<?xml version="1.0" encoding="UTF-8"?> <MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <Common> <HardwareCryptoModule> <Name>HWC1_Name</Name> <SlotId>HWC1_SlotId</SlotId> <UserPIN>HWC1_UserPIN</UserPIN> </HardwareCryptoModule> <HardwareCryptoModule> <Name>HWC2_Name</Name> <UserPIN>HWC2_UserPIN</UserPIN> </HardwareCryptoModule> </Common> <SignatureCreation> <KeyModules> <HardwareKeyModule> <Id>HWK1_Id</Id> <Name>HWK1_Name</Name> <SlotId>HWK1_SlotId</SlotId> <UserPIN>HWK1_UserPIN</UserPIN> </HardwareKeyModule> <HardwareKeyModule> <Id>HWK2_Id</Id> <Name>HWK2_Name</Name> <UserPIN>HWK2_UserPIN</UserPIN> </HardwareKeyModule> <SoftwareKeyModule> <Id>SWK1_Id</Id> <FileName>swk/SWK1_FileName.txt</FileName> <Password>SWK1_Password</Password> </SoftwareKeyModule> <SoftwareKeyModule> <Id>SWK2_Id</Id> <FileName>swk/SWK2_FileName.txt</FileName> </SoftwareKeyModule> </KeyModules> <KeyGroup> <Id>KG1_Id</Id> <Key> <KeyModuleId>HWK1_Id</KeyModuleId> <KeyCertIssuerSerial> <dsig:X509IssuerName>CN=HWK1_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>0</dsig:X509SerialNumber> </KeyCertIssuerSerial> </Key> <Key> <KeyModuleId>HWK2_Id</KeyModuleId> <KeyCertIssuerSerial> <dsig:X509IssuerName>CN=HWK2_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>1</dsig:X509SerialNumber> </KeyCertIssuerSerial> </Key> </KeyGroup> <KeyGroup> <Id>KG2_Id</Id> <Key> <KeyModuleId>SWK1_Id</KeyModuleId> <KeyCertIssuerSerial> <dsig:X509IssuerName>CN=SKW1_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>2</dsig:X509SerialNumber> </KeyCertIssuerSerial> </Key> <Key> <KeyModuleId>SWK2_Id</KeyModuleId> <KeyCertIssuerSerial> <dsig:X509IssuerName>CN=SKW2_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>3</dsig:X509SerialNumber> </KeyCertIssuerSerial> </Key> </KeyGroup> <KeyGroupMapping> <CustomerId> <dsig:X509IssuerName>CN=Customer1_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>4</dsig:X509SerialNumber> </CustomerId> <KeyGroupId>KG1_Id</KeyGroupId> <KeyGroupId>KG2_Id</KeyGroupId> </KeyGroupMapping> <KeyGroupMapping> <KeyGroupId>KG1_Id</KeyGroupId> <KeyGroupId>KG2_Id</KeyGroupId> </KeyGroupMapping> <XMLDSig> <CanonicalizationAlgorithm>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CanonicalizationAlgorithm> <DigestMethodAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</DigestMethodAlgorithm> </XMLDSig> <CreateTransformsInfoProfile> <Id>CTIP_1</Id> <Location>profiles/ctip/CTIP_1.xml</Location> </CreateTransformsInfoProfile> <CreateTransformsInfoProfile> <Id>CTIP_2</Id> <Location>e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/profiles/ctip/CTIP_2.xml</Location> </CreateTransformsInfoProfile> <CreateSignatureEnvironmentProfile> <Id>CSEP_1</Id> <Location>profiles/csep/CSEP_1.xml</Location> </CreateSignatureEnvironmentProfile> </SignatureCreation> <SignatureVerification> <CertificateValidation> <PathConstruction> <AutoAddCertificates>false</AutoAddCertificates> <UseAuthorityInformationAccess>false</UseAuthorityInformationAccess> <CertificateStore> <DirectoryStore> <Location>certstore_test</Location> </DirectoryStore> </CertificateStore> </PathConstruction> <PathValidation> <ChainingMode> <DefaultMode>pkix</DefaultMode> <TrustAnchor> <Identification> <dsig:X509IssuerName>CN=TA1_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>5</dsig:X509SerialNumber> </Identification> <Mode>chaining</Mode> </TrustAnchor> <TrustAnchor> <Identification> <dsig:X509IssuerName>CN=TA2_Issuer</dsig:X509IssuerName> <dsig:X509SerialNumber>6</dsig:X509SerialNumber> </Identification> <Mode>pkix</Mode> </TrustAnchor> </ChainingMode> <TrustProfile> <Id>TP1_Id</Id> <TrustAnchorsLocation>trustprofiles/tp1/anchors</TrustAnchorsLocation> <SignerCertsLocation>trustprofiles/tp1/signercerts</SignerCertsLocation> </TrustProfile> <TrustProfile> <Id>TP2_Id</Id> <TrustAnchorsLocation>file:e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/trustprofiles/tp2/anchors</TrustAnchorsLocation> <SignerCertsLocation>file:e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/trustprofiles/tp2/signercerts</SignerCertsLocation> </TrustProfile> </PathValidation> <RevocationChecking> <EnableChecking>false</EnableChecking> <MaxRevocationAge>10000</MaxRevocationAge> <ServiceOrder> <Service>CRL</Service> <Service>OCSP</Service> </ServiceOrder> <Archiving> <EnableArchiving>false</EnableArchiving> <ArchiveDuration>730</ArchiveDuration> <Archive> <DatabaseArchive> <JDBCURL>jdbc://dummy</JDBCURL> <JDBCDriverClassName>fully.qualified.classname</JDBCDriverClassName> </DatabaseArchive> </Archive> </Archiving> <DistributionPoint> <CAIssuerDN>CN=DP1_Issuer</CAIssuerDN> <CRLDP> <Location>http://crl.myca.org</Location> </CRLDP> <CRLDP> <Location>http://crl.myotherca.org</Location> <ReasonCode>aACompromise</ReasonCode> <ReasonCode>affiliationChanged</ReasonCode> </CRLDP> </DistributionPoint> <DistributionPoint> <CAIssuerDN>CN=DP2_Issuer</CAIssuerDN> <OCSPDP> <Location>http://crl.yetanotherca.org</Location> </OCSPDP> </DistributionPoint> </RevocationChecking> </CertificateValidation> <VerifyTransformsInfoProfile> <Id>VTIP_1</Id> <Location>profiles/vtip/VTIP_1.xml</Location> </VerifyTransformsInfoProfile> <SupplementProfile> <Id>SP_1</Id> <Location>profiles/sp/SP_1.xml</Location> </SupplementProfile> </SignatureVerification> </MOAConfiguration>