ESYAE-imza Kütüphaneleri

Bu sayfa salt okunur. Kaynağı görebilirsiniz ama değiştiremezsiniz. Bunun yanlış olduğunu düşünüyorsanız yöneticiye danışın.

<h1>XML Signature Configuration</h1>
<div class="level1">

<p>
XML Signature API has a configuration file storing the settings for signature creation and verification.
The configuration file contains proxy settings, timestamp server settings, resolver interfaces, default algorithms, and validation settings.
</p>

<p>
<em><</em>sxh xml>
<em><</em>?xml version="1.0" encoding="UTF-8"?> 
<em><</em>xml-signature-config>
<em><</em>/sxh>
</p>

<p>
XML signature configuration starts with the root element<code>xml-signature-config</code>.
</p>

</div>

<h2>Localization</h2>
<div class="level2">

<p>
Localization properties are defined within <code>locale</code>.
</p>

<p>
<em><</em>sxh xml>
<em><</em>locale language="EN" country="EN"/>
<em><</em>/sxh>
</p>

</div>

<h2>Proxy Settings</h2>
<div class="level2">

<p>
<em><</em>sxh xml>
<em><</em>http> 
</p>
<pre class="code">  &lt;proxy-host&gt;&lt;/proxy-host&gt; 
  &lt;proxy-port&gt;&lt;/proxy-port&gt; 
  &lt;proxy-username&gt;&lt;/proxy-username&gt; 
  &lt;proxy-password&gt;&lt;/proxy-password&gt; 
  &lt;basic-authentication-username&gt;&lt;/basic-authentication-username&gt;
  &lt;basic-authentication-password&gt;&lt;/basic-authentication-password&gt;
  &lt;connection-timeout-in-milliseconds&gt;2000&lt;/connection-timeout-in-milliseconds&gt; 

</pre><p> </p>

<p>
<em><</em>/http>
<em><</em>/sxh>
</p>

<p>
If proxy is used then the related configuration is performed within <code>http</code>.
</p>

</div>

<h2>Resolvers</h2>
<div class="level2">

<p>
<em><</em>sxh xml>
<em><</em>resolvers>
</p>
<pre class="code">  &lt;resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.IdResolver"/&gt;
  &lt;resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.DOMResolver"/&gt; 
  &lt;resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.HttpResolver"/&gt; 
  &lt;resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.XPointerResolver"/&gt; 
  &lt;resolver class="tr.gov.tubitak.uekae.esya.api.xmlsignature.resolver.FileResolver"/&gt; 

</pre><p> </p>

<p>
<em><</em>/resolvers>
<em><</em>/sxh>
</p>

<p>
In the element, the classes used to resolve the urls included in the signature. For a standart usage the resolvers lister here is sufficient. For custom protocoles, the interface IResolver must be implemented and added to <code>resolver</code> in the configuration file. For exapmle, if you want to store a data corresponding to a uri ina database, you can implement a DatabaseResolver class.
</p>

<p>
<em><</em>sxh java>
public interface IResolver { 
</p>
<pre class="code">  boolean isResolvable(String aURI, Context aContext); 
  Document resolve(String aURI, Context aContext) throws IOException; 

</pre><p> </p>

<p>
}
<em><</em>/sxh>
</p>

</div>

<h2>Timestamp</h2>
<div class="level2">

<p>
<em><</em>sxh xml>
<em><</em>timestamp-server> 
</p>
<pre class="code">  &lt;host&gt;http://timestamp_server_address&lt;/host&gt; 
  &lt;userid&gt;fill_id_here&lt;/userid&gt; &lt;password&gt;pass&lt;/password&gt; 
  &lt;digest-alg&gt;SHA-1&lt;/digest-alg&gt; 

</pre><p> </p>

<p>
<em><</em>/timestamp-server>
<em><</em>/sxh>
</p>

<p>
Userid and password are for the timestamp taken from ESYA Timestamp server. For other timestamp services, leave these fields empty. 
</p>

