various demw config

demw-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf

@@ -0,0 +1,8 @@
+VirtualToken = {
+   VirtualToken00Label = sc_ha;
+   VirtualToken00SN = 1462371088;
+   VirtualToken00Members = 462371088,462344047;
+}
+HASynchronize = {
+   sc_ha = 1;
+}

demw-common/overlay/etc/hiera/data/group.yaml

@@ -0,0 +1,3 @@
+---
+demw_tls_server_cert: MIIEODCCAyCgAwIBAgIDGYhHMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAkRFMRkwFwYDVQQKExBFQUMgQW53ZW5kZXIgUEtJMRQwEgYDVQQLEwtFQUMgU3lzdGVtZTEdMBsGA1UEAxMURUFDIFN5c3RlbSBDQSAxIDIwMTQwHhcNMTcwMzIzMDgyMDIyWhcNMTkwNjE4MDgyMTM3WjBhMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXBzLmQtdHJ1c3QubmV0MR0wGwYDVQQFExRBUExXTTk5MTIwNDg5MDc5MjE1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoHPo3wdRVBQ9q3EEYvDNi7d9KMic2h94XzdasUuJTj01UaPTrs8TCEoiCRaqPqM+k0MLvA3UXsWyglOsQzwlwoxpTlEbuOgpExaljmYeEsomyuazHwODFO8mhVk6EKTTjD1rNp5pCpTWcv2ibCbF+n1mvF5MkMXIueOHC8ZSQTghAtY1uZLGReFAZQYjfPACTBcYv0x2RAX9DoPlgtlk2Ets4iN/0nurYylF7nWF8uX9ck4++Pmx03Zv18iMfH4H4hxN18VhGpTCt1s2aNfmEzsr1TvWBeGn1SxhT6H5OzPfljPXevIDZXe3LliT/0F5nuG7jxynJVo//SHq6e9OsCAwEAAaOB/DCB+TATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSup/TCXbzSP8mFW765q82Z0lghWzAWBgNVHSAEDzANMAsGCSqCFABQB4N0CjB6BgNVHR8EczBxMG+gbaBrhjNodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9lYWNfc3lzdGVtX2NhXzFfMjAxNC5jcmyGNGh0dHBzOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9lYWNfc3lzdGVtX2NhXzFfMjAxNC5jcmwwHQYDVR0OBBYEFEfp4XlHCgg794JNrcDv5Db1gExJMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEAanSwh94d7WNWA1Y1KrDjo80TjWvlPU4gSazXJlXbVbfwHMW+iJjLHXa1LNA5TGq7QPlebL6Cl5RWMRL6Nbt2nFq9lbUUweIF4A+91p5OytcCyHzrWCfbIyh13qqn3KTMTi/cgOsykUqP2cD6mgqWw4NiEPYDr3HuwsZZDCjkvtmbMbxa/6UE1FYLDNxX3ftJHVBhMpdP6/v57i2KFIzA0F/vl2EewFjnTzbYGqFEDZVfs+OG7T56vesSDQklrPdyikysTAm1PhDECU6XNU6kewrqLSIN4lAmEKunEaisc4MpP20TMQLvAv4tKBBG9PgaltVrIVDK8kH33AOYAHqzmw==
+demw_tls_client_cert: MIIFjTCCBHWgAwIBAgIDJ4ADMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNTI5MDgxNTA4WhcNMjIwNTMwMDgxNTA4WjBYMQswCQYDVQQGEwJTRTEQMA4GA1UEChMHRElHRy5zZTEgMB4GA1UEAxMXU0UtREUgTWlkZGxld2FyZSBDbGllbnQxFTATBgNVBAUTDENTTTAxNTY4ODU5MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPCCeZXVjgFjq7GsmUpGnpBwHwy3EkZHPwELcytqjfuGaKw/+VYZ9Aad25pwZJiA3mebsBLA4tjGQcA9X5ZufpD//thFiGz1rb5dzkcc2jjzsgDyV4xx++IfKonubfVvESD6LqOQ/vPXj9R0/BDEgNTDt1Nw1d9z2cSgHTp90hyt91bCSOpDz9df4RPNkEKUB4M3Btketw4/TjdhV43/85c135k4DyqaQ+5qGMKyYlR7Z9rHAwZMFOD/bEC7DzhM5nU5lqVntHU7CaSE61Is+vjcurOYBjel5EmnbOjCVkdoODTdgNORgZzYDGr/s9kBGhVDDVrVKETSEpk5HAmoCQ7ONAJ5ztyNJ0Tfkctq+nTps29xBKUUIiudKETdWKyCWenDFIo6igxIx8qiAPEvsentYtyFka+VqQ4RsE7ABSTw9sd7jt2/CX1/JmKVHB0cpYIjQWXl6K8PsOUyTjM25Sy4VmOJncRXvb04wnojLXi7eGql2S/4j2KUEDIA1z1GnKoyjyqvKnE+XjmYS8E7+qEQssae+eqK/dLrTOpWRjjGqIjJz2Wc49FzaYQd/iv/QwWB0x2b5alwUi5UOunIY5Vl2WLgbnulXyC0h7cpLyCTNgUu9DF14mXMpwnnKSS2ycS41wmhLB3sV+7RxQwA8TADikj2tu04IDL8GiSOMnf3AgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQURqoBHXfBpDQ1U6xFykmOXRtbNfowFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgeAMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCInRZeV7OBJusUKVX3UAwnUe/kBnlI743GkGmVBziI5CLhsyaHvxrSD+YVMttSk+EayYIIHK1htOsIY8qkv0R/e3OkrlWkHR9fyyz4vg0K0LQOAJjtGZ0gj3PBd4JIFCL1nxiQpbnLdR5p5+jjdI5dQ7sVhinXlbgBih2LrSYshcAi3otd3h9QY6BrifKgqYFlJHq4sKsf0Ri7a6+/BmHdCOMhmpFTbw6+NLe2tQrvtje2q7MZ2/EJHvpJB58BKbbzN6w0akBTVzNROJXht/sS0EOYeHYUgOvy2Q8WAKQCTU5wSB8Of+9mfM8QDA1Xzrlx1t9b/JMkb20Tf/6yNHw1

demw-common/overlay/etc/luna/cert/server/CAFile.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRYwFAYDVQQKEw1DaHJ5
+c2FsaXMtSVRTMRQwEgYDVQQDEwtzZS10dWctaHNtMTAeFw0xNDA1MTMwMTE1MDha
+Fw0yNDA1MTQwMTE1MDhaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlv
+MQ8wDQYDVQQHEwZPdHRhd2ExFjAUBgNVBAoTDUNocnlzYWxpcy1JVFMxFDASBgNV
+BAMTC3NlLXR1Zy1oc20xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uEOQnpKAiWov+y5tzljds8FXZ1/u4K5mVvt6uT+uC9TyzleQ/Mvy+s96hgv32CH2
+Wb1hbnVoOg/r5cxaplmLtLAy4KQPEmEfYsoftGXc+sNhjNQaP7Sv+PVJooFEEvxP
+sicnHK2Iw0+2I5yYfnNe2k1L0Kl2EJWLS3tq2l6w6RPD/ldf21lXmB+RE7j3QEx/
+ALqLuqbiyg8tR6iamTQBM9IotG1jBIh5InVStZqV9bzyLIebNUjkyta2uCw4RCcM
+lxJpLm7HOpuDf4iLVLW5BwRLJMHBoHJ5hK7Rw9vpwUhL5ujwZ8ugiYwiYtgXUuia
+b8WgGuo5zRNA1Zm2TrvNqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3/xEbq4gP
+sOrH66HHToRUoGvkD90uhYwinYNmE7KBTAFhvbnlCeOcQGo88DoVZgkYJNLpMD4K
+bhyyyNcVVt6UYHzt00N5XfuqwEy1C1QqZaeNZiyADvLLBftjym/VHth70Eu5WjHo
+f02uDEU3DkaWuFRrAqBGkkFLJwrNua0qr1vnqe5LBipOCkXPSCAUYW5iJmESeolD
+BzA3AP1ykXh7HvrinY4zeALleFAJ6cur6qXkpe3B4h/s/vT0IMvxTZzDVMz3i4Pd
+jKFAV6RbM4jygP3LNj4XseODrZj5IM9O/WEjbv8J/E7E9ON05oWDkQbZwAvklaXF
+9ez3C8WAI1q+
+-----END CERTIFICATE-----

