update iaik_sva.jar and svaconfig.example to solve bug in KeyUsage validation

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-01-25 15:35:20 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-01-25 15:35:20 +0100
commit: 8b087b4045eb1bf34a9656801b66f31830da0817 (patch)
tree: 26a9a028b6ee75c7d47d1b8b22a80f86865818a9 /moaSig/handbook
parent: ac5470de542bb4a48b5f7c72173dae9efadd7fe1 (diff)
download: moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.gz
moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.bz2
moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.zip
1 files changed, 45 insertions, 22 deletions
diff --git a/moaSig/handbook/conf/moa-spss/svaconfig.example b/moaSig/handbook/conf/moa-spss/svaconfig.example
index f219ea1..7be4541 100644
--- a/moaSig/handbook/conf/moa-spss/svaconfig.example
+++ b/moaSig/handbook/conf/moa-spss/svaconfig.example
@@ -1,5 +1,3 @@
-#Fri Jul 27 14:18:37 CEST 2012
-#
 # Format [key]=[value]
 # 
 # Note that if an '=' is used in a key or value it has to be escaped: "\="
@@ -13,36 +11,36 @@
 #testdir=/data/sigval/incoming/test/
 
 #The basepath for signature validation
-#basepath=
+#basepath=/data/sigval/incoming
 
 ######################################################
 
 #The path prefix for all file system locations
-#pathprefix=/home/afitzek/server/moa-spss/apache-tomcat-8.0.0-RC3/conf/moa-spss/sva/
+pathprefix=/home/user/example/prefix
 
 #The file where the xmldsig core schema is located
-#xmlschemaloc=example/schema/xmldsig-core-schema.xsd
+xmlschemaloc=schema/xmldsig-core-schema.xsd
 
 #The root folder where truststore and certstore are created later on
-#certroot=example/certs
+certroot=certs/example
 
 #The folder containing the trustanchors
-#trustanchorloc=example/keys_and_certs
+trustanchorloc=certs/example/trustanchors
 
 #The folder containing the timestampauthority trustanchors
-#tsttrustanchorloc=example/keys_and_certs
+tsttrustanchorloc=certs/example/tstanchor
 
 #The folder containing alternative revocation information (comment out to use
 #infos contained in the certificate)
-#altdp=
+#altdp=certs/example/revocation
 
 #The maximum age of a revocation information of a end user certificate in hours
-#endusercertgrace=4382
+endusercertgrace=4382
 
 #The maximum age of a revocation information for a ca certificate in hours
-#cacertgrace=4382
+cacertgrace=4382
 
-#tstcoherencetolerance=10
+tstcoherencetolerance=10
 
 #The maximum time difference (in hours) the signing-time property and a 
 #time stamp
@@ -50,25 +48,50 @@
 
 # Defines the forbidden hashing algorithms and the inception date
 # Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
-#hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08}
-
-# Defines the forbidden hashing algorithms for CA Certificates and the inception date
-# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
-#cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05}
+hashconstraint={md5, 2000-08-08};{sha1, 2013-08-08}
 
 # Defines the minimum required key lengths
 # Format: {<algorithm name>, <min len>,<inception date>};{...}...
-#keylenconstraint={rsa, 1024, 2000-08-08}
+keylenconstraint={rsa, 1024, 2000-08-08}
 
 # Defines the minimum required key lengths for CA Certificates
-# Format: {<algorithm name>, <min len>,<inception date>};{...}..
-#cakeylenconstraint={rsa,512,2000-08-08}
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+cakeylenconstraint={rsa,512,2000-08-08}
 
 # Defines the minimum required key lengths for timestamps
 # Format: {<algorithm name>, <min len>,<inception date>};{...}...
-#tstkeylenconstraint={rsa, 1024, 2000-08-08}
+tstkeylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the mapping from sub indications to main indications.
+# If a sub indication1 is not present or empty, the default mappings are used.
+# See "Final draft ETSI EN 319 102-1 V1.1.0 (2016-02)"
+# Format: {<sub indication1>, <main indication1>};{...}...
+indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE}
 
 # Allows any key usage if set to true, otherwise only dig. signature
 allowanykeyusage=false
 
-chainingmodel=SHELL
+# Defines the chaining model for path validation.
+# possible values are:
+#  - All certificates are valid at validationtime (SHELL model). This is the default value.
+#  - All certificates are valid at the time they were used for issuing a certificate or signing (CHAIN model).
+chainingmodel=shell
+
+# Defines if the validation of each timestap should be added to the validation report.
+# If set to true, the timestamp validation reports will be added. Default value is true.
+timestampreports=true
+
+# defines the bits which HAS TO be set in the key usage field of the 
+# end users certificate. The valid bits (from RFC5280) to set are as follows:
+# (if omitted or empty it defaults to DIGITAL_SIGNATURE):
+#          digitalSignature        (0),
+#          contentCommitment       (1)
+#          dataEncipherment        (3),
+#          keyAgreement            (4),
+#          keyCertSign             (5),
+#          cRLSign                 (6),
+#          encipherOnly            (7),
+#          decipherOnly            (8) 
+
+# Format: {<index of bit to set>; ...}
+keyusage = {0, 1}
+\ No newline at end of file
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-01-25 15:35:20 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-01-25 15:35:20 +0100
commit	8b087b4045eb1bf34a9656801b66f31830da0817 (patch)
tree	26a9a028b6ee75c7d47d1b8b22a80f86865818a9 /moaSig/handbook
parent	ac5470de542bb4a48b5f7c72173dae9efadd7fe1 (diff)
download	moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.gz moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.bz2 moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.zip