</div>

<h2>Default Algorithms</h2>
<div class="level2">

<p>
<em><</em>sxh xml>
<em><</em>algorithms> 
</p>
<pre class="code">  &lt;digest-method&gt;http://www.w3.org/2001/04/xmlenc#sha256&lt;/digest-method&gt; 

</pre><p> </p>

<p>
<em><</em>/algorithms>
<em><</em>/sxh>
</p>

</div>

<h2>Validation Parameters</h2>
<div class="level2">

<p>
<em><</em>sxh xml>
<em><</em>validation> 
</p>
<pre class="code">  &lt;!-- default policy for certificate validation --&gt; 
  &lt;certificate-validation-policy-file&gt;//path/to/certval-policy.xml&lt;/certificate-validation-policy-file&gt; 
  &lt;!-- possible types: {QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate} --&gt;
  &lt;certificate-validation-policy-file for="MaliMuhurCertificate"&gt;//path/to/certval-mm-policy.xml&lt;/certificate-validation-policy-file&gt;
  
  
  &lt;!-- grace period is the time that needs to pass to get exact revocation info--&gt; 
  &lt;grace-period-in-seconds&gt;86400&lt;/grace-period-in-seconds&gt;
  &lt;!-- how old revocation data should be accepted? --&gt; 
  &lt;last-revocation-period-in-seconds&gt;172800&lt;/last-revocation-period-in-seconds&gt; 
  &lt;!-- compare resolved policy with the one at policy uri, if indicated --&gt; 
  &lt;check-policy-uri&gt;false&lt;/check-policy-uri&gt; 
  &lt;!-- loosening below 2 settings will cause warnings instead of validation failure --&gt; 
  &lt;!-- referenced validation data must be used for cert validation is set true --&gt; 
  &lt;force-strict-reference-use&gt;false&lt;/force-strict-reference-use&gt; 
  &lt;!-- validation data must be published after creation ifs set true, requires grace period for signers --&gt; 
  &lt;use-validation-data-published-after-creation&gt;false&lt;/use-validation-data-published-after-creation&gt; 
  &lt;validators&gt; ... &lt;/validators&gt; 

</pre><p> </p>

<p>
<em><</em>/validation>
<em><</em>/sxh>
</p>

<span class='np_break'> </span>
<div class="table"><table class="inline">
	<tr class="row0">
		<th class="col0"> certificate-validation-policy-file </th><td class="col1"> The policy file for certificate validation. If the attribute 'for' is not used  then it is the default policy. By assigining the attribute 'for' to different values like  <code>QualifiedCertificate</code>, <code>MaliMuhurCertificate</code>, and <code>TimeStampingCertificate</code>, you can define different policys for each type of certificate respectively. </td>
	</tr>
	<tr class="row1">
		<th class="col0"> grace-period-in-seconds </th><td class="col1"> The grace period in terms of seconds. Grace period is the time for the signature verification to be performed securely. </td>
	</tr>
	<tr class="row2">
		<th class="col0"> last-revocation-period-in-seconds </th><td class="col1"> The largest time difference betweent the creation of validation data and the validation. </td>
	</tr>
	<tr class="row3">
		<th class="col0"> force-strict-reference-use </th><td class="col1"> Indicates that the revocation data referenced in the signed document must be used in the certificate validation. For security purposes, this parameter should be <code>true</code>. </td>
	</tr>
	<tr class="row4">
		<th class="col0"> use-validation-data-published-after-creation </th><td class="col1"> Indicates that the validation data must be created after the signing time .Default value is <code>true</code>. For a secure validation the validation data must be created after the signing time. </td>
	</tr>
</table>
<span class='np_break'> </span>
</div>
</div>

<h2>Validators</h2>
<div class="level2">

<p>
XML Signature validator classes are located within <code>validation</code>/<code>validators</code>. Normally, you do not have to modify the content of this element if you are not developing custom validators. See the sample configurations for custom validators. The one important thing is that the attribute "inherit-validators-from" is used to define common validators for different profiles.
</p>

</div>
ESYAE-imza Kütüphaneleri

User Tools

Site Tools

Page Tools
