ESYAE-imza Kütüphaneleri

Bu sayfa salt okunur. Kaynağı görebilirsiniz ama değiştiremezsiniz. Bunun yanlış olduğunu düşünüyorsanız yöneticiye danışın.

<h1>API Configuration</h1>
<div class="level1">

<p>
A sample configuration file is coming with ESYA Signature API. By editing this file, signature creation and verification settings can be specified and modified at run-time.
</p>

</div>

<h2>Language Settings</h2>
<div class="level2">

<p>
Specifies the language of the API messages.
</p>

<p>
<em><</em>sxh xml>
<em><</em>locale language="tr" country="TR"/>
<em><</em>/sxh>
</p>

</div>

<h2>HTTP and Proxy Settings</h2>
<div class="level2">

<p>
If the API runs behind a proxy server, then the http settings take place in this section
</p>

<p>
<em><</em>sxh xml>
<em><</em>http>
</p>
<pre class="code">  &lt;proxy-host&gt;&lt;/proxy-host&gt;
  &lt;proxy-port&gt;&lt;/proxy-port&gt;
  &lt;proxy-username&gt;&lt;/proxy-username&gt;
  &lt;proxy-password&gt;&lt;/proxy-password&gt;
  &lt;basic-authentication-username&gt;&lt;/basic-authentication-username&gt;
  &lt;basic-authentication-password&gt;&lt;/basic-authentication-password&gt;
  &lt;connection-timeout-in-milliseconds&gt;2000&lt;/connection-timeout-in-milliseconds&gt;

</pre><p> </p>

<p>
<em><</em>/http>
<em><</em>/sxh>
</p>

</div>

<h2>Timestamp Server</h2>
<div class="level2">

<p>
If the signature type is more advanced than the basic electronic signature (ES-BES), then it includes one or more timestamps. Thetimestamp related configuration (i.e timestamp server address etc.) can be performed here.
You can leave fields <code>userid-passwords</code> empty if you are using a timestamp server other than ESYA Timestamp Server.
</p>

<p>
<em><</em>sxh xml>
<em><</em>timestamp-server>
</p>
<pre class="code">  &lt;!-- leave userid/password blank for public services! --&gt;
  &lt;host&gt;http://10.3.0.21&lt;/host&gt;
  &lt;userid&gt;1&lt;/userid&gt;
  &lt;password&gt;12345678&lt;/password&gt;
  &lt;digest-alg&gt;SHA-1&lt;/digest-alg&gt;

</pre><p> </p>

<p>
<em><</em>/timestamp-server>
<em><</em>/sxh>
</p>

</div>

<h2>Algorithms</h2>
<div class="level2">

<p>
The digest algorithm to be used when creating hash of the content to be signed is determined by <code>digest-alg</code>.
<code>signature-alg</code> parameter defines the signature algorithm.
</p>

<p>
<em><</em>sxh xml>
<em><</em>algorithms>
</p>
<pre class="code">  &lt;digest-alg&gt;SHA-256&lt;/digest-alg&gt;
  &lt;signature-alg&gt;RSA-with-SHA256&lt;/signature-alg&gt;

</pre><p> </p>

<p>
<em><</em>/algorithms>
<em><</em>/sxh>
</p>

</div>

<h2>Certificate Validation</h2>
<div class="level2">

<p>
Certificate validation parameters are defined within the tag <code><em><</em>certificate-validation></code>
Those parameters are:
</p>

