Integration tests make use of a set of certificates signed by the DataONE test certicate authority. Reguirements for the certificates are: 1. they need to be long-lived to be useful for testing. (>1 year?) 2. they need to contain serialized SubjectInfo, as typical certs used in production would. 3. they should NOT be trusted by production Nodes. 4. they should be trusted by test Nodes. 4. the filename for each certificate needs to match the subject common name. Testing Design ================== Most of the certificates in the set are used to test Authorization, which requires several different users to thoroughly test authorization scenarios. Authorization testing imagines a set of related subjects (for Groups, Persons, and Nodes): CommonName Details -------------------- -------------------------------------------------------------------- testGroup has member who is testPerson has rightsHolder who is testGroupie testGroupie is a member of testGroup testPerson is a member of testGroup is verified has equivalent identity of 'CN=someLegacyAcct,DC=somewhere,DC=org' has equivalent identity of testEQPerson1 testEQPerson1 has equivalent identity of testPerson has equivalent identity of testEQPerson2 testEQPerson2 has equivalent identity of testPerson1 has equivalent identity of testEQPerson3 testEQPerson3 has equivalent identity of testPerson2 testSubmitter (no equivalent identities or groups) testRightsHolder (no equivalent identities or groups) I'm using subjects with the following common names as client subjects/certificates for integration testing: testSubmitter (the full subject becomes: "CN=testSubmitter,DC=dataone,DC=org") testRightsHolder testPerson testEQPerson1 testEQPerson2 testEQPerson3 testGroupie We also need to test various certificate situations, so need a handful of certificate variants for testPerson, with the following names: testPerson_Expired.crt (don't need to remake unless the DN changes) testPerson_NoSubjectInfo.crt testPerson_InvalidVsSchema.crt serialized SubjectInfo's for the above certificates can be found at: https://repository.dataone.org/software/cicore/trunk/d1_test_resources/src/main/resources/D1shared/authorizationTesting/d1_integration/ there should be an SI file for all but 2 of the above certificates needed: 1. testPerson_Expired.crt uses testPersonSI.xml, but expiration set to 1 hour or day from now (I think that's the lowest increment possible) 2. testPerson_NoSubjectInfo.crt (certificate doesn't include any SI.xml) The cilogon oid for the subjectInfo is: "1.3.6.1.4.1.34998.2.1" Full List of Certificates and corresponding SubjectInfos --------------------------------------------------------- # File Name Common Name SubjectInfo file --- ------------------------ --------------- --------------------- 1 testSubmitter testSubmitter testSubmitter_SI.xml 2 testRightsHolder testRightHolder testRightsHolder_SI.xml 3 testGroupie testGroupie testGroupie_SI.xml 4 testEQPerson1 testEQPerson1 testEQPerson1_SI.xml 5 testEQPerson2 testEQPerson2 testEQPerson2_SI.xml 6 testEQPerson3 testEQPerson3 testEQPerson3_SI.xml 7 testPerson testPerson testPerson_SI.xml 8 testPerson_NoSubjectInfo testPerson - 9 testPerson_Expired testPerson testPerson_SI.xml