From 9ec3da77a6ed558e23fc5b476b672e66e8a3248b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 28 Jan 2020 10:36:46 +0100
Subject: fix wrong default configuration parameter that skips BKU selection

---
 .../data/deploy/conf/moa-id/eIDAS/SignModule.xml   | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml

(limited to 'id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml')

diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
new file mode 100644
index 000000000..bf7215cb5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SWModule sign with JKS.</comment>
+  <entry key="check_certificate_validity_period">false</entry>
+	<entry key="disallow_self_signed_certificate">false</entry>
+
+	<!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 -->
+	<!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -->
+	<entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry>
+
+	<!-- List of incoming Signature algorithms white list separated by ; (default all) -->
+	<entry key="signature.algorithm.whitelist">
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha256;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha384;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-sha512;
+    http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384;
+    http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512;
+    http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1;
+    http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1
+  </entry>
+  
+	<!-- signing response assertion true/false (default false) -->
+	<entry key="response.sign.assertions">true</entry>
+
+  <!--AuthnRequest / Assertion signing keyStore-->
+	<entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+  <entry key="keyStoreType">JKS</entry>
+	<entry key="keyStorePassword">local-demo</entry>
+	<entry key="keyPassword">local-demo</entry>
+	<entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry>
+	<entry key="serialNumber">54C8F839</entry>
+
+
+  <!--Metadata signing keystore-->
+	<entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry>
+  <entry key="metadata.keyStoreType">JKS</entry>
+	<entry key="metadata.keyStorePassword">local-demo</entry>
+	<entry key="metadata.keyPassword">local-demo</entry>
+	<entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry>
+	<entry key="metadata.serialNumber">561BC0C8</entry>
+	
+</properties>
-- 
cgit v1.2.3