.jdigidoc.3.12.1.source-code.jdigidoc-win.cfg Maven / Gradle / Ivy
# JDigiDoc config file
# Signature processor settings
DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.PKCS11SignatureFactory
DIGIDOC_SIGN_IMPL_PKCS11=ee.sk.digidoc.factory.PKCS11SignatureFactory
DIGIDOC_SIGN_IMPL_PKCS12=ee.sk.digidoc.factory.Pkcs12SignatureFactory
DIGIDOC_NOTARY_IMPL=ee.sk.digidoc.factory.BouncyCastleNotaryFactory
DIGIDOC_FACTORY_IMPL=ee.sk.digidoc.factory.SAXDigiDocFactory
DIGIDOC_TIMESTAMP_IMPL=ee.sk.digidoc.factory.BouncyCastleTimestampFactory
CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.c14n.TinyXMLCanonicalizer
DIGIDOC_TSLFAC_IMPL=ee.sk.digidoc.tsl.DigiDocTrustServiceFactory
ENCRYPTED_DATA_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedDataSAXParser
ENCRYPTED_STREAM_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedStreamSAXParser
# Security settings
DIGIDOC_SECURITY_PROVIDER=org.bouncycastle.jce.provider.BouncyCastleProvider
DIGIDOC_SECURITY_PROVIDER_NAME=BC
# Big file handling
DIGIDOC_MAX_DATAFILE_CACHED=4096
DIGIDOC_DF_CACHE_DIR=/tmp
# deafult digest type for new signatures - SHA-1, SHA-224, SHA-256, SHA-512
DIGIDOC_DIGEST_TYPE=SHA-256
# digidoc default profile for BDOC format
# PKCS#11 module settings - change this according to your signature device!!!
DIGIDOC_SIGN_PKCS11_DRIVER=C:\\Windows\\System32\\opensc-pkcs11.dll
#DIGIDOC_SIGN_PKCS11_DRIVER=/.10.6/Library/OpenSC/lib/opensc-pkcs11.so
#DIGIDOC_SIGN_PKCS11_DRIVER=/Library/OpenSC/lib/opensc-pkcs11.so
#DIGIDOC_SIGN_PKCS11_DRIVER=esteid-pkcs11
# VS: this is PKCS#11 driver for AID cards (GPK8000)
#DIGIDOC_SIGN_PKCS11_DRIVER=pk2privXAdES-XL.SCOK/SK/
DIGIDOC_SIGN_PKCS11_WRAPPER=PKCS11Wrapper
#DIGIDOC_VERIFY_ALGORITHM=RSA//NOPADDING
DIGIDOC_VERIFY_ALGORITHM=RSA//
# VS: log4j config file - change this!!!
DIGIDOC_LOG4J_CONFIG=./jdigidoc/src/main/resources/SignatureLogging.properties
# OCSP responder URL - change this!!!
#DIGIDOC_OCSP_RESPONDER_URL=http://ocsp.sk.ee
DIGIDOC_OCSP_RESPONDER_URL=http://demo.sk.ee/ocsp
# connect timeout in milliseconds. 0 means wait forever
OCSP_TIMEOUT=30000
#DIGIDOC_OCSP_RESPONDER_URL=http://xades-portal.etsi.org/protected/capso/OCSP?ca=LevelBCAOK
# sign OCSP requests or not. Depends on your responder
SIGN_OCSP_REQUESTS=false
#OCSP_SAVE_DIR=.
# The PKCS#12 file used to sign OCSP requests
#DIGIDOC_PKCS12_CONTAINER=
# password for this key
#DIGIDOC_PKCS12_PASSWD=
# serial number of your PKCS#12 signature cert.
# Use ee.sk.test.OCSPCertFinder to find this
#DIGIDOC_OCSP_SIGN_CERT_SERIAL=
# Default is to check key-usage non-repudiation bit for signature certificates
KEY_USAGE_CHECK=false
# VS: CA certificates. Used to do a prelimenary check of signer.
# use jar:// to get certs from classpath
# use forward slashes both on your linux and other environments
DIGIDOC_CAS=3
DIGIDOC_CA_1_NAME=AS Sertifitseerimiskeskus
DIGIDOC_CA_1_TRADENAME=SK
DIGIDOC_CA_1_CERTS=15
DIGIDOC_CA_1_CERT1=jar://certs/EID-SK.crt
DIGIDOC_CA_1_CERT2=jar://certs/EID-SK 2007.crt
DIGIDOC_CA_1_CERT3=jar://certs/ESTEID-SK.crt
DIGIDOC_CA_1_CERT4=jar://certs/ESTEID-SK 2007.crt
DIGIDOC_CA_1_CERT5=jar://certs/JUUR-SK.crt
DIGIDOC_CA_1_CERT6=jar://certs/KLASS3-SK.crt
DIGIDOC_CA_1_CERT7=jar://certs/TEST-SK.crt
DIGIDOC_CA_1_CERT8=jar://certs/EECCRCA.crt
DIGIDOC_CA_1_CERT9=jar://certs/ESTEID-SK 2011.crt
DIGIDOC_CA_1_CERT10=jar://certs/EID-SK 2011.crt
DIGIDOC_CA_1_CERT11=jar://certs/TEST EECCRCA.crt
DIGIDOC_CA_1_CERT12=jar://certs/TEST ESTEID-SK 2011.crt
DIGIDOC_CA_1_CERT13=jar://certs/TEST EID-SK 2011.crt
DIGIDOC_CA_1_CERT14=jar://certs/ESTEID-SK 2015.crt
DIGIDOC_CA_1_CERT15=jar://certs/TEST ESTEID-SK 2015.crt
DIGIDOC_CA_2_NAME=Nacionalinis sertifikavimo centras
DIGIDOC_CA_2_TRADENAME=NSC
DIGIDOC_CA_2_CERTS=7
DIGIDOC_CA_2_CERT1=jar://certs/lt-root.pem
DIGIDOC_CA_2_CERT2=jar://certs/lt-root-cr.pem
DIGIDOC_CA_2_CERT3=jar://certs/lt-issuing.pem
DIGIDOC_CA_2_CERT4=jar://certs/lt-policy.pem
DIGIDOC_CA_2_CERT5=jar://certs/NSC_Root_DF.cer
DIGIDOC_CA_2_CERT6=jar://certs/NSC_IssCA_DF.cer
DIGIDOC_CA_2_CERT7=jar://certs/NSC_PolCA_DF.cer
DIGIDOC_CA_3_NAME=VI Registru Centras RCSC
DIGIDOC_CA_3_TRADENAME=RCSC
DIGIDOC_CA_3_CERTS=4
DIGIDOC_CA_3_CERT1=jar://certs/vi-root.pem
DIGIDOC_CA_3_CERT2=jar://certs/vi-policy.pem
DIGIDOC_CA_3_CERT3=jar://certs/vi-issuing.pem
DIGIDOC_CA_3_CERT4=jar://certs/vi-issuing2.pem
# VS: OCSP responder certificates - change this!!!
# Note! if you add or remove some of these certificates you should update the following number
# also pay attention to proper naming
DIGIDOC_CA_1_OCSPS=20
DIGIDOC_CA_1_OCSP1_CA_CN=ESTEID-SK
DIGIDOC_CA_1_OCSP1_CA_CERT=jar://certs/ESTEID-SK 2007.crt
DIGIDOC_CA_1_OCSP1_CN=ESTEID-SK 2007 OCSP RESPONDER
DIGIDOC_CA_1_OCSP1_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt
DIGIDOC_CA_1_OCSP1_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP2_CA_CN=KLASS3-SK
DIGIDOC_CA_1_OCSP2_CA_CERT=jar://certs/KLASS3-SK.crt
DIGIDOC_CA_1_OCSP2_CN=KLASS3-SK OCSP RESPONDER
DIGIDOC_CA_1_OCSP2_CERT=jar://certs/KLASS3-SK OCSP.crt
