From 226957e4e0238edb89f0c67c1d4a62c5fb250808 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Tue, 25 Mar 2025 09:50:22 +0100
Subject: [PATCH] Re-instate metadata signing for connector in TEST, SC-2670

---
 .../eid/templates/connector/application-qa.yml.erb |  1 -
 .../templates/connector/application-test.yml.erb   | 14 +++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb b/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb
index 9d31c2a4..b074bf68 100644
--- a/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb
+++ b/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb
@@ -125,7 +125,6 @@ saml:
         backup-location: ${connector.backup-directory}/metadata/sc-cache.xml
         validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sc-qa-md-signer.crt
     credentials:
-      # Use same as for IdP except for the metadata signing credential
       sign:
         bundle: connector-sign
       encrypt:
diff --git a/global/overlay/etc/puppet/modules/eid/templates/connector/application-test.yml.erb b/global/overlay/etc/puppet/modules/eid/templates/connector/application-test.yml.erb
index e21ed8f0..010c3e82 100644
--- a/global/overlay/etc/puppet/modules/eid/templates/connector/application-test.yml.erb
+++ b/global/overlay/etc/puppet/modules/eid/templates/connector/application-test.yml.erb
@@ -86,6 +86,14 @@ credential:
           alias: sc_eidas_encrypt
           key-password: ${PKCS11_PIN}
         monitor: true
+      connector-hsm-md-sign:
+        name: "Connector HSM Metadata Signing Credential"
+        store-reference: pkcs11-store
+        key:
+          #certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
+          alias: sctest2
+          key-password: ${PKCS11_PIN}
+        monitor: true
           #pem:
           #oauth2:
         # TODO: Fix certs
@@ -104,6 +112,11 @@ connector:
   eu-metadata:
     location: https://<%= @environment %>.md.eidas.swedenconnect.se/role/idp.xml
     validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sc-<%= @environment %>-md-signer.crt
+  eidas:
+    credentials:
+      # Use same as for IdP except for the metadata signing credential
+      metadata-sign:
+          bundle: connector-hsm-md-sign
   prid:
     policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties
   idp:
@@ -140,7 +153,6 @@ saml:
         backup-location: ${connector.backup-directory}/metadata/sc-cache.xml
         validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sc-<%= @environment %>-md-signer.crt
     credentials:
-      # Use same as for IdP except for the metadata signing credential
       sign:
         bundle: connector-sign
       encrypt: