A sample configuration file is coming with ESYA Signature API. By editing this file, signature creation and verification settings can be specified and modified at run-time.

Specifies the language of the API messages.

<locale language="tr" country="TR"/>

If the API runs behind a proxy server, then the http settings take place in this section

<http>
    <proxy-host></proxy-host>
    <proxy-port></proxy-port>
    <proxy-username></proxy-username>
    <proxy-password></proxy-password>
    <basic-authentication-username></basic-authentication-username>
    <basic-authentication-password></basic-authentication-password>
    <connection-timeout-in-milliseconds>2000</connection-timeout-in-milliseconds>
</http>

If the signature type is more advanced than the basic electronic signature (ES-BES), then it includes one or more timestamps. Thetimestamp related configuration (i.e timestamp server address etc.) can be performed here. You can leave fields userid-passwords empty if you are using a timestamp server other than ESYA Timestamp Server.

<timestamp-server>
    <!-- leave userid/password blank for public services! -->
    <host>http://10.3.0.21</host>
    <userid>1</userid>
    <password>12345678</password>
    <digest-alg>SHA-1</digest-alg>
</timestamp-server>

The digest algorithm to be used when creating hash of the content to be signed is determined by digest-alg. signature-alg parameter defines the signature algorithm.

<algorithms>
    <digest-alg>SHA-256</digest-alg>
    <signature-alg>RSA-with-SHA256</signature-alg>
</algorithms>

Certificate validation parameters are defined within the tag <certificate-validation> Those parameters are:

<certificate-validation>
    <certificate-validation-policy-file>MA3/api-signature/testresources/certval-ug-policy.xml</certificate-validation-policy-file>
    <!-- possible types: {QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate} -->
    <certificate-validation-policy-file for="MaliMuhurCertificate">//path/to/certval-mm-policy.xml</certificate-validation-policy-file>

    <!-- 0 means ignore grace -->
    <grace-period-in-seconds>86400</grace-period-in-seconds>

    <!-- *100 for tests! -->
    <last-revocation-period-in-seconds>17280000</last-revocation-period-in-seconds>

    <!-- validation data must be published after creation ifs set true, requires grace period for signers -->
    <use-validation-data-published-after-creation>false</use-validation-data-published-after-creation>

    <validate-certificate-before-signing>false</validate-certificate-before-signing>

</certificate-validation>

Other validation parameters are define within the tag '<params>'. Those are: Diğer doğrulama parametreleri <params> tag'ı içinde belirtilir. Bunlar:

force-strict-reference-use: Use only the validation data included in the signature.

check-policy-uri: Check the policy info in the signature is the digest of the policy info at the specified url.

validate-timestamp-while-signing: Validate the timestamp while creating signature.

write-referencedvalidationdata-to-file-on-upgrade: Write the certificate validation references to a file (For debug purposes)

<params>
    <!-- loosening below 2 settings will cause warnings instead of validation failure -->
    <!-- referenced validation data must be used for cert validation is set true -->
    <force-strict-reference-use>false</force-strict-reference-use>


    <!-- compare resolved policy with policy uri if indicated -->
    <check-policy-uri>false</check-policy-uri>

    <validate-timestamp-while-signing>false</validate-timestamp-while-signing>

    <!-- for debug purposes! -->
    <write-referencedvalidationdata-to-file-on-upgrade>false</write-referencedvalidationdata-to-file-on-upgrade>
</params>