DIGIDOC_CA_1_OCSP2_CERT_1=jar://certs/KLASS3-SK OCSP 2006.crt
DIGIDOC_CA_1_OCSP2_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP3_CA_CN=EID-SK
DIGIDOC_CA_1_OCSP3_CA_CERT=jar://certs/EID-SK 2007.crt
DIGIDOC_CA_1_OCSP3_CN=EID-SK 2007 OCSP RESPONDER
DIGIDOC_CA_1_OCSP3_CERT=jar://certs/EID-SK 2007 OCSP.crt
DIGIDOC_CA_1_OCSP3_URL=http://ocsp.sk.ee
# EID certificates (for example Mobile-ID certificates) issued since
# 20.01.2007 validity confirmation service
DIGIDOC_CA_1_OCSP4_CERT=jar://certs/EID-SK 2007 OCSP.crt
DIGIDOC_CA_1_OCSP4_CN=EID-SK OCSP RESPONDER 2007
DIGIDOC_CA_1_OCSP4_CA_CERT=jar://certs/EID-SK 2007.crt
DIGIDOC_CA_1_OCSP4_CA_CN=EID-SK 2007
DIGIDOC_CA_1_OCSP4_URL=http://ocsp.sk.ee
# Since 20.01.2007 issued ID-card certificates validity confirmation
# service
DIGIDOC_CA_1_OCSP5_CN=ESTEID-SK 2007 OCSP RESPONDER
DIGIDOC_CA_1_OCSP5_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt
DIGIDOC_CA_1_OCSP5_CA_CERT=jar://certs/ESTEID-SK 2007.crt
DIGIDOC_CA_1_OCSP5_CA_CN=ESTEID-SK 2007
DIGIDOC_CA_1_OCSP5_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP6_CN=ESTEID-SK 2007 OCSP RESPONDER 2010
DIGIDOC_CA_1_OCSP6_CERT=jar://certs/ESTEID-SK 2007 OCSP 2010.crt
DIGIDOC_CA_1_OCSP6_CA_CERT=jar://certs/ESTEID-SK 2007.crt
DIGIDOC_CA_1_OCSP6_CA_CN=ESTEID-SK 2007
DIGIDOC_CA_1_OCSP6_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP7_CERT=jar://certs/EID-SK 2007 OCSP 2010.crt
DIGIDOC_CA_1_OCSP7_CN=EID-SK 2007 OCSP RESPONDER 2010
DIGIDOC_CA_1_OCSP7_CA_CERT=jar://certs/EID-SK 2007.crt
DIGIDOC_CA_1_OCSP7_CA_CN=EID-SK 2007
DIGIDOC_CA_1_OCSP7_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP8_CERT=jar://certs/EID-SK 2007 OCSP.crt
DIGIDOC_CA_1_OCSP8_CN=EID-SK 2007 OCSP RESPONDER
DIGIDOC_CA_1_OCSP8_CA_CERT=jar://certs/EID-SK 2007.crt
DIGIDOC_CA_1_OCSP8_CA_CN=EID-SK 2007
DIGIDOC_CA_1_OCSP8_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP9_CERT=jar://certs/ESTEID-SK OCSP 2005.crt
DIGIDOC_CA_1_OCSP9_CN=ESTEID-SK OCSP RESPONDER 2005
DIGIDOC_CA_1_OCSP9_CA_CERT=jar://certs/ESTEID-SK.crt
DIGIDOC_CA_1_OCSP9_CA_CN=ESTEID-SK
DIGIDOC_CA_1_OCSP9_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP10_CERT=jar://certs/SK OCSP 2011.crt
DIGIDOC_CA_1_OCSP10_CN=SK OCSP RESPONDER 2011
DIGIDOC_CA_1_OCSP10_CA_CERT=jar://certs/EECCRCA.crt
DIGIDOC_CA_1_OCSP10_CA_CN=EE Certification Centre Root CA
DIGIDOC_CA_1_OCSP10_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP11_CA_CN=KLASS3-SK
DIGIDOC_CA_1_OCSP11_CA_CERT=jar://certs/KLASS3-SK.crt
DIGIDOC_CA_1_OCSP11_CN=SK Proxy OCSP Responder 2009
DIGIDOC_CA_1_OCSP11_CERT=jar://certs/SK_proxy_OCSP_responder_2009.pem.cer
DIGIDOC_CA_1_OCSP11_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP12_CA_CN=KLASS3-SK
