API tools faq
paste
Guest User

Untitled

a guest
Nov 22nd, 2020
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.66 KB | None | 0 0
raw download clone embed print report
  1. # Properties of a timestamp keystore crypto worker.
  2. #
  3.  
  4. # Type of worker
  5. WORKERGENID1.TYPE=CRYPTO_WORKER
  6.  
  7. # This worker will not perform any operations on its own and indicates this by
  8. # using the worker type CryptoWorker
  9. WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker
  10.  
  11. # Uses a soft keystore:
  12. WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.KeystoreCryptoToken
  13.  
  14. # Name for other workers to reference this worker:
  15. WORKERGENID1.NAME=CryptoTokenP12TimeStamp
  16.  
  17. # Type of keystore
  18. # PKCS12 and JKS for file-based keystores
  19. # INTERNAL to use a keystore stored in the database (tied to the crypto worker)
  20. WORKERGENID1.KEYSTORETYPE=PKCS12
  21. #WORKERGENID1.KEYSTORETYPE=JKS
  22. #WORKERGENID1.KEYSTORETYPE=INTERNAL
  23.  
  24. # Path to the keystore file (only used for PKCS12 and JKS)
  25. WORKERGENID1.KEYSTOREPATH=C:\\signserver\\conf\\CertificateTimeStamp.p12
  26.  
  27. # Optional password of the keystore. If specified the token is "auto-activated".
  28. #WORKERGENID1.KEYSTOREPASSWORD=foo123
  29.  
  30. # Optional key to test activation with. If not specified the first key found is
  31. # used.
  32. #WORKERGENID1.DEFAULTKEY=testKey
  33.  
  34.  
  35. # Properties of a PDF Signer keystore crypto worker.
  36. #
  37.  
  38. # Type of worker
  39. WORKERGENID1.TYPE=CRYPTO_WORKER
  40.  
  41. # This worker will not perform any operations on its own and indicates this by
  42. # using the worker type CryptoWorker
  43. WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker
  44.  
  45. # Uses a soft keystore:
  46. WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.KeystoreCryptoToken
  47.  
  48. # Name for other workers to reference this worker:
  49. WORKERGENID1.NAME=CryptoTokenP12PdfSigner
  50.  
  51. # Type of keystore
  52. # PKCS12 and JKS for file-based keystores
  53. # INTERNAL to use a keystore stored in the database (tied to the crypto worker)
  54. WORKERGENID1.KEYSTORETYPE=PKCS12
  55. #WORKERGENID1.KEYSTORETYPE=JKS
  56. #WORKERGENID1.KEYSTORETYPE=INTERNAL
  57.  
  58. # Path to the keystore file (only used for PKCS12 and JKS)
  59. WORKERGENID1.KEYSTOREPATH=C:\\signserver\\conf\\CertificatePDFSigner.p12
  60.  
  61. # Optional password of the keystore. If specified the token is "auto-activated".
  62. #WORKERGENID1.KEYSTOREPASSWORD=foo123
  63.  
  64. # Optional key to test activation with. If not specified the first key found is
  65. # used.
  66. #WORKERGENID1.DEFAULTKEY=testKey
  67.  
  68.  
  69. # Properties of a TimeStampSigner.
  70. #
  71.  
  72. ## General properties
  73. WORKERGENID1.TYPE=PROCESSABLE
  74. WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.tsa.TimeStampSigner
  75.  
  76. WORKERGENID1.NAME=TimeStampSigner
  77.  
  78. # Authentication. One of NOAUTH, CLIENTCERT, org.signserver.server.UsernamePasswordAuthorizer, org.signserver.server.UsernameAuthorizer
  79. WORKERGENID1.AUTHTYPE=NOAUTH
  80.  
  81. # Crypto token
  82. WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12
  83. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11
  84. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1
  85. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1KeyWrapping
  86.  
  87. # Using key from sample keystore
  88. WORKERGENID1.DEFAULTKEY=ts00003
  89. # Key using ECDSA
  90. #WORKERGENID1.DEFAULTKEY=ts00002
  91.  
  92.  
  93. # Check validity period of the certificate will be verified before processing. Default true.
  94. #WORKERGENID1.CHECKCERTVALIDITY=true
  95.  
  96. # Check validity of the PrivateKeyUsagePeriod in the certificate will be verified before processing if it is present. Default true.
