1 | # JDigiDoc config file |
---|
2 | |
---|
3 | # Signature processor settings |
---|
4 | #DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.Pkcs12SignatureFactory |
---|
5 | DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.PKCS11SignatureFactory |
---|
6 | #DIGIDOC_SIGN_IMPL_PKCS11=ee.sk.digidoc.factory.Pkcs12SignatureFactory |
---|
7 | DIGIDOC_NOTARY_IMPL=ee.sk.digidoc.factory.BouncyCastleNotaryFactory |
---|
8 | DIGIDOC_FACTORY_IMPL=ee.sk.digidoc.factory.SAXDigiDocFactory |
---|
9 | DIGIDOC_TIMESTAMP_IMPL=ee.sk.digidoc.factory.BouncyCastleTimestampFactory |
---|
10 | #CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.factory.DOMCanonicalizationFactory |
---|
11 | CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.c14n.TinyXMLCanonicalizer |
---|
12 | DIGIDOC_TSLFAC_IMPL=ee.sk.digidoc.tsl.DigiDocTrustServiceFactory |
---|
13 | |
---|
14 | CRL_FACTORY_IMPL=ee.sk.digidoc.factory.CRLCheckerFactory |
---|
15 | ENCRYPTED_DATA_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedDataSAXParser |
---|
16 | ENCRYPTED_STREAM_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedStreamSAXParser |
---|
17 | |
---|
18 | # Security settings |
---|
19 | DIGIDOC_SECURITY_PROVIDER=org.bouncycastle.jce.provider.BouncyCastleProvider |
---|
20 | DIGIDOC_SECURITY_PROVIDER_NAME=BC |
---|
21 | |
---|
22 | # Big file handling |
---|
23 | DIGIDOC_MAX_DATAFILE_CACHED=4096 |
---|
24 | DIGIDOC_DF_CACHE_DIR=/tmp |
---|
25 | |
---|
26 | # PKCS#11 module settings - change this according to your signature device!!! |
---|
27 | DIGIDOC_SIGN_PKCS11_DRIVER=/usr/lib/opensc-pkcs11.so |
---|
28 | #DIGIDOC_SIGN_PKCS11_DRIVER=/.10.6/Library/OpenSC/lib/opensc-pkcs11.so |
---|
29 | #DIGIDOC_SIGN_PKCS11_DRIVER=/Library/OpenSC/lib/opensc-pkcs11.so |
---|
30 | #DIGIDOC_SIGN_PKCS11_DRIVER=esteid-pkcs11 |
---|
31 | # VS: this is PKCS#11 driver for AID cards (GPK8000) |
---|
32 | #DIGIDOC_SIGN_PKCS11_DRIVER=pk2privXAdES-XL.SCOK/SK/ |
---|
33 | DIGIDOC_SIGN_PKCS11_WRAPPER=PKCS11Wrapper |
---|
34 | #DIGIDOC_VERIFY_ALGORITHM=RSA//NOPADDING |
---|
35 | DIGIDOC_VERIFY_ALGORITHM=RSA// |
---|
36 | |
---|
37 | DIGIDOC_DRIVER_BASE_URL=http://localhost:8080/XMLSign/ |
---|
38 | |
---|
39 | # VS: log4j config file - change this!!! |
---|
40 | DIGIDOC_LOG4J_CONFIG=../jdigidoc/src/main/resources/SignatureLogging.properties |
---|
41 | |
---|
42 | DIGIDOC_TSL_DIR=../jdigidoc/src/main/tsl |
---|
43 | |
---|
44 | # OCSP responder URL - change this!!! |
---|
45 | #DIGIDOC_OCSP_RESPONDER_URL=http://ocsp.sk.ee |
---|
46 | DIGIDOC_OCSP_RESPONDER_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
47 | |
---|
48 | #DIGIDOC_OCSP_RESPONDER_URL=http://xades-portal.etsi.org/protected/capso/OCSP?ca=LevelBCAOK |
---|
49 | |
---|