demw-common/overlay/etc/luna/cert/server/se-fre-hsm1.sunet.seCert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRYwFAYDVQQKEw1DaHJ5
+c2FsaXMtSVRTMRQwEgYDVQQDEwtzZS1mcmUtaHNtMTAeFw0xNDEyMDIxMzM4MjNa
+Fw0yNDEyMDMxMzM4MjNaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlv
+MQ8wDQYDVQQHEwZPdHRhd2ExFjAUBgNVBAoTDUNocnlzYWxpcy1JVFMxFDASBgNV
+BAMTC3NlLWZyZS1oc20xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xHF8rOA8N1TAoo9KE1PPRThOppYyHwGZmhWccpu7uGFBBL8sHozCUvhdJq1IJyks
++OCKeu8ai5bHFLK2HvSiwqKD1W+AMoUr3EmA21J+vmybiBDyMi7hiRuimjRGMQMh
+f4LCRbIr53jz499KzexO7xZruEyUbB4Dfl1KOOVvPm0WFXiuj2fV7vyFb+B3U/A6
+v1hS4KAAv4+hq3ZEXUaLzpzZr/MPrrNBfda4PwhOkNm+5qNFuMCzPhEc9IO6fQEo
+kNO3DuWKwi424thIUJxCLbGLF2V4AdL13CxZOLRWPK631MhcUzZVbgIxPPTxueXx
+ogwA9QS6tR/hO1xMmqYgHwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBQHNJK6qU8
+dSbqUOs/2hHMdgWLXaCtxlqiLE+IQ8gQ3Of8EAIXSAiucmp3lxgCzJSqCTHLybnH
+/LGS2GbBstxFUdNoZR3+tAtWonQeR08I1oa/b6vZ8VSTvXnnxlCjm/BRD6OqNkCc
+f4Ran2nmzVwFyNwv+fgn97cfq9oLgMOtW2hMtToegOF2nF1mvG+cs0t0aWrNrmKS
+qj6tTr6REOdczrhQA3+SKhO1GyP5w1re0NsyzUecCgOPRm+sbwVg+fb5pTDTOkQa
+S3whqFAx9MHVQHglKlLXLGXSCakc2Kg4USu+W/ByzTJUiy0yCZWpzy1p+bgY6VBa
+Ypdn2oG8USY6
+-----END CERTIFICATE-----

demw-common/overlay/etc/luna/cert/server/se-tug-hsm1.sunet.seCert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRYwFAYDVQQKEw1DaHJ5
+c2FsaXMtSVRTMRQwEgYDVQQDEwtzZS10dWctaHNtMTAeFw0xNDA1MTMwMTE1MDha
+Fw0yNDA1MTQwMTE1MDhaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlv
+MQ8wDQYDVQQHEwZPdHRhd2ExFjAUBgNVBAoTDUNocnlzYWxpcy1JVFMxFDASBgNV
+BAMTC3NlLXR1Zy1oc20xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uEOQnpKAiWov+y5tzljds8FXZ1/u4K5mVvt6uT+uC9TyzleQ/Mvy+s96hgv32CH2
+Wb1hbnVoOg/r5cxaplmLtLAy4KQPEmEfYsoftGXc+sNhjNQaP7Sv+PVJooFEEvxP
+sicnHK2Iw0+2I5yYfnNe2k1L0Kl2EJWLS3tq2l6w6RPD/ldf21lXmB+RE7j3QEx/
+ALqLuqbiyg8tR6iamTQBM9IotG1jBIh5InVStZqV9bzyLIebNUjkyta2uCw4RCcM
+lxJpLm7HOpuDf4iLVLW5BwRLJMHBoHJ5hK7Rw9vpwUhL5ujwZ8ugiYwiYtgXUuia
+b8WgGuo5zRNA1Zm2TrvNqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3/xEbq4gP
+sOrH66HHToRUoGvkD90uhYwinYNmE7KBTAFhvbnlCeOcQGo88DoVZgkYJNLpMD4K
+bhyyyNcVVt6UYHzt00N5XfuqwEy1C1QqZaeNZiyADvLLBftjym/VHth70Eu5WjHo
+f02uDEU3DkaWuFRrAqBGkkFLJwrNua0qr1vnqe5LBipOCkXPSCAUYW5iJmESeolD
+BzA3AP1ykXh7HvrinY4zeALleFAJ6cur6qXkpe3B4h/s/vT0IMvxTZzDVMz3i4Pd
+jKFAV6RbM4jygP3LNj4XseODrZj5IM9O/WEjbv8J/E7E9ON05oWDkQbZwAvklaXF
+9ez3C8WAI1q+
+-----END CERTIFICATE-----

