From 1629f5aa8d49a55b50037c50f8f320b699b0f0aa Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@sunet.se>
Date: Wed, 21 Feb 2024 19:30:00 +0100
Subject: [PATCH] stuffs for demw instance

---
 .../etc/Chrystoki.conf.d/50-ha-slot.conf      |  12 +++++
 .../overlay/etc/hiera/data/local.eyaml        |   6 +++
 .../overlay/etc/hiera/data/local.yaml         |   2 +
 .../overlay/etc/luna/client/.placeholder      |   0
 .../overlay/etc/luna/server/CAFile.pem        |  20 ++++++++
 .../luna/server/tug-hsm-lab2.sunet.seCert.pem |  19 +++++++
 .../configuration/POSeIDAS.xml.sh             |  47 ++++++++++++++++++
 .../configuration/application.properties.sh   |  27 ++++++++++
 .../configuration/credentials/enc.crt         |  29 +++++++++++
 .../metadata-signature-certificate.crt        | Bin 0 -> 1561 bytes
 .../configuration/credentials/sign.crt        |  29 +++++++++++
 .../eidasmiddleware.properties.sh             |  20 ++++++++
 .../configuration/hsm/demw-sunpkcs11-config   |  33 ++++++++++++
 .../configuration/hsm/pkcs11.properties.sh    |  11 ++++
 .../serviceprovider-metadata/.placeholder     |   0
 global/overlay/etc/puppet/cosmos-rules.yaml   |  17 +++++++
 .../etc/puppet/manifests/cosmos-site.pp       |  11 ++++
 17 files changed, 283 insertions(+)
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/hiera/data/local.eyaml
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/hiera/data/local.yaml
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/luna/client/.placeholder
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/luna/server/CAFile.pem
 create mode 100644 demw-1.test.sveidas.se/overlay/etc/luna/server/tug-hsm-lab2.sunet.seCert.pem
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/enc.crt
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/metadata-signature-certificate.crt
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/sign.crt
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/pkcs11.properties.sh
 create mode 100644 demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder

diff --git a/demw-1.test.sveidas.se/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/demw-1.test.sveidas.se/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf
new file mode 100644
index 00000000..ba4eae8f
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf
@@ -0,0 +1,12 @@
+VirtualToken = {
+   VirtualToken00Label = sc_ha;
+   VirtualToken00SN = 11429933786539;
+   VirtualToken00Members = 1428432029165;
+}
+HASynchronize = {
+   sc_ha = 1;
+}
+
+HAConfiguration = {
+   haLogStatus = enabled;
+}
diff --git a/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.eyaml b/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.eyaml
new file mode 100644
index 00000000..50fcd7bb
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.eyaml
@@ -0,0 +1,6 @@
+---
+
+poseidas_admin_hashed_password: ENC[PKCS7,MIIC2gYJKoZIhvcNAQcDoIICyzCCAscCAQAxggKCMIICfgIBADBmME4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxHzAdBgNVBAMMFmRlbXctMS50ZXN0LnN2ZWlkYXMuc2UCFHodUDtFtoj6tT1rdF5qt0AL2b8lMA0GCSqGSIb3DQEBAQUABIICAGhvfiDQ4BWe2h/uUy5N4jWsZwgDiKF0EflxdGq2s+xF2eMt6z3aInfbYaP5Gne0cUMVmsytG73RDUvumhlXcJboHRwTew+pOwDNpJXZK1FDe8QHWwyeWy0SkFHqmQ/sIwtQxP0hUdi0psvxF2G3pWhVign9fqTxOeeifnfKHpPcGXNJd//IKo09Ev4Lw6PhSgIB1mx2cHlmfRlZLUCai1eF5FcAKJpEeg6l+MlknTPLjcSw9rjkCN//BWdUE7ugB72C5/ENvW2XXTNvLxO92ZztusuFANZ7z4tiaAaVZ/vAeLO4JWXRxhU65AwfEvKtzqN5mvG/bJ7dvJb1TVFCEZQGEaF2uAuuFEYXihQM171VkI5eRN/v74Eec4mY1R7Q+uYZ8CZGq4cFgw3myShNIQv9YxpJ8vBFXnWT8SWLzHcEVlpyrfjwFXkSxqllB5x1UBwX1FacvmQ0cEBKe4q5otxf+kNfen8afyGk748W3J2eJfGCmGHLyyR0RX9P9zm9jFzqS3UeWhkKO0g2WczQsz+Wv1Gd0vySey9RPEnvcKL/D9Poz++2DWfClcHyvQOyYWEqLeKGKxcgx9PykBsQ0AtU0j9jfj6K3aSg8wWJXugrHAIk44aB2nIIXgD4lsypt/AkUDxNH/KxxG+yxKcZmCzQ0m+jabqmFUkfowvy+18nMDwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEH5ZC2/0iWOXfABPOz9O9IyAEAoSnHIWRAQ6DDbyEuzwxMA=]