  97. #WORKERGENID1.CHECKCERTPRIVATEKEYVALIDITY=true
  98.  
  99. # Check the minimum remaining days of the signing certificate before expiration. 0 means disable. Default 0.
  100. #WORKERGENID1.MINREMAININGCERTVALIDITY=0
  101.  
  102. # Sets how many signatures that are allowed to be created with the same key by this worker. Default is -1 (no limit).
  103. # The counter is per key so if multiple workers share the same key they will all increment the counter.
  104. #WORKERGENID1.KEYUSAGELIMIT=-1
  105.  
  106. ## Archiving properties
  107.  
  108. # Using the base 64 archiver
  109. #WORKERGENID1.ARCHIVERS=org.signserver.server.archive.base64dbarchiver.Base64DatabaseArchiver
  110.  
  111. # Using the old database archiver
  112. #WORKERGENID1.ARCHIVERS=org.signserver.server.archive.olddbarchiver.OldDatabaseArchiver
  113.  
  114. # Archiving only requests
  115. #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=REQUEST
  116.  
  117. # Archiving only responses
  118. #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=RESPONSE
  119.  
  120. # Archiving both requests and responses
  121. #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=REQUEST_AND_RESPONSE
  122.  
  123. # Store forwarded address (from the X-Forwarded-For header) as the request address
  124. #WORKERGENID1.ARCHIVER0.USE_FORWARDED_ADDRESS=true
  125.  
  126. # Include additional forwarded addresses (apart from the last), only applies if the property above is set
  127. #WORKERGENID1.ARCHIVER0.MAX_FORWARDED_ADDRESSES=3
  128.  
  129. # Included direct (non-forwarded address) at the end of forwarded addresses
  130. #WORKERGENID1.ARCHIVER0.INCLUDE_DIRECT_ADDRESS=true
  131.  
  132. ## TSA properties
  133.  
  134. # Required. The default policy ID of the time stamp authority. If no policy OID is specified in the request then will this value be used.
  135. WORKERGENID1.DEFAULTTSAPOLICYOID=1.3.6.1.4.1.22408.1.2.3.45
  136.  
  137. # Recommended. A ';' separated string containing accepted algorithms, can be null if it shouldn't be used.
  138. # Supported Algorithms are: GOST3411, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD128, RIPEMD160, RIPEMD256
  139. #WORKERGENID1.ACCEPTEDALGORITHMS=SHA1;SHA224;SHA256;SHA384;SHA512
  140.  
  141. # Recommended. A ';' separated string containing accepted policies, can be null if it shouldn't be used.
  142. #WORKERGENID1.ACCEPTEDPOLICIES=1.3.6.1.4.1.22408.1.2.3.45;1.3.6.1.4.1.22408.1.2.3.46
  143.  
  144. # Accept any requested policy (must be set if not setting ACCEPTEDPOLICIES)
  145. # can optionally be set to false or empty value when setting ACCEPTEDPOLICIES for clarity
  146. WORKERGENID1.ACCEPTANYPOLICY=true
  147. #WORKERGENID1.ACCEPTANYPOLICY=false
  148. #WORKERGENID1.ACCEPTANYPOLICY=
  149.  
  150. # Optional. A ';' separated string containing accepted extensions, can be null if it shouldn't be used.
  151. #WORKERGENID1.ACCEPTEDEXTENSIONS=
  152.  
  153. # Optional. Class implementing the ITimeSource.
  154. #WORKERGENID1.TIMESOURCE=org.signserver.server.LocalComputerTimeSource
  155.  
  156. # Optional. The signature algorithm to use.
  157. #WORKERGENID1.SIGNATUREALGORITHM=SHA256WithRSA
  158.  
  159. # Optional. Accuracy defines how good the time source is. Only one of the accuracy properties should be set.
  160. #WORKERGENID1.ACCURACYMICROS=500
  161. #WORKERGENID1.ACCURACYMILLIS=500
  162. #WORKERGENID1.ACCURACYSECONDS=1
  163.  
  164. # Optional. The GeneralName of the Time Stamp Authority.
  165. #WORKERGENID1.TSA=CN=...
  166.  
  167. # Optional. Set the GeneralName of the Time Stamp Authority from the subject DN of the signing
  168. # certificate. This can not be set if the TSA property above is set
  169. #WORKERGENID1.TSA_FROM_CERT=true
  170.  
  171. # Optional. Perform an extra check that the SIGNERCERTCHAIN only contains certificates in the chain of the signer certificate
  172. #WORKERGENID1.REQUIREVALIDCHAIN=true
  173.  
  174. # The maximum size (in bytes) used when generating serial numbers (default 8)
  175. #WORKERGENID1.MAXSERIALNUMBERLENGTH=16
  176.  
  177. # Optional. Specifies if the status string is to be included in the response. Setting this to true triggers a bug in some versions of OpenJDK's jarsigner utility. Default true.
  178. #WORKERGENID1.INCLUDESTATUSSTRING=false
  179.  
  180. # Optional. Specifies if the signingTime signed CMS attribute should be included in the response. Default true.
  181. #WORKERGENID1.INCLUDESIGNINGTIMEATTRIBUTE=false
  182.  
  183. # If the key usage counter is disabled
  184. WORKERGENID1.DISABLEKEYUSAGECOUNTER=true
  185.  
  186. # Whether timestamp token signature is to be validated after signing. Default true.
  187. WORKERGENID1.VERIFY_TOKEN_SIGNATURE=true
  188. #WORKERGENID1.VERIFY_TOKEN_SIGNATURE=
  189. #WORKERGENID1.VERIFY_TOKEN_SIGNATURE=false
  190.  
  191.  
  192. # Properties of a PDFSigner
  193. #
  194.  
  195. ## General properties
  196. WORKERGENID1.TYPE=PROCESSABLE
  197. WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.pdfsigner.PDFSigner
  198. WORKERGENID1.NAME=PDFSigner
  199. WORKERGENID1.AUTHTYPE=NOAUTH
  200.  
  201. # Crypto token
  202. WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12PdfSigner
  203. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12new
  204. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11
  205. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1
  206. #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1KeyWrapping
  207.  
  208. # Using key from sample keystore
  209. WORKERGENID1.DEFAULTKEY=signer00003
  210. # Key using ECDSA
  211. #WORKERGENID1.DEFAULTKEY=signer00002
  212.  
  213.  
  214. ## PDFSigner properties
  215.  
  216. #--------------------------SIGNATURE PROPERTIES--------------------------------------#
  217.  
  218. # specify reason for signing. it will be displayed in signature properties when viewed
  219. # default is "Signed by SignServer"
  220. #WORKERGENID1.REASON=Signed by SignServer
  221. WORKERGENID1.REASON=Signed by SignServer
  222.  
  223. # specify location. it will be displayed in signature properties when viewed
  224. # default is "SignServer"
  225. #WORKERGENID1.LOCATION=SignServer
  226. WORKERGENID1.LOCATION=SignServer
  227.  
  228. # digest algorithm used for the message digest and signature (this is optional and defaults to SHA256)
  229. # the algorithm determines the minimum PDF version of the resulting document and is documented in the manual.
  230. # for DSA keys, only SHA1 is supported
  231. WORKERGENID1.DIGESTALGORITHM=SHA256
  232. #WORKERGENID1.DIGESTALGORITHM=SHA1
  233.  
  234.  
  235. #--------------------------SIGNATURE VISIBILITY--------------------------------------#
  236.  
  237. # if we want the signature to be drawn on document page set ADD_VISIBLE_SIGNATURE to True , else set to False
  238. # default is "False"
  239. #WORKERGENID1.ADD_VISIBLE_SIGNATURE = False
  240. WORKERGENID1.ADD_VISIBLE_SIGNATURE = True
  241.  
  242. # specify the page on which the visible signature will be drawn
  243. # this property is ignored if ADD_VISIBLE_SIGNATURE is set to False
  244. # default is "First"
  245. # possible values are :
  246. # "First" : signature drawn on first page of the document,
  247. # "Last" : signature drawn on last page of the document,
  248. # page_number : signature is drawn on a page specified by numeric argument. If specified page number exceeds page count of the document ,signature is drawn on last page
  249. # if page_number specified is not numeric (or negative number) the signature will be drawn on first page
  250. WORKERGENID1.VISIBLE_SIGNATURE_PAGE = 2
  251.  
  252. # specify the rectangle signature is going to be drawn in
  253. # this property is ignored if ADD_VISIBLE_SIGNATURE is set to False
  254. # default is "400,700,500,800"
  255. # format is : (llx,lly,urx,ury). Here llx =left lower x coordinate, lly=left lower y coordinate,urx =upper right x coordinate, ury = upper right y coordinate
  256. WORKERGENID1.VISIBLE_SIGNATURE_RECTANGLE = 500,675,560,775
  257.  