50 | # your HTTP proxy if necessary - change this!!! |
---|
51 | #DIGIDOC_PROXY_HOST=<put-your-proxy-hostname-here> |
---|
52 | #DIGIDOC_PROXY_PORT=<proxy-port> |
---|
53 | |
---|
54 | # sign OCSP requests or not. Depends on your responder |
---|
55 | SIGN_OCSP_REQUESTS=false |
---|
56 | #OCSP_SAVE_DIR=. |
---|
57 | # The PKCS#12 file used to sign OCSP requests |
---|
58 | #DIGIDOC_PKCS12_CONTAINER=<your-pkcs12-file-name> |
---|
59 | # password for this key |
---|
60 | #DIGIDOC_PKCS12_PASSWD=<your-pkcs12-passwd> |
---|
61 | # serial number of your PKCS#12 signature cert. |
---|
62 | # Use ee.sk.test.OCSPCertFinder to find this |
---|
63 | #DIGIDOC_OCSP_SIGN_CERT_SERIAL=<your-pkcs12-cert-serial> |
---|
64 | |
---|
65 | # Set this to true if you want jdigidoc to use ca certs registered in jdigidoc.cfg |
---|
66 | # If you want jdigidoc to use only TSL-s set this to false. |
---|
67 | DIGIDOC_USE_LOCAL_TSL=true |
---|
68 | |
---|
69 | # VS: CA certificates. Used to do a prelimenary check of signer. |
---|
70 | # use jar:// to get certs from classpath |
---|
71 | # use forward slashes both on your linux and other environments |
---|
72 | DIGIDOC_CAS=1 |
---|
73 | DIGIDOC_CA_1_NAME=AS Sertifitseerimiskeskus |
---|
74 | DIGIDOC_CA_1_TRADENAME=SK |
---|
75 | DIGIDOC_CA_1_CERTS=7 |
---|
76 | DIGIDOC_CA_1_CERT1=jar://certs/EID-SK.crt |
---|
77 | DIGIDOC_CA_1_CERT2=jar://certs/EID-SK 2007.crt |
---|
78 | DIGIDOC_CA_1_CERT3=jar://certs/ESTEID-SK.crt |
---|
79 | DIGIDOC_CA_1_CERT4=jar://certs/ESTEID-SK 2007.crt |
---|
80 | DIGIDOC_CA_1_CERT5=jar://certs/JUUR-SK.crt |
---|
81 | DIGIDOC_CA_1_CERT6=jar://certs/KLASS3-SK.crt |
---|
82 | DIGIDOC_CA_1_CERT7=jar://certs/TEST-SK.crt |
---|
83 | |
---|
84 | #DIGIDOC_CA_CERT8=jar://certs/RootCAOK.pem |
---|
85 | #DIGIDOC_CA_CERT8_URI=http://xades-portal.etsi.org/protected/capso/certs/RootCAOK.crt |
---|
86 | #DIGIDOC_CA_CERT9=jar://certs/LevelACAOK.pem |
---|
87 | #DIGIDOC_CA_CERT9_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelACAOK.crt |
---|
88 | #DIGIDOC_CA_CERT10=jar://certs/LevelBCAOK.pem |
---|
89 | #DIGIDOC_CA_CERT10_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelBCAOK.crt |
---|
90 | |
---|
91 | |
---|
92 | # VS: OCSP responder certificates - change this!!! |
---|
93 | # Note! if you add or remove some of these certificates you should update the following number |
---|
94 | # also pay attention to proper naming |
---|
95 | DIGIDOC_CA_1_OCSPS=12 |
---|
96 | |
---|
97 | DIGIDOC_CA_1_OCSP1_CA_CN=EID-SK TEST |
---|
98 | DIGIDOC_CA_1_OCSP1_CA_CERT=jar://certs/EID-SK.crt |
---|
99 | DIGIDOC_CA_1_OCSP1_CN=EID-SK OCSP RESPONDER |
---|
100 | DIGIDOC_CA_1_OCSP1_CERT=jar://certs/EID-SK OCSP 2006.crt |
---|
101 | DIGIDOC_CA_1_OCSP1_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
102 | |
---|
