Bu, dökümanın eski bir sürümüdür!
İçindekiler
API Configuration
A sample configuration file is coming with ESYA Signature API. By editing this file, signature creation and verification settings can be specified and modified at run-time.
Language Settings
Specifies the language of the API messages.
<locale language="tr" country="TR"/>
HTTP and Proxy Settings
If the API runs behind a proxy server, then the http settings take place in this section
<http>
<proxy-host></proxy-host>
<proxy-port></proxy-port>
<proxy-username></proxy-username>
<proxy-password></proxy-password>
<basic-authentication-username></basic-authentication-username>
<basic-authentication-password></basic-authentication-password>
<connection-timeout-in-milliseconds>2000</connection-timeout-in-milliseconds>
</http>
Timestamp Server
If the signature type is more advanced than the basic electronic signature (ES-BES), then it includes one or more timestamps. Thetimestamp related configuration (i.e timestamp server address etc.) can be performed here.
You can leave fields userid-passwords empty if you are using a timestamp server other than ESYA Timestamp Server.
<timestamp-server>
<!-- leave userid/password blank for public services! -->
<host>http://10.3.0.21</host>
<userid>1</userid>
<password>12345678</password>
<digest-alg>SHA-1</digest-alg>
</timestamp-server>
Algorithms
The digest algorithm to be used when creating hash of the content to be signed is determined by digest-alg.
signature-alg parameter defines the signature algorithm.
<algorithms>
<digest-alg>SHA-256</digest-alg>
<signature-alg>RSA-with-SHA256</signature-alg>
</algorithms>
Certificate Validation
Certificate validation parameters are defined within the tag <certificate-validation>
Those parameters are:
| certificate-validation-policy-file | certificate validation policy file. used as default if the attribute 'for' is not used. This attribute can be assigned as QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate to define a policy file according to the certificate type. |
|---|---|
| grace-period-in-seconds | The minimum required time the CRL(Certificate Revocation List) must be created after the certificate validation time |
| last-revocation-period-in-seconds | the maximum time before which the crls published after the certificate validation time are considered as valid. |
| use-validation-data-published-after-creation | The revocation info is required to be published after the signature creation time. |
| validate-certificate-before-signing | Validate the signer certificate before signing. For example, you can set this false in order not to repeat validation of the user certificates unnecessarily if you validate once at the system startup. |
<certificate-validation>
<certificate-validation-policy-file>MA3/api-signature/testresources/certval-ug-policy.xml</certificate-validation-policy-file>
<!-- possible types: {QualifiedCertificate, MaliMuhurCertificate, TimeStampingCertificate} -->
<certificate-validation-policy-file for="MaliMuhurCertificate">//path/to/certval-mm-policy.xml</certificate-validation-policy-file>
<!-- 0 means ignore grace -->
<grace-period-in-seconds>86400</grace-period-in-seconds>
<!-- *100 for tests! -->
<last-revocation-period-in-seconds>17280000</last-revocation-period-in-seconds>
<!-- validation data must be published after creation ifs set true, requires grace period for signers -->
<use-validation-data-published-after-creation>false</use-validation-data-published-after-creation>
<validate-certificate-before-signing>false</validate-certificate-before-signing>
</certificate-validation>
Parameters
Diğer doğrulama parametreleri <params> tag'ı içinde belirtilir. Bunlar:
force-strict-reference-use: Yalnızca imza içindeki doğrulama verileri kullanılsın.
check-policy-uri: Politika temelli imzada imza içindeki politika bilgisinin belirtilen adreste yer alan polikanın özetini taşıdığından emin ol.
validate-timestamp-while-signing: İmza atılırken alınan zaman damgasını doğrula.
write-referencedvalidationdata-to-file-on-upgrade: İmza içindeki sertifika doğrulama bilgisini ayrıca dosyalara yaz. (Debug parametresi.)
<params>
<!-- loosening below 2 settings will cause warnings instead of validation failure -->
<!-- referenced validation data must be used for cert validation is set true -->
<force-strict-reference-use>false</force-strict-reference-use>
<!-- compare resolved policy with policy uri if indicated -->
<check-policy-uri>false</check-policy-uri>
<validate-timestamp-while-signing>false</validate-timestamp-while-signing>
<!-- for debug purposes! -->
<write-referencedvalidationdata-to-file-on-upgrade>false</write-referencedvalidationdata-to-file-on-upgrade>
</params>
