Standalone

Overview

The Trust1Validation and its utilities can also be run in standalone mode. Standalone mode in this case means you can run the services locally on your Windows machine.

Trust1Validation service

Overview

The digital trust service is a service that provides functionalities to digitally sign documents. It also provides a User Interface where a signed document can be validated but also verify certificates.

Via the User Interface reports can be downloaded in PDF format or printed out.

Downloading the service

Compared to bare-metal installation the procedure is simplified as the Tomcat Server is included in this application.

You can download the Sources which include the Trust1Validation service here.

Once you have downloaded and extracted the sources you will have the following files presented.

Running the service

Continuing from the previous step you will have a Webapp-Startup.bat and a Webapp-Shutdown.bat file. These are quite self explanatory.

In Windows you can double-click the Webapp-Startup.bat file to start the Apache Tomcat server with the Trust1Validation service included. You should see an output similar to this.

As you are also able to see in the logs the Server starts on the port 8080 on your localhost (127.0.0.1).

To see the web application you can simply go to http://localhost:8080 in a webbrowser. You should see this UI (depending on the branding the colors and text can be slightly different).

The port on which the service runs can be updated, for this you can request Trust1Team for an update.

Custom properties

Inside the Apache Tomcat server the Trust1Validation service is hosted. This service has specific properties that can be set and overridden.

To override these you can update the file located in apache-tomcat-8.5.95/lib/dss-custom.properties

By default the following properties are loaded;

# JDBC database config
datasource.jdbc.enabled = true
datasource.driver.class = org.hsqldb.jdbcDriver
datasource.url = jdbc:hsqldb:mem:testdb
datasource.username = sa
datasource.password =

# Cache config (values in seconds)
cache.expiration = 86400
cache.crl.default.next.update = 600
cache.crl.max.next.update = 10800
cache.ocsp.default.next.update = 60
cache.ocsp.max.next.update = 180

# EU LOTL config
oj.content.keystore.type = PKCS12
oj.content.keystore.filename = keystore.p12
oj.content.keystore.password = dss-password
current.oj.url = https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.C_.2019.276.01.0001.01.ENG
current.lotl.url = https://ec.europa.eu/tools/lotl/eu-lotl.xml
lotl.country.code = EU

# AdES LOTL config
tl.loader.ades.enabled=false
tl.loader.ades.lotlUrl=https://ec.europa.eu/tools/lotl/mra/ades-lotl.xml
tl.loader.ades.keystore.type=PKCS12
tl.loader.ades.keystore.filename=ades/ades-keystore.p12
tl.loader.ades.keystore.password=ks-password
tl.loader.ades.tsl.type=http://ec.europa.eu/tools/lotl/mra/ades-lotl-tsl-type

# Server signing token
dss.server.signing.keystore.type = PKCS12
dss.server.signing.keystore.filename = user_a_rsa.p12
dss.server.signing.keystore.password = password

# TSA
tsp-source = classpath:config/tsp-config.xml

# LOTL/TLs loading
cron.tl.loader.enable = true
cron.initial.delay.tl.loader = 0
cron.delay.tl.loader = 3600000

# File size limit
multipart.maxFileSize = 52428800
multipart.maxInMemorySize = 52428800

# default validation policy (in dss-policy-jaxb/src/main/resources/)
default.validation.policy = policy/constraint.xml

# validation policy for a certificate validation (in dss-policy-jaxb/src/main/resources/)
default.certificate.validation.policy = policy/certificate-constraint.xml

# Custom trusted key store
trusted.source.keystore.type = PKCS12
trusted.source.keystore.filename = keystore.p12
trusted.source.keystore.password = dss-password

# Custom trusted adjacent key store
trusted.source.keystore-intermediate.type = PKCS12
trusted.source.keystore-intermediate.filename = keystore-intermediate.p12
trusted.source.keystore-intermediate.password = dss-password

# CommonsDataLoader configuration (timeouts in milliseconds)
dataloader.connection.timeout = 5000
dataloader.connection.request.timeout = 5000
dataloader.redirect.enabled = true

# Defines a number of secure validation tests to be performed on imported RSA keys (disabled by default, use value '1' or higher to enable)
bc.rsa.max_mr_tests = 0

proxy.http.enabled = false
#proxy.http.host =
#proxy.http.scheme =
#proxy.http.port = 0
#proxy.http.user =
#proxy.http.password =
#proxy.http.exclude =
# e.g.: proxy.http.exclude = test.site.lu, test.website.com

proxy.https.enabled = false
#proxy.https.host =
#proxy.https.scheme =
#proxy.https.port = 0
#proxy.https.user =
#proxy.https.password =
#proxy.https.exclude =
# e.g.: proxy.https.exclude = test.site.lu, test.website.com

cxf.debug = true
cxf.mtom.enabled = true

cookie.secure = false

nexuDownloadUrl=https://github.com/nowina-solutions/nexu/releases/download/nexu-${nexu.version}/nexu-bundle-${nexu.version}.zip
nexuVersion = 1.
nexuUrl=http://localhost:9795

dssVersion = ${project.version}

# https://webgate.ec.europa.eu/tl-browser/# (old link)
tl.browser.root.url = https://eidas.ec.europa.eu/efda/tl-browser/#/screen

# Default digest algo to be checked in the web interface
default.digest.algo = SHA256

# Defines the "SameSite" parameter value for "Set-Cookie" header
web.security.cookie.samesite = strict

# Defines the "X-Content-Security-Policy" header value
web.security.csp = default-src 'self' ${nexuUrl} 'unsafe-inline' data:;

Trust1Validation Utility service

Overview

The digital trust service utilities is a extension on the digital trust service. This provide functionalities like PDF/A validation.

Downloading the service

When you download the sources, this service will also be included. The contents of this service look like the following

The bin folder contains the executable and the accompanying bat file which can be used to run the service in Windows.

The conf folder contains all the configuration for the service.

This service is only used for PDF/A validation.

Running the service

To run the service in Windows you can double-click the .bat file which will start the service on port 9000 . The output will look similar to this.

Custom configuration

In the configuration folder you can update the application.conf which is configuration related to the web-service.

DSS related configuration in this service is unused and deprecated.