demw config for qa

demw-1.qa.sveidas.se/overlay/etc/eidas-middleware/configuration/POSeIDAS.xml.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -x
+
+cat<<EOF
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
+    <ServerUrl>https://${CERTNAME}/eidas-middleware</ServerUrl>
+    <sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
+    <sessionMaxPendingRequests>500</sessionMaxPendingRequests>
+    <certificateWarningMargin>200</certificateWarningMargin>
+    <TimerConfiguration>
+        <certRenewal length="2" unit="11"/>
+        <blacklistRenewal length="2" unit="11"/>
+        <masterAndDefectListRenewal length="2" unit="11"/>
+    </TimerConfiguration>
+    <ServiceProvider entityID="se-de-middleware" enabled="true">
+        <EPAConnectorConfiguration updateCVC="true">
+            <CVCRefID>se-de-middleware</CVCRefID>
+            <PkiConnectorConfiguration>
+                <blackListTrustAnchor>MIIEcTCCA1mgAwIBAgIIDI0LEBD/wRIwDQYJKoZIhvcNAQELBQAwVzEnMCUGA1UEAwweYm9zIENBIGVJRCBDb21tdW5pY2F0aW9uIENlcnRzMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJERTAeFw0xMzA1MDcwNzQ5MjRaFw0xNjA1MDYwNzQ5MjRaMGgxHjAcBgNVBAMMFWRldi5nb3Zlcm5pa3VzLWVpZC5kZTEYMBYGA1UECwwPdGVzdGNlcnRpZmljYXRlMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJkZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9ea6dQveXgc23F7jteqN9L023MpOI7BnqD4YxsrOMfEhHBj1tcr1VpZgxtamhHKEJEqptN5ObotyA/wKqeIBEzLgfLGqMyPqnSyejELRql1KYi+moCgMWNiU5FAfhd29Rgr8rPhPtBSgkO7DQdXzaTQxDxQssUTlK5AifIl/f0+/emGZUknAIfXxgXlNmuSCijAt1qoNkd+VS05unQFYKqb3BfxFQDgHqdmg0caPDvb5KHYuTMGFhmRe3B8lt5ffM+QaIK8q+qTy2rU/4jS331tauGdxDv/JniOV2z5gzut4H42Naek9SPjgotk0ON8B4ZuSZf23pJ9GqRH1v9u+MCAwEAAaOCAS4wggEqMAwGA1UdEwEB/wQCMAAwPwYDVR0lBDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDDDAfBgNVHSMEGDAWgBQFIqk8+KQR/Sta43Lw85czVJlxjzAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFFdqnSDAvZJe8F6/4VbhECPNIZf/MEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AuYm9zLWJyZW1lbi5kZS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwPAYDVR0RBDUwM4IVZGV2LmdvdmVybmlrdXMtZWlkLmRlghpkZXYtZGVtby5nb3Zlcm5pa3VzLWVpZC5kZTANBgkqhkiG9w0BAQsFAAOCAQEAMZaY6wFGQTrb7Ke2cST6ZJrUhs1H70awcWO5abMmFWipwqhaW95oUmZvMFxEZcehKgDej1ltHhwkvcCbhM97+pxNLJWnmwn8fpDn28xkkG1pcnKfz7Nj+Nn66NMFeSU4LCKjmfqhmiqaxk6JHOqHwoG8c2b6X5krVLhhhbTAW4oojmJUhrjeeglPpD60JneVRy1w8qoRaDd5UFaMgwRgi0Nom8qaIcYTZuJYhIRb5sTR2SAVjbpEMwZq3NqczOFTafB6HFsLiHB/6RSBtqAC9KMC9m4LPEQvAWN8+sTltYPio/IoTIUVrU13uzOmxTGmubQx2St/7IBy5m7dlk0WUQ==</blackListTrustAnchor>
+                <masterListTrustAnchor>MIIELTCCA7SgAwIBAgIBBTAKBggqhkjOPQQDAzBVMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQ0wCwYDVQQFEwQwMDA0MRowGAYDVQQDDBFURVNUIGNzY2EtZ2VybWFueTAeFw0xNTA5MjMwODU2MzlaFw0yNjAzMjMyMzU5NTlaMGAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARidW5kMQwwCgYDVQQLDANic2kxDTALBgNVBAUTBDAwMDYxJTAjBgNVBAMMHFRFU1QgQ1NDQSBNYXN0ZXIgTGlzdCBTaWduZXIwggEzMIHsBgcqhkjOPQIBMIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gdH25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlKS0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEAqftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQEDQgAEitE7LDrEMzLs7tPp6pe6BzZJHaThJzm49mUw2x3gKS1iYIeNqXngL5E0sX7MDZZp13dikfbKVln+8k8IiNKrVKOCAYwwggGIMB8GA1UdIwQYMBaAFHD8PNdfzGkLdI7YpGbmsFvP3TmdMB0GA1UdDgQWBBRioyCrfGByzK9GY8va0e1lUoy8czAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0QBCQwIoAPMjAxNTA5MjMwODU2MzlagQ8yMDE4MDkyMzIzNTk1OVowFgYDVR0gBA8wDTALBgkEAH8ABwMBAQEwUQYDVR0RBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDBRBgNVHRIESjBIgRhjc2NhLWdlcm1hbnlAYnNpLmJ1bmQuZGWGHGh0dHBzOi8vd3d3LmJzaS5idW5kLmRlL2NzY2GkDjAMMQowCAYDVQQHDAFEMBQGA1UdJQEB/wQKMAgGBmeBCAEBAzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vd3d3LmJzaS5idW5kLmRlL3Rlc3RfY3NjYV9jcmwwCgYIKoZIzj0EAwMDZwAwZAIwI7b8uJ2wSKDA6YjzLtR9CyOQorXfilVJDVkYkk5zEmVbzA4vLLizjemfYZZQXY/YAjAf6xsMtIIIwJHch1J6Akm8cdjfR653xOx2cLgPCPLOXws3b4Auk2xtolq8YSzD1kA=</masterListTrustAnchor>
+                <defectListTrustAnchor>MIIELTCCA7SgAwIBAgIBBDAKBggqhkjOPQQDAzBVMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQ0wCwYDVQQFEwQwMDA0MRowGAYDVQQDDBFURVNUIGNzY2EtZ2VybWFueTAeFw0xNTA5MjMwODU1MjZaFw0yNjAzMjMyMzU5NTlaMGAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARidW5kMQwwCgYDVQQLDANic2kxDTALBgNVBAUTBDAwMDYxJTAjBgNVBAMMHFRFU1QgQ1NDQSBEZWZlY3QgTGlzdCBTaWduZXIwggEzMIHsBgcqhkjOPQIBMIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gdH25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlKS0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEAqftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQEDQgAEphPfzRAJDfLG1r0JpAJYgdRvKc0DacjGhbxhuEWlMRB1XpV3pKPpVHUuraDEaC4Ru8q2W4etyA4Swc8JQ6jdXaOCAYwwggGIMB8GA1UdIwQYMBaAFHD8PNdfzGkLdI7YpGbmsFvP3TmdMB0GA1UdDgQWBBSFeLqnCPkXciiQQOzwVzQDNiNWBDAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0QBCQwIoAPMjAxNTA5MjMwODU1MjZagQ8yMDE4MDkyMzIzNTk1OVowFgYDVR0gBA8wDTALBgkEAH8ABwMBAQEwUQYDVR0RBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDBRBgNVHRIESjBIgRhjc2NhLWdlcm1hbnlAYnNpLmJ1bmQuZGWGHGh0dHBzOi8vd3d3LmJzaS5idW5kLmRlL2NzY2GkDjAMMQowCAYDVQQHDAFEMBQGA1UdJQEB/wQKMAgGBmeBCAEBAzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vd3d3LmJzaS5idW5kLmRlL3Rlc3RfY3NjYV9jcmwwCgYIKoZIzj0EAwMDZwAwZAIwPAvVTvhJuX0dIyd7Ouv0t03J2KA08JehN+RA6oVU7xvS7RbCLIcKNYqVRnC4eJrOAjB1X89X1lH/0Fq3HH1tKXw3ELw62dBrHeHGsn3kcWNXxYqr5iRobwJru3FPk5ka34s=</defectListTrustAnchor>
+                <policyImplementationId>govDvca</policyImplementationId>
+                <sslKeys id="default">
+                    <serverCertificate>MIIEcTCCA1mgAwIBAgIIDI0LEBD/wRIwDQYJKoZIhvcNAQELBQAwVzEnMCUGA1UEAwweYm9zIENBIGVJRCBDb21tdW5pY2F0aW9uIENlcnRzMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJERTAeFw0xMzA1MDcwNzQ5MjRaFw0xNjA1MDYwNzQ5MjRaMGgxHjAcBgNVBAMMFWRldi5nb3Zlcm5pa3VzLWVpZC5kZTEYMBYGA1UECwwPdGVzdGNlcnRpZmljYXRlMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJkZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9ea6dQveXgc23F7jteqN9L023MpOI7BnqD4YxsrOMfEhHBj1tcr1VpZgxtamhHKEJEqptN5ObotyA/wKqeIBEzLgfLGqMyPqnSyejELRql1KYi+moCgMWNiU5FAfhd29Rgr8rPhPtBSgkO7DQdXzaTQxDxQssUTlK5AifIl/f0+/emGZUknAIfXxgXlNmuSCijAt1qoNkd+VS05unQFYKqb3BfxFQDgHqdmg0caPDvb5KHYuTMGFhmRe3B8lt5ffM+QaIK8q+qTy2rU/4jS331tauGdxDv/JniOV2z5gzut4H42Naek9SPjgotk0ON8B4ZuSZf23pJ9GqRH1v9u+MCAwEAAaOCAS4wggEqMAwGA1UdEwEB/wQCMAAwPwYDVR0lBDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDDDAfBgNVHSMEGDAWgBQFIqk8+KQR/Sta43Lw85czVJlxjzAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFFdqnSDAvZJe8F6/4VbhECPNIZf/MEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AuYm9zLWJyZW1lbi5kZS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwPAYDVR0RBDUwM4IVZGV2LmdvdmVybmlrdXMtZWlkLmRlghpkZXYtZGVtby5nb3Zlcm5pa3VzLWVpZC5kZTANBgkqhkiG9w0BAQsFAAOCAQEAMZaY6wFGQTrb7Ke2cST6ZJrUhs1H70awcWO5abMmFWipwqhaW95oUmZvMFxEZcehKgDej1ltHhwkvcCbhM97+pxNLJWnmwn8fpDn28xkkG1pcnKfz7Nj+Nn66NMFeSU4LCKjmfqhmiqaxk6JHOqHwoG8c2b6X5krVLhhhbTAW4oojmJUhrjeeglPpD60JneVRy1w8qoRaDd5UFaMgwRgi0Nom8qaIcYTZuJYhIRb5sTR2SAVjbpEMwZq3NqczOFTafB6HFsLiHB/6RSBtqAC9KMC9m4LPEQvAWN8+sTltYPio/IoTIUVrU13uzOmxTGmubQx2St/7IBy5m7dlk0WUQ==</serverCertificate>
+                    <clientCertificate>MIID4zCCAsugAwIBAgIIdq/dlyQqL9wwDQYJKoZIhvcNAQELBQAwXDEkMCIGA1UEAwwbR292ZXJuaWt1cyBSb290IENBIDIgZWlkOlBOMRYwFAYDVQQKDA1Hb3Zlcm5pa3VzIEtHMQ8wDQYDVQQHDAZCcmVtZW4xCzAJBgNVBAYTAkRFMB4XDTE3MDQxMjA5NDUyN1oXDTIwMDQxMTA5NDUyN1owYjEfMB0GA1UEAwwWU0UtRUlEQVMtTVcuY2xpZW50LXBraTEaMBgGA1UECwwRZWlkIGNvbW11bmljYXRpb24xFjAUBgNVBAoMDUdvdmVybmlrdXMgS0cxCzAJBgNVBAYTAmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpvhTOpd9x+AbPoNDwrVwjoEJFHjCjsW7n8t/hr1gIQWDu9wDQcuTea+GkFVPL1ghYc0dUeXOFnCXYQ5PcoUVlCZay8L+TuCMC6dsXO66HIIpYNhe+wE/KpY450mD/eIli6vAA5GS3+RU90ottjKw+njuDiFMkO2ExzYG0F6kI+rggCD23SwKj5ZwlpPeLGtvZDHGbmdLb2EOa5hRBjp1469E1izwbg6AX0PH+Qf5ghdI3dhIFuc6epOsYLOy164Ueo0RkUJ5zTu1ErnYYAGhbId9smy4bXfEX8ovokQg8MqeGhfUqA2q+0AJYuANJfwQawkf9uoEiUC72EbhmGKawIDAQABo4GiMIGfMB0GA1UdDgQWBBTkSDBlsQSEOtEqfVMEp8ThYMWZRTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPdDHK1itiL2tkVdoK6v8vJsSC5fMA4GA1UdDwEB/wQEAwIEsDA/BgNVHSUEODA2BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBgorBgEEAYI3FAICBgorBgEEAYI3CgMMMA0GCSqGSIb3DQEBCwUAA4IBAQCGnuozL1NSEWOEUdqg6ws52PDWzz2BY59RN7f/YX7KnIH49xhWAP3xd8ZRzbPKBJEfFF7OVHSrzPLYjNCcfsbROHZxb41N+tltpakrGOAUSVgy+l7Wn4H8NrItYpBB/EXlBP1Xg7DYEFn+qFNVkO1TEAgQMqqPz1WDawnDvBbmXEKLTcImvQnMzx8BjP4oyY8isTSjXT4vqqJqtkd42RKItZ8HMm/X7tM0O8agfuboZuWVTk/gJZh3MsP7u1fHZ5YOhK86qAEAKfUSOR48gE8oQfcpLeO+J/I5KprzLa1bcGIE3EDVlfud7eM2rMU5UwJVAPsXmsF9OIReIx7J4w8M</clientCertificate>
+                    <clientKey>MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSm+FM6l33H4Bs+g0PCtXCOgQkUeMKOxbufy3+GvWAhBYO73ANBy5N5r4aQVU8vWCFhzR1R5c4WcJdhDk9yhRWUJlrLwv5O4IwLp2xc7rocgilg2F77AT8qljjnSYP94iWLq8ADkZLf5FT3Si22MrD6eO4OIUyQ7YTHNgbQXqQj6uCAIPbdLAqPlnCWk94sa29kMcZuZ0tvYQ5rmFEGOnXjr0TWLPBuDoBfQ8f5B/mCF0jd2EgW5zp6k6xgs7LXrhR6jRGRQnnNO7USudhgAaFsh32ybLhtd8Rfyi+iRCDwyp4aF9SoDar7QAli4A0l/BBrCR/26gSJQLvYRuGYYprAgMBAAECggEAKoGJU9yLe8+lU3M4AAl7KkHZ25HmSpwRLPqwogC89xLUtmXTTeOsGCfzK/ePN/oMFwq5OduUy2CyypxAYFrLhK7/nCTaytrnBwMs8zsDkMsnGJ270MsAMyVMekmgtHZnImvMjy6UUOVehDsVx9WZDC4uuMWiUI1zJ51wRo64c1rTVKqJZ6u3MsOX2gMcFZJZTnJ394P04rnlTS2Jdb45NS6o4zPnGGnLbR2TtW0p3I0PnRbC2tbeP5p06QdgkP6LazAg5b8yGP/SfGmu1whvZLEJmunDH/npsTlQdwX7Z1bWaAOtvCirIByBFOgD6VEqX2cUQKPu8AOPZTvJpkB4gQKBgQDVuCEc5Oq+ZeqzrZYp3lTBZL92YrA0Y3o22dYO/+wuGJ4Md4YMpIR8KTbmNtf2ia95TBX5MBr+Eso4SjFI5Y0x3IL1u1kcivnjHMfyteSxlhcVkXh+4Ox3MWjmxnDl/o2mJM3981dZLiTp+Yu/Iq50EF8QbVlo4zGRJuNK8KFlQQKBgQCvnO25F2y8nAudKtXgQwnubK4Jl2PH2KDHAeZutDhjXwOvkrfMEPF06rR+C8hVsM9zMReMRFq+To3DmwmOTMOTPA4QxtI5DH+oNzuqtSDiNj0U7SIgx9l03/qkbNF3t1a3vc8yovsb3FcE0Cp6vI9JqUkKiYbK+s3IMCndwtDoqwKBgEkYrAKk7QDn/MktktGJIHXwzmdgQ6H3cCJ4iPUiZRYzB0N+UdPbJREOS5+bnGvPFbwn4NAUuvaxWIa+IXMsSAmIwSXoyQaxJdyeyGhj++8dRZHz6kGDDn2J4bYkoxKW6L2tkuLLqtFureN0nW5nH0HFI66Lp+vu4NIjedP0z07BAoGAEX4QL9+ldSQWBBHAPBZxZs5sh4gM6FsrqKcHzP8mnr9YHqT+qdUGOB8o22VRDzgNcevx7IbigxJQDKvkx8fds0zIGeO0DPqxvI/D4b0pCV9dtjforls5zeqBjN9J/iLFAIhnmyOg36WTBWe204L0wuGZ5PLN+moBFW+2u+Ar7wECgYEApP+PJPSHrYfNg56mdanPHvMUtdOQzssEuRtVjemoILDnXuD4ZDcjWJAbEMCAqJMYq97KOrfKBHwb5sXHE4lwIZdogyu/7sBOAVpr4pr8mhpbF98g3NbZlndXgCptlvj7fgG3Ekw5pk2rSSqfrly3dXFYH0VNSL5i70pA5QY0hoc=</clientKey>
+                </sslKeys>
+                <terminalAuthService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/ta-service</url>
+                </terminalAuthService>
+                <restrictedIdService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/ri-service</url>
+                </restrictedIdService>
+                <passiveAuthService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/pa-service</url>
+                </passiveAuthService>
+                <dvcaCertDescriptionService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
+                </dvcaCertDescriptionService>
+            </PkiConnectorConfiguration>
+            <PaosReceiverURL>https://demw.eidastest.se/eidas-middleware/paosreceiver</PaosReceiverURL>