<span class='np_break'> </span>
<div class="table"><table class="inline">
	<tr class="row0">
		<th class="col0"> certificate-validation-policy-file </th><td class="col1"> certificate validation policy file.  used as default if the attribute 'for' is not used. This attribute can be assigned as <code>QualifiedCertificate</code>, <code>MaliMuhurCertificate</code>, <code>TimeStampingCertificate</code> to define a policy file according to the certificate type. </td>
	</tr>
	<tr class="row1">
		<th class="col0"> grace-period-in-seconds </th><td class="col1 leftalign"> The minimum required time the CRL(Certificate Revocation List) must be created after the certificate validation time   </td>
	</tr>
	<tr class="row2">
		<th class="col0"> last-revocation-period-in-seconds </th><td class="col1"> the maximum time before which the crls published after the certificate validation time are considered as valid. </td>
	</tr>
	<tr class="row3">
		<th class="col0"> use-validation-data-published-after-creation </th><td class="col1"> The revocation info is required to be published after the signature creation time. </td>
	</tr>
	<tr class="row4">
		<th class="col0"> validate-certificate-before-signing </th><td class="col1"> Validate the signer certificate before signing. For example, you can set this false in order not to repeat validation of the user certificates unnecessarily if you validate once at  the system startup. </td>
	</tr>
</table>
<span class='np_break'> </span>
</div>
<p>
<em><</em>sxh xml>
<em><</em>certificate-validation>
</p>
<pre class="code">  &lt;certificate-validation-policy-file&gt;MA3/api-signature/testresources/certval-ug-policy.xml&lt;/certificate-validation-policy-file&gt;
  &lt;!-- possible types: {QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate} --&gt;
  &lt;certificate-validation-policy-file for="MaliMuhurCertificate"&gt;//path/to/certval-mm-policy.xml&lt;/certificate-validation-policy-file&gt;

</pre><p> </p>
<pre class="code">  &lt;!-- 0 means ignore grace --&gt;
  &lt;grace-period-in-seconds&gt;86400&lt;/grace-period-in-seconds&gt;

</pre><p> </p>
<pre class="code">  &lt;!-- *100 for tests! --&gt;
  &lt;last-revocation-period-in-seconds&gt;17280000&lt;/last-revocation-period-in-seconds&gt;

</pre><p> </p>
<pre class="code">  &lt;!-- validation data must be published after creation ifs set true, requires grace period for signers --&gt;
  &lt;use-validation-data-published-after-creation&gt;false&lt;/use-validation-data-published-after-creation&gt;

</pre><p> </p>
<pre class="code">  &lt;validate-certificate-before-signing&gt;false&lt;/validate-certificate-before-signing&gt;

</pre><p> </p>

<p>
<em><</em>/certificate-validation>
<em><</em>/sxh>
</p>

</div>

<h2>Parameters</h2>
<div class="level2">

<p>
Other validation parameters are define within the tag '<em><</em>params>'. Those are:
Diğer doğrulama parametreleri <code><em><</em>params></code>  tag'ı içinde belirtilir. Bunlar:
</p>

<p>
<b>force-strict-reference-use</b>: Use only the validation data included in the signature.
</p>

<p>
<b>check-policy-uri</b>: Check the policy info in the signature is the digest of the policy info at the specified url.
</p>

<p>
<b>validate-timestamp-while-signing</b>: Validate the timestamp while creating signature.
</p>

<p>
<b>write-referencedvalidationdata-to-file-on-upgrade</b>: Write the certificate validation references to a file (For debug purposes)
</p>

<p>
<em><</em>sxh xml>
<em><</em>params>
</p>
<pre class="code">  &lt;!-- loosening below 2 settings will cause warnings instead of validation failure --&gt;
  &lt;!-- referenced validation data must be used for cert validation is set true --&gt;
  &lt;force-strict-reference-use&gt;false&lt;/force-strict-reference-use&gt;

</pre><p> </p>
<pre class="code">  &lt;!-- compare resolved policy with policy uri if indicated --&gt;
  &lt;check-policy-uri&gt;false&lt;/check-policy-uri&gt;

</pre><p> </p>
<pre class="code">  &lt;validate-timestamp-while-signing&gt;false&lt;/validate-timestamp-while-signing&gt;

</pre><p> </p>
<pre class="code">  &lt;!-- for debug purposes! --&gt;
  &lt;write-referencedvalidationdata-to-file-on-upgrade&gt;false&lt;/write-referencedvalidationdata-to-file-on-upgrade&gt;

</pre><p> </p>

<p>
<em><</em>/params>
<em><</em>/sxh>
</p>

</div>
ESYAE-imza Kütüphaneleri

User Tools

Site Tools

Page Tools
