diff options
Diffstat (limited to 'work')
-rw-r--r-- | work/cfg/config.properties | 39 | ||||
-rw-r--r-- | work/cfg/help_text.properties | 6 | ||||
-rw-r--r-- | work/templates/default.moc.sign.detached.xml | 14 | ||||
-rw-r--r-- | work/templates/default.moc.verify.template.detached.xml | 1 | ||||
-rw-r--r-- | work/templates/moc.etsi-moc-1.0.sign.request.xml | 14 | ||||
-rw-r--r-- | work/templates/moc.etsi-moc-1.0.verify.template.xml | 1 |
6 files changed, 73 insertions, 2 deletions
diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 0f54030..509caae 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -14,6 +14,18 @@ ldap.url=http://xxx.yyy.z.com:5000/some/fake/url cert.alg.rsa=http://www.w3.org/2000/09/xmldsig#rsa-sha1
cert.alg.ecdsa=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
+# time frame the signing time may differ (in the upper and the lower direction) from the host time
+# in seconds
+# valid frame: current time - signing_time_tolerance ... current time + signing_time
+# no value or -1 means that the signing time is not checked
+signing_time_tolerance=900
+
+# this key overrides the dynamically built locrefcontent URL for the retrieval of the data to be signed
+# remove/disable this key to enable the old dynamic build process
+# Use this key to overcome SSL Problems with dataurl communication.
+# Note: Assure that this URL is accessible from the citizen card environment.
+#retrieve_signature_data_url_override=http://localhost:8080/pdf-as/RetrieveSignatureData
+
# Beim Signieren: Überprüfung ob Dokument PDF-Version 1.4 (oder weniger) hat
strict_mode=false
@@ -27,7 +39,7 @@ correct_document_if_necessary=true # internal - das Dokument wird mit dem "internen" iText Corrector korrigiert
# external - das Dokument wird durch einen externen Kommandozeilenaufruf korrigiert.
# Hinweis: ein externes Programm aufzurufen birgt gewisse Risiken in sich
-# und sollte daher nöglichst nicht verwendet werden.
+# und sollte daher möglichst nicht verwendet werden.
corrector=internal
# Kommandozeile für den externen Connector.
@@ -63,15 +75,21 @@ default.bku.algorithm.id=etsi-bka-1.0 # MOA Algorithm - Kennzeichnung
default.moa.algorithm.id=etsi-bka-moa-1.0
+# MOCCA Algorithm - Kennzeichnung
+default.moc.algorithm.id=etsi-moc-1.0
+
# MOA Detached Signieren aus Konsole möglich - zurzeit möglich nur mit BKU
moa.sign.console.detached.enabled=false
# MOA Kennzeichnungsfeld anzeigen
moa.id.field.visible=false
+
#############################################
# Signaturdienste
+# BKU settings
+
bku.available_for_web=true
bku.available_for_commandline=true
@@ -84,7 +102,7 @@ bku.sign.request.base64=./templates/default.bku.sign.enveloping.xml # default bku detached sign template file
bku.sign.request.detached=./templates/default.bku.sign.detached.xml
-# BKU VERIFYING
+# BKU verification
bku.verify.url=http://127.0.0.1:3495/http-security-layer-request
bku.verify.template.base64old=./templates/default.bku.verify.template.enveloping.old.xml
@@ -96,6 +114,22 @@ bku.verify.template.base64=./templates/default.bku.verify.template.enveloping.xm bku.verify.request.detached=./templates/default.bku.verify.request.detached.xml
bku.verify.template.detached=./templates/default.bku.verify.template.detached.xml
+
+# MOCCA settings
+moc.available_for_web=true
+moc.available_for_commandline=false
+
+# MOCCA signature
+moc.sign.url=https://apps.egiz.gv.at/bkuonline/https-security-layer-request
+moc.sign.KeyboxIdentifier=SecureSignatureKeypair
+# default MOCCA signature template
+moc.sign.request.detached=./templates/default.moc.sign.detached.xml
+
+# MOCCA verification
+# default MOCCA verify template
+moc.verify.template.detached=./templates/default.moc.verify.template.detached.xml
+
+
# A1 settings
a1.available_for_web=false
a1.available_for_commandline=false
@@ -135,6 +169,7 @@ moa.verify.template.base64=./templates/default.moa.verify.template.enveloping.xm moa.verify.request.detached=./templates/default.moa.verify.request.detached.xml
moa.verify.template.detached=./templates/default.moa.verify.template.detached.xml
+
#############################################
# Responsemeldungen der Signaturdienste
diff --git a/work/cfg/help_text.properties b/work/cfg/help_text.properties index b99ff77..afd2d4b 100644 --- a/work/cfg/help_text.properties +++ b/work/cfg/help_text.properties @@ -60,6 +60,12 @@ error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat d # TODO remove this when MOA detached is ready
error.code.370=Eine detached Signature kann zur Zeit mit MOA nicht überprüft werden.
+# Für die Online-BKU: Signatur-Prüfung wird nicht unterstützt werden.
+error.code.371=Dieses Signaturgerät unterstützt keine Signatur-Prüfung.
+
+# Workaround for ITS(Mac/Linux) bug concerning the signing time.
+error.code.372=Der Signaturzeitpunkt ist ungültig. Stellen Sie bitte sicher, dass die Systemzeit sowie die Zeitzoneneinstellung Ihres Rechners korrekt sind.
