911 # |
911 # |
912 # Policy: |
912 # Policy: |
913 # Constraint {"," Constraint } |
913 # Constraint {"," Constraint } |
914 # Constraint: |
914 # Constraint: |
915 # AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint | |
915 # AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint | |
916 # ReferenceUriSchemeConstraint | OtherConstraint |
916 # ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint |
917 # AlgConstraint |
917 # AlgConstraint |
918 # "disallowAlg" Uri |
918 # "disallowAlg" Uri |
919 # MaxTransformsConstraint: |
919 # MaxTransformsConstraint: |
920 # "maxTransforms" Integer |
920 # "maxTransforms" Integer |
921 # MaxReferencesConstraint: |
921 # MaxReferencesConstraint: |
922 # "maxReferences" Integer |
922 # "maxReferences" Integer |
923 # ReferenceUriSchemeConstraint: |
923 # ReferenceUriSchemeConstraint: |
924 # "disallowReferenceUriSchemes" String { String } |
924 # "disallowReferenceUriSchemes" String { String } |
|
925 # KeySizeConstraint: |
|
926 # "minKeySize" KeyAlg Integer |
925 # OtherConstraint: |
927 # OtherConstraint: |
926 # "noDuplicateIds" | "noRetrievalMethodLoops" |
928 # "noDuplicateIds" | "noRetrievalMethodLoops" |
927 # |
929 # |
928 # For AlgConstraint, Uri is the algorithm URI String that is not allowed. |
930 # For AlgConstraint, Uri is the algorithm URI String that is not allowed. |
929 # See the XML Signature Recommendation for more information on algorithm |
931 # See the XML Signature Recommendation for more information on algorithm |
930 # URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is |
932 # URI Identifiers. For KeySizeConstraint, KeyAlg is the standard algorithm |
|
933 # name of the key type (ex: "RSA"). If the MaxTransformsConstraint, |
|
934 # MaxReferencesConstraint or KeySizeConstraint (for the same key type) is |
931 # specified more than once, only the last entry is enforced. |
935 # specified more than once, only the last entry is enforced. |
932 # |
936 # |
933 # Note: This property is currently used by the JDK Reference implementation. It |
937 # Note: This property is currently used by the JDK Reference implementation. It |
934 # is not guaranteed to be examined and used by other implementations. |
938 # is not guaranteed to be examined and used by other implementations. |
935 # |
939 # |
939 disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\ |
943 disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\ |
940 disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\ |
944 disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\ |
941 maxTransforms 5,\ |
945 maxTransforms 5,\ |
942 maxReferences 30,\ |
946 maxReferences 30,\ |
943 disallowReferenceUriSchemes file http https,\ |
947 disallowReferenceUriSchemes file http https,\ |
|
948 minKeySize RSA 1024,\ |
|
949 minKeySize DSA 1024,\ |
944 noDuplicateIds,\ |
950 noDuplicateIds,\ |
945 noRetrievalMethodLoops |
951 noRetrievalMethodLoops |
946 |
952 |
947 # |
953 # |
948 # Serialization process-wide filter |
954 # Serialization process-wide filter |