[62396ee] | 1 | # JDigiDoc config file |
---|
| 2 | |
---|
| 3 | # Signature processor settings |
---|
| 4 | #DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.Pkcs12SignatureFactory |
---|
| 5 | DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.PKCS11SignatureFactory |
---|
| 6 | #DIGIDOC_SIGN_IMPL_PKCS11=ee.sk.digidoc.factory.Pkcs12SignatureFactory |
---|
| 7 | DIGIDOC_NOTARY_IMPL=ee.sk.digidoc.factory.BouncyCastleNotaryFactory |
---|
| 8 | DIGIDOC_FACTORY_IMPL=ee.sk.digidoc.factory.SAXDigiDocFactory |
---|
| 9 | DIGIDOC_TIMESTAMP_IMPL=ee.sk.digidoc.factory.BouncyCastleTimestampFactory |
---|
| 10 | #CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.factory.DOMCanonicalizationFactory |
---|
| 11 | CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.c14n.TinyXMLCanonicalizer |
---|
| 12 | DIGIDOC_TSLFAC_IMPL=ee.sk.digidoc.tsl.DigiDocTrustServiceFactory |
---|
| 13 | |
---|
| 14 | CRL_FACTORY_IMPL=ee.sk.digidoc.factory.CRLCheckerFactory |
---|
| 15 | ENCRYPTED_DATA_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedDataSAXParser |
---|
| 16 | ENCRYPTED_STREAM_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedStreamSAXParser |
---|
| 17 | |
---|
| 18 | # Security settings |
---|
| 19 | DIGIDOC_SECURITY_PROVIDER=org.bouncycastle.jce.provider.BouncyCastleProvider |
---|
| 20 | DIGIDOC_SECURITY_PROVIDER_NAME=BC |
---|
| 21 | |
---|
| 22 | # Big file handling |
---|
| 23 | DIGIDOC_MAX_DATAFILE_CACHED=4096 |
---|
| 24 | DIGIDOC_DF_CACHE_DIR=/tmp |
---|
| 25 | |
---|
| 26 | # PKCS#11 module settings - change this according to your signature device!!! |
---|
| 27 | DIGIDOC_SIGN_PKCS11_DRIVER=/usr/lib/opensc-pkcs11.so |
---|
| 28 | #DIGIDOC_SIGN_PKCS11_DRIVER=/.10.6/Library/OpenSC/lib/opensc-pkcs11.so |
---|
| 29 | #DIGIDOC_SIGN_PKCS11_DRIVER=/Library/OpenSC/lib/opensc-pkcs11.so |
---|
| 30 | #DIGIDOC_SIGN_PKCS11_DRIVER=esteid-pkcs11 |
---|
| 31 | # VS: this is PKCS#11 driver for AID cards (GPK8000) |
---|
| 32 | #DIGIDOC_SIGN_PKCS11_DRIVER=pk2privXAdES-XL.SCOK/SK/ |
---|
| 33 | DIGIDOC_SIGN_PKCS11_WRAPPER=PKCS11Wrapper |
---|
| 34 | #DIGIDOC_VERIFY_ALGORITHM=RSA//NOPADDING |
---|
| 35 | DIGIDOC_VERIFY_ALGORITHM=RSA// |
---|
| 36 | |
---|
| 37 | DIGIDOC_DRIVER_BASE_URL=http://localhost:8080/XMLSign/ |
---|
| 38 | |
---|
| 39 | # VS: log4j config file - change this!!! |
---|
| 40 | DIGIDOC_LOG4J_CONFIG=../jdigidoc/src/main/resources/SignatureLogging.properties |
---|
| 41 | |
---|
| 42 | DIGIDOC_TSL_DIR=../jdigidoc/src/main/tsl |
---|
| 43 | |
---|
| 44 | # OCSP responder URL - change this!!! |
---|
| 45 | #DIGIDOC_OCSP_RESPONDER_URL=http://ocsp.sk.ee |
---|
| 46 | DIGIDOC_OCSP_RESPONDER_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
| 47 | |
---|
| 48 | #DIGIDOC_OCSP_RESPONDER_URL=http://xades-portal.etsi.org/protected/capso/OCSP?ca=LevelBCAOK |
---|
| 49 | |
---|
| 50 | # your HTTP proxy if necessary - change this!!! |