demw-common/overlay/etc/sunet-reinstall.keep

@@ -0,0 +1 @@
+/etc/luna/cert

demw-common/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh

@@ -0,0 +1,44 @@
+cat<<EOF
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
+    <ServerUrl>https://${PUBLIC_HOSTNAME}/eidas-middleware</ServerUrl>
+    <sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
+    <sessionMaxPendingRequests>500</sessionMaxPendingRequests>
+    <certificateWarningMargin>200</certificateWarningMargin>
+    <TimerConfiguration>
+        <certRenewal length="2" unit="11"/>
+        <blacklistRenewal length="2" unit="11"/>
+        <masterAndDefectListRenewal length="2" unit="11"/>
+    </TimerConfiguration>
+    <ServiceProvider entityID="se-de-middleware" enabled="true">
+        <EPAConnectorConfiguration updateCVC="true">
+            <CVCRefID>se-de-middleware</CVCRefID>
+            <PkiConnectorConfiguration>
+                <blackListTrustAnchor>MIIEMTCCAxmgAwIBAgIDGMKjMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAkRFMRkwFwYDVQQKExBFQUMgQW53ZW5kZXIgUEtJMRQwEgYDVQQLEwtFQUMgU3lzdGVtZTEdMBsGA1UEAxMURUFDIFN5c3RlbSBDQSAxIDIwMTQwHhcNMTYxMDI2MDkzMDEzWhcNMTkwNjE4MDgyMTM3WjBvMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxEDAOBgNVBAsTB0Fwb2xsb24xIzAhBgNVBAMTGkJDQVAgRFZTRCBCbGFja2xpc3QgU2lnbmVyMRMwEQYDVQQFEwoyODAyNzkwNjkyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuG9IgN0IGk8eyjDw8tBOkRQiuN6rK/GAh5uE5XD12Nw8QBzdOWaj7c6uzS36BTkb7WhsfQaBPO89Z9de4bBmk8U4j3nRK1stAIchKcfTLqPjVknisZhlNh/TBjDtZ8yxk/SeFmszALA2pNd14vMwuvXjvkLreP9nZmuc8v35JUBPE/YRJpM/py117t36Hy4z0e8uPBnexVp2pTS/lgJx5J79Cj/9BltA0u/WwsSH2BNaARqDY5++73M9+WX5+8pdmswYpCK3LiNVv1u7VlbVajByrMZvpDGPu2DF+IFmENHTlAVUyiWTjZtjq62xM5bxW/dgXg2cWxdhkMGsArB5QIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFK6n9MJdvNI/yYVbvrmrzZnSWCFbMBYGA1UdIAQPMA0wCwYJKoIUAFAHg3QKMHoGA1UdHwRzMHEwb6BtoGuGM2h0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2VhY19zeXN0ZW1fY2FfMV8yMDE0LmNybIY0aHR0cHM6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2VhY19zeXN0ZW1fY2FfMV8yMDE0LmNybDAdBgNVHQ4EFgQU8csAobRtd+DNeQNuvCmF7PXeBjMwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQCgNtj2JidGISyuIdLCaL9xRZmBDGV6fT8Rqzl8DigKyO5fdkrKvfpeTOK983VkiX0v652hfYFl+7JwlgV5g9Daql9aAiw35Qti68Fpr3mIwkZAn/Ee2ZDFVUQBQi1Ka2NKpANniFtldwWnbRORH4OA/KKI0IDmRpe1bkkYvYyvmCwswu3Sb3++8x1c3HRJRdPrSYgTKz6Gi311YR03XI/YJy+4wIpbUY24g4J2ZwND0Q5axJ6qrXO/v3iA+6VMgF+JGlb/PLLy2+RsFQFL5hDIDi5ONcFB8jIc59onvDlLEv0TlvM19iGcL/mvJOlBHO756LNedjg6fHpOhRLR9IaZ</blackListTrustAnchor>