+spring_datasource_password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKCMIICfgIBADBmME4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxHzAdBgNVBAMMFmRlbXctMS50ZXN0LnN2ZWlkYXMuc2UCFHodUDtFtoj6tT1rdF5qt0AL2b8lMA0GCSqGSIb3DQEBAQUABIICAFO4tBHksfw6eNh3X1gDfS5V0Pm7oQCGIHYV0A+r7Pp+3W/HiY7k83tUfpwkgtQMLGfRj4YsRuvf5s4bD2OFjd2EUsFxpTpH1W83BXcdviPyFsbabembaUVOxkxuSawR6oyKfv3oXNj8tVUSEgIpyxSR5+nZUTf5vgym7THB25qzRRwN23DwgWtrnhu34YWjwNAFHDc15KIB6mlfc0a4wZglh/Xwk4JXo+HvDYPo9qme124ho5HKVFqlu7RhLzwpLCHICS+FEW2XrWYEuqOeua2/D1noBfaMYp3bkD4OE1J2GfxBd0JtQctgreRy6yIyILDsJ17uEEgMmU77OTqvj1ffBE6/QJZdI8u1+jYF2sriZLbtg3xIKs0t3EFT2Z0WKij5/B03T0RoS5b7Dj7f46v808MVRfR59z80o+sBaqKbdVpBTg2KDW39jkk+F/jt9bJexp9WUd3i2N/TDGBaVTEecTJe20zvEfi596hEMTFK3ao9EXmDDB0rkyIkpunP+iC7kgVF679rcXLmpTUkMQoi0Vuv8dBMRiitqMcRS8zWce7wLU7C1EL50p1iI9nkZxdHCz+XW+4EIPLQi+uWHldy+UOk10OxGt32kIqpn/oo74ZqNb0N7Y5jPUGraYm99xw3vCUYvJfC/YpLRwY/mKsXMTwPixhnW5mm393uhOCsMEwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEC7IRNpzRKavU8K3Lx9Pb02AIDf50XJHKtueH17mXCzE9cjE/1nO41O2wMFE5fVqdnRN]
+pkcs11_pin: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKCMIICfgIBADBmME4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxHzAdBgNVBAMMFmRlbXctMS50ZXN0LnN2ZWlkYXMuc2UCFHodUDtFtoj6tT1rdF5qt0AL2b8lMA0GCSqGSIb3DQEBAQUABIICAFV//Dm7LFbTSN9OBB/AHfFnQqrdRtjmbhAC+k1hjDB6ecS4abwBPRgymYUPHpZY/2kwOel8jBlS/a2mzyMo4CIzew+/9BQozoSe9b9PEoA0/PM35mOu8zKmsofAGrxf+LK/9DodXiiph1Z9GrjVUy9tLqtpJ2On0OzFjIAhmyP7U1KBLdP/invHZDYcnuVvzLAgoJIbwkO+okTdyieoqKXtz5n/Tp7efMjfqLcBBX0XZ97zRaTfs1csnIoe4jd1sE0uX4CkVY6B3sG/J7RdsI375oZkm55nZFxGZA87kyoiJs5CAOImKoksIGJ3YY03les2urVycW/UZod+vm+QOSoSxWNX4QFkewOhTaOi+bVWSuMUnNfi7V9t2HkAdrO44NgIQktDQUUxM8IWgoOgGOpTMSklLMA+Eoc8vIVeCGm3OCTn78gUoxxZ2CXDNpthjcsGfr8hkrfIco+9HRL/JdQSGPadREcfVojLpfg3pez2Mi9AA7f1qN09A7tyR1RS89kerNvZf7sEjIlDta4II8Pgh1WK2jyzrw8o0hgBgdfbKBA824rVeloUJulvwduzCGDHteXqM5usqu+asaNDiQ7IqSnj3hQBsDBLOCJ4Ppzko6DMxcaH+LVmMhmaLYzlcNOCJvwNzoEXcdQT4nNaVlNcPft/v5+wxzGJYqs3nlnNMEwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEL4rJqCeM9lT/zQHdW+NN4iAIGFLy3aEUBlzSRna/dGXqkiTX5xLf7/zy7L+wiGNxcrT]
+demw_tls_client_key: ENC[PKCS7,MIIC2gYJKoZIhvcNAQcDoIICyzCCAscCAQAxggKCMIICfgIBADBmME4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxHzAdBgNVBAMMFmRlbXctMS50ZXN0LnN2ZWlkYXMuc2UCFHodUDtFtoj6tT1rdF5qt0AL2b8lMA0GCSqGSIb3DQEBAQUABIICAFU8gTcSUATcNysDUaTp7B3FK4sNxTndAhML4/jPMD2XIwka7XVwCBXAN69hlNxScNI1nhcmpVgsu1RuvlEzALuwS5+cZKDlVTs543mi+B9snVhBJf4SqEEspUwCaiMGoje45o2vy2ELLppSTQ+mWxEgG60/heHiV0E3Chvk1T+e1lC70qufnNo77KQxFOk6DGSt4VmaVKSBR5ihzs98xSkxm8RP9awLprjsPNOS69O2cKskM4sL5L2vSInPvUDm1v4AEq/W13KXQNnDpmEl/yapwXXrK6xEehkd+9Mk3y1w/AOohHvNDmR3DiFszL5wmmgf3kmOa1oYcpPYBi+g/CN+Ulyi9YMHeX0y//Kcs+ciZX7B7o7LaUpB9jWRfo81S+hlQHdFXEzjtLtMH1/t47zMaHRyDaGfpX654ZZrWxEkX2C7TqbAEiJvsbsjoPkxVGTpiF4MF4gN5X1GTayDIdxLWs/86RO48Dv0nhQe2Vdj3sn2PXpeAP7mt0MkrqsetCebReIHJWsg9XofNm+mp8ECcSTcELpvHkVEKlvieBVwxSQUumV2ARS7V0C3GO0SNLX6nqo0m3P6RDbtrgmFtVB5G4hNrcK1JwewDYcwIe2aSIsRnHFYcOg/ZssLLwHZenkP3SxuL8ckeMVGPPONLf0/vQkHBp9a/jTmX01YisjNMDwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEL5rfiAznpUpTtYSHDFW9uyAEF+SLNDxf4HyjmPAFVgt0TQ=]
diff --git a/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.yaml b/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.yaml
new file mode 100644
index 00000000..adec80c3
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/etc/hiera/data/local.yaml
@@ -0,0 +1,2 @@
+---
+demw_tls_client_cert: xxx
diff --git a/demw-1.test.sveidas.se/overlay/etc/luna/client/.placeholder b/demw-1.test.sveidas.se/overlay/etc/luna/client/.placeholder
new file mode 100644
index 00000000..e69de29b
diff --git a/demw-1.test.sveidas.se/overlay/etc/luna/server/CAFile.pem b/demw-1.test.sveidas.se/overlay/etc/luna/server/CAFile.pem
new file mode 100644
index 00000000..c8990f09
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/etc/luna/server/CAFile.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRYwFAYDVQQKEw1DaHJ5
+c2FsaXMtSVRTMRQwEgYDVQQDEwtzZS10dWctaHNtMTAeFw0xNDA1MTMwMTE1MDha
+Fw0yNDA1MTQwMTE1MDhaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlv
+MQ8wDQYDVQQHEwZPdHRhd2ExFjAUBgNVBAoTDUNocnlzYWxpcy1JVFMxFDASBgNV
+BAMTC3NlLXR1Zy1oc20xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uEOQnpKAiWov+y5tzljds8FXZ1/u4K5mVvt6uT+uC9TyzleQ/Mvy+s96hgv32CH2
+Wb1hbnVoOg/r5cxaplmLtLAy4KQPEmEfYsoftGXc+sNhjNQaP7Sv+PVJooFEEvxP
+sicnHK2Iw0+2I5yYfnNe2k1L0Kl2EJWLS3tq2l6w6RPD/ldf21lXmB+RE7j3QEx/
+ALqLuqbiyg8tR6iamTQBM9IotG1jBIh5InVStZqV9bzyLIebNUjkyta2uCw4RCcM
+lxJpLm7HOpuDf4iLVLW5BwRLJMHBoHJ5hK7Rw9vpwUhL5ujwZ8ugiYwiYtgXUuia
+b8WgGuo5zRNA1Zm2TrvNqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3/xEbq4gP
+sOrH66HHToRUoGvkD90uhYwinYNmE7KBTAFhvbnlCeOcQGo88DoVZgkYJNLpMD4K
+bhyyyNcVVt6UYHzt00N5XfuqwEy1C1QqZaeNZiyADvLLBftjym/VHth70Eu5WjHo
+f02uDEU3DkaWuFRrAqBGkkFLJwrNua0qr1vnqe5LBipOCkXPSCAUYW5iJmESeolD
+BzA3AP1ykXh7HvrinY4zeALleFAJ6cur6qXkpe3B4h/s/vT0IMvxTZzDVMz3i4Pd
+jKFAV6RbM4jygP3LNj4XseODrZj5IM9O/WEjbv8J/E7E9ON05oWDkQbZwAvklaXF
+9ez3C8WAI1q+
+-----END CERTIFICATE-----
diff --git a/demw-1.test.sveidas.se/overlay/etc/luna/server/tug-hsm-lab2.sunet.seCert.pem b/demw-1.test.sveidas.se/overlay/etc/luna/server/tug-hsm-lab2.sunet.seCert.pem
new file mode 100644
index 00000000..0dfe8f9c
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/etc/luna/server/tug-hsm-lab2.sunet.seCert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhOgAwIBAgIBADANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5
+c2FsaXMtSVRTMQ8wDQYDVQQDDAY2MTM1MDcwHhcNMTkxMDIxMTczMTA1WhcNMjkx
+MDIyMTczMTA1WjBZMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G
+A1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMQ8wDQYDVQQDDAY2
+MTM1MDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3VUSTKMlzIYUW
+JUPTxSsAHj0BJOAOIAWmbr11yBhAKC3EERyEJqb+1bPoPHK82j2le1P0ETapnNs7
+rdMuhewXUHdtmnIRNBKrGEvmY62tJjD+uNvvJ0DX5e44hRBzIndcQGoSsaDUeSPW
+//fSAFGOROAfAioN0oxyLMlsqEjgd/RnE66h7WwV/89NzpftuEfK8addTmSMBLpD
+pnWQgmSyYtAC1zXN2i0RtXfur0bK72GApz9e9ilTlfmETOVTis3KZtv0yANUW9AW
+9j0TlBQ3BDdf/iEkvz0vN5MfTM30vLvH2gK0OuTnyD57q1fTUBgb93Da5DOzLwua
+Kd6Wra6bAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIhvHvNc4SoI5vY35qYtjkMu
+sJCmjLU82LOZdxIjBjwm0WOv4w1s5xQQZnOlfoPoIZuo41rpegtaw37epJ73RoeP
+7NY9KsG3ut2jOwATRjo2LweVszCClPw6sk2cwFzgvd+LQnsIGhTbkqSA28tKFrl0
+XMZqx4z99saZc9YTi2UfyZV2EyYQH8hSlZEMj7jZQtHFAJPjWKoDG0J0x+v6xdBZ
+5axvpRHYOh6lqpHbe6sPPwS4IpbEDeqeV3nsBUTpl6tgXtXD5ZUFmIDJbqRZ1Vkc
+pHfGECwBz8i9ylA8NIdVCbmwOI+bcqnAFbld6+oA9kbdqTUpdd9uh2D8/XnrQSw=
+-----END CERTIFICATE-----
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
new file mode 100644
index 00000000..7a155058
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
@@ -0,0 +1,47 @@
+cat<<EOF
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<CoreConfiguration
+    xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
+    <ServerUrl>https://${PUBLIC_HOSTNAME}:443/eidas-middleware</ServerUrl>
+    <sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
+    <sessionMaxPendingRequests>500</sessionMaxPendingRequests>
+    <certificateWarningMargin>200</certificateWarningMargin>
+    <TimerConfiguration>
+        <certRenewal length="2" unit="11" />
+        <blacklistRenewal length="2" unit="11" />
+        <masterAndDefectListRenewal length="2" unit="11" />
+    </TimerConfiguration>
+    <ServiceProvider entityID="se-de-middleware" enabled="true">
+        <EPAConnectorConfiguration updateCVC="true">
+            <CVCRefID>se-de-middleware</CVCRefID>
+            <PkiConnectorConfiguration>