DIGIDOC_CA_1_OCSP12_CA_CERT=jar://certs/KLASS3-SK.crt
DIGIDOC_CA_1_OCSP12_CN=KLASS3-SK OCSP RESPONDER 2009
DIGIDOC_CA_1_OCSP12_CERT=jar://certs/KLASS3-SK OCSP 2009.crt
DIGIDOC_CA_1_OCSP12_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP13_CERT=jar://certs/ESTEID-SK OCSP.crt
DIGIDOC_CA_1_OCSP13_CN=ESTEID-SK OCSP RESPONDER
DIGIDOC_CA_1_OCSP13_CA_CERT=jar://certs/ESTEID-SK.crt
DIGIDOC_CA_1_OCSP13_CA_CN=ESTEID-SK
DIGIDOC_CA_1_OCSP13_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP14_CERT=jar://certs/EID-SK OCSP.crt
DIGIDOC_CA_1_OCSP14_CERT_1=jar://certs/EID-SK OCSP 2006.crt
DIGIDOC_CA_1_OCSP14_CN=EID-SK OCSP RESPONDER
DIGIDOC_CA_1_OCSP14_CA_CERT=jar://certs/EID-SK.crt
DIGIDOC_CA_1_OCSP14_CA_CN=EID-SK
DIGIDOC_CA_1_OCSP14_URL=http://ocsp.sk.ee
DIGIDOC_CA_1_OCSP15_CERT=jar://certs/KLASS3-SK 2010 OCSP.crt
DIGIDOC_CA_1_OCSP15_CN=KLASS3-SK 2010 OCSP RESPONDER
DIGIDOC_CA_1_OCSP15_CA_CERT=jar://certs/KLASS3-SK 2010.crt
DIGIDOC_CA_1_OCSP15_CA_CN=KLASS3-SK 2010
DIGIDOC_CA_1_OCSP15_URL=http://ocsp.sk.ee
######## Test ocsp responders ##################
DIGIDOC_CA_1_OCSP16_CERT=jar://certs/TEST-SK OCSP 2005.crt
DIGIDOC_CA_1_OCSP16_CN=TEST-SK OCSP RESPONDER 2005
DIGIDOC_CA_1_OCSP16_CA_CERT=jar://certs/TEST-SK.crt
DIGIDOC_CA_1_OCSP16_CA_CN=TEST-SK
DIGIDOC_CA_1_OCSP16_URL=http://demo.sk.ee/ocsp
DIGIDOC_CA_1_OCSP17_CERT=jar://certs/TEST SK OCSP 2011.crt
DIGIDOC_CA_1_OCSP17_CN=TEST of SK OCSP RESPONDER 2011
DIGIDOC_CA_1_OCSP17_CA_CERT=jar://certs/TEST EECCRCA.crt
DIGIDOC_CA_1_OCSP17_CA_CN=TEST of EE Certification Centre Root CA
DIGIDOC_CA_1_OCSP17_URL=http://demo.sk.ee/ocsp
DIGIDOC_CA_1_OCSP18_CERT=jar://certs/TEST SK OCSP 2011.crt
DIGIDOC_CA_1_OCSP18_CN=TEST of SK OCSP RESPONDER 2011
DIGIDOC_CA_1_OCSP18_CA_CERT=jar://certs/KLASS3-SK 2010.crt
DIGIDOC_CA_1_OCSP18_CA_CN=KLASS3-SK 2010
DIGIDOC_CA_1_OCSP18_URL=http://demo.sk.ee/ocsp
DIGIDOC_CA_1_OCSP19_CA_CN=TEST of ESTEID-SK 2011
DIGIDOC_CA_1_OCSP19_CA_CERT=jar://certs/TEST ESTEID-SK 2011.crt
DIGIDOC_CA_1_OCSP19_CN=TEST of SK OCSP RESPONDER 2011
DIGIDOC_CA_1_OCSP19_CERT=jar://certs/TEST SK OCSP 2011.crt
DIGIDOC_CA_1_OCSP19_URL=http://demo.sk.ee/ocsp
DIGIDOC_CA_1_OCSP20_CA_CN=TEST of ESTEID-SK 2015
DIGIDOC_CA_1_OCSP20_CA_CERT=jar://certs/TEST ESTEID-SK 2015.crt
DIGIDOC_CA_1_OCSP20_CN=TEST of SK OCSP RESPONDER 2011
DIGIDOC_CA_1_OCSP20_CERT=jar://certs/TEST SK OCSP 2011.crt
DIGIDOC_CA_1_OCSP20_URL=http://demo.sk.ee/ocsp
# Encryption settings
DIGDOC_ENCRYPT_KEY_ALG=AES
DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/PKCS7Padding
#DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/NOPADDING
DIGIDOC_SECRANDOM_ALGORITHM=SHA1PRNG
DIGIDOC_KEY_ALOGORITHM=RSA/NONE/PKCS1Padding