---|
| 51 | #DIGIDOC_PROXY_HOST=<put-your-proxy-hostname-here> |
---|
| 52 | #DIGIDOC_PROXY_PORT=<proxy-port> |
---|
| 53 | |
---|
| 54 | # sign OCSP requests or not. Depends on your responder |
---|
| 55 | SIGN_OCSP_REQUESTS=false |
---|
| 56 | #OCSP_SAVE_DIR=. |
---|
| 57 | # The PKCS#12 file used to sign OCSP requests |
---|
| 58 | #DIGIDOC_PKCS12_CONTAINER=<your-pkcs12-file-name> |
---|
| 59 | # password for this key |
---|
| 60 | #DIGIDOC_PKCS12_PASSWD=<your-pkcs12-passwd> |
---|
| 61 | # serial number of your PKCS#12 signature cert. |
---|
| 62 | # Use ee.sk.test.OCSPCertFinder to find this |
---|
| 63 | #DIGIDOC_OCSP_SIGN_CERT_SERIAL=<your-pkcs12-cert-serial> |
---|
| 64 | |
---|
| 65 | # Set this to true if you want jdigidoc to use ca certs registered in jdigidoc.cfg |
---|
| 66 | # If you want jdigidoc to use only TSL-s set this to false. |
---|
| 67 | DIGIDOC_USE_LOCAL_TSL=true |
---|
| 68 | |
---|
| 69 | # VS: CA certificates. Used to do a prelimenary check of signer. |
---|
| 70 | # use jar:// to get certs from classpath |
---|
| 71 | # use forward slashes both on your linux and other environments |
---|
| 72 | DIGIDOC_CAS=1 |
---|
| 73 | DIGIDOC_CA_1_NAME=AS Sertifitseerimiskeskus |
---|
| 74 | DIGIDOC_CA_1_TRADENAME=SK |
---|
| 75 | DIGIDOC_CA_1_CERTS=7 |
---|
| 76 | DIGIDOC_CA_1_CERT1=jar://certs/EID-SK.crt |
---|
| 77 | DIGIDOC_CA_1_CERT2=jar://certs/EID-SK 2007.crt |
---|
| 78 | DIGIDOC_CA_1_CERT3=jar://certs/ESTEID-SK.crt |
---|
| 79 | DIGIDOC_CA_1_CERT4=jar://certs/ESTEID-SK 2007.crt |
---|
| 80 | DIGIDOC_CA_1_CERT5=jar://certs/JUUR-SK.crt |
---|
| 81 | DIGIDOC_CA_1_CERT6=jar://certs/KLASS3-SK.crt |
---|
| 82 | DIGIDOC_CA_1_CERT7=jar://certs/TEST-SK.crt |
---|
| 83 | |
---|
| 84 | #DIGIDOC_CA_CERT8=jar://certs/RootCAOK.pem |
---|
| 85 | #DIGIDOC_CA_CERT8_URI=http://xades-portal.etsi.org/protected/capso/certs/RootCAOK.crt |
---|
| 86 | #DIGIDOC_CA_CERT9=jar://certs/LevelACAOK.pem |
---|
| 87 | #DIGIDOC_CA_CERT9_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelACAOK.crt |
---|
| 88 | #DIGIDOC_CA_CERT10=jar://certs/LevelBCAOK.pem |
---|
| 89 | #DIGIDOC_CA_CERT10_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelBCAOK.crt |
---|
| 90 | |
---|
| 91 | |
---|
| 92 | # VS: OCSP responder certificates - change this!!! |
---|
| 93 | # Note! if you add or remove some of these certificates you should update the following number |
---|
| 94 | # also pay attention to proper naming |
---|
| 95 | DIGIDOC_CA_1_OCSPS=12 |
---|
| 96 | |
---|
| 97 | DIGIDOC_CA_1_OCSP1_CA_CN=EID-SK TEST |
---|
| 98 | DIGIDOC_CA_1_OCSP1_CA_CERT=jar://certs/EID-SK.crt |
---|
| 99 | DIGIDOC_CA_1_OCSP1_CN=EID-SK OCSP RESPONDER |
---|
| 100 | DIGIDOC_CA_1_OCSP1_CERT=jar://certs/EID-SK OCSP 2006.crt |
---|
| 101 | DIGIDOC_CA_1_OCSP1_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
| 102 | |
---|
| 103 | DIGIDOC_CA_1_OCSP2_CA_CN=EID-SK |
---|
| 104 | DIGIDOC_CA_1_OCSP2_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
| 105 | DIGIDOC_CA_1_OCSP2_CN=EID-SK 2007 OCSP RESPONDER |
---|
| 106 | DIGIDOC_CA_1_OCSP2_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
| 107 | DIGIDOC_CA_1_OCSP2_URL=http://ocsp.sk.ee |
---|
| 108 | |
---|
| 109 | DIGIDOC_CA_1_OCSP3_CA_CN=ESTEID-SK TEST |
---|
| 110 | DIGIDOC_CA_1_OCSP3_CA_CERT=jar://certs/ESTEID-SK.crt |
---|
| 111 | DIGIDOC_CA_1_OCSP3_CN=ESTEID-SK OCSP RESPONDER |
---|
| 112 | DIGIDOC_CA_1_OCSP3_CERT=jar://certs/ESTEID-SK OCSP 2005.crt |
---|
| 113 | DIGIDOC_CA_1_OCSP3_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
| 114 | |
---|
| 115 | DIGIDOC_CA_1_OCSP4_CA_CN=ESTEID-SK |
---|
| 116 | DIGIDOC_CA_1_OCSP4_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
| 117 | DIGIDOC_CA_1_OCSP4_CN=ESTEID-SK 2007 OCSP RESPONDER |
---|
| 118 | DIGIDOC_CA_1_OCSP4_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt |
---|
| 119 | DIGIDOC_CA_1_OCSP4_URL=http://ocsp.sk.ee |
---|
| 120 | |
---|
| 121 | DIGIDOC_CA_1_OCSP5_CA_CN=KLASS3-SK |
---|
| 122 | DIGIDOC_CA_1_OCSP5_CA_CERT=jar://certs/KLASS3-SK.crt |
---|
| 123 | DIGIDOC_CA_1_OCSP5_CN=KLASS3-SK OCSP RESPONDER |
---|
| 124 | DIGIDOC_CA_1_OCSP5_CERT=jar://certs/KLASS3-SK OCSP 2009.crt |
---|
| 125 | DIGIDOC_CA_1_OCSP5_URL=http://ocsp.sk.ee |
---|
| 126 | |
---|
| 127 | # EID certificates (for example Mobile-ID certificates) issued since |
---|
| 128 | # 20.01.2007 validity confirmation service |
---|
| 129 | DIGIDOC_CA_1_OCSP7_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
| 130 | DIGIDOC_CA_1_OCSP7_CN=EID-SK OCSP RESPONDER 2007 |
---|
| 131 | DIGIDOC_CA_1_OCSP7_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
| 132 | DIGIDOC_CA_1_OCSP7_CA_CN=EID-SK 2007 |
---|
| 133 | DIGIDOC_CA_1_OCSP7_URL=http://ocsp.sk.ee |
---|
| 134 | |
---|
| 135 | # Since 20.01.2007 issued ID-card certificates validity confirmation |
---|
| 136 | # service |
---|
| 137 | DIGIDOC_CA_1_OCSP6_CN=ESTEID-SK 2007 OCSP RESPONDER |
---|
| 138 | DIGIDOC_CA_1_OCSP6_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt |
---|
| 139 | DIGIDOC_CA_1_OCSP6_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
| 140 | DIGIDOC_CA_1_OCSP6_CA_CN=ESTEID-SK 2007 |
---|
| 141 | DIGIDOC_CA_1_OCSP6_URL=http://ocsp.sk.ee |
---|
| 142 | |
---|
| 143 | DIGIDOC_CA_1_OCSP8_CN=ESTEID-SK 2007 OCSP RESPONDER 2010 |
---|
| 144 | DIGIDOC_CA_1_OCSP8_CERT=jar://certs/ESTEID-SK 2007 OCSP 2010.crt |
---|
| 145 | DIGIDOC_CA_1_OCSP8_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
| 146 | DIGIDOC_CA_1_OCSP8_CA_CN=ESTEID-SK 2007 |
---|
| 147 | DIGIDOC_CA_1_OCSP8_URL=http://ocsp.sk.ee |
---|
| 148 | |
---|
| 149 | DIGIDOC_CA_1_OCSP9_CERT=jar://certs/EID-SK 2007 OCSP 2010.crt |
---|
| 150 | DIGIDOC_CA_1_OCSP9_CN=EID-SK 2007 OCSP RESPONDER 2010 |
---|
| 151 | DIGIDOC_CA_1_OCSP9_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
| 152 | DIGIDOC_CA_1_OCSP9_CA_CN=EID-SK 2007 |
---|
| 153 | DIGIDOC_CA_1_OCSP9_URL=http://ocsp.sk.ee |
---|
| 154 | |
---|
| 155 | DIGIDOC_CA_1_OCSP10_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
| 156 | DIGIDOC_CA_1_OCSP10_CN=EID-SK 2007 OCSP RESPONDER |
---|
| 157 | DIGIDOC_CA_1_OCSP10_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
| 158 | DIGIDOC_CA_1_OCSP10_CA_CN=EID-SK 2007 |
---|
| 159 | DIGIDOC_CA_1_OCSP10_URL=http://ocsp.sk.ee |
---|
| 160 | |
---|
| 161 | DIGIDOC_CA_1_OCSP11_CERT=jar://certs/ESTEID-SK OCSP 2005.crt |
---|
| 162 | DIGIDOC_CA_1_OCSP11_CN=ESTEID-SK OCSP RESPONDER 2005 |
---|
| 163 | DIGIDOC_CA_1_OCSP11_CA_CERT=jar://certs/ESTEID-SK.crt |
---|
| 164 | DIGIDOC_CA_1_OCSP11_CA_CN=ESTEID-SK |
---|
| 165 | DIGIDOC_CA_1_OCSP11_URL=http://ocsp.sk.ee |
---|
| 166 | |
---|
| 167 | DIGIDOC_CA_1_OCSP12_CERT=jar://certs/TEST-SK OCSP 2005.crt |
---|
| 168 | DIGIDOC_CA_1_OCSP12_CN=TEST-SK OCSP RESPONDER 2005 |
---|
| 169 | DIGIDOC_CA_1_OCSP12_CA_CERT=jar://certs/TEST-SK.crt |
---|
| 170 | DIGIDOC_CA_1_OCSP12_CA_CN=TEST-SK |
---|
| 171 | DIGIDOC_CA_1_OCSP12_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
| 172 | |
---|
| 173 | |
---|
| 174 | # OCSP or CRL selectors |
---|
| 175 | DIGIDOC_CERT_VERIFIER=OCSP |
---|
| 176 | DIGIDOC_SIGNATURE_VERIFIER=OCSP |
---|
| 177 | |
---|
| 178 | #DIGIDOC_TSA_URL=http://xades-portal.etsi.org/protected/tsp/TspRequest |
---|
| 179 | #DIGIDOC_TSA_URL=http://tsp.iaik.at/tsp |
---|
| 180 | DIGIDOC_TSA_URL=http://tsp.iaik.tugraz.at/tsp/TspRequest |
---|
| 181 | |
---|
| 182 | # VS not required if you don't use CRL-s |
---|
| 183 | # CRL settings |
---|
| 184 | CRL_USE_LDAP=false |
---|
| 185 | CRL_FILE=esteid.crl |
---|
| 186 | CRL_URL=http://www.sk.ee/crls/esteid/esteid.crl |
---|
| 187 | CRL_SEARCH_BASE=cn=ESTEID-SK,ou=ESTEID,o=AS Sertifitseerimiskeskus,c=EE |
---|
| 188 | CRL_FILTER=(certificaterevocationlist;binary=*) |
---|
| 189 | CLR_LDAP_DRIVER=com.ibm.jndi.LDAPCtxFactory |
---|
| 190 | CRL_LDAP_URL=ldap://194.126.99.76:389 |
---|
| 191 | CRL_LDAP_ATTR=certificaterevocationlist;binary |
---|
| 192 | CRL_PROXY_HOST=cache.eypsise |
---|
| 193 | CRL_PROXY_PORT=8080 |
---|
| 194 | |
---|
| 195 | # Encryption settings |
---|
| 196 | DIGDOC_ENCRYPT_KEY_ALG=AES |
---|
| 197 | DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/PKCS7Padding |
---|
| 198 | #DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/NOPADDING |
---|
| 199 | DIGIDOC_SECRANDOM_ALGORITHM=SHA1PRNG |
---|
| 200 | DIGIDOC_KEY_ALOGORITHM=RSA/NONE/PKCS1Padding |
---|
| 201 | |
---|
| 202 | #DIGIDOC_KEYSTORE_FILE= |
---|
| 203 | #DIGIDOC_KEYSTORE_TYPE=PKCS12 |
---|
| 204 | #DIGIDOC_KEYSTORE_PASSWD=digidoc |
---|
| 205 | #DIGIDOC_OCSP_AUTH=HTTP |
---|
| 206 | #DIGIDOC_OCSP_AUTH_USER= |
---|
| 207 | #DIGIDOC_OCSP_AUTH_PASSWD= |
---|
| 208 | |
---|