+                <masterListTrustAnchor>MIIEHjCCA6WgAwIBAgICAJkwCgYIKoZIzj0EAwMwTzELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEMMAoGA1UEBRMDMTAxMRUwEwYDVQQDDAxjc2NhLWdlcm1hbnkwHhcNMTYwNzA1MDg1NTAyWhcNMjcwMTA1MjM1OTU5WjBbMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQ0wCwYDVQQFEwQwMDI3MSAwHgYDVQQDDBdDU0NBIE1hc3RlciBMaXN0IFNpZ25lcjCCATMwgewGByqGSM49AgEwgeACAQEwLAYHKoZIzj0BAQIhAKn7V9uh7qm8PmYKkJ2DjXJuO/Yj1SYgKCATSB0fblN3MEQEIH1aCXX8LDBX7vZ1MEF6/+f7gFXBJtxcbOlKS0TzMLXZBCAm3Fxs6UpLRPMwtdm713y/lYQWKVz34c5rzNwY/4wHtgRBBIvSrrnLflfLLEtIL/yBt6+53ifh470jwjpEU72azjJiVH74NcPaxP2X+EYaFGEdycJ3RRMt7Y5UXB1Uxy8EaZcCIQCp+1fboe6pvD5mCpCdg41xjDl6o7VhpveQHg6Cl0hWpwIBAQNCAARWreEnBitecKA7VBgYXXS9Vij2ASnm9Fg/5aDMe7kIADBJp68bP4M4p/N1yu4Wbwstnt4eux+8fPRsa8rPDuIro4IBhzCCAYMwHwYDVR0jBBgwFoAUwXupFfdc3dJrPWCaI1TeEu4/DsYwHQYDVR0OBBYEFJZYZYol4GeYB9BcN/HSOWZFtJx3MA4GA1UdDwEB/wQEAwIHgDArBgNVHRAEJDAigA8yMDE2MDcwNTA4NTUwMlqBDzIwMTYxMTA1MjM1OTU5WjAWBgNVHSAEDzANMAsGCQQAfwAHAwEBATBRBgNVHREESjBIgRhjc2NhLWdlcm1hbnlAYnNpLmJ1bmQuZGWGHGh0dHBzOi8vd3d3LmJzaS5idW5kLmRlL2NzY2GkDjAMMQowCAYDVQQHDAFEMFEGA1UdEgRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwFAYDVR0lAQH/BAowCAYGZ4EIAQEDMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYV9jcmwwCgYIKoZIzj0EAwMDZwAwZAIwSzwRiGekt9rljYvU2gaXdYx5GhZiTNpC6PpZJGWWrhsKN+e7n1Ey6ww63slw9AZKAjBFFEdWWSjQ29cMPxRfG8g2xr9coom4eJ1YbjVPqiFQnBewmKpObWQ6ap9RkusO1Gc=</masterListTrustAnchor>
+                <defectListTrustAnchor>MIIEHTCCA6SgAwIBAgIBWDAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQwwCgYDVQQFEwMxMDExFTATBgNVBAMMDGNzY2EtZ2VybWFueTAeFw0xNDAxMTQwOTM4MDlaFw0yNDA3MTQyMzU5NTlaMFsxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARidW5kMQwwCgYDVQQLDANic2kxDTALBgNVBAUTBDAwMTUxIDAeBgNVBAMMF0NTQ0EgRGVmZWN0IExpc3QgU2lnbmVyMIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAqftX26Huqbw+ZgqQnYONcm479iPVJiAoIBNIHR9uU3cwRAQgfVoJdfwsMFfu9nUwQXr/5/uAVcEm3Fxs6UpLRPMwtdkEICbcXGzpSktE8zC12bvXfL+VhBYpXPfhzmvM3Bj/jAe2BEEEi9Kuuct+V8ssS0gv/IG3r7neJ+HjvSPCOkRTvZrOMmJUfvg1w9rE/Zf4RhoUYR3JwndFEy3tjlRcHVTHLwRplwIhAKn7V9uh7qm8PmYKkJ2DjXGMOXqjtWGm95AeDoKXSFanAgEBA0IABDxxoiI6RiEjxED83XfpG5/vrX5QE20ytOcTQFXtpEaCmOQrxCEhWQRbnQkY30FMT2DkrFg4N2MgARQ/ic7rvRKjggGHMIIBgzAfBgNVHSMEGDAWgBTBe6kV91zd0ms9YJojVN4S7j8OxjAdBgNVHQ4EFgQUvLpFCKT7YNs79ffzmzMSYjLRKOowDgYDVR0PAQH/BAQDAgeAMCsGA1UdEAQkMCKADzIwMTQwMTE0MDkzODA5WoEPMjAxNDA1MTQyMzU5NTlaMBYGA1UdIAQPMA0wCwYJBAB/AAcDAQEBMFEGA1UdEQRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwUQYDVR0SBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDAUBgNVHSUBAf8ECjAIBgZngQgBAQMwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3d3dy5ic2kuYnVuZC5kZS9jc2NhX2NybDAKBggqhkjOPQQDAwNnADBkAjAx3r+Kcp3MwzbPvtxee3BWvLOia/A6cONUZm4dP1HQlrVWhnaXOXGhNeulPkhbXecCMHNSJuIW42v0Ag/anK1V0YTOtmqTm9pEI9IYJsocNCMAKDeCzoPfJ2Qqs0RGh+Lx6Q==</defectListTrustAnchor>
+                <policyImplementationId>budru</policyImplementationId>
+                <sslKeys id="default">
+                    <serverCertificate>${DEMW_TLS_SERVER_CERT}</serverCertificate>
+                    <clientCertificate>${DEMW_TLS_CLIENT_CERT}<</clientCertificate>
+                    <clientKey>${DEMW_TLS_CLIENT_CERT}</clientKey>
+                </sslKeys>
+                <terminalAuthService sslKeysId="default">
+                    <url>https://berca-ps.d-trust.net/ps/dvca-at</url>
+                </terminalAuthService>
+                <restrictedIdService sslKeysId="default">
+                    <url>https://berca-ps.d-trust.net/ps/dvsd_v2</url>
+                </restrictedIdService>
+                <passiveAuthService sslKeysId="default">
+                    <url>https://berca-ps.d-trust.net/ps/scs</url>
+                </passiveAuthService>
+                <dvcaCertDescriptionService sslKeysId="default">
+                    <url>https://berca-ps.d-trust.net/ps/dvca-at-cert-desc</url>
+                </dvcaCertDescriptionService>
+            </PkiConnectorConfiguration>
+            <PaosReceiverURL>https://${PUBLIC_HOSTNAME}/eidas-middleware/paosreceiver</PaosReceiverURL>
+            <hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
+        </EPAConnectorConfiguration>
+    </ServiceProvider>
+</CoreConfiguration>
+EOF

demw-common/overlay/opt/eidas-middleware/configuration/application.properties.sh

@@ -0,0 +1,25 @@
+cat<<EOF
+#Logging
+logging.file=/var/log/eidas-middleware/demw.log
+
+#Credentials
+poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
+poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
+
+#Server Settings
+server.port=${SERVER_PORT:-8443}
+server.adminInterfacePort=${ADMIN_PORT:-10000}
+server.ssl.key-password=dummy
+server.ssl.key-store=file\:/${CERTNAME}.p12
+server.ssl.key-store-password=dummy
+server.ssl.keyAlias=tls
+server.ssl.keyStoreType=PKCS12
+
+#Data source
+spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
+spring.datasource.url=jdbc\:h2\:file\:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
+spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
+
+#HSM
+hsm.type=NO_HSM
+EOF

demw-common/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh

@@ -0,0 +1,26 @@
+cat<<EOF
+#Wed Jul 11 09:28:06 GMT 2018
+CONTACT_PERSON_COMPANY=Sweden Connect
+CONTACT_PERSON_EMAIL=operations@swedenconnect.se
+CONTACT_PERSON_GIVENNAME=Sweden Connect
+CONTACT_PERSON_SURNAME=Operations
+CONTACT_PERSON_TEL=+46105742100
+COUNTRYCODE=SE
+ENTITYID_INT=se-de-middleware
+SERVER_URL=https://${PUBLIC_HOSTNAME}
+MIDDLEWARE_CRYPT_ALIAS=${MIDDLEWARE_CRYPT_ALIAS:-demw}
+MIDDLEWARE_CRYPT_KEY=/opt/eidas-middleware/configuration/eidasmw-crypto-keystore.jks
+MIDDLEWARE_CRYPT_PIN=${MIDDLEWARE_CRYPT_PIN}
+MIDDLEWARE_SIGN_ALIAS=${MIDDLEWARE_SIGN_ALIAS:-demw}
+MIDDLEWARE_SIGN_KEY=/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks
+MIDDLEWARE_SIGN_PIN=${MIDDLEWARE_SIGN_PIN}
+ORGANIZATION_DISPLAY_NAME=Sweden Connect
+ORGANIZATION_LANG=sv
+ORGANIZATION_NAME=Sweden Connect
+ORGANIZATION_URL=https\://swedenconnect.se
+SERVICE_PROVIDER_CONFIG_FOLDER=/opt/eidas-middleware/configuration/serviceprovider-metadata
+SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/opt/eidas-middleware/configuration/metadata-signature-certificate.crt
+
+#metadata validity
+#METADATA_VALIDITY=2063-04-30
+EOF

demw-common/overlay/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config

@@ -0,0 +1,33 @@
+#SafeNet Luna
+name = Luna
+library = /usr/safenet/lunaclient/lib/libCryptoki2_64.so
+description = Luna config
+slot = 5
+attributes(*,*,*) = {
+CKA_TOKEN = true
+}
+attributes(*,CKO_SECRET_KEY,*) = {
+CKA_CLASS=4
+CKA_PRIVATE= true
+CKA_KEY_TYPE = 21
+CKA_SENSITIVE= true
+CKA_ENCRYPT= true
+CKA_DECRYPT= true
+CKA_WRAP= true
+CKA_UNWRAP= true
+}
+attributes(*,CKO_PRIVATE_KEY,*) = {
+CKA_CLASS=3
+CKA_LABEL=true
+CKA_PRIVATE = true
+CKA_DECRYPT=true
+CKA_SIGN=true
+CKA_UNWRAP=true
+}
+attributes(*,CKO_PUBLIC_KEY,*) = {
+CKA_CLASS=2
+CKA_LABEL=true
+CKA_ENCRYPT = true
+CKA_VERIFY=true
+CKA_WRAP=true
+}

demw-common/overlay/opt/eidas-middleware/configuration/hsm/pkcs11.properties

@@ -0,0 +1,15 @@
+hsmExternalCfgLocations=/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
+#hsmPin=
+#hsmLib=
+#hsmProviderName=
+#hsmSlot=0
+#hsmSlotListIndex=0
+#hsmSlotListIndexMaxRange=0
+#keySourcePass=
+#keySourceAlias=
+#keySourceKeyLocation=
+#keySourceCertLocation=
+#keySourcePassEnc=
+#keySourceAliasEnc=
+#keySourceKeyLocationEnc=
+#keySourceCertLocationEnc=ß