<?xml version="1.0" encoding="UTF-8"?>
<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <Common>
    <HardwareCryptoModule>
      <Name>HWC1_Name</Name>
      <SlotId>HWC1_SlotId</SlotId>
      <UserPIN>HWC1_UserPIN</UserPIN>
    </HardwareCryptoModule>
    <HardwareCryptoModule>
      <Name>HWC2_Name</Name>
      <UserPIN>HWC2_UserPIN</UserPIN>
    </HardwareCryptoModule>
  </Common>  
  <SignatureCreation>
    <KeyModules>
      <HardwareKeyModule>
        <Id>HWK1_Id</Id>
        <Name>HWK1_Name</Name>
        <SlotId>HWK1_SlotId</SlotId>
        <UserPIN>HWK1_UserPIN</UserPIN>
      </HardwareKeyModule>
      <HardwareKeyModule>
        <Id>HWK2_Id</Id>
        <Name>HWK2_Name</Name>
        <UserPIN>HWK2_UserPIN</UserPIN>
      </HardwareKeyModule>
      <SoftwareKeyModule>
        <Id>SWK1_Id</Id>
        <FileName>swk/SWK1_FileName.txt</FileName>
        <Password>SWK1_Password</Password>
      </SoftwareKeyModule>
      <SoftwareKeyModule>
        <Id>SWK2_Id</Id>
        <FileName>swk/SWK2_FileName.txt</FileName>
      </SoftwareKeyModule>
    </KeyModules>
    <KeyGroup>
      <Id>KG1_Id</Id>
      <Key>
        <KeyModuleId>HWK1_Id</KeyModuleId>
        <KeyCertIssuerSerial>
          <dsig:X509IssuerName>CN=HWK1_Issuer</dsig:X509IssuerName>
          <dsig:X509SerialNumber>0</dsig:X509SerialNumber>
        </KeyCertIssuerSerial>
      </Key>
      <Key>
        <KeyModuleId>HWK2_Id</KeyModuleId>
        <KeyCertIssuerSerial>
          <dsig:X509IssuerName>CN=HWK2_Issuer</dsig:X509IssuerName>
          <dsig:X509SerialNumber>1</dsig:X509SerialNumber>
        </KeyCertIssuerSerial>
      </Key>
    </KeyGroup>
    <KeyGroup>
      <Id>KG2_Id</Id>
      <Key>
        <KeyModuleId>SWK1_Id</KeyModuleId>
        <KeyCertIssuerSerial>
          <dsig:X509IssuerName>CN=SKW1_Issuer</dsig:X509IssuerName>
          <dsig:X509SerialNumber>2</dsig:X509SerialNumber>
        </KeyCertIssuerSerial>
      </Key>
      <Key>
        <KeyModuleId>SWK2_Id</KeyModuleId>
        <KeyCertIssuerSerial>
          <dsig:X509IssuerName>CN=SKW2_Issuer</dsig:X509IssuerName>
          <dsig:X509SerialNumber>3</dsig:X509SerialNumber>
        </KeyCertIssuerSerial>
      </Key>
    </KeyGroup>
    <KeyGroupMapping>
      <CustomerId>
        <dsig:X509IssuerName>CN=Customer1_Issuer</dsig:X509IssuerName>
        <dsig:X509SerialNumber>4</dsig:X509SerialNumber>
      </CustomerId>
      <KeyGroupId>KG1_Id</KeyGroupId>
      <KeyGroupId>KG2_Id</KeyGroupId>
    </KeyGroupMapping>
    <KeyGroupMapping>
      <KeyGroupId>KG1_Id</KeyGroupId>
      <KeyGroupId>KG2_Id</KeyGroupId>
    </KeyGroupMapping>
    <XMLDSig>
      <CanonicalizationAlgorithm>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CanonicalizationAlgorithm>
      <DigestMethodAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</DigestMethodAlgorithm>
    </XMLDSig>
    <CreateTransformsInfoProfile>
      <Id>CTIP_1</Id>
      <Location>profiles/ctip/CTIP_1.xml</Location>
    </CreateTransformsInfoProfile>
    <CreateTransformsInfoProfile>
      <Id>CTIP_2</Id>
      <Location>e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/profiles/ctip/CTIP_2.xml</Location>
    </CreateTransformsInfoProfile>
    <CreateSignatureEnvironmentProfile>
      <Id>CSEP_1</Id>
      <Location>profiles/csep/CSEP_1.xml</Location>
    </CreateSignatureEnvironmentProfile>
  </SignatureCreation>
  <SignatureVerification>
    <CertificateValidation>
      <PathConstruction>
        <AutoAddCertificates>false</AutoAddCertificates>
        <UseAuthorityInformationAccess>false</UseAuthorityInformationAccess>
        <CertificateStore>
          <DirectoryStore>
            <Location>certstore_test</Location>
          </DirectoryStore>
        </CertificateStore>
      </PathConstruction>
      <PathValidation>
        <ChainingMode>
          <DefaultMode>pkix</DefaultMode>
          <TrustAnchor>
            <Identification>
              <dsig:X509IssuerName>CN=TA1_Issuer</dsig:X509IssuerName>
              <dsig:X509SerialNumber>5</dsig:X509SerialNumber>
            </Identification>
            <Mode>chaining</Mode>
          </TrustAnchor>
          <TrustAnchor>
            <Identification>
              <dsig:X509IssuerName>CN=TA2_Issuer</dsig:X509IssuerName>
              <dsig:X509SerialNumber>6</dsig:X509SerialNumber>
            </Identification>
            <Mode>pkix</Mode>
          </TrustAnchor>
        </ChainingMode>
        <TrustProfile>
          <Id>TP1_Id</Id>
          <TrustAnchorsLocation>trustprofiles/tp1/anchors</TrustAnchorsLocation>
          <SignerCertsLocation>trustprofiles/tp1/signercerts</SignerCertsLocation>
        </TrustProfile>
        <TrustProfile>
          <Id>TP2_Id</Id>
          <TrustAnchorsLocation>file:e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/trustprofiles/tp2/anchors</TrustAnchorsLocation>
          <SignerCertsLocation>file:e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/trustprofiles/tp2/signercerts</SignerCertsLocation>
        </TrustProfile>
      </PathValidation>
      <RevocationChecking>
        <EnableChecking>false</EnableChecking>
        <MaxRevocationAge>10000</MaxRevocationAge>
        <ServiceOrder>
          <Service>CRL</Service>
          <Service>OCSP</Service>
        </ServiceOrder>
        <Archiving>
          <EnableArchiving>false</EnableArchiving>
          <ArchiveDuration>730</ArchiveDuration>
          <Archive>
            <DatabaseArchive>
              <JDBCURL>jdbc://dummy</JDBCURL>
              <JDBCDriverClassName>fully.qualified.classname</JDBCDriverClassName>
            </DatabaseArchive>
          </Archive>
        </Archiving>
        <DistributionPoint>
          <CAIssuerDN>CN=DP1_Issuer</CAIssuerDN>
          <CRLDP>
            <Location>http://crl.myca.org</Location>
          </CRLDP>
          <CRLDP>
            <Location>http://crl.myotherca.org</Location>
            <ReasonCode>aACompromise</ReasonCode>
            <ReasonCode>affiliationChanged</ReasonCode>
          </CRLDP>
        </DistributionPoint>
        <DistributionPoint>
          <CAIssuerDN>CN=DP2_Issuer</CAIssuerDN>
          <OCSPDP>
            <Location>http://crl.yetanotherca.org</Location>
          </OCSPDP>  
        </DistributionPoint>
      </RevocationChecking>
    </CertificateValidation>
    <VerifyTransformsInfoProfile>
      <Id>VTIP_1</Id>
      <Location>profiles/vtip/VTIP_1.xml</Location>
    </VerifyTransformsInfoProfile>
    <SupplementProfile>
      <Id>SP_1</Id>
      <Location>profiles/sp/SP_1.xml</Location>
    </SupplementProfile>
  </SignatureVerification>
</MOAConfiguration>