+                <blackListTrustAnchor>MIIFwzCCBKugAwIBAgIDD+TCMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLTArBgNVBAMMJEQtVFJVU1QgTGltaXRlZCBCYXNpYyBSb290IENBIDEgMjAxNTAeFw0xODA0MTkxMzAyMjZaFw0zMDExMDQwNzM1NTFaMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8WLI+HxLRlAQCcpRqQjwU6slek1H4USttrsOgkDdeqj5MRPpOxcWuoqt/13Yt93stTqRd6xjz6eoG1MMEQuaELW6rLPiTmHe1hlcLVgI/VVwo3cfzng4SSNJhlFgYKaKKMVbz9vdmXYMqyzjerTvLBpHzab0o8TRmSck+2Jxb55KEMOGOiOaetQlQ2bMaNxfwU0A0wZzp+iCpFbgcXByS1mlZ+lf3Vv8TVbRvbyvuEwxbgO4LsbtfDLbYWcNU5CsTq7XMIGaIicPQ9X7uolMyk5+jH/DnBW0Q3v/0AZWTlG2DML6bCbyaVdvG+soE4bbNQsUrIP0mFfF2bn3SUZVAgMBAAGjggKdMIICmTAfBgNVHSMEGDAWgBQlSUX5fGYWq5kTw3rWRXJpOqsDmjCCATIGCCsGAQUFBwEBBIIBJDCCASAwQAYIKwYBBQUHMAGGNGh0dHA6Ly9saW1pdGVkLWJhc2ljLXJvb3QtY2EtMS0yMDE1Lm9jc3AuZC10cnVzdC5uZXQwUwYIKwYBBQUHMAKGR2h0dHA6Ly93d3cuZC10cnVzdC5uZXQvY2dpLWJpbi9ELVRSVVNUX0xpbWl0ZWRfQmFzaWNfUm9vdF9DQV8xXzIwMTUuY3J0MIGGBggrBgEFBQcwAoZ6bGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwTGltaXRlZCUyMEJhc2ljJTIwUm9vdCUyMENBJTIwMSUyMDIwMTUsTz1ELVRydXN0JTIwR21iSCxDPURFP2NBQ2VydGlmaWNhdGU/YmFzZT8wGAYDVR0gBBEwDzANBgsrBgEEAaU0AoN0ATCB4gYDVR0fBIHaMIHXMIGJoIGGoIGDhoGAbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwTGltaXRlZCUyMEJhc2ljJTIwUm9vdCUyMENBJTIwMSUyMDIwMTUsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwSaBHoEWGQ2h0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19yb290X2NhXzFfMjAxNS5jcmwwHQYDVR0OBBYEFLMMWK3/AmFZeIBP77yuRvKGG79pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAIVJmvQUmQzKtHu5J06SpEdhlkZwHn8EA8U0Ieh5mgpxif14EwIf43ChVq2SpSKZErtQWewE+drUH2r6FvT+/3OW+TYr1jdejQFXcGXABKbJDqFfBIkbAr6E+Dy90aur656nZv+lV/leHL6pCPilcSzTTrdyNzL86AQrifcCO7GPO0tVjkUCFTEByGqWkOPtu0Xr+04bxdtUIWrpBHQENwEx67B0tS60c5v/cdhi9EedGHvJy5lXtw0R8KKR8u/WEbwmI72EIcrgG+/jF/oMR59x2bTv6hVGT9KkddKWot0oBNGkMJrLAJboq5zzHYxXEJFpjhOgkS7THQHGcxPJn8</blackListTrustAnchor>
+		<masterListTrustAnchor>MIIFKjCCBI+gAwIBAgICBE0wCgYIKoZIzj0EAwQwQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MB4XDTE5MDUyMDA5MjYyMloXDTMzMDIyMDIzNTk1OVowQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MIICODCCAa8GByqGSM49AgEwggGiAgEBMEwGByqGSM49AQECQQCq3Z242+nEiz/U5q4zyfwHyzCNs7PJ0g7WY5zKcDMIcX1NmwCbxmhCrs2hKuajgOYogf8vLYLGhSiqYFZYOkjzMIGEBEB4MKMxi2A7ieIycUWsI0zFlMvdjT35FhCoNEHK6phjvC3tXVqoJTqhCi7xyYuayLV/ERenK/LHuefBrE13/JTKBEA9+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvyx7nnwaxNd/yUytwIPmeYQFC3Xrrl3SgJvWOAFvcjBIGBBIGu5L3YLtlkWiEyLpxMapOF7Z9wtdkWwbQ7Yu700AmO/zsfeOLQ1I1Q0Wh7k7l9X3xtUEdAal5oizUiCby5+CJ93jhdVmMy7MDqv6nPeCL98gn3ACSlexqgAMVbiB+BEbLc3klKX0heW8pL2IonY67RyisvqPBUBnjNHg862AiSAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOcynAzCHBVPlxBTKkmGUGGYRl/rBBHHbHTgQhd2t21h5aCnKkAaQIBAQOBggAEEERozJeK4nstSM5WcswLo7XmgwufavFGedmYQpZdonhC5trUBNLYkNNW69vl5va9oTRr1fU95eJ/nKJQy5I3cRRuw1hOp+rSUUfk2V9ACscNpIMKLTVp9kUOKrLObvnjaDes+4eNV3WiCv6MiD77pMmSx6ek9IPqd7KxU5/iW42jggGUMIIBkDAdBgNVHQ4EFgQUdBpErUvXtvzVuu7xHoJ+WKWYHCQwDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMTkwNTIwMDkyNjIyWoEPMjAyMjA3MjAyMzU5NTlaMBYGA1UdIAQPMA0wCwYJBAB/AAcDAQEBMFEGA1UdEQRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwUQYDVR0SBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDASBgNVHRMBAf8ECDAGAQH/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYV9jcmwwDQYHZ4EIAQEGAQQCBQAwHwYDVR0jBBgwFoAUdBpErUvXtvzVuu7xHoJ+WKWYHCQwCgYIKoZIzj0EAwQDgYgAMIGEAkA4qqxpicREnfeRLiNJBGAmOmRmT2JyNx76ttqogtx31bS6ZOGF+08akTb6J2gdXTuTfQ05buVwKjA8HMI0J463AkB+iwO2+J/NaYUdr014wTu5ZHcbSMA2QpaSl2v+Gzp0+QpeP2a/2gvGZoiVpfTT4mfEmtcCN5QwRWmXpMyB2IsO</masterListTrustAnchor>
+		<defectListTrustAnchor>MIIFKjCCBI+gAwIBAgICBE0wCgYIKoZIzj0EAwQwQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MB4XDTE5MDUyMDA5MjYyMloXDTMzMDIyMDIzNTk1OVowQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MIICODCCAa8GByqGSM49AgEwggGiAgEBMEwGByqGSM49AQECQQCq3Z242+nEiz/U5q4zyfwHyzCNs7PJ0g7WY5zKcDMIcX1NmwCbxmhCrs2hKuajgOYogf8vLYLGhSiqYFZYOkjzMIGEBEB4MKMxi2A7ieIycUWsI0zFlMvdjT35FhCoNEHK6phjvC3tXVqoJTqhCi7xyYuayLV/ERenK/LHuefBrE13/JTKBEA9+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvyx7nnwaxNd/yUytwIPmeYQFC3Xrrl3SgJvWOAFvcjBIGBBIGu5L3YLtlkWiEyLpxMapOF7Z9wtdkWwbQ7Yu700AmO/zsfeOLQ1I1Q0Wh7k7l9X3xtUEdAal5oizUiCby5+CJ93jhdVmMy7MDqv6nPeCL98gn3ACSlexqgAMVbiB+BEbLc3klKX0heW8pL2IonY67RyisvqPBUBnjNHg862AiSAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOcynAzCHBVPlxBTKkmGUGGYRl/rBBHHbHTgQhd2t21h5aCnKkAaQIBAQOBggAEEERozJeK4nstSM5WcswLo7XmgwufavFGedmYQpZdonhC5trUBNLYkNNW69vl5va9oTRr1fU95eJ/nKJQy5I3cRRuw1hOp+rSUUfk2V9ACscNpIMKLTVp9kUOKrLObvnjaDes+4eNV3WiCv6MiD77pMmSx6ek9IPqd7KxU5/iW42jggGUMIIBkDAdBgNVHQ4EFgQUdBpErUvXtvzVuu7xHoJ+WKWYHCQwDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMTkwNTIwMDkyNjIyWoEPMjAyMjA3MjAyMzU5NTlaMBYGA1UdIAQPMA0wCwYJBAB/AAcDAQEBMFEGA1UdEQRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwUQYDVR0SBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDASBgNVHRMBAf8ECDAGAQH/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYV9jcmwwDQYHZ4EIAQEGAQQCBQAwHwYDVR0jBBgwFoAUdBpErUvXtvzVuu7xHoJ+WKWYHCQwCgYIKoZIzj0EAwQDgYgAMIGEAkA4qqxpicREnfeRLiNJBGAmOmRmT2JyNx76ttqogtx31bS6ZOGF+08akTb6J2gdXTuTfQ05buVwKjA8HMI0J463AkB+iwO2+J/NaYUdr014wTu5ZHcbSMA2QpaSl2v+Gzp0+QpeP2a/2gvGZoiVpfTT4mfEmtcCN5QwRWmXpMyB2IsO</defectListTrustAnchor>
+                <policyImplementationId>govDvca</policyImplementationId>
+                <sslKeys id="d-trust">
+                    <serverCertificate>
+                       MIIFlTCCBH2gAwIBAgIQa9qcxVoIYXKTCKJmuZqX4jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMS4wLAYDVQQDEyVELVRSVVNUIExpbWl0ZWQgQmFzaWMgRUFDIENBIDEtMSAyMDE4MB4XDTIzMDMwNzE0MDYzOVoXDTI3MDMwNzE0MDYzOVowUzELMAkGA1UEBhMCREUxFDASBgNVBAoTC0VBQyBTeXN0ZW1lMR0wGwYDVQQDExRiZXJjYS1wMS5kLXRydXN0Lm5ldDEPMA0GA1UECBMGQmVybGluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsuMu+OZv6usJeIEiO4SQhTtv8j7bfaguqfZkZ1wI0su6JJe/WSMYp4vjm6oswNEV8bwUL6G6hZd4spqVXX7Jw21Xi+HZg4RYOoWDd58zLIRNYbDVa0pRLbgyhG9xWQCXdsl6zggAKNdxhRhN/WrXQJ2bTDH4gXbfsOUcIq6FJDqyhAQ3BoTa0tEcYmaqIZefPRNYwt4/khsZuEsEOWyc0usA6x4Q7/CnkiHYE8aiXFDA/N0n/WuwKhbEnwZms4qWhVQ63nF8gVzKdYT9LtkLjX9DDFVm3sZ1nkuVwRFNJcUTpg42GtfwrcXOJKP1o8n6AAcTvjdcpQKnO1xQCEopieQk9aXsqaSkBbbu111WrN7nzUEEe4qwcaFZiXndvsSz6UShHcNXJP7mCAQl9SeE1go0hZtj+rxq2s9HqKd467vzM0UGIxuOZ22jI5VsNFdqw1/6dG2zG79kHPYApWpt+bJVaW651CIywIC4xeS2Vm1c5qbom+pYDjKZcDYky1RYvMFRzPgocxVR8VltzfmFEmCC5QDalM6ssnsdRTtdoidQ7l+2jUz6rOw72RycDeZ0afmdCa6kLFlAuDgQWSHMx2EF+NM2y1QesYEXYALQW26t1tU0inw8zY0gGXqzjzaBgUPWp4tM78Ud0ILsTCecebF1E4W3N2ENEI1G89Tw4wECAwEAAaOCAWIwggFeMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBS0NmHsZtoT1joR7mh9Ibb9qqPnbDAWBgNVHSAEDzANMAsGCSqCFABQB4N0CjAfBgNVHSMEGDAWgBSzDFit/wJhWXiAT++8rkbyhhu/aTAOBgNVHQ8BAf8EBAMCBaAwgd4GA1UdHwSB1jCB0zCB0KCBzaCByoaBgWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMExpbWl0ZWQlMjBCYXNpYyUyMEVBQyUyMENBJTIwMS0xJTIwMjAxOCxPPUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdIZEaHR0cDovL2NybC5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9saW1pdGVkX2Jhc2ljX2VhY19jYV8xLTFfMjAxOC5jcmwwDQYJKoZIhvcNAQELBQADggEBAE2HFqO27Pj/gnXbvFZWrok1NyQzoXHfI3iIhlzyMu8kYeZSHomHN12dSmz0uwGS/r0+hcfPTK1SzQh1Ens/QhRPxqcJHQNNOs/AHheC1l2x4ZvQ225seusix7qcDHiY0zKynLMAEaAxEebcSLoWSIFOuZJA2tqpU15g5MLjmeEDiS3myROaMAQltFlF13Q5SqkXxvwlPJSuAZpYU1BmpQSLS2xgVPcnpHhffbHaTMSF6UojxS9SwWr+ISliINZIP30LKbRRMcSiFkT1/qhTkCgM3a7h4lq9TGJJt/LZsz1VeyZwE4kcu07FO6tvjV091t5kGkx/QEwQjLXhnSRvmF8=
+                    </serverCertificate>
+                    <clientCertificate>${DEMW_TLS_CLIENT_CERT}</clientCertificate>
+                    <clientKey>${DEMW_TLS_CLIENT_KEY}</clientKey>
+                </sslKeys>
+                <terminalAuthService sslKeysId="d-trust">
+                    <url>https://berca-p1.d-trust.net/ps/dvca-at/v1_1</url>
+                </terminalAuthService>
+                <restrictedIdService sslKeysId="d-trust">
+                    <url>https://berca-p1.d-trust.net/ps/dvsd_v2/v1_1</url>
+                </restrictedIdService>
+                <passiveAuthService sslKeysId="d-trust">
+                    <url>https://berca-p1.d-trust.net/ps/scs</url>
+                </passiveAuthService>
+                <dvcaCertDescriptionService sslKeysId="d-trust">
+                    <url>https://berca-p1.d-trust.net/ps/dvca-at-cert-desc</url>
+                </dvcaCertDescriptionService>
+            </PkiConnectorConfiguration>
+            <PaosReceiverURL>https://${PUBLIC_HOSTNAME}:443/eidas-middleware/paosreceiver</PaosReceiverURL>