103 | DIGIDOC_CA_1_OCSP2_CA_CN=EID-SK |
---|
104 | DIGIDOC_CA_1_OCSP2_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
105 | DIGIDOC_CA_1_OCSP2_CN=EID-SK 2007 OCSP RESPONDER |
---|
106 | DIGIDOC_CA_1_OCSP2_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
107 | DIGIDOC_CA_1_OCSP2_URL=http://ocsp.sk.ee |
---|
108 | |
---|
109 | DIGIDOC_CA_1_OCSP3_CA_CN=ESTEID-SK TEST |
---|
110 | DIGIDOC_CA_1_OCSP3_CA_CERT=jar://certs/ESTEID-SK.crt |
---|
111 | DIGIDOC_CA_1_OCSP3_CN=ESTEID-SK OCSP RESPONDER |
---|
112 | DIGIDOC_CA_1_OCSP3_CERT=jar://certs/ESTEID-SK OCSP 2005.crt |
---|
113 | DIGIDOC_CA_1_OCSP3_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
114 | |
---|
115 | DIGIDOC_CA_1_OCSP4_CA_CN=ESTEID-SK |
---|
116 | DIGIDOC_CA_1_OCSP4_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
117 | DIGIDOC_CA_1_OCSP4_CN=ESTEID-SK 2007 OCSP RESPONDER |
---|
118 | DIGIDOC_CA_1_OCSP4_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt |
---|
119 | DIGIDOC_CA_1_OCSP4_URL=http://ocsp.sk.ee |
---|
120 | |
---|
121 | DIGIDOC_CA_1_OCSP5_CA_CN=KLASS3-SK |
---|
122 | DIGIDOC_CA_1_OCSP5_CA_CERT=jar://certs/KLASS3-SK.crt |
---|
123 | DIGIDOC_CA_1_OCSP5_CN=KLASS3-SK OCSP RESPONDER |
---|
124 | DIGIDOC_CA_1_OCSP5_CERT=jar://certs/KLASS3-SK OCSP 2009.crt |
---|
125 | DIGIDOC_CA_1_OCSP5_URL=http://ocsp.sk.ee |
---|
126 | |
---|
127 | # EID certificates (for example Mobile-ID certificates) issued since |
---|
128 | # 20.01.2007 validity confirmation service |
---|
129 | DIGIDOC_CA_1_OCSP7_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
130 | DIGIDOC_CA_1_OCSP7_CN=EID-SK OCSP RESPONDER 2007 |
---|
131 | DIGIDOC_CA_1_OCSP7_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
132 | DIGIDOC_CA_1_OCSP7_CA_CN=EID-SK 2007 |
---|
133 | DIGIDOC_CA_1_OCSP7_URL=http://ocsp.sk.ee |
---|
134 | |
---|
135 | # Since 20.01.2007 issued ID-card certificates validity confirmation |
---|
136 | # service |
---|
137 | DIGIDOC_CA_1_OCSP6_CN=ESTEID-SK 2007 OCSP RESPONDER |
---|
138 | DIGIDOC_CA_1_OCSP6_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt |
---|
139 | DIGIDOC_CA_1_OCSP6_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
140 | DIGIDOC_CA_1_OCSP6_CA_CN=ESTEID-SK 2007 |
---|
141 | DIGIDOC_CA_1_OCSP6_URL=http://ocsp.sk.ee |
---|
142 | |
---|
143 | DIGIDOC_CA_1_OCSP8_CN=ESTEID-SK 2007 OCSP RESPONDER 2010 |
---|
144 | DIGIDOC_CA_1_OCSP8_CERT=jar://certs/ESTEID-SK 2007 OCSP 2010.crt |
---|
145 | DIGIDOC_CA_1_OCSP8_CA_CERT=jar://certs/ESTEID-SK 2007.crt |
---|
146 | DIGIDOC_CA_1_OCSP8_CA_CN=ESTEID-SK 2007 |
---|
147 | DIGIDOC_CA_1_OCSP8_URL=http://ocsp.sk.ee |
---|
148 | |
---|
149 | DIGIDOC_CA_1_OCSP9_CERT=jar://certs/EID-SK 2007 OCSP 2010.crt |
---|
150 | DIGIDOC_CA_1_OCSP9_CN=EID-SK 2007 OCSP RESPONDER 2010 |
---|
