diff options
author | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2008-10-10 11:13:40 +0000 |
---|---|---|
committer | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2008-10-10 11:13:40 +0000 |
commit | 6ef9bdefc58cb2553f23aaa9711d6341e293c9f7 (patch) | |
tree | d627791fc5e394b0fa47c03a93d19b9e1ec65a36 /work/cfg/config.properties | |
parent | 1318c462d46bb248e0587666c04944cfe2c83db6 (diff) | |
download | pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.tar.gz pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.tar.bz2 pdf-as-3-6ef9bdefc58cb2553f23aaa9711d6341e293c9f7.zip |
Deprecated webapp-folder removed from svn repository.
New DefaultConfiguration.zip integrated in order to allow mocca signatures.
Minor bug concerning choice of cce within the web application fixed.
Signature with new online bku MOCCA integrated (new signature device "moc" created).
Configuration keys for mocca added.
New error codes (371 = signature verification not supported by this connector, 372 = invalid signing time) introduced.
Optional check of the signing time for the web application implemented. At signature creation time the signing time is checked for plausibility. This is a workaround for the ITS:mac-linux signing time bug. New configuration key ("signing_time_tolerance") added (applies to web application only) to overcome invalid signing times. A signature is only accepted if its signing time is within a time frame of [current time - signing_time_tolerance, current time + signing_time_tolerance] where signing_time_tolerance is interpreted as seconds.
Bugfix: Correct extraction of signatures with wrong signing times implemented. (The order of the signatures is still invalid in case of false signing times.)
Optional override of the dynamic creation of the signature retrieval url (locrefcontent) implemented in order to overcome ssl problems (retrieve_signature_data_url_override). Note: Assure that this URL is accessible from the citizen card environment.
Download of signed pdf-file for external application interface adjusted.
Verification of mocca signed documents implemented.
Retrieval of xml response via multipart implemented (mocca strictly follows security layer spec)
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@296 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'work/cfg/config.properties')
-rw-r--r-- | work/cfg/config.properties | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 0f54030..509caae 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -14,6 +14,18 @@ ldap.url=http://xxx.yyy.z.com:5000/some/fake/url cert.alg.rsa=http://www.w3.org/2000/09/xmldsig#rsa-sha1
cert.alg.ecdsa=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
+# time frame the signing time may differ (in the upper and the lower direction) from the host time
+# in seconds
+# valid frame: current time - signing_time_tolerance ... current time + signing_time
+# no value or -1 means that the signing time is not checked
+signing_time_tolerance=900
+
+# this key overrides the dynamically built locrefcontent URL for the retrieval of the data to be signed
+# remove/disable this key to enable the old dynamic build process
+# Use this key to overcome SSL Problems with dataurl communication.
+# Note: Assure that this URL is accessible from the citizen card environment.
+#retrieve_signature_data_url_override=http://localhost:8080/pdf-as/RetrieveSignatureData
+
# Beim Signieren: Überprüfung ob Dokument PDF-Version 1.4 (oder weniger) hat
strict_mode=false
@@ -27,7 +39,7 @@ correct_document_if_necessary=true # internal - das Dokument wird mit dem "internen" iText Corrector korrigiert
# external - das Dokument wird durch einen externen Kommandozeilenaufruf korrigiert.
# Hinweis: ein externes Programm aufzurufen birgt gewisse Risiken in sich
-# und sollte daher nöglichst nicht verwendet werden.
+# und sollte daher möglichst nicht verwendet werden.
corrector=internal
# Kommandozeile für den externen Connector.
@@ -63,15 +75,21 @@ default.bku.algorithm.id=etsi-bka-1.0 # MOA Algorithm - Kennzeichnung
default.moa.algorithm.id=etsi-bka-moa-1.0
+# MOCCA Algorithm - Kennzeichnung
+default.moc.algorithm.id=etsi-moc-1.0
+
# MOA Detached Signieren aus Konsole möglich - zurzeit möglich nur mit BKU
moa.sign.console.detached.enabled=false
# MOA Kennzeichnungsfeld anzeigen
moa.id.field.visible=false
+
#############################################
# Signaturdienste
+# BKU settings
+
bku.available_for_web=true
bku.available_for_commandline=true
@@ -84,7 +102,7 @@ bku.sign.request.base64=./templates/default.bku.sign.enveloping.xml # default bku detached sign template file
bku.sign.request.detached=./templates/default.bku.sign.detached.xml
-# BKU VERIFYING
+# BKU verification
bku.verify.url=http://127.0.0.1:3495/http-security-layer-request
bku.verify.template.base64old=./templates/default.bku.verify.template.enveloping.old.xml
@@ -96,6 +114,22 @@ bku.verify.template.base64=./templates/default.bku.verify.template.enveloping.xm bku.verify.request.detached=./templates/default.bku.verify.request.detached.xml
bku.verify.template.detached=./templates/default.bku.verify.template.detached.xml
+
+# MOCCA settings
+moc.available_for_web=true
+moc.available_for_commandline=false
+
+# MOCCA signature
+moc.sign.url=https://apps.egiz.gv.at/bkuonline/https-security-layer-request
+moc.sign.KeyboxIdentifier=SecureSignatureKeypair
+# default MOCCA signature template
+moc.sign.request.detached=./templates/default.moc.sign.detached.xml
+
+# MOCCA verification
+# default MOCCA verify template
+moc.verify.template.detached=./templates/default.moc.verify.template.detached.xml
+
+
# A1 settings
a1.available_for_web=false
a1.available_for_commandline=false
@@ -135,6 +169,7 @@ moa.verify.template.base64=./templates/default.moa.verify.template.enveloping.xm moa.verify.request.detached=./templates/default.moa.verify.request.detached.xml
moa.verify.template.detached=./templates/default.moa.verify.template.detached.xml
+
#############################################
# Responsemeldungen der Signaturdienste
|