From 8b087b4045eb1bf34a9656801b66f31830da0817 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 25 Jan 2018 15:35:20 +0100 Subject: update iaik_sva.jar and svaconfig.example to solve bug in KeyUsage validation --- moaSig/build.gradle | 2 +- moaSig/handbook/conf/moa-spss/svaconfig.example | 67 ++++++++++++++++-------- moaSig/libs/iaik_sva.jar | Bin 125590 -> 128987 bytes 3 files changed, 46 insertions(+), 23 deletions(-) diff --git a/moaSig/build.gradle b/moaSig/build.gradle index fc5633b..ebca605 100644 --- a/moaSig/build.gradle +++ b/moaSig/build.gradle @@ -21,7 +21,7 @@ subprojects { testCompile 'junit:junit:4.8.2' } - version = '3.1.2-Snapshot' + version = '3.1.2.1-Snapshot' jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version } } diff --git a/moaSig/handbook/conf/moa-spss/svaconfig.example b/moaSig/handbook/conf/moa-spss/svaconfig.example index f219ea1..7be4541 100644 --- a/moaSig/handbook/conf/moa-spss/svaconfig.example +++ b/moaSig/handbook/conf/moa-spss/svaconfig.example @@ -1,5 +1,3 @@ -#Fri Jul 27 14:18:37 CEST 2012 -# # Format [key]=[value] # # Note that if an '=' is used in a key or value it has to be escaped: "\=" @@ -13,36 +11,36 @@ #testdir=/data/sigval/incoming/test/ #The basepath for signature validation -#basepath= +#basepath=/data/sigval/incoming ###################################################### #The path prefix for all file system locations -#pathprefix=/home/afitzek/server/moa-spss/apache-tomcat-8.0.0-RC3/conf/moa-spss/sva/ +pathprefix=/home/user/example/prefix #The file where the xmldsig core schema is located -#xmlschemaloc=example/schema/xmldsig-core-schema.xsd +xmlschemaloc=schema/xmldsig-core-schema.xsd #The root folder where truststore and certstore are created later on -#certroot=example/certs +certroot=certs/example #The folder containing the trustanchors -#trustanchorloc=example/keys_and_certs +trustanchorloc=certs/example/trustanchors #The folder containing the timestampauthority trustanchors -#tsttrustanchorloc=example/keys_and_certs +tsttrustanchorloc=certs/example/tstanchor #The folder containing alternative revocation information (comment out to use #infos contained in the certificate) -#altdp= +#altdp=certs/example/revocation #The maximum age of a revocation information of a end user certificate in hours -#endusercertgrace=4382 +endusercertgrace=4382 #The maximum age of a revocation information for a ca certificate in hours -#cacertgrace=4382 +cacertgrace=4382 -#tstcoherencetolerance=10 +tstcoherencetolerance=10 #The maximum time difference (in hours) the signing-time property and a #time stamp @@ -50,25 +48,50 @@ # Defines the forbidden hashing algorithms and the inception date # Format: {, };{, }... -#hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08} - -# Defines the forbidden hashing algorithms for CA Certificates and the inception date -# Format: {, };{, }... -#cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05} +hashconstraint={md5, 2000-08-08};{sha1, 2013-08-08} # Defines the minimum required key lengths # Format: {, ,};{...}... -#keylenconstraint={rsa, 1024, 2000-08-08} +keylenconstraint={rsa, 1024, 2000-08-08} # Defines the minimum required key lengths for CA Certificates -# Format: {, ,};{...}.. -#cakeylenconstraint={rsa,512,2000-08-08} +# Format: {, ,};{...}... +cakeylenconstraint={rsa,512,2000-08-08} # Defines the minimum required key lengths for timestamps # Format: {, ,};{...}... -#tstkeylenconstraint={rsa, 1024, 2000-08-08} +tstkeylenconstraint={rsa, 1024, 2000-08-08} + +# Defines the mapping from sub indications to main indications. +# If a sub indication1 is not present or empty, the default mappings are used. +# See "Final draft ETSI EN 319 102-1 V1.1.0 (2016-02)" +# Format: {,
};{...}... +indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE} # Allows any key usage if set to true, otherwise only dig. signature allowanykeyusage=false -chainingmodel=SHELL +# Defines the chaining model for path validation. +# possible values are: +# - All certificates are valid at validationtime (SHELL model). This is the default value. +# - All certificates are valid at the time they were used for issuing a certificate or signing (CHAIN model). +chainingmodel=shell + +# Defines if the validation of each timestap should be added to the validation report. +# If set to true, the timestamp validation reports will be added. Default value is true. +timestampreports=true + +# defines the bits which HAS TO be set in the key usage field of the +# end users certificate. The valid bits (from RFC5280) to set are as follows: +# (if omitted or empty it defaults to DIGITAL_SIGNATURE): +# digitalSignature (0), +# contentCommitment (1) +# dataEncipherment (3), +# keyAgreement (4), +# keyCertSign (5), +# cRLSign (6), +# encipherOnly (7), +# decipherOnly (8) + +# Format: {; ...} +keyusage = {0, 1} \ No newline at end of file diff --git a/moaSig/libs/iaik_sva.jar b/moaSig/libs/iaik_sva.jar index 9500d67..9a55178 100644 Binary files a/moaSig/libs/iaik_sva.jar and b/moaSig/libs/iaik_sva.jar differ -- cgit v1.2.3