+            <hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
+        </EPAConnectorConfiguration>
+    </ServiceProvider>
+</CoreConfiguration>
+EOF

demw-1.qa.sveidas.se/overlay/etc/eidas-middleware/configuration/application.properties.sh

@@ -0,0 +1,14 @@
+cat<<EOF>/etc/eidas-middleware/configuration/application.properties
+logging.file=
+poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
+poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
+server.port=${SERVER_PORT:-8443}
+server.ssl.key-password=dummy
+server.ssl.key-store=file\:/tmp/${CERTNAME}.p12
+server.ssl.key-store-password=dummy
+server.ssl.keyAlias=demw
+server.ssl.keyStoreType=PKCS12
+spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
+spring.datasource.url=jdbc\:h2\:file\:/etc/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
+spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
+EOF

demw-1.qa.sveidas.se/overlay/etc/eidas-middleware/configuration/eidasmiddleware.properties.sh

@@ -0,0 +1,22 @@
+cat<<EOF
+CONTACT_PERSON_COMPANY=Swedish E-Identification Board
+CONTACT_PERSON_EMAIL=operations@swedenconnect.se
+CONTACT_PERSON_GIVENNAME=Sweden Connect
+CONTACT_PERSON_SURNAME=Operations
+CONTACT_PERSON_TEL=+46105742100
+COUNTRYCODE=SE
+ENTITYID_INT=se-de-middleware
+SERVER_URL=${SERVER_URL}
+MIDDLEWARE_CRYPT_ALIAS=${MIDDLEWARE_CRYPT_ALIAS:-demw}
+MIDDLEWARE_CRYPT_KEY=/etc/eidas-middleware/configuration/eidasmw-crypto-keystore.jks
+MIDDLEWARE_CRYPT_PIN=${MIDDLEWARE_CRYPT_PIN}
+MIDDLEWARE_SIGN_ALIAS=${MIDDLEWARE_SIGN_ALIAS:-demw}
+MIDDLEWARE_SIGN_KEY=/etc/eidas-middleware/configuration/eidasmw-signature-keystore.jks
+MIDDLEWARE_SIGN_PIN=${MIDDLEWARE_SIGN_PIN}
+ORGANIZATION_DISPLAY_NAME=Swedish E-Identification Board
+ORGANIZATION_LANG=sv
+ORGANIZATION_NAME=Swedish E-Identification Board
+ORGANIZATION_URL=https\://elegnamnden.se
+SERVICE_PROVIDER_CONFIG_FOLDER=/etc/eidas-middleware/configuration/serviceprovider-metadata
+SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/etc/eidas-middleware/configuration/metadata-signature-certificate.crt
+EOF

demw-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc

@@ -0,0 +1,116 @@
+STATUS=UPDATED
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2
