From 6ef9bdefc58cb2553f23aaa9711d6341e293c9f7 Mon Sep 17 00:00:00 2001 From: tknall Date: Fri, 10 Oct 2008 11:13:40 +0000 Subject: Deprecated webapp-folder removed from svn repository. New DefaultConfiguration.zip integrated in order to allow mocca signatures. Minor bug concerning choice of cce within the web application fixed. Signature with new online bku MOCCA integrated (new signature device "moc" created). Configuration keys for mocca added. New error codes (371 = signature verification not supported by this connector, 372 = invalid signing time) introduced. Optional check of the signing time for the web application implemented. At signature creation time the signing time is checked for plausibility. This is a workaround for the ITS:mac-linux signing time bug. New configuration key ("signing_time_tolerance") added (applies to web application only) to overcome invalid signing times. A signature is only accepted if its signing time is within a time frame of [current time - signing_time_tolerance, current time + signing_time_tolerance] where signing_time_tolerance is interpreted as seconds. Bugfix: Correct extraction of signatures with wrong signing times implemented. (The order of the signatures is still invalid in case of false signing times.) Optional override of the dynamic creation of the signature retrieval url (locrefcontent) implemented in order to overcome ssl problems (retrieve_signature_data_url_override). Note: Assure that this URL is accessible from the citizen card environment. Download of signed pdf-file for external application interface adjusted. Verification of mocca signed documents implemented. Retrieval of xml response via multipart implemented (mocca strictly follows security layer spec) git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@296 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- work/cfg/config.properties | 39 +++++++++++++++++++++++++++++++++++++-- work/cfg/help_text.properties | 6 ++++++ 2 files changed, 43 insertions(+), 2 deletions(-) (limited to 'work/cfg') diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 0f54030..509caae 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -14,6 +14,18 @@ ldap.url=http://xxx.yyy.z.com:5000/some/fake/url cert.alg.rsa=http://www.w3.org/2000/09/xmldsig#rsa-sha1 cert.alg.ecdsa=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 +# time frame the signing time may differ (in the upper and the lower direction) from the host time +# in seconds +# valid frame: current time - signing_time_tolerance ... current time + signing_time +# no value or -1 means that the signing time is not checked +signing_time_tolerance=900 + +# this key overrides the dynamically built locrefcontent URL for the retrieval of the data to be signed +# remove/disable this key to enable the old dynamic build process +# Use this key to overcome SSL Problems with dataurl communication. +# Note: Assure that this URL is accessible from the citizen card environment. +#retrieve_signature_data_url_override=http://localhost:8080/pdf-as/RetrieveSignatureData + # Beim Signieren: Überprüfung ob Dokument PDF-Version 1.4 (oder weniger) hat strict_mode=false @@ -27,7 +39,7 @@ correct_document_if_necessary=true # internal - das Dokument wird mit dem "internen" iText Corrector korrigiert # external - das Dokument wird durch einen externen Kommandozeilenaufruf korrigiert. # Hinweis: ein externes Programm aufzurufen birgt gewisse Risiken in sich -# und sollte daher nöglichst nicht verwendet werden. +# und sollte daher möglichst nicht verwendet werden. corrector=internal # Kommandozeile für den externen Connector. @@ -63,15 +75,21 @@ default.bku.algorithm.id=etsi-bka-1.0 # MOA Algorithm - Kennzeichnung default.moa.algorithm.id=etsi-bka-moa-1.0 +# MOCCA Algorithm - Kennzeichnung +default.moc.algorithm.id=etsi-moc-1.0 + # MOA Detached Signieren aus Konsole möglich - zurzeit möglich nur mit BKU moa.sign.console.detached.enabled=false # MOA Kennzeichnungsfeld anzeigen moa.id.field.visible=false + ############################################# # Signaturdienste +# BKU settings + bku.available_for_web=true bku.available_for_commandline=true @@ -84,7 +102,7 @@ bku.sign.request.base64=./templates/default.bku.sign.enveloping.xml # default bku detached sign template file bku.sign.request.detached=./templates/default.bku.sign.detached.xml -# BKU VERIFYING +# BKU verification bku.verify.url=http://127.0.0.1:3495/http-security-layer-request bku.verify.template.base64old=./templates/default.bku.verify.template.enveloping.old.xml @@ -96,6 +114,22 @@ bku.verify.template.base64=./templates/default.bku.verify.template.enveloping.xm bku.verify.request.detached=./templates/default.bku.verify.request.detached.xml bku.verify.template.detached=./templates/default.bku.verify.template.detached.xml + +# MOCCA settings +moc.available_for_web=true +moc.available_for_commandline=false + +# MOCCA signature +moc.sign.url=https://apps.egiz.gv.at/bkuonline/https-security-layer-request +moc.sign.KeyboxIdentifier=SecureSignatureKeypair +# default MOCCA signature template +moc.sign.request.detached=./templates/default.moc.sign.detached.xml + +# MOCCA verification +# default MOCCA verify template +moc.verify.template.detached=./templates/default.moc.verify.template.detached.xml + + # A1 settings a1.available_for_web=false a1.available_for_commandline=false @@ -135,6 +169,7 @@ moa.verify.template.base64=./templates/default.moa.verify.template.enveloping.xm moa.verify.request.detached=./templates/default.moa.verify.request.detached.xml moa.verify.template.detached=./templates/default.moa.verify.template.detached.xml + ############################################# # Responsemeldungen der Signaturdienste diff --git a/work/cfg/help_text.properties b/work/cfg/help_text.properties index b99ff77..afd2d4b 100644 --- a/work/cfg/help_text.properties +++ b/work/cfg/help_text.properties @@ -60,6 +60,12 @@ error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat d # TODO remove this when MOA detached is ready error.code.370=Eine detached Signature kann zur Zeit mit MOA nicht überprüft werden. +# Für die Online-BKU: Signatur-Prüfung wird nicht unterstützt werden. +error.code.371=Dieses Signaturgerät unterstützt keine Signatur-Prüfung. + +# Workaround for ITS(Mac/Linux) bug concerning the signing time. +error.code.372=Der Signaturzeitpunkt ist ungültig. Stellen Sie bitte sicher, dass die Systemzeit sowie die Zeitzoneneinstellung Ihres Rechners korrekt sind. + #NormalizeException error.code.400=Das Normalisierungsmodul kann nicht initialisiert werden. -- cgit v1.2.3