A sample configuration file is coming with ESYA Signature API. By editing this file, signature creation and verification settings can be specified and modified at run-time.
Specifies the language of the API messages.
<locale language="tr" country="TR"/>
If the API runs behind a proxy server, then the http settings take place in this section
<http>
<proxy-host></proxy-host>
<proxy-port></proxy-port>
<proxy-username></proxy-username>
<proxy-password></proxy-password>
<basic-authentication-username></basic-authentication-username>
<basic-authentication-password></basic-authentication-password>
<connection-timeout-in-milliseconds>2000</connection-timeout-in-milliseconds>
</http>
If the signature type is more advanced than the basic electronic signature (ES-BES), then it includes one or more timestamps. Thetimestamp related configuration (i.e timestamp server address etc.) can be performed here.
You can leave fields userid-passwords empty if you are using a timestamp server other than ESYA Timestamp Server.
<timestamp-server>
<!-- leave userid/password blank for public services! -->
<host>http://10.3.0.21</host>
<userid>1</userid>
<password>12345678</password>
<digest-alg>SHA-1</digest-alg>
</timestamp-server>
The digest algorithm to be used when creating hash of the content to be signed is determined by digest-alg.
signature-alg parameter defines the signature algorithm.
<algorithms>
<digest-alg>SHA-256</digest-alg>
<signature-alg>RSA-with-SHA256</signature-alg>
</algorithms>
Certificate validation parameters are defined within the tag <certificate-validation>
Those parameters are:
| certificate-validation-policy-file | certificate validation policy file. used as default if the attribute 'for' is not used. This attribute can be assigned as QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate to define a policy file according to the certificate type. |
|---|---|
| grace-period-in-seconds | The minimum required time the CRL(Certificate Revocation List) must be created after the certificate validation time |
| last-revocation-period-in-seconds | the maximum time before which the crls published after the certificate validation time are considered as valid. |
| use-validation-data-published-after-creation | The revocation info is required to be published after the signature creation time. |
| validate-certificate-before-signing | Validate the signer certificate before signing. For example, you can set this false in order not to repeat validation of the user certificates unnecessarily if you validate once at the system startup. |
<certificate-validation>
<certificate-validation-policy-file>MA3/api-signature/testresources/certval-ug-policy.xml</certificate-validation-policy-file>
<!-- possible types: {QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate} -->
<certificate-validation-policy-file for="MaliMuhurCertificate">//path/to/certval-mm-policy.xml</certificate-validation-policy-file>
<!-- 0 means ignore grace -->
<grace-period-in-seconds>86400</grace-period-in-seconds>
<!-- *100 for tests! -->
<last-revocation-period-in-seconds>17280000</last-revocation-period-in-seconds>
<!-- validation data must be published after creation ifs set true, requires grace period for signers -->
<use-validation-data-published-after-creation>false</use-validation-data-published-after-creation>
<validate-certificate-before-signing>false</validate-certificate-before-signing>
</certificate-validation>
Other validation parameters are define within the tag '<params>'. Those are:
Diğer doğrulama parametreleri <params> tag'ı içinde belirtilir. Bunlar:
force-strict-reference-use: Use only the validation data included in the signature.
check-policy-uri: Check the policy info in the signature is the digest of the policy info at the specified url.
validate-timestamp-while-signing: Validate the timestamp while creating signature.
write-referencedvalidationdata-to-file-on-upgrade: Write the certificate validation references to a file (For debug purposes)
<params>
<!-- loosening below 2 settings will cause warnings instead of validation failure -->
<!-- referenced validation data must be used for cert validation is set true -->
<force-strict-reference-use>false</force-strict-reference-use>
<!-- compare resolved policy with policy uri if indicated -->
<check-policy-uri>false</check-policy-uri>
<validate-timestamp-while-signing>false</validate-timestamp-while-signing>
<!-- for debug purposes! -->
<write-referencedvalidationdata-to-file-on-upgrade>false</write-referencedvalidationdata-to-file-on-upgrade>
</params>