+            <hoursRefreshCVCBeforeExpires>70</hoursRefreshCVCBeforeExpires>
+        </EPAConnectorConfiguration>
+    </ServiceProvider>
+</CoreConfiguration>
+EOF
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
new file mode 100644
index 00000000..dd77cd14
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
@@ -0,0 +1,27 @@
+cat<<EOF
+#Logging
+logging.file=/var/log/eidas-middleware/demw.log
+#logging.level.com.zaxxer.hikari=DEBUG
+
+#Credentials
+poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
+poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
+
+#Server Settings
+server.port=${SERVER_PORT:-8443}
+server.adminInterfacePort=${ADMIN_PORT:-10000}
+server.ssl.key-password=dummy
+server.ssl.key-store=file\:///tmp/${CERTNAME}.p12
+server.ssl.key-store-password=dummy
+server.ssl.keyAlias=tls
+server.ssl.keyStoreType=PKCS12
+
+#Data source
+spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
+spring.datasource.url=jdbc\:h2\:file\:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
+spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
+spring.datasource.hikari.maximumPoolSize=20
+
+#HSM
+hsm.type=NO_HSM
+EOF
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/enc.crt b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/enc.crt
new file mode 100644
index 00000000..2bb8b09a
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/enc.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6zCCAtOgAwIBAgIBfDANBgkqhkiG9w0BAQsFADAvMQ8wDQYDVQQKEwZTQ1RF
+U1QxHDAaBgNVBAMTE1NBTUwgRW5jcnlwdGVyIFRlc3QwHhcNMjMxMjEzMDAwMDAw
+WhcNMjcxMjEyMDAwMDAwWjAvMQ8wDQYDVQQKEwZTQ1RFU1QxHDAaBgNVBAMTE1NB
+TUwgRW5jcnlwdGVyIFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQDXGcgllb6w5CUo8UqXb4UvLdL3NX2KmemrSTquiuUjMRU5cIhLlyPEm4nfHiLD
+uDlqOa6Cp09v2YokX3WQP+K7FlYrs6+1Jy5rsv2TANbID+BRQVXNPpNNfVrUyBEe
+V1CUT6qaGoCCNofrFJwKtXUIdX53ioqJxSIA7VNQ3pZVut9dbHwrGtLmCQOTgPff
+GowXXP/xMw/Fne/nHO/OFbtffdYcJtsMGIA9q/bedKTDjp82FGA5PnX1+tJlUQKR
+FmUY+LpJIlB5QwoEao5sdj39BLj8cSS1pWvhwV/gjlL8csV9r39KXrV0LGFO1vxb
+pZaZ+m/2IyD4BDm8KofS4pEsWvQke7RvxPDREdV7JU7mYVKGtxDTLQSGVT3Xujxt
+oiiazbb9PBQFfb2SFruBqEyqz/vf8cD3U/Vp35ez1st3xgWQ0/uPGLKXsLYUB+Xq
+BU2Kjz6hoy1b9/Lh1e7j1fQuhaiDbC/4GEBwO1UMv9U/dxCJmCKqB02qL8H+ZRld
+Bh7XDbJMWhOAsOCd8bCxJgKfRIXmZDzE/uWkV1a8YsqmgvTOVcWAOmx8Ebng6kJm
+IMiPnBHpMv7nYy5QI6CxXvy1k8ZJIcIH2d4aFVWKgSKcABl2vxgwgzXS9d4k/T89
+rTeX4QyMy3m3UZByAUuJ1in91BRJTg42uzIV/vCNR+Ig9wIDAQABoxIwEDAOBgNV
+HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBALDrN7fkvPrASS71GSyVCfzy
+e0GpaVYb3pR4oWIAXepew33zADqTry9J3ErGoKEYgPSNqFhDEHyK7SYnDGsXoG8i
+0f95i7lviRv6cVzeQq4BK9guB7sZCOLBMkWTcHc9EDnN0573Q4VNix0CzeHU4Xcp
+iseg5q2qEj84pljOktwq7Xv5kot766XpAc/6hMqwWhLqK3B1aOv/7ZGLmHDLTikQ
+2TA0sKeloFw8bFtsdO40R7MPyMTCF1FavFaWRUln80J4msMwueZUg/lvsCI0CTg0
+5WJtKTSGH08ZB0UMZPYZ/URFF/6gDHT2M9Qftb0VtSl1r2t/hxHTkirPZ6Mbg5jh
+GqLQZI/B2ISP4mDvbK8hfncDToiIa/LBGev6QUoxc/fvgChmLz5TTI1euPFBGp7P
+QGXmEWgnKm1rnXya6lJoUYKP042aIfXw7N6xxmPXuvg74Z+hkZ5CZQ1IGlvmn8z0
+tOClWDxJoECO3KY1TT0/Eusgrw7PA3UkBMaS1meNYwcwCYQvdbL6GEXTsOFOS2Zs
+7pFwW5Kh9Zvg48LdW8gx/7wWyslvlqcV4+fdB3pZrSpbuW+3C1zy65u5IheEctc1
+DF31LGgTWOQQTC2kl0fuPCytlpX+iW6HD0pz6FyszGYRShvUfTKyrz70MJlt3APD
+zuYOusVXWwZi/gZ+H9XG
+-----END CERTIFICATE-----
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/metadata-signature-certificate.crt b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/metadata-signature-certificate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..9788a07e106fb83f67060c6cc854f1d2664c5559
GIT binary patch
literal 1561
zcmXqLViPrJV*a~;nTe5!iId@o&$elDn`-(Ec-c6$+C196^D;7WvoaVoE->Ua;ACSC
zWnmL$3U)OVG7tc9ICwaNOY)PmGxBqCVPfpaVoC-IAaz_klCHWwsp**|nYoE2nfZCe
zd54=1Ey>MGNzF49HxLD>;pX8BE>8stC^+Zm<)tQ<80r{kfh3rDlu;!Va#KqZQxZ!O
z6^b*{^HPfx%8c|34CKUl4J`~zjSUPejf{;=qr`cQk-0;`3r$Q)$N|sD%D~*j#Lr;R
z#Kgta#Kg$(eYNh|j-!m%T%xZ(OW0$@CbV(NW7C6d=e<uKkd`fSQDRM9ux5LD@cPx6
z`j@8dnDJ=2Wb=W}NfLiJFCCn})bQXPzSFPWl5848G(~T#SbcoG$!v{Squrve^>^n-
zDo2|w<Bn$!b~^j_+`Z11v8|VEDzCJDo!7k1x_a{oRr{vb<$*p=u3lT$ZSwM$%jUI?
z3yx(gt1nu1p~86UL5ZomX7ZG8+j;gu<l&T_&8Gj|f6f!%TlxI2i?`ujp?f0Rc8dnR
zdAM}PGOISx`%4eE9dw%GlxSVlWHL*v)`y$zo%}xa57rq{<&{}~D{JnF<tV&6c#-XT
zx$c60Cxou=bd0hoDza2`s?u3=<*i?PLfeu_@-~%OGgQ=kxy}mRSfQ?bF@!B@Hphxz
zX}Us(Y&IRfcK@TV;QR7|@|q6<4>_!hpLI;=$eBOwz%(y8p+knD;e3x91vk&~{O0@d
z{V9t@)gpUzU&gIw7Wh7WZ|TwKNp~FgSe`HUabhg>zO37SKj6A<`~KT!t+@Yg)l3OV
z|EQ~L!nIr|tZlXALA9Xe61QK;KK)?t&Xia1p#R6=BFD!r)e;lKw!KmOc`|Um!M0<U
zYYWov{n&c!qT(*gt$JSzLfM%;^mBZh?dN%Df1Uqdaq5bUbd~OHwhS5}{3o+NuxaP-
z=d{_i_N?86r1P1NrW9_USMzlFlT)u>C0i7)W@2V!U|bwv;AbEU%owtKEMhDouR<I}
zE&m6F_nkfOt@rt}1Y`21M+WjBX=N4(1F;6|3V1*YgjrY(m>C)WBd0lFW(TG@Mh5Y|
z6QSv|W78HaU6mFh;M&@Lih1(MY&W;~SkK9=99>E4&aT-$CvSCgd$7W^wV%T!@1`7(
z47a*)*Z+w6hC1EyyH9^U{T{z6e|l-ogq%Mw_cJRx{N0dlt;T=OEv){r&7AIHXXVcL
zZGMxD__EyQZC`ltrQHEOzxTBoujUGUI&kTK(c1r=|6`seE_`xTXzR<|9fs#N<sLrt
zxgsO@-?|E=gxKWg{sp;{``&qR9Gn&+eZxfP_80%tyN}k)oY<2r`0Mqf$MUaZx7xM!
zze^Uma$0XS-=k7tzW$xv&n{{1j#zm3+qR`yv*LVwH?qF8`rp27LgejJ#VfdD<nC*&
zpIRxEKkfb&pJ_$R8|Ekoey|c*$h>kzkXxF1`{{q;*P30d+>+)9Zdv=}(v3}DR=@nz
zTa}@(O7CLGkDc>w+<8(EqL=e?NmlJv<Mmg4l79#7(A_6`AZwY7FGJSfrV2mR&mLk4
z{W>Duk!MnPjy+hiqbH>7&GMvOvB$1E*&FXXzvb4>Ymal5DQ~^L=i=i3TKqjMEUyeZ
zc}(i}U$M>CJ6Cw+j!C(yr?6kByhhc1_AQb7yf$2)c6vfR^D-vhNv8X3Voq4OS!uT2
z?EhoH*-&tAk57J=#GTz=yq9y&*!^*q<DM#=8{aiIm__|h;Nh><d8hLwzJL83mW9FJ
Yx3B#d%5(D5)Pp<Msoc<I5D6>>0OFaHbN~PV

literal 0
HcmV?d00001

diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/sign.crt b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/sign.crt
new file mode 100644
index 00000000..d2838d63
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/credentials/sign.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5TCCAs2gAwIBAgIBfTANBgkqhkiG9w0BAQsFADAsMQ8wDQYDVQQKEwZTQ1RF
+U1QxGTAXBgNVBAMTEFNBTUwgU2lnbmVyIFRlc3QwHhcNMjMxMjEzMDAwMDAwWhcN
+MjcxMjEyMDAwMDAwWjAsMQ8wDQYDVQQKEwZTQ1RFU1QxGTAXBgNVBAMTEFNBTUwg
+U2lnbmVyIFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpRC2d
+Xoyg26aWMvWshKF6LEGBgti6frNnBDehY/xPtSsaJgfA3Ba413GgGbFS6sxYUlzL
+R1XljnNvOaPIMfENYVN/JxMCtLZs2/UiqD06F7PwGQzargHgTWxfApEyJFxl08Ik
+DYNILxd7r7kFOiDEAYhHOFqtaCAFz1w8xAAGq5M499TfyPTkbXp/hgBLu2OcNqwj
+ztV3W8WIp8XwwLS7iBW5yZOzTHlWy/SHpl9N1tZscDVPIAumLrDAGHOxrKgVKdRm
+Uqscpe+XoqpubE0841C/Bt/3YQbXxYLTn7R5nqHi59y5MzmlokIQYJ4cS90OQeJZ
+10yXXuQSyWDBUEKqi3KMzPpQCs0Bnn8yHEtDjFdkpkTVf/iHupsvb4cPwt/XDt0z
+0pzRXIA+/jFfI/UrvjHskaoBJvBc/Nhi9sisHKtoIuLWfbVQGkkjZgTaIkUCB2X1
+92cuPTNDnwPoHjHYmI364rQ99oWuxAt/U6hs+ipnOP6U2CBW+4+ynqu9GZYji5SR
+9RgKdG/j5e9uVhe0eKT2rAN88TfIfBz2fRzNU4HV2jExIb6L13SAyO/9WyNC5uv7
+cJA6VYHG8ygZjoY79HfnZb3wPW3W7a32hr4YD36vKXi+6exFVel1uJNWu3rdGRdT
+L6OiVF2HW1Gl1iqHwdvh7OR8Upv6TnnlnxlodwIDAQABoxIwEDAOBgNVHQ8BAf8E
+BAMCAgQwDQYJKoZIhvcNAQELBQADggIBAEXwkfny+YEBO9ALqTrTUK/1baIKi0CL
+Q/CZ0We/5BFjIp6KQphTGy5lzqtBG3Y68FO6JjOHbcDPZJfyjfniYjuRWh4bHgaB
+du7NSdHZW9t6PeT14by6r9/pSjx9llDKchG2gSObuMuH5uI4t3c/hNhW17gv8m5/
+MzxxBJrR5lULPvMC3+v0Uy60MnycxcPDAi4HQfNkdHf+t3MLwH/HF60OAZ+pXHka
+hEJn3/F4nKQR8j8rdrn2ZT5mbYwjG27MZ7bhmFLfBtV6jXfQZqDfcxvOP8waEyxy
+MNah/a5LVQz+PJT+RHF4wqsigiMa248z8YCiz3oj6irpW4Ln/7YnJ8UTatRIOP7x
+K8hR2gUGtYxHxuGHASqn7tOGRlIdIZFROd28y2HSqgfApg5KUh2eupWMAnXlkcpx
+iLPz4rx+FX3kditH1z24HzcH2g3ytvL90j/7Gh1cp7BD3e3lf76wzLHUlIH+O573
+V8XPe1fAyutxsaHIY5S2VHv8fmFODqAS7uPyuZ1pc8gVAJEERGzbLL5WwZETXONr
+YpRoVIX8ojAU4sOCN8RRnrF5k1obgYj0B72ziXXZ8D/or9AP1BE7npmURLZ2qKM+
+FeTInZxKcYyLrvpkqVgyX6YM6cV+/XlG3LwS5D8gpKvD5+DIcQMwKXVEXNg3xnco
+dVl2tdPeM8/D
+-----END CERTIFICATE-----
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
new file mode 100644
index 00000000..8b6d3c45
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
@@ -0,0 +1,20 @@
+cat<<EOF
+#Wed Jul 11 09:28:06 GMT 2018
+CONTACT_PERSON_COMPANY=Sweden Connect
+CONTACT_PERSON_EMAIL=operations@swedenconnect.se
+CONTACT_PERSON_GIVENNAME=Sweden Connect
+CONTACT_PERSON_SURNAME=Operations
+CONTACT_PERSON_TEL=+46105742100
+COUNTRYCODE=SE
+ENTITYID_INT=se-de-middleware
+SERVER_URL=https://${PUBLIC_HOSTNAME}
+ORGANIZATION_DISPLAY_NAME=Sweden Connect
+ORGANIZATION_LANG=sv
+ORGANIZATION_NAME=Sweden Connect
+ORGANIZATION_URL=https\://swedenconnect.se
+SERVICE_PROVIDER_CONFIG_FOLDER=/opt/eidas-middleware/configuration/serviceprovider-metadata
+SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/opt/eidas-middleware/configuration/credentials/metadata-signature-certificate.crt
+
+#metadata validity
+#METADATA_VALIDITY=2063-04-30
+EOF
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
new file mode 100644
index 00000000..011dd5af
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
@@ -0,0 +1,33 @@
+#SafeNet Luna
+name = Luna
+library = /usr/safenet/lunaclient/lib/libCryptoki2_64.so
+description = Luna config
+slot = 4
+attributes(*,*,*) = {
+CKA_TOKEN = true
+}
+attributes(*,CKO_SECRET_KEY,*) = {
+CKA_CLASS=4
+CKA_PRIVATE= true
+CKA_KEY_TYPE = 21
+CKA_SENSITIVE= true
+CKA_ENCRYPT= true
+CKA_DECRYPT= true
+CKA_WRAP= true
+CKA_UNWRAP= true
+}
+attributes(*,CKO_PRIVATE_KEY,*) = {
+CKA_CLASS=3
+CKA_LABEL=true
+CKA_PRIVATE = true
+CKA_DECRYPT=true
+CKA_SIGN=true
+CKA_UNWRAP=true
+}
+attributes(*,CKO_PUBLIC_KEY,*) = {
+CKA_CLASS=2
+CKA_LABEL=true
+CKA_ENCRYPT = true
+CKA_VERIFY=true
+CKA_WRAP=true
+}
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/pkcs11.properties.sh b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/pkcs11.properties.sh
new file mode 100644
index 00000000..bd22eeff
--- /dev/null
+++ b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/hsm/pkcs11.properties.sh
@@ -0,0 +1,11 @@
+cat<<EOF
+hsmExternalCfgLocations=/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
+hsmPin=${PKCS11_PIN}
+hsmLib=/usr/safenet/lunaclient/lib/libCryptoki2_64.so
+hsmProviderName=Luna
+hsmSlot=4
+keySourceAlias=sc_eidas_sign
+keySourceCertLocation=/opt/eidas-middleware/configuration/credentials/sign.crt
+keySourceAliasEnc=sc_eidas_encrypt
+keySourceCertLocationEnc=/opt/eidas-middleware/configuration/credentials/enc.crt
+EOF
diff --git a/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder b/demw-1.test.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder
new file mode 100644
index 00000000..e69de29b
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index ef5f7de1..28fa07c0 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -842,6 +842,23 @@ test-1.test.sveidas.se:
            - 'se-tug-lb-1.sunet.se'
          port: '443'
 
+demw-1.test.sveidas.se:
+   eid::dockerhost:
+      version: '5:25.0.3-1~ubuntu.22.04~jammy'
+   konsulter:
+   autoupdate:
+   saml_metadata:
+      filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
+      url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp
+   webserver_new:
+   sunet::frontend::register_sites:
+     sites:
+       'test.demw.eidas.swedenconnect.se':
+         frontends:
+           - 'fe-fre-1.test.komreg.net'
+           - 'fe-tug-1.test.komreg.net'
+         port: '443
+
 demw-1.sveidas.se:
    eid::dockerhost:
       version: '5:23.0.6-1~ubuntu.20.04~focal'
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 9f70b36b..a7a874a1 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -125,6 +125,17 @@ class webserver($enabled=true) {
    }
 }
 
+class webserver_new {
+  sunet::misc::ufw_allow { 'http':
+    from => 'any',
+    port => '80',
+  }
+  sunet::misc::ufw_allow { 'https':
+    from => 'any',
+    port => '443',
+  }
+}
+
 class servicemonitor {
    $nagios_ip_v4 = hiera_array('nagios_ip_v4',[]);
    sunet::misc::ufw_allow { "allow-servicemonitor-from-nagios":