+
#NormalizeException
error.code.400=Das Normalisierungsmodul kann nicht initialisiert werden.
diff --git a/work/templates/default.moc.sign.detached.xml b/work/templates/default.moc.sign.detached.xml new file mode 100644 index 0000000..c8252da --- /dev/null +++ b/work/templates/default.moc.sign.detached.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<sl:CreateXMLSignatureRequest xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
+<sl:KeyboxIdentifier>KeyboxIdentifierReplace</sl:KeyboxIdentifier>
+<sl:DataObjectInfo Structure="detached">
+<sl:DataObject Reference="urn:Document">
+<sl:LocRefContent>LocRefContentReplace</sl:LocRefContent>
+</sl:DataObject>
+<sl:TransformsInfo>
+<sl:FinalDataMetaInfo>
+<sl:MimeType>MimeTypeReplace</sl:MimeType>
+</sl:FinalDataMetaInfo>
+</sl:TransformsInfo>
+</sl:DataObjectInfo>
+</sl:CreateXMLSignatureRequest>
diff --git a/work/templates/default.moc.verify.template.detached.xml b/work/templates/default.moc.verify.template.detached.xml new file mode 100644 index 0000000..93e4f96 --- /dev/null +++ b/work/templates/default.moc.verify.template.detached.xml @@ -0,0 +1 @@ +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Signature-SigIdReplace-1"><dsig:SignedInfo Id="SignedInfo-SigIdReplace-1"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="Reference-SigIdReplace-1" URI="urn:Document"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="Reference-SigIdReplace-2" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('Object-SigIdReplace-1')/child::xades:QualifyingProperties/child::xades:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id="SignatureValue-SigIdReplace-1">SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="Object-SigIdReplace-1"><QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><SignedProperties xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" Id="SignedProperties-SigIdReplace-1"><SignedSignatureProperties><SigningTime>SigningTimeReplace</SigningTime><SigningCertificate><Cert><CertDigest><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>DigestValueX509CertificateReplace</DigestValue></CertDigest><IssuerSerial><ns2:X509IssuerName>X509IssuerNameReplace</ns2:X509IssuerName><ns2:X509SerialNumber>X509SerialNumberReplace</ns2:X509SerialNumber></IssuerSerial></Cert></SigningCertificate><SignaturePolicyIdentifier><SignaturePolicyImplied></SignaturePolicyImplied></SignaturePolicyIdentifier></SignedSignatureProperties><SignedDataObjectProperties><DataObjectFormat ObjectReference="#Reference-SigIdReplace-1"><MimeType>MimeTypeReplace</MimeType></DataObjectFormat></SignedDataObjectProperties></SignedProperties></QualifyingProperties></dsig:Object></dsig:Signature>
\ No newline at end of file diff --git a/work/templates/moc.etsi-moc-1.0.sign.request.xml b/work/templates/moc.etsi-moc-1.0.sign.request.xml new file mode 100644 index 0000000..c8252da --- /dev/null +++ b/work/templates/moc.etsi-moc-1.0.sign.request.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<sl:CreateXMLSignatureRequest xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
+<sl:KeyboxIdentifier>KeyboxIdentifierReplace</sl:KeyboxIdentifier>
+<sl:DataObjectInfo Structure="detached">
+<sl:DataObject Reference="urn:Document">
+<sl:LocRefContent>LocRefContentReplace</sl:LocRefContent>
+</sl:DataObject>
+<sl:TransformsInfo>
+<sl:FinalDataMetaInfo>
+<sl:MimeType>MimeTypeReplace</sl:MimeType>
+</sl:FinalDataMetaInfo>
+</sl:TransformsInfo>
+</sl:DataObjectInfo>
+</sl:CreateXMLSignatureRequest>
diff --git a/work/templates/moc.etsi-moc-1.0.verify.template.xml b/work/templates/moc.etsi-moc-1.0.verify.template.xml new file mode 100644 index 0000000..93e4f96 --- /dev/null +++ b/work/templates/moc.etsi-moc-1.0.verify.template.xml @@ -0,0 +1 @@ +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Signature-SigIdReplace-1"><dsig:SignedInfo Id="SignedInfo-SigIdReplace-1"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="Reference-SigIdReplace-1" URI="urn:Document"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="Reference-SigIdReplace-2" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(xades=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('Object-SigIdReplace-1')/child::xades:QualifyingProperties/child::xades:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id="SignatureValue-SigIdReplace-1">SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="Object-SigIdReplace-1"><QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><SignedProperties xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" Id="SignedProperties-SigIdReplace-1"><SignedSignatureProperties><SigningTime>SigningTimeReplace</SigningTime><SigningCertificate><Cert><CertDigest><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>DigestValueX509CertificateReplace</DigestValue></CertDigest><IssuerSerial><ns2:X509IssuerName>X509IssuerNameReplace</ns2:X509IssuerName><ns2:X509SerialNumber>X509SerialNumberReplace</ns2:X509SerialNumber></IssuerSerial></Cert></SigningCertificate><SignaturePolicyIdentifier><SignaturePolicyImplied></SignaturePolicyImplied></SignaturePolicyIdentifier></SignedSignatureProperties><SignedDataObjectProperties><DataObjectFormat ObjectReference="#Reference-SigIdReplace-1"><MimeType>MimeTypeReplace</MimeType></DataObjectFormat></SignedDataObjectProperties></SignedProperties></QualifyingProperties></dsig:Object></dsig:Signature>
\ No newline at end of file |