  258. # if we want the visible signature to contain custom image , specify image as base64 encoded byte array
  259. # alternatively custom image can be specified by giving a path to image on file system
  260. # note : if specifying a path to an image "\" should be escaped ( thus C:\photo.jpg => "C:\\photo.jpg" )
  261. # note : if specifying image as base64 encoded byte array "=" should be escaped (this "BBCXMI==" => "BBCXMI\=\=")
  262. # if both of these properties are set then VISIBLE_SIGNATURE_CUSTOM_IMAGE_BASE64 will take priority
  263. # if we do not want this feature then do not set these properties
  264. # default is not set (no custom image)
  265. # these properties are ignored if ADD_VISIBLE_SIGNATURE is set to False
  266. #WORKERGENID1.VISIBLE_SIGNATURE_CUSTOM_IMAGE_BASE64=
  267. WORKERGENID1.VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH=C:\\signserver\\conf\\picture.png
  268.  
  269. # if we want our custom image to be resized to specified rectangle (set by VISIBLE_SIGNATURE_RECTANGLE) then set to True.
  270. # if set to True image might look different that original (as an effect of resizing)
  271. # if set to False the rectangle drawn will be resized to specified image's sizes.
  272. # if set to False llx and lly coordinates specified by VISIBLE_SIGNATURE_RECTANGLE property will be used for drawing rectangle (urx and ury will be calculated from specified image's size)
  273. # this property is ignored if ADD_VISIBLE_SIGNATURE is set to False or if custom image to use is not specified
  274. # default is True
  275. WORKERGENID1.VISIBLE_SIGNATURE_CUSTOM_IMAGE_SCALE_TO_RECTANGLE = False
  276.  
  277. # to create a certifying signature that certifies the document set the CERTIFICATION_LEVEL
  278. # possible values are: NOT_CERTIFIED, FORM_FILLING, FORM_FILLING_AND_ANNOTATIONS or NO_CHANGES_ALLOWED
  279. # default is NOT_CERTIFIED
  280. # WORKERGENID1.CERTIFICATION_LEVEL=NOT_CERTIFIED
  281.  
  282. #--------------------------SIGNATURE TIMESTAMPING--------------------------------------#
  283.  
  284. # if we want to timestamp document signature, specify timestamp authority url, if required bu tsa uncomment tsa username and password lines and specify proper values
  285. # if we do not want to timestamp document signature , do not set property
  286.  
  287. # Worker ID or name of internal timestamp signer in the same SignServer
  288. # Default: none
  289. WORKERGENID1.TSA_WORKER=TimeStampSigner
  290.  
  291. # URL of external timestamp authority
  292. # note : if path contains characters "\" or "=" , these characters should be escaped (thus "\" = "\\", "=" =>"\=")
  293. # default is not set (no timestamping)
  294. # WORKERGENID1.TSA_URL =
  295. #WORKERGENID1.TSA_URL=http://tsa.example.com:8080/signserver/tsa?workerName\=TSA
  296.  
  297. # if tsa requires authentication for timestamping , specify username and password
  298. # if tsa does not require authentication, do not set these properties
  299. # these properties are ignored if TSA_URL is not set (no timestamping)
  300. # default is not set (tsa does not require authentication)
  301. #WORKERGENID1.TSA_USERNAME=
  302. #WORKERGENID1.TSA_PASSWORD=
  303.  
  304. # Digest algorithm used for timestamps
  305. # Default: SHA-256
  306. #WORKERGENID1.TSA_DIGESTALGORITHM=
  307.  
  308. #--------------------------EXTRA PROPERTIES [NOT TESTED YET]--------------------------------------#
  309.  
  310. #if we want to embed the crl for signer certificate inside the signature package set to True, otherwise set to False
  311. #default is False
  312. #WORKERGENID1.EMBED_CRL = False
  313.  
  314. #if we want to embed the ocsp response for signer certificate inside the signature package set to True, otherwise set to False
  315. #note : issuer certificate (of signing certificate) should be in certificate chain.
  316. #default is False
  317. #WORKERGENID1.EMBED_OCSP_RESPONSE = False
  318.  
  319. # If the key usage counter is disabled
  320. WORKERGENID1.DISABLEKEYUSAGECOUNTER=true
  321.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!