update default config

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-01-31 10:06:17 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-01-31 10:06:17 +0100
commit: 77b9a943b555abe4867e6f78d6ede43a5e05aa9e (patch)
tree: b3b6a7d94db4cf3c3e1b042f2c00aac8dcd47ab7
parent: 03486ae6e1d250da3d2c4407dd6a631f85f281c4 (diff)
download: moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.gz
moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.bz2
moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.zip
2 files changed, 54 insertions, 7 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
index 9fef4fa2e..46052053a 100644
--- a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
@@ -3,14 +3,32 @@
 
 <properties>
     <comment>SWModule encrypt with JKS.</comment>
-    <entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+    
+    <entry key="check_certificate_validity_period">false</entry>
+    <entry key="disallow_self_signed_certificate">false</entry>
+    <entry key="response.encryption.mandatory">false</entry>
+    
+    <!-- Data Encryption algorithm -->
+    <entry key="data.encryption.algorithm">http://www.w3.org/2009/xmlenc11#aes256-gcm</entry>
+    
+    <!-- Decryption algorithm Whitelist-->
+    <entry key="encryption.algorithm.whitelist">
+        http://www.w3.org/2009/xmlenc11#aes128-gcm;
+        http://www.w3.org/2009/xmlenc11#aes256-gcm;
+        http://www.w3.org/2009/xmlenc11#aes192-gcm
+    </entry>
+    
+    <!-- Key Encryption algorithm -->
+    <entry key="key.encryption.algorithm">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</entry>
+    
+    <entry key="keyStorePath">keys/eidasKeyStore.jks</entry>
+    <entry key="keyStoreType">JKS</entry>
     <entry key="keyStorePassword">local-demo</entry>
     <entry key="keyPassword">local-demo</entry>
 
     <!-- Management of the encryption activation -->
     <entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry>
 
-
     <entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry>
     <entry key="responseToPointSerialNumber.BE">54C8F779</entry>
 
@@ -18,5 +36,5 @@
     <entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
     <entry key="serialNumber">54C8F779</entry>
 
-    <entry key="keystoreType">JKS</entry>
+    
 </properties>
 \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
index 745580428..bf7215cb5 100644
--- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -3,17 +3,46 @@
 
 <properties>
 	<comment>SWModule sign with JKS.</comment>
-	<entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+  <entry key="check_certificate_validity_period">false</entry>
+	<entry key="disallow_self_signed_certificate">false</entry>
+
+	<!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -->
+	<entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry>
+
+	<!-- List of incoming Signature algorithms white list separated by ; (default all) -->
+	<entry key="signature.algorithm.whitelist">
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha256;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha384;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha512;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512;
+    http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1;
+    http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1
+  </entry>
+  
+	<!-- signing response assertion true/false (default false) -->
+	<entry key="response.sign.assertions">true</entry>
+
+  <!--AuthnRequest / Assertion signing keyStore-->
+	<entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+  <entry key="keyStoreType">JKS</entry>
 	<entry key="keyStorePassword">local-demo</entry>
 	<entry key="keyPassword">local-demo</entry>
 	<entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry>
 	<entry key="serialNumber">54C8F839</entry>
-	<entry key="keystoreType">JKS</entry>
 
-	<entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry>
+
+  <!--Metadata signing keystore-->
+	<entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry>
+  <entry key="metadata.keyStoreType">JKS</entry>
 	<entry key="metadata.keyStorePassword">local-demo</entry>
 	<entry key="metadata.keyPassword">local-demo</entry>
 	<entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry>
 	<entry key="metadata.serialNumber">561BC0C8</entry>
-	<entry key="metadata.keystoreType">JKS</entry>
+	
 </properties>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-01-31 10:06:17 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-01-31 10:06:17 +0100
commit	77b9a943b555abe4867e6f78d6ede43a5e05aa9e (patch)
tree	b3b6a7d94db4cf3c3e1b042f2c00aac8dcd47ab7
parent	03486ae6e1d250da3d2c4407dd6a631f85f281c4 (diff)
download	moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.gz moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.bz2 moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.zip