Added HSM bits in Proxy service for Test environment

2022-04-11 16:32:48 +02:00 · 2022-04-11 16:32:48 +02:00 · 08bce45b01
commit 08bce45b01
parent 009c085add
1 changed files with 17 additions and 18 deletions
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties
@ -36,20 +36,24 @@ proxy-service.country=SE

 # Key Store properties
 # Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks"
-proxy-service.keySourceType=PKCS12
-proxy-service.keySourceLocation=${proxy-service.path.prefix}/proxy.p12
-proxy-service.keySourcePass=dummy
-proxy-service.keySourceAlias=proxy

-proxy-service.natsp.keySourceType=PKCS12
-proxy-service.natsp.keySourceLocation=${proxy-service.path.prefix}/proxy.p12
-proxy-service.natsp.keySourcePass=dummy
-proxy-service.natsp.keySourceAlias=proxy
+proxy-service.pkcs11.external-config-locations=${spring.config.additional.location}/pkcs11.cfg
+proxy-service.pkcs11.reloadable-keys=false

-proxy-service.metadata.keySourceType=PKCS12
-proxy-service.metadata.keySourceLocation=${proxy-service.path.prefix}/metadata.p12
-proxy-service.metadata.keySourcePass=dummy
-proxy-service.metadata.keySourceAlias=metadata
+proxy-service.keySourceType=PKCS11
+proxy-service.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.keySourceAlias=sc_eidas_sign
+proxy-service.keySourceCertLocation=${spring.config.additional.location}/sign.crt
+
+proxy-service.encryption.keySourceType=PKCS11
+proxy-service.encryption.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.encryption.keySourceAlias=sc_eidas_encrypt
+proxy-service.encryption.keySourceCertLocation=${spring.config.additional.location}/enc.crt
+
+proxy-service.metadata.keySourceType=PKCS11
+proxy-service.metadata.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.metadata.keySourceAlias=swedenconnect
+proxy-service.metadata.keySourceCertLocation=${spring.config.additional.location}/test-metadata-signer.crt

 # Session Encryption properties
 #proxy-service.cookieEncryptPw=changeme
@ -74,7 +78,7 @@ proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservi
 proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/test-metadata-signer.crt

 #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:"
-proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/role/sp.xml
+proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/entities

 # Optional certificate file for validating metadata signatures
 # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
@ -85,11 +89,6 @@ proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache

 #Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:"

-#proxy-service.nationalMetadata.test.location=http://eid.svelegtest.se/metadata/mdx/role/idp.xml
-#proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/se-metadata-cert.crt
-#proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml
-#proxy-service.nationalMetadata.test.index=1
-
 proxy-service.nationalMetadata.test.location=https://test.md.swedenconnect.se/role/idp.xml
 proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/test-metadata-signer.crt
 proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml