---
Configuration
---
EGIZ
---
2010
---
MOCCA Configuration
Since MOCCA version 1.3 {{{http://commons.apache.org/configuration/}commons-configuration}} is used for the main configuration of MOCCA.
The configuration is built by the {{{./apidocs/at/gv/egiz/bku/spring/ConfigurationFactoryBean.html} ConfigurationFactoryBean}} class. It creates a composite configuration using a default configuration read from {{{./apidocs/constant-values.html#at.gv.egiz.bku.spring.ConfigurationFactoryBean.DEFAULT_CONFIG}ConfigurationFactoryBean.DEFAULT_CONFIG}} and an (optional) resource specified by {{{./apidocs/at/gv/egiz/bku/spring/ConfigurationFactoryBean.html#setConfigurationResource(org.springframework.core.io.Resource)}setConfigurationResource(org.springframework.core.io.Resource)}}. The latter {{{http://static.springsource.org/spring/docs/2.5.5/reference/resources.html}resource}} is usually injected via a {{{http://static.springsource.org/spring/docs/2.5.5/reference/beans.html}spring application context}}. See the configuration sections of MOCCA Online / MOCCA Local on how the configuration resource is constructed in their respective application contexts and on how to provide your own configuration file.
* Common Configuration Options
A typical configuration file looks like this:
+------------------+
true
50
true
./certStore
./trustStore
+------------------+
** Supported Configuration Parameters
[<<>>] Allows to control whether MOCCA should register the Java {{{http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderArch}Cryptographic Service Providers}}.
NOTE: MOCCA will only work if the required security providers are registered. If this is set to <<>>, the security providers must be registered by some other means (e.g. {{{http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderInstalling}registered statically}}).
Default: <<>>
[<<>>]
[<<>>] Sets the number of consecutive requests allowed to be received from the {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/Bindings.en.html#http.ablauf.schritte}DataURL}} server.
This allows to prevent infinite request loops caused by erroneous server implementations.
Default: <<<50>>>
[<<>>] A list of allowed DataURLs, separated by commas.
The entries are interpreted as {{{http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html}regular expressions}}.
If this list is not present, any DataURL will be accepted. If it is empty, all DataURLs will be rejected.
[<<>>] Controls if to-be signed data is validated for conformity with the {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/viewerformat/ViewerFormat.en.html}standardised viewer format}} of the Austrian Citizen Card specification.
Default: <<>>
[<<>>]
The following two configuration elements must provide an URL which resolves to a directory in the file system. It may either be an absolute URL or a relative URL, which is resolved using the URL of the configuration file.
[<<>>] Specifies the URL of a certificate store directory. This directory must contain all certificates required to build a valid certification chain up to an anchor of trust (e.g. a certificate also contained in the trust store directory). Certificate filenames are hashed. To add new certificates to the certificate store directory create a sub-directory named <<>> and put the certificates into this directory. They will then be added to the certificate store upon startup of MOCCA.
Default: <<>>
[<<>>] Specifies the URL of a trust store directory. This directory must contain all certificates considered as a root of trust.
NOTE: Any certificate in the trust store directory must also be present in the certificate store directory!
Default: <<>>
[<<>>] Options: <<>> (default) or <<>>
[<<>>] Comma-separated (ordered) list of revocation services to be used, e.g. "<<>>". Any revocation service not contained in the list will be disabled.
Default: <<>>
[]
NOTE: Do not enable the following two options in production environments!
[<<>>] May be set to <<>> to disable verification of the server host name given in the server's certificate.
Default: <<>>
[<<>>] May be set to <<>> to disable all TSL/SSL related checks.
Default: <<>>
[<<>>] May be specified to set the product name given by the <<>> and <<>> HTTP headers as specified by {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.en.html#http}HTTP binding}}.
[<<>>] May be specified to set the product version given by the <<>> and <<>> HTTP headers as specified by {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.en.html#http}HTTP binding}}.
[<<>>] May be specified to set the <<>> HTTP header.
[<<>>]
Citizen Card Environment access control configuration file
[<<>>]
Default: <<>>
[<<>>] The hash algorithm defaults to SHA-1.
If this option is set, SHA-256 or RIPEMD-160 are used, depending on card support.
Default: <<>>
[<<>>] By default, provided StylesheetURLs will be ignored.
To enable this feature, set this to true.
Default: <<>>
[<<>>] Use provided key and certificate files instead of a smart card.
This feature expects the following files:
* <<>>: keystore containing the secure signature key pair (under the friendly name <<>>)
* <<>>: plain text file containing the password of the above key store
* <<>>: corresponding certificate
* <<>>: keystore containing the certified key pair (under the friendly name <<>>)
* <<>>: plain text file containing the password of the above key store
* <<>>: corresponding certificate
[]
Default: <<>>
** MOCCA Local Only Configuration Parameters
[<<>>]
Smart card interface device configuration options. Currently, only one configuration item.
[<<>>] Whether to disable the pinpad on a card reader and use keyboard pin entry instead.
Default: <<>>