151 | DIGIDOC_CA_1_OCSP9_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
152 | DIGIDOC_CA_1_OCSP9_CA_CN=EID-SK 2007 |
---|
153 | DIGIDOC_CA_1_OCSP9_URL=http://ocsp.sk.ee |
---|
154 | |
---|
155 | DIGIDOC_CA_1_OCSP10_CERT=jar://certs/EID-SK 2007 OCSP.crt |
---|
156 | DIGIDOC_CA_1_OCSP10_CN=EID-SK 2007 OCSP RESPONDER |
---|
157 | DIGIDOC_CA_1_OCSP10_CA_CERT=jar://certs/EID-SK 2007.crt |
---|
158 | DIGIDOC_CA_1_OCSP10_CA_CN=EID-SK 2007 |
---|
159 | DIGIDOC_CA_1_OCSP10_URL=http://ocsp.sk.ee |
---|
160 | |
---|
161 | DIGIDOC_CA_1_OCSP11_CERT=jar://certs/ESTEID-SK OCSP 2005.crt |
---|
162 | DIGIDOC_CA_1_OCSP11_CN=ESTEID-SK OCSP RESPONDER 2005 |
---|
163 | DIGIDOC_CA_1_OCSP11_CA_CERT=jar://certs/ESTEID-SK.crt |
---|
164 | DIGIDOC_CA_1_OCSP11_CA_CN=ESTEID-SK |
---|
165 | DIGIDOC_CA_1_OCSP11_URL=http://ocsp.sk.ee |
---|
166 | |
---|
167 | DIGIDOC_CA_1_OCSP12_CERT=jar://certs/TEST-SK OCSP 2005.crt |
---|
168 | DIGIDOC_CA_1_OCSP12_CN=TEST-SK OCSP RESPONDER 2005 |
---|
169 | DIGIDOC_CA_1_OCSP12_CA_CERT=jar://certs/TEST-SK.crt |
---|
170 | DIGIDOC_CA_1_OCSP12_CA_CN=TEST-SK |
---|
171 | DIGIDOC_CA_1_OCSP12_URL=http://www.openxades.org/cgi-bin/ocsp.cgi |
---|
172 | |
---|
173 | |
---|
174 | # OCSP or CRL selectors |
---|
175 | DIGIDOC_CERT_VERIFIER=OCSP |
---|
176 | DIGIDOC_SIGNATURE_VERIFIER=OCSP |
---|
177 | |
---|
178 | #DIGIDOC_TSA_URL=http://xades-portal.etsi.org/protected/tsp/TspRequest |
---|
179 | #DIGIDOC_TSA_URL=http://tsp.iaik.at/tsp |
---|
180 | DIGIDOC_TSA_URL=http://tsp.iaik.tugraz.at/tsp/TspRequest |
---|
181 | |
---|
182 | # VS not required if you don't use CRL-s |
---|
183 | # CRL settings |
---|
184 | CRL_USE_LDAP=false |
---|
185 | CRL_FILE=esteid.crl |
---|
186 | CRL_URL=http://www.sk.ee/crls/esteid/esteid.crl |
---|
187 | CRL_SEARCH_BASE=cn=ESTEID-SK,ou=ESTEID,o=AS Sertifitseerimiskeskus,c=EE |
---|
188 | CRL_FILTER=(certificaterevocationlist;binary=*) |
---|
189 | CLR_LDAP_DRIVER=com.ibm.jndi.LDAPCtxFactory |
---|
190 | CRL_LDAP_URL=ldap://194.126.99.76:389 |
---|
191 | CRL_LDAP_ATTR=certificaterevocationlist;binary |
---|
192 | CRL_PROXY_HOST=cache.eypsise |
---|
193 | CRL_PROXY_PORT=8080 |
---|
194 | |
---|
195 | # Encryption settings |
---|
196 | DIGDOC_ENCRYPT_KEY_ALG=AES |
---|
197 | DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/PKCS7Padding |
---|
198 | #DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/NOPADDING |
---|
199 | DIGIDOC_SECRANDOM_ALGORITHM=SHA1PRNG |
---|
200 | DIGIDOC_KEY_ALOGORITHM=RSA/NONE/PKCS1Padding |
---|
201 | |
---|
202 | #DIGIDOC_KEYSTORE_FILE= |
---|
203 | #DIGIDOC_KEYSTORE_TYPE=PKCS12 |
---|
204 | #DIGIDOC_KEYSTORE_PASSWD=digidoc |
---|
205 | #DIGIDOC_OCSP_AUTH=HTTP |
---|
206 | #DIGIDOC_OCSP_AUTH_USER= |
---|
207 | #DIGIDOC_OCSP_AUTH_PASSWD= |
---|
208 | |
---|