+
+hQEMA1PlR0Y1Lqn6AQf+OZncWhGSix+fjcZnPuM9YIQ5yNzSGJITlbaOWlmNC97L
+xrHMNYpH3tRswAh2+7/on/TMyLvfBLRTEzFo6B+9KXu7RWfTrPfM5JU82By+nJEu
+Drlrhhn6YlNRF5X0A1R+ufUyla37zCIoCqV5XfMAL6NKVRKuCuoZRfJ9ZW/qonzR
+0pz14rCGNoIeUkMS/2kztkTkQEQor5rIex1ED+VqluW1moj+UvJVzugy0IYGvCxa
+qrB9cZj0dFVhUqyhz4tLlClr4FmLx1nl60L1VOELJ+86KQUaN8nK677xs+tkYC68
+uMWgTHiB038uVECnYsmpQCJMKwiTcPCG/TgWAY2i7tLsAUAO5TO1FujyEzjxgMJj
+hqHLonPXMb8hspuj7B0gUGpcVU+myqUNjkVrdTSD8A9SlOI2Pq7bquKAb120XpAL
+XFNf0uYQe/QnZjsy+ngixj9dnXkJeGbZSetHBnqDgRCCz8VpC8OTYowff1MNF+Kl
+CbBsDD5oDaJFHHHSV7Mj+O19th23WyjygV2CUgHO5zTpUblrthRar+sLEjgbZ/0v
+xMw8/HmugwkL2LVKUsbXell55uOyryaxkKgKAcScseF3q8gUte22SbQRw5nOi/BK
+LDD5MISmORW7fZbjA4LEEydtmtONDVXDgJpCJnGR0k2O5A2LaVbm9uRIDWIAUk1K
+hMyjAQRk48MB6B8m1W5qnoR6gmmcHnJWKDR0hOsgwweY+/hc0F4+jzDOdmNbgqxK
+uW4Z0E6gyD8+7wehWCWPJDP3s6SrBZ9943DS29sOk0MO1sJnqSJmZOswh1dwowZL
+KsMxT79LXwUhCL/ZVLt2vCXxrll9z+gF4hObRXYCr3gkgZ6guv9yi+7ybVzSs//K
+z5aNlqPSQZoTgY1y7DWLbcHc8VdaLqzxpxnEi3SjAQD7CIlis/z9i/YX46CV4SH9
+8ATjrHNYukL73klYf2t8MHELKdbiU9ctzPA/nbKDj7Fn/rj6OTTvlWWTrSQpayU7
+9br8EGfaEK8+w1H/HCmC+XiWGnFiC6d2NuycpWk7F/WvzrOKNPtFVYet8bvTFbdH
+UKCZ0KnrV5nIN2+aj94L30YdQvyo+8gVxu+0YmE6gGRgrvQTG01N4cYbmqbNmMs7
+jhGdVb/X5l/pWDRMFGDiGu+CtzvuluJnEMWWezt7t/KAW0wmIS7Qt0hHh6dwwI0o
+uvwAOyITbIcKiuUfHZg1jg6h/NEBqDrdQlCrHwVcFj6iju/HTsi9fH4l54Ev1zzd
+cBadlq26huYP3Ott8SH7L1PDqvXizPImDkVr4u/oh+PLRQSa/0OlUD/25CAITVCi
+swdfh88uM56mSBrPFnjxgQYZAlj1xNfjKYKIh6+fvjbjaaodUx8oYQJvzzthTgY3
+uNaYkIphDKWiw8Ao+GP93Xri2Ga6J5kOdiQB16PerUJPIeQpYs2PZLvRdfqE7XmZ
+6v8Sp4wf34JkcCgWwsort1vEN2VAboPECjQ5BLEbqWi4AZvpxEYOKVcGXXS6sGcL
+E2lse72DvIjFNHInHFLbe0vH23x6LMNWpCiSV7kEFfoMVHzb1xnosowfpNNGcVfh
+kwjlV5N/S9IirPeBa073LJZoh7GAoeddwcKEwWuYxXKFWSr3KI0FnefXqrD2prT0
+Lgip2PozjO4aIiqNKAeEcXuw3FY0XfAjJPiwC87JDH1mUkAd1aKqgwZvcdyJMuWm
+xTh0Ul4Vkp/pVVCNNVpl79Qxw2+/yJ8ho02HY4uUKD0rSf3h34McP9lr8oZs/a/B
+IZ/6UxhvR7a72zTjjNl/ESfXYwHrJbnki4PjsZnwaZmGEgLgmYzfmI8LFqXlBYvA
+OZ0wwGeri4+BFUIOyYJBwjdj/CNKPl4ErA/dvCP5wpAgsRvWU0VwjaoakAL8fmgN
+Zno/TrEgi8Vehiv1ZlCgJ9MqjoVArvM7f5roZU6etylN3bGzKZI/oHGfpJcz1Z1d
+oSeSQpDI+TPFteE2r4MyqYSBUWzzMXGow9AbvbGqODUvh1cOHRfDGijrZZ3MNBGh
+bJ/rYikgOG6utP+IffptekqIYgToLSCKShHIhjVlRkaXJCyFc95WzSP4p7STjQVs
+BlY+KBU4k8DSCGLgcvv+mCgIEMFbQceGe1l80QJ8VTvxt6QYM5iK8esmYyhzPFie
+xOmciLVtVcZAS6feWKm8nJ51q4d8JBxCvDe+1jIA2G9cILzb6ByeuiHSe/UiV/25
+gmv/bf7Uisof8q1iKMLBlFWu4BP77oPbhOPpxvO71L15MNpYjZyZa/+ZZk6TB4pa
+Yw1Klqt8PsSCXX8qIdXaMZC3rELHxoaren4hDuh3rX5nkaTbsE6hwDXi1IRZjy8m
+zj5chpLe8Ce/dhd2bgd7uwqAET21am3bKLX/Z6qttTRWGZCFpUDappGrXkLbgQmx
+JxyKW0UiM7srMNrxGJNYe5x9+txI/f4N5bNjpsFUzSh3FOuBE2osmkPqI9luKZ/c
+VWZbl0a0cHDAhfFWDMxShptcw7ac7pIaET3VV10U+b5MyIZSbalOysTmg87nB+Xl
+f4AUvTGHEfzctzwajL/oS1Xg5iwzGRVM2IOrcLpCxNWTbk2pGXvRog0HZMb35gV4
+KWvFxguY82YDu/TsClrJja0kBZLxqtSdO/Rmklu+cRSaoqWqbgR3KDZCjC8H1uZ1
+t/g3E1Qsj2vFFIrVRnmU6VLDY3Gfyz8FCihxqL/SLhoAJpiRqyWGMBYhUQk5j2HY
+r+4gYA92FI5ehL52HcArUdAS3dtbQeyPrwQdaCdLjSPBuWPxlsaKEazTEgf8hxuY
+lVCGQ+Hkrlr6WjN+8qswpdPGKHB+fUnPAfqejfa+2n7S3kFRhwfMj3qmbuP6iToH
+LVHpNn/Cr+eOL/5xVW+Mf8X5PNKXD2HLmKeq8rQQjLWzEyuIKyNNUwy+PuEqIQnS
+ZTWGtU33U4zNBv37DVYFyAZPyOoSWz7w3WpQWYWSu/Tljqqs4HBHcooxEjjhS+IV
+3ATy6vpCJbpm5OWprBa9RZZXF8wjHtiqMiEWcQJJTcpH98gI5fLx/lkZ8BHNPPGm
++yfjBZsjtqw/u4tM37UghxRuM4L5T9nRcBcXNt2d2nnLC8X5rDUt4uPmbpxhFWC/
+pAq/wdvtjilE8wq0qUrqYB9QTwgGX8X00KqbAa3/ruJbEHE3pKvvsEpapRYVr+w1
+1Py1+UN2cQmHL97Mc6lmtGIuHQ66CuTUXH5t/PYU+PF+333hzWnfEuIYPx7e5/hs
+7rmBzKB1bjBItnnNDITYSxCiawrnHiH8Gt0YyYGf6dRx6WYBeHu6IbNkTzox49b1
+R8HzjidXC1EuK0YfvsCJKVo10yzqO+dU376O8OJ5BaKEUCDcsOY15GkZsShNkzSM
+OKilyBgIfk8tq/KHJXDQNfdrtDusSiSrHGY7vGQ8ZDbgLSIRGBNse2yM1+84cAcS
+El3QXh0GPIiOtM4glsYJyjM9D8Gnrt6Y4e6uoTzdvT39pyT9yfJIyYRQPu40a40+
+fIFAFqaw21QGslak3ihoiX2NtonNDYtvPQIWuXpxaj4TBPTdZ7rDC+G6gR/3CbP7
+3gNo2mJLulz3MhvDulQj4NNtQ0RNvrGYSnqxFz/ICSWEEiBuraHqzzgULrIwhI+X
+CX/5U7KTiCFtZlSfOqmDEb5iat7uQVOD9QdtckipZyyUCDvLe2B+s+RF+QbfSdbX
+16XpLM7rvT478eKSwXyrdVEcJyKUZacYyOMgLYAmMNl4nkCngKMysaDOktG4AhnY
+6djEPGDuKnc6Y1jVNY5sytD2fppn8Fn6XZqv6XbvuMPDNhzuPQbeEMsQNvuUKkgs
+FPSkkR81mZ+6c/vENhaqvJ2S91sjIheTaO4cyXL2Jo0rr7oPSdHV/jdMq3jDUG74
+ITe06Qmxn3gH5gwc+7+mDHvIC4ujmi82cWW96yWyib3SWLwIAvOtjlLmmfq6QusE
+ivHDZUxe2bt5O1NRjSCuVJsDSSqrOmNq6aeq9Y0HO0Ds0BzxrXnk1d0udCjhaVnl
+a8GZ/BxnEYtsJCTdaROsHuyKzgVNZ3w92ewlHugAOMvgOMI+bn71yKC1xXxEH1D7
+L0lonkagOWEXs2daqEPjywZwVekkvvHSP+uPa10IpXYl2NYiYjhqFUHim3FU0L+3
+/7+apOqkzELmYDgrMxqr2a5TZUzDQEBrcGF3/oth61BSiIalnVcv6DOBbaXts8SH
+XhiUpg5knrvSaAdvