d2:c3:
+        cf:45:77:e7:54:c9:3a:81:b6:47:da:ce:71:ba:79:4c:e2:d5:
+        40:44:b1:55:b6:a7:7b:57:31:43:fb:8c:58:f3:83:d3:68:e2:
+        5c:a4:30:2c:cc:c2:b0:e5:3f:84:18:2b:34:f6:39:50:a0:61:
+        13:28
 -----BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgICAQcwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA5MDYwOTA5Mjgz
-N1oXDTEwMDYwOTA5MjgzN1owWTELMAkGA1UEBhMCVUsxFDASBgNVBAgTC094Zm9y
-ZHNoaXJlMQ0wCwYDVQQKEwRCQURDMREwDwYDVQQLEwhTZWN1cml0eTESMBAGA1UE
-AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOCU
-wunA35Y2uk0OP7xBUXtP/tiCR1L4Nlc1FTuDd7qEqqNI8AMLWrcxQI0/hwWeBsZy
-H8p97XM80HZNOzKJ5x9bhCe/i3IJKtRAjSzEwyNobPRiVajgLorItF+/4RjXaqYa
-kG3mgxcQOpW12g1EP9/7bMWevx0EXxwWzp73nYH4/spDgl9ryHAX+OjzdNn7rBSv
-mY/9863ifo3zvYkV8DnqUXwpgYy8umNraeDBRi8nk4OFvou7qrh2w+yK9lDhw5Ce
-Rx0ZaEBiWROL6+iJZCDso7fnso+Y8mS0qm7Q8XP86u0ZGWeYEfWVynYLx0M1PFMj
-tWewtSZZ0cU+StFw3QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZI
-hvcNAQEEBQADgYEAi4xFA7uQSnBUKGm3Aj5QlRIQ78fUSMJWvnpNCm4onwdNcYwB
-/ODg3W7vWtewDN8Uvq/kIBFMyptLrs5LDx9GsFd04Ib/lLInCyp76QnVK3IU/plc
-ZhKHMS/ge1xHtVIJuxgJ2ArClY6/I+asDepIGcgR5o/aENLNot5y57F1wNg=
+MIICdzCCAeCgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYxMTA5
+MDQ1NloXDTExMDYxMTA5MDQ1NlowNTEMMAoGA1UEChMDTkRHMREwDwYDVQQLEwhT
+ZWN1cml0eTESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwOCUwunA35Y2uk0OP7xBUXtP/tiCR1L4Nlc1FTuDd7qEqqNI
+8AMLWrcxQI0/hwWeBsZyH8p97XM80HZNOzKJ5x9bhCe/i3IJKtRAjSzEwyNobPRi
+VajgLorItF+/4RjXaqYakG3mgxcQOpW12g1EP9/7bMWevx0EXxwWzp73nYH4/spD
+gl9ryHAX+OjzdNn7rBSvmY/9863ifo3zvYkV8DnqUXwpgYy8umNraeDBRi8nk4OF
+vou7qrh2w+yK9lDhw5CeRx0ZaEBiWROL6+iJZCDso7fnso+Y8mS0qm7Q8XP86u0Z
+GWeYEfWVynYLx0M1PFMjtWewtSZZ0cU+StFw3QIDAQABoxUwEzARBglghkgBhvhC
+AQEEBAMCBPAwDQYJKoZIhvcNAQEEBQADgYEAcJ4ovg5+sq8Llelg6htRvAJ282dp
+R7qZoU4PL8ss6KwOILjd4HCf0FumX81CP6aqmO/4OUqseY1xeaSYGQDkhzTmxPaN
+tdLDz0V351TJOoG2R9rOcbp5TOLVQESxVbane1cxQ/uMWPOD02jiXKQwLMzCsOU/
+hBgrNPY5UKBhEyg=
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/pki/test.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 257 (0x101)
+        Serial Number: 24 (0x18)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Dec 16 15:11:48 2008 GMT
-            Not After : Dec 15 15:11:48 2013 GMT
+            Not Before: Jun 29 11:14:44 2010 GMT
+            Not After : Jun 29 11:14:44 2011 GMT
         Subject: O=NDG, OU=BADC, CN=test
         Subject Public Key Info:
@@ -36 +36 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        3c:2d:44:82:80:fd:03:ef:4e:eb:43:f9:52:cd:eb:0c:28:6f:
-        47:6c:76:7f:cb:97:ff:bc:3e:dc:69:4d:05:cd:00:ed:40:f4:
-        65:41:04:9e:05:26:9e:f9:1c:9b:56:13:38:2c:23:dc:42:0d:
-        9e:f3:fa:4b:a0:25:c6:3e:ac:d9:7f:2d:2d:63:d4:19:32:d5:
-        bb:6a:7d:dd:7e:72:ed:19:d8:93:a8:ac:48:4a:18:8f:39:b0:
-        fc:b8:9a:c9:01:f3:ae:6f:fb:84:d4:76:d1:30:04:fd:ac:44:
-        5b:ba:d2:ea:ce:dc:47:2e:70:54:35:15:d1:53:4c:41:0b:89:
-        71:28
+        74:79:d9:10:9c:c9:8a:dc:72:85:71:62:2a:b3:96:be:ea:69:
+        87:25:77:f0:c1:12:4b:e1:81:30:01:eb:94:e5:2f:ce:13:55:
+        6f:57:2b:15:35:53:2f:81:dd:6a:eb:61:30:8a:34:ab:c4:29:
+        19:df:e7:61:d6:22:d8:32:d9:29:7c:c7:b7:8f:3a:f7:8c:e2:
+        8f:d3:6a:6b:af:6e:20:71:f9:ee:a2:8d:ec:66:88:5d:11:14:
+        7b:37:df:ae:cd:16:76:b3:27:1d:3c:7b:17:70:7b:6d:d4:28:
+        c0:c3:81:a5:79:d4:5d:b7:61:c6:14:d9:cb:66:66:c9:59:47:
+        13:8f
 -----BEGIN CERTIFICATE-----
-MIICazCCAdSgAwIBAgICAQEwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTE0
-OFoXDTEzMTIxNTE1MTE0OFowLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD
-MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-rpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2dFBDY
-ZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXEruEH
-JoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5hRd9F
-oUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5qYYb
-B0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4HfWG7
-B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ
-KoZIhvcNAQEEBQADgYEAPC1EgoD9A+9O60P5Us3rDChvR2x2f8uX/7w+3GlNBc0A
-7UD0ZUEEngUmnvkcm1YTOCwj3EINnvP6S6Alxj6s2X8tLWPUGTLVu2p93X5y7RnY
-k6isSEoYjzmw/LiayQHzrm/7hNR20TAE/axEW7rS6s7cRy5wVDUV0VNMQQuJcSg=
+MIICbjCCAdegAwIBAgIBGDANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYyOTEx
+MTQ0NFoXDTExMDYyOTExMTQ0NFowLDEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRC
+QURDMQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArpbuNUHWVRwhjHzhTOdym+fcZdmD7HbaeoFdef2V//Wj41xMieMZy9XQft2d
+FBDYZIHLElojVhZTHoowMkwXxsmLt7hZF8fL7j3ssU/lflM9E0Uk2dZxaAt97zXE
+ruEHJoNqHTEQlH0qMALfuUrAaZEIXHDdTQDNRJl4oXvjJWaqS8Y5Je8QREThIE5h
+Rd9FoUlgfMNNnwzLyIH7s0KBci2yryeubAG/Qig5LkulbpnhxYLCcLvs3THQ3kO5
+qYYbB0g11YOBgshZ0SpNwEEyhDzHUt3Ii2XmAh25/II08BR61fhMZvSJ/tVGJY4H
+fWG7B4PZzYwo5vn/tYH1mk7w5QIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAw
+DQYJKoZIhvcNAQEEBQADgYEAdHnZEJzJitxyhXFiKrOWvupphyV38MESS+GBMAHr
+lOUvzhNVb1crFTVTL4HdauthMIo0q8QpGd/nYdYi2DLZKXzHt48694zij9Nqa69u
+IHH57qKN7GaIXREUezffrs0WdrMnHTx7F3B7bdQowMOBpXnUXbdhxhTZy2ZmyVlH
+E48=
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/pki/user.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 258 (0x102)
+        Serial Number: 25 (0x19)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Dec 16 15:18:25 2008 GMT
-            Not After : Dec 15 15:18:25 2013 GMT
+            Not Before: Jun 29 11:51:27 2010 GMT
+            Not After : Jun 29 11:51:27 2011 GMT
         Subject: O=NDG, OU=BADC, OU=Gabriel, CN=testuser
         Subject Public Key Info:
@@ -36 +36 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        95:07:9e:9a:d7:de:2b:9c:3c:a0:cc:5e:5d:dd:87:a9:84:3b:
-        2c:17:4e:fd:b5:87:ce:31:b7:74:4c:dc:94:4e:96:ea:a8:5f:
-        01:52:df:31:33:eb:7f:1f:25:d4:65:e4:6d:b1:72:11:cc:0c:
-        3f:0e:1d:e8:89:90:ec:2b:64:dc:34:36:19:74:2b:52:5c:e4:
-        f5:6f:d3:02:b2:47:65:4c:79:17:0c:e3:14:c5:e2:bf:89:fd:
-        e5:a6:d5:6c:44:67:5f:e0:43:3d:6f:97:19:f0:57:fe:a9:02:
-        0a:56:90:af:fa:15:95:d0:cd:26:dd:44:c9:38:ec:d4:c1:e0:
-        8c:43
+        31:bc:bd:79:5e:9e:8d:f5:dd:8d:3c:c2:dd:2a:99:7f:b1:06:
+        29:f2:aa:3f:16:7c:ca:bf:b9:ec:d2:b4:5a:c5:57:98:4b:34:
+        ff:88:6d:76:30:68:3e:2a:c9:50:b4:af:92:87:3e:67:f3:02:
+        76:f7:e1:48:34:06:8e:4b:f6:4e:a5:3c:9f:ac:6f:0e:f7:ec:
+        34:ce:b8:ca:2e:90:0f:f0:cb:2f:2b:6f:76:0a:7f:e3:b0:eb:
+        1a:43:cb:84:d8:f3:81:3e:48:4c:fa:f3:fd:e4:32:ad:43:86:
+        41:85:00:cf:01:c3:c2:02:5c:1a:28:c3:b9:6c:09:23:bf:2c:
+        96:77
 -----BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgICAQIwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTgy
-NVoXDTEzMTIxNTE1MTgyNVowQjEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRCQURD
-MRAwDgYDVQQLEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0dXNlcjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOdL1ZgnNhthCgNzg3vO/8jMbpfa0aggwKmq
-Yib2+RiIElRpPa6iYQxDQ3J1LzXTqn7cHyyLhT0DpH6/oszmXthSCP2LrZkbtMm7
-CDTWj60i/e0N53sezmcBBqE5Ttn2PKLpWPGYNX3Z+3qnd3PYpQQ08d75GXwfOsz/
-MRn77l9sxKB9yT3nMGJuMzaBbUBCStsbFIzFXbNSkE29jVDLwehdIPb7taIDrPuB
-vTnxOuscWOWjooDURwr4JeP0XRqBGcvcq6Ba24FxSr+R+UwyoDqLYmnrLDlxrecp
-QCIYArOPlkgOi0Kw5nu9B3pMzp6UqXH4b8JXcBW2t2cRMzWo+VcCAwEAAaMVMBMw
-EQYJYIZIAYb4QgEBBAQDAgTwMA0GCSqGSIb3DQEBBAUAA4GBAJUHnprX3iucPKDM
-Xl3dh6mEOywXTv21h84xt3RM3JROluqoXwFS3zEz638fJdRl5G2xchHMDD8OHeiJ
-kOwrZNw0Nhl0K1Jc5PVv0wKyR2VMeRcM4xTF4r+J/eWm1WxEZ1/gQz1vlxnwV/6p
-AgpWkK/6FZXQzSbdRMk47NTB4IxD
+MIIChDCCAe2gAwIBAgIBGTANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYyOTEx
+NTEyN1oXDTExMDYyOTExNTEyN1owQjEMMAoGA1UEChMDTkRHMQ0wCwYDVQQLEwRC
+QURDMRAwDgYDVQQLEwdHYWJyaWVsMREwDwYDVQQDEwh0ZXN0dXNlcjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdL1ZgnNhthCgNzg3vO/8jMbpfa0agg
+wKmqYib2+RiIElRpPa6iYQxDQ3J1LzXTqn7cHyyLhT0DpH6/oszmXthSCP2LrZkb
+tMm7CDTWj60i/e0N53sezmcBBqE5Ttn2PKLpWPGYNX3Z+3qnd3PYpQQ08d75GXwf
+Osz/MRn77l9sxKB9yT3nMGJuMzaBbUBCStsbFIzFXbNSkE29jVDLwehdIPb7taID
+rPuBvTnxOuscWOWjooDURwr4JeP0XRqBGcvcq6Ba24FxSr+R+UwyoDqLYmnrLDlx
+recpQCIYArOPlkgOi0Kw5nu9B3pMzp6UqXH4b8JXcBW2t2cRMzWo+VcCAwEAAaMV
+MBMwEQYJYIZIAYb4QgEBBAQDAgTwMA0GCSqGSIb3DQEBBAUAA4GBADG8vXleno31
+3Y08wt0qmX+xBinyqj8WfMq/uezStFrFV5hLNP+IbXYwaD4qyVC0r5KHPmfzAnb3
+4Ug0Bo5L9k6lPJ+sbw737DTOuMoukA/wyy8rb3YKf+Ow6xpDy4TY84E+SEz68/3k
+Mq1DhkGFAM8Bw8ICXBoow7lsCSO/LJZ3
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/pki/wsse-clnt.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 259 (0x103)
+        Serial Number: 22 (0x16)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Dec 16 15:19:45 2008 GMT
-            Not After : Dec 15 15:19:45 2013 GMT
-        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=client
+            Not Before: Jun 29 11:03:35 2010 GMT
+            Not After : Jun 29 11:03:35 2011 GMT
+        Subject: O=NDG, OU=WS-Security Unittest, CN=client
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36 +36 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        63:11:bf:8c:fe:88:3a:7d:12:1e:c1:ea:90:f6:11:33:f2:7d:
-        1d:2b:f3:22:3d:72:fb:1b:35:ed:cc:55:79:0e:98:13:41:cf:
-        44:5e:c7:88:75:08:b4:b2:2b:ad:11:0e:0b:2e:49:21:41:18:
-        6b:e9:2f:77:6d:27:4b:17:85:c8:fa:7b:91:45:97:a4:2d:f3:
-        24:4e:1e:be:c5:e5:bc:ca:fd:dc:b2:e9:e1:b1:8a:f0:c1:4f:
-        f9:c9:14:f8:c3:c2:98:66:fa:04:82:f1:8d:68:59:17:1f:f2:
-        bf:34:f7:c6:3c:85:9b:80:c6:bc:2f:66:2e:0e:f4:24:7c:d8:
-        9e:5f
+        8d:87:4d:6f:6b:7b:ed:dc:23:c1:bf:80:f0:b8:8a:88:5a:12:
+        50:72:23:e0:a5:0d:0e:08:16:5a:c1:5d:0c:ca:26:eb:b5:f7:
+        31:8e:86:db:f2:10:74:db:83:b5:8c:04:46:36:1a:0c:e2:ef:
+        a2:66:a6:33:ca:e6:46:83:d7:74:cd:45:ef:3a:24:b5:0f:26:
+        54:97:a3:cd:e6:e3:1f:d7:ed:47:83:32:3f:f0:15:a5:7d:70:
+        18:f2:cc:b8:09:0d:b9:63:84:50:9b:c9:56:0c:f5:d8:25:8d:
+        49:8c:ea:82:ae:fb:98:79:12:53:8e:19:52:12:05:17:c1:6d:
+        ff:9b
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MTk0
-NVoXDTEzMTIxNTE1MTk0NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
-HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZjbGllbnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf5GAGGJEY38Vukj0U
-Nfb/Q78yCucsJ0aQLKb+ItHvURqU2X/WEmiNLa90VQ4BBFoYiuFYtAyqxubnp1m1
-XM97iJrUwo85Cw7/FKvM0gRkLbvbPrYDVcy7EHvjrB9O2mhEFoz6svqdtdmasmOG
-1JEagdmfJrQLuiG5hrsPxCA/8ucLxH4FnmcMh5kRo0MwlXlva582RzWRWKgO2vDO
-mtvitXt9HJwdCZbPmPyxs6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXE
-SRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+xfgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqN
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQBj
-Eb+M/og6fRIeweqQ9hEz8n0dK/MiPXL7GzXtzFV5DpgTQc9EXseIdQi0siutEQ4L
-LkkhQRhr6S93bSdLF4XI+nuRRZekLfMkTh6+xeW8yv3csunhsYrwwU/5yRT4w8KY
-ZvoEgvGNaFkXH/K/NPfGPIWbgMa8L2YuDvQkfNieXw==
+MIICgDCCAemgAwIBAgIBFjANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYyOTEx
+MDMzNVoXDTExMDYyOTExMDMzNVowPjEMMAoGA1UEChMDTkRHMR0wGwYDVQQLExRX
+Uy1TZWN1cml0eSBVbml0dGVzdDEPMA0GA1UEAxMGY2xpZW50MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOwhX+RgBhiRGN/FbpI9FDX2/0O/MgrnLCdG
+kCym/iLR71EalNl/1hJojS2vdFUOAQRaGIrhWLQMqsbm56dZtVzPe4ia1MKPOQsO
+/xSrzNIEZC272z62A1XMuxB746wfTtpoRBaM+rL6nbXZmrJjhtSRGoHZnya0C7oh
+uYa7D8QgP/LnC8R+BZ5nDIeZEaNDMJV5b2ufNkc1kVioDtrwzprb4rV7fRycHQmW
+z5j8sbOkk7xRzGa7tZmOXY9WFk/DwU+Ur5qaPxBIi/k2XLXFxEkUUlcbvfckQSdH
+/TXfCD8bbssiFV+PsX4Di6zaFULiFebykwmYeUa1o6W5P9HqjQIDAQABoxUwEzAR
+BglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcNAQEEBQADgYEAjYdNb2t77dwjwb+A
+8LiKiFoSUHIj4KUNDggWWsFdDMom67X3MY6G2/IQdNuDtYwERjYaDOLvomamM8rm
+RoPXdM1F7zoktQ8mVJejzebjH9ftR4MyP/AVpX1wGPLMuAkNuWOEUJvJVgz12CWN
+SYzqgq77mHkSU44ZUhIFF8Ft/5s=
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/pki/wsse-server.crt

@@ -2 +2 @@
     Data:
         Version: 3 (0x2)
-        Serial Number: 260 (0x104)
+        Serial Number: 23 (0x17)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=NDG, OU=BADC, CN=Test CA
+        Issuer: O=NDG, OU=Security, CN=Test CA
         Validity
-            Not Before: Dec 16 15:20:55 2008 GMT
-            Not After : Dec 15 15:20:55 2013 GMT
-        Subject: O=NDG Security Test, OU=WS-Security Unittest, CN=server
+            Not Before: Jun 29 11:10:12 2010 GMT
+            Not After : Jun 29 11:10:12 2011 GMT
+        Subject: O=NDG, OU=WS-Security Unittest, CN=server
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -36 +36 @@
                 SSL Client, SSL Server, S/MIME, Object Signing
     Signature Algorithm: md5WithRSAEncryption
-        95:eb:24:bb:4e:4d:38:b8:0e:8d:0e:fa:27:61:0b:91:f7:9e:
-        a3:a7:a4:e0:d8:ba:57:3a:ee:df:54:50:80:26:19:f5:66:d7:
-        6c:83:64:eb:b3:1a:3b:dc:7a:08:49:db:3f:a1:9a:bf:03:08:
-        7f:b2:8c:28:eb:cf:79:d9:a3:f0:a4:7c:65:40:c5:fe:34:88:
-        7f:88:47:e2:4b:38:f4:d6:c6:91:69:9c:68:ca:ed:03:fc:fb:
-        83:c8:07:be:3c:33:be:24:87:aa:68:7f:38:18:e3:fc:97:ef:
-        8f:e4:6e:39:f8:3d:e2:97:91:4a:86:e8:39:52:01:b3:31:54:
-        d9:5d
+        67:96:45:5e:73:66:69:2c:f1:fb:ed:65:c9:fa:69:c7:6a:0e:
+        15:d9:3b:56:1b:90:a5:27:18:f7:47:70:f0:1b:a6:41:21:d8:
+        21:3e:1a:ae:87:9a:f1:36:3e:02:cf:1f:30:83:af:f8:fe:21:
+        6c:14:45:a0:9e:39:f2:91:de:0a:06:22:8f:4d:2e:9f:66:7e:
+        26:61:3d:cc:31:4d:43:9e:4d:5d:c6:00:ef:82:ed:30:57:76:
+        c4:4f:db:85:7c:97:35:a1:d0:ff:b8:91:a1:9c:e9:a3:a8:c9:
+        99:80:a4:03:66:8b:e6:44:54:d0:7c:72:d8:e0:c3:3b:ea:98:
+        e7:f7
 -----BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgICAQQwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
-MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNjE1MjA1
-NVoXDTEzMTIxNTE1MjA1NVowTDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
-HTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0ZXN0MQ8wDQYDVQQDEwZzZXJ2ZXIw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKh5yGjF6lxe3OL/g1lZdq
-ar1niwjRU91t1kdktU9g4bQBxg4hFsMX0nb6iWKUXe09Npuu8KLiaQh7f1j+iMfv
-FyklZFazO3wnpO4O95jvdsruu7RSP1Mr1pSWqT5rE+YlRaq+rKkeUWw41d2/RC94
-fpQ6gVyKXePfSW52flQcmrAHuRG8DyxQGSWlLDx6UuDzCfMQ/BW5aEVtpXIKfyfq
-FbpcpjemyU85R6h7K8Q7Wmoa841np+KRdMSnhQ6VX9PcgfcNdNEzsV+zxb7kblYq
-JXUEDFWmNcJmdoWPUXwLtvdA3wwy15k+cvLVw3X4BmyTXrrK76uOjcroePMIJpHr
-AgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkqhkiG9w0BAQQFAAOBgQCV
-6yS7Tk04uA6NDvonYQuR956jp6Tg2LpXOu7fVFCAJhn1Ztdsg2Trsxo73HoISds/
-oZq/Awh/sowo68952aPwpHxlQMX+NIh/iEfiSzj01saRaZxoyu0D/PuDyAe+PDO+
-JIeqaH84GOP8l++P5G45+D3il5FKhug5UgGzMVTZXQ==
+MIICgDCCAemgAwIBAgIBFzANBgkqhkiG9w0BAQQFADAzMQwwCgYDVQQKEwNOREcx
+ETAPBgNVBAsTCFNlY3VyaXR5MRAwDgYDVQQDEwdUZXN0IENBMB4XDTEwMDYyOTEx
+MTAxMloXDTExMDYyOTExMTAxMlowPjEMMAoGA1UEChMDTkRHMR0wGwYDVQQLExRX
+Uy1TZWN1cml0eSBVbml0dGVzdDEPMA0GA1UEAxMGc2VydmVyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoechoxepcXtzi/4NZWXamq9Z4sI0VPdbdZH
+ZLVPYOG0AcYOIRbDF9J2+olilF3tPTabrvCi4mkIe39Y/ojH7xcpJWRWszt8J6Tu
+DveY73bK7ru0Uj9TK9aUlqk+axPmJUWqvqypHlFsONXdv0QveH6UOoFcil3j30lu
+dn5UHJqwB7kRvA8sUBklpSw8elLg8wnzEPwVuWhFbaVyCn8n6hW6XKY3pslPOUeo
+eyvEO1pqGvONZ6fikXTEp4UOlV/T3IH3DXTRM7Ffs8W+5G5WKiV1BAxVpjXCZnaF
+j1F8C7b3QN8MMteZPnLy1cN1+AZsk166yu+rjo3K6HjzCCaR6wIDAQABoxUwEzAR
+BglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcNAQEEBQADgYEAZ5ZFXnNmaSzx++1l
+yfppx2oOFdk7VhuQpScY90dw8BumQSHYIT4aroea8TY+As8fMIOv+P4hbBRFoJ45
+8pHeCgYij00un2Z+JmE9zDFNQ55NXcYA74LtMFd2xE/bhXyXNaHQ/7iRoZzpo6jJ
+mYCkA2aL5kRU0Hxy2ODDO+qY5/c=
 -----END CERTIFICATE-----

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

@@ -12 +12 @@
 # license: BSD - see LICENSE file in top-level directory
 # Contact: Philip.Kershaw@stfc.ac.uk
-# Revision: $Id:$
+# Revision: $Id$
 
 [DEFAULT]
@@ -110 +110 @@
 # Apply verification against a list of trusted CAs.  To skip this step, comment
 # out or remove this item.  e.g. set CA verification in the Apache config file.
-ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
+ssl.caCertFilePathList = %(testConfigDir)s/ca/d573507a.0
 #ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test
 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/template/server-pydap2.ini

@@ -87 +87 @@
 # List of CA certificates used to verify the signatures of 
 # Attribute Certificates retrieved
-pip.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
+pip.caCertFilePathList=%(here)s/pki/ca/d573507a.0
 
 #
@@ -109 +109 @@
 
 # For signature verification.  Provide a space separated list of file paths
-pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
+pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/d573507a.0
 
 # ValueType for the BinarySecurityToken added to the WSSE header

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openid/securityservices.ini

@@ -58 +58 @@
 attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
 attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
-attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0
 
 #______________________________________________________________________________
@@ -68 +68 @@
 #
 # CA certificates for Attribute Certificate signature validation
-sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 # CA certificates for SSL connection peer cert. validation - required if
 # connecting to an Attribute Authority over SSL
-sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 # Allow Get Attribute Certificate calls to try to get a mapped certificate
@@ -101 +101 @@
 # The CA certificates of other NDG trusted sites should go here.  NB, multiple
 # values should be delimited by a space
-sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0
 
 # Signature of an outbound message
@@ -414 +414 @@
 
 # Verify against known CAs - Provide a space separated list of file paths
-wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 #______________________________________________________________________________

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/securityservices.ini

@@ -56 +56 @@
 attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
 attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
-attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0
 
 #______________________________________________________________________________
@@ -66 +66 @@
 #
 # CA certificates for Attribute Certificate signature validation
-sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 # CA certificates for SSL connection peer cert. validation - required if
 # connecting to an Attribute Authority over SSL
-sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 # Allow Get Attribute Certificate calls to try to get a mapped certificate
@@ -99 +99 @@
 # The CA certificates of other NDG trusted sites should go here.  NB, multiple
 # values should be delimited by a space
-sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0
 
 # Signature of an outbound message
@@ -380 +380 @@
 
 # Verify against known CAs - Provide a space separated list of file paths
-wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 #______________________________________________________________________________

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini

@@ -130 +130 @@
 # List of CA certificates used to verify the signatures of 
 # Attribute Certificates retrieved
-pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+pip.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 #
@@ -153 +153 @@
 
 # For signature verification.  Provide a space separated list of file paths
-pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 # ValueType for the BinarySecurityToken added to the WSSE header

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securityservices.ini

@@ -12 +12 @@
 # license: BSD - see LICENSE file in top-level directory
 # Contact: Philip.Kershaw@stfc.ac.uk
-# Revision: $Id:$
+# Revision: $Id$
 
 [DEFAULT]
@@ -212 +212 @@
 attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
 attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
-attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0
 
 
@@ -225 +225 @@
 
 # Verify against known CAs - Provide a space separated list of file paths
-wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
+wssecurity.caCertFilePathList=%(testConfigDir)s/ca/d573507a.0
 
 #______________________________________________________________________________

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/configfileparsers/test.cfg

@@ -39 +39 @@
 # Test a 3rd level of nesting - prefixed for the Session Manager but the
 # Session Manager itself has a Credential Wallet subcomponent
-sessionManager.credentialWallet.caCertFilePathList=ca/ndg-test-ca.crt
+sessionManager.credentialWallet.caCertFilePathList=ca/d573507a.0
 
 # Test bool and int type conversions

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet/credWallet.cfg

@@ -15 +15 @@
 
 # CA certificates for Attribute Certificate signature validation
-caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
+caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
 
 # CA certificates for SSL connection peer cert. validation
-sslCACertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
+sslCACertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
 
 # See attAuthority unit tests to get this service running
@@ -79 +79 @@
 
 # Provide a space separated list of file paths
-wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt 
+wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/config.ini

@@ -12 +12 @@
 connectionString = sqlite:///$NDGSEC_TEST_CONFIG_DIR/user.db
 openIdSqlQuery = select openid from users where username = '${username}'     
-#attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml
-attributeAuthorityURI = http://localhost:5000/AttributeAuthority/saml
+attributeAuthorityURI = https://localhost:5443/AttributeAuthority
+#attributeAuthorityURI = http://localhost:5000/AttributeAuthority
 attributeQuery.subjectIdFormat = urn:esg:openid
 attributeQuery.issuerName = /O=Site A/CN=Authorisation Service

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/test_saml_attribute_assertion.py

@@ -10 +10 @@
 __license__ = "BSD - see LICENSE file in top-level directory"
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
-__revision__ = '$Id:$'
+__revision__ = '$Id$'
 import logging
 logging.basicConfig(level=logging.DEBUG)
 
 import os
-from string import Template
+import sys
 from cStringIO import StringIO
-
-from sqlalchemy import create_engine, MetaData, Table, Column, Integer, String
-from sqlalchemy.ext.declarative import declarative_base
-from sqlalchemy.orm import sessionmaker
+import unittest
 
 from ndg.security.common.saml_utils.esg import EsgSamlNamespaces
@@ -29 +26 @@
 
 class CertExtAppTestCase(BaseTestCase):
+    """Test SAML Assertion Certificate Extension plugin for MyProxy"""
     THIS_DIR = os.path.dirname(__file__)
     OPENID_SQL_QUERY = ("select openid from users where username = "
@@ -43 +41 @@
         myProxyCertExtApp = CertExtApp()
         myProxyCertExtApp.connectionString = \
-                    CertExtAppTestCase.DB_CONNECTION_STR
+                                            CertExtAppTestCase.DB_CONNECTION_STR
                     
         myProxyCertExtApp.openIdSqlQuery = CertExtAppTestCase.OPENID_SQL_QUERY
@@ -128 +126 @@
         print(output)
         
+        
+if __name__ == "__main__":
+    unittest.main()

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sslclientauthnmiddleware/test.ini

@@ -28 +28 @@
 errorResponseCode: 401
 pathMatchList: /secure1 /secure2
-caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
+caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0
 
 # Logging configuration

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authn/ssl-test.ini

@@ -66 +66 @@
 paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware
 prefix = ssl.
-ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
+ssl.caCertFilePathList = %(testConfigDir)s/ca/d573507a.0
 ssl.rePathMatchList = ^/ssl-client-authn.*

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini

@@ -77 +77 @@
 attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
 attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
-attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
+attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/d573507a.0

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py

@@ -187 +187 @@
         self.assert_(samlResponse.assertions[0].authzDecisionStatements[0
                                             ].decision == DecisionType.PERMIT)
-
-        
-class SOAPAuthzServiceMiddlewareTestCase(
-                                SOAPAuthzDecisionInterfaceMiddlewareTestCase):
-    """Test the actual server side middleware 
-    ndg.security.server.wsgi.authzservice.AuthzServiceMiddleware
-    rather than a test stub
-    """
-    CONFIG_FILENAME = 'authz-service.ini'
-    RESOURCE_URI = 'http://localhost/dap/data/my.nc.dods?time[0:1:0]&lat'
-    ACCESS_DENIED_RESOURCE_URI = \
-        'http://localhost/dap/data/test_accessDeniedToSecuredURI'
-    
-    def __init__(self, *arg, **kw):
-        """Extend base init to include SAML Attribute Authority required by
-        Authorisation Service"""
-        super(SOAPAuthzDecisionInterfaceMiddlewareTestCase, self).__init__(
-                                                                    *arg, **kw)
-        self.startSiteAAttributeAuthority(withSSL=True, port=5443)
-        
-    def test02AccessDenied(self):
-        cls = SOAPAuthzServiceMiddlewareTestCase
-        query = self._createAuthzDecisionQuery(
-                                        resource=cls.ACCESS_DENIED_RESOURCE_URI)
-        request = self._makeRequest(query=query)
-        
-        header = {
-            'soapAction': "http://www.oasis-open.org/committees/security",
-            'Content-length': str(len(request)),
-            'Content-type': 'text/xml'
-        }
-        response = self.app.post('/authorisationservice/', 
-                                 params=request, 
-                                 headers=header, 
-                                 status=200)
-        print("Response status=%d" % response.status)
-        samlResponse = self._getSAMLResponse(response.body)
-
-        self.assert_(samlResponse.status.statusCode.value == \
-                     StatusCode.SUCCESS_URI)
-        self.assert_(samlResponse.inResponseTo == query.id)
-        self.assert_(samlResponse.assertions[0].subject.nameID.value == \
-                     query.subject.nameID.value)
-        self.assert_(samlResponse.assertions[0])
-        self.assert_(samlResponse.assertions[0].authzDecisionStatements[0])
-        self.assert_(samlResponse.assertions[0].authzDecisionStatements[0
-                                            ].decision == DecisionType.DENY)   
     
     

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/ssl/test.ini

@@ -21 +21 @@
 paste.filter_app_factory = ndg.security.server.wsgi.ssl:ApacheSSLAuthnMiddleware
 prefix = ssl.
-ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
+ssl.caCertFilePathList = %(testConfigDir)s/ca/d573507a.0
 ssl.rePathMatchList = ^/secured/.*$ ^/restrict.*
 ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=test, /O=localhost/OU=local client/CN=test 2

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/x509/x509Test.cfg

@@ -14 +14 @@
 certfile: $NDGSEC_TEST_CONFIG_DIR/pki/user.crt
 proxycertfile: $NDGSEC_X509_UNITTEST_DIR/proxy.crt
-cacertfile: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
+cacertfile: $NDGSEC_TEST_CONFIG_DIR/ca/d573507a.0