OldDatabaseArchiver

The default archiver used if the the property ARCHIVE=true is set, or if the ARCHIVERS property contains its class name. This Archiver archives to the ArchiveData database table using the same datasource as SignServer uses for accessing the database for its configuration etc.

The data is stored in an XML encoded Base64PutHashMap. In the dataEncoding column, this format is indicated as DATA_ENCODING_XML.

ARCHIVERS=org.signserver.server.archive.olddbarchiver.OldDatabaseArchiver

Worker Properties

Property

Description

ARCHIVERx.ARCHIVE_OF_TYPE

Where "x" is the index of the Archiver in the ARCHIVERS property. Determines what this Archiver should archive. Valid values:

  • REQUEST

  • RESPONSE

  • REQUEST_AND_RESPONSE

Default: RESPONSE.

Example:

ARCHIVER0.ARCHIVE_OF_TYPE=REQUEST_AND_RESPONSE

ARCHIVERx.USE_FORWARDED_ADDRESS

Where "x" is the index of the archiver in the ARCHIVERS property. If this property is set to true, IP addresses in the comma-separated list given in the X-Forwarded-For header is used as the remote IP stored in the archive in case this header is set (by default the last forwarded address is used). If the header is not included, the IP address the request comes from, is used (the same behavior as when this property is not set, or set to false). This is useful when running a proxy in front of SignServer, to record the original IP address of the client, instead of the proxy's IP address. Default: false.

ARCHIVERx.MAX_FORWARDED_ADDRESSES

Where "x" is the index of the archiver in the ARCHIVERS property. Sets the maximum number of forwarded addresses to add the remote IP in the archive, counted from the end. The addresses are listed in the order they appear in the header. Default: 1 (only include the last address). This property is only used when USE_FORWARDED_ADDRESS is set to true.

ARCHIVERx.INCLUDE_DIRECT_ADDRESS

Where "x" is the index of the archiver in the ARCHIVERS property. When both this property and USE_FORWARDED_ADDRESS is set to true, the host IP address (direct address) is added to the end of the list of forwarded addresses. This address is not taken into account for the number of forwarded addresses by MAX_FORWARDED_ADDRESSES above. Default: false (not included). This property is only used when USE_FORWARDED_ADDRESS is set to true.

ArchiveData table

The exact database table structure is described in the SQL scripts available under doc/sql-scripts/.

Database table

Description

uniqueId

Primary key of the archive row.

archiveData

The actual data encoded in an Base64PutHashMap.

archiveId

Identifier for the produced item.

For the TimeStampSigner, this would be the Time stamp token serial number (in hex encoding). Other signers might use a hash of the request document and the transaction ID.

requestCertSerialnumber

Serial number (in hex encoding) of the client certificate (if any) used by the client.
images/s/en_US/8100/b0984b7297905b7c7bd946458f753ce0130bfc8c/_/images/icons/emoticons/warning.svg This only indicates that the client certificate was used when establishing the connection to the web server, and not wether the worker required a client certificate or not, nor if it checked if the authenticated client was authorized.

requestIP

By default IP address of the host connecting. When USE_FORWARDED_ADDRESS is set to true, this contains a list of forwarded IP addresses from X-Forwarded-For optionally ending with the host address (when setting INCLUDE_DIRECT_ADDRESS to true).

requestIssuerDN

Issuer DN (in string representation) of the issuer of the client certificate (if any) used by the client.

See also note about requestCertSerialnumber.

signerId

ID of the worker handling the request.

time

Time stamp (number of milliseconds since January 1 1970 00:00:00) on the SignServer host when the item where archived.

type

The type of archivable item. Valid values:
0 - TYPE_RESPONSE
1 - TYPE_REQUEST

dataEncoding

Type of encoding used for the archiveData. Valid values:
NULL - DATA_ENCODING_XML
0 - DATA_ENCODING_XML
1 - DATA_ENCODING_BASE64

Where DATA_ENCODING_XML uses the Base64PutHashMap, and DATA_ENCODING_BASE64 uses a plain Base64 encoding of the binary data.