diff options
Diffstat (limited to 'bkucommon/src/site/apt/configuration.apt')
-rw-r--r-- | bkucommon/src/site/apt/configuration.apt | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/bkucommon/src/site/apt/configuration.apt b/bkucommon/src/site/apt/configuration.apt index 1a35014f..9ecb1eee 100644 --- a/bkucommon/src/site/apt/configuration.apt +++ b/bkucommon/src/site/apt/configuration.apt @@ -45,7 +45,11 @@ MOCCA Configuration This allows to prevent infinite request loops caused by erroneous server implementations. Default: <<<50>>> - + + [<<<Whitelist>>>] A list of allowed DataURLs, separated by commas. + The entries are interpreted as {{{http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html}regular expressions}}. + If this list is not present, any DataURL will be accepted. If it is empty, all DataURLs will be rejected. + [<<<ValidateHashDataInputs>>>] Controls if to-be signed data is validated for conformity with the {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/viewerformat/ViewerFormat.en.html}standardised viewer format}} of the Austrian Citizen Card specification. Default: <<<true>>> @@ -68,7 +72,7 @@ MOCCA Configuration [<<<revocationServiceOrder>>>] Comma-separated (ordered) list of revocation services to be used, e.g. "<<<CRL,OCSP>>>". Any revocation service not contained in the list will be disabled. - Default: <<<OCSP,CRL>>> + Default: <<<OCSP,CRL>>> [] @@ -83,11 +87,14 @@ MOCCA Configuration Default: <<<false>>> [<<<ProductName>>>] May be specified to set the product name given by the <<<Server>>> and <<<User-Agent>>> HTTP headers as specified by {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.en.html#http}HTTP binding}}. - + + [<<<ProductVersion>>>] May be specified to set the product version given by the <<<Server>>> and <<<User-Agent>>> HTTP headers as specified by {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.en.html#http}HTTP binding}}. + [<<<SignatureLayout>>>] May be specified to set the <<<SignatureLayout>>> HTTP header. + [<<<AccessController>>>] Citizen Card Environment access control configuration file @@ -96,6 +103,35 @@ MOCCA Configuration Default: <<<classpath:/at/gv/egiz/bku/accesscontrol/config/accessControlConfig.xml>>> + [<<<UseStrongHash>>>] The hash algorithm defaults to SHA-1. + If this option is set, SHA-256 or RIPEMD-160 are used, depending on card support. + + Default: <<<false>>> + + [<<<UseStylesheetURL>>>] By default, provided StylesheetURLs will be ignored. + To enable this feature, set this to true. + + Default: <<<false>>> + + [<<<UseSWCard>>>] Use provided key and certificate files instead of a smart card. + This feature expects the following files: + + * <<<smcc/secure.p12>>>: keystore containing the secure signature key pair (under the friendly name <<<SecureSignatureKeypair>>>) + + * <<<smcc/secure.pwd>>>: plain text file containing the password of the above key store + + * <<<smcc/secure.cer>>>: corresponding certificate + + * <<<smcc/certified.p12>>>: keystore containing the certified key pair (under the friendly name <<<CertifiedKeypair>>>) + + * <<<smcc/certified.pwd>>>: plain text file containing the password of the above key store + + * <<<smcc/certified.cer>>>: corresponding certificate + + [] + + Default: <<<false>>> + ** MOCCA Local Only Configuration Parameters [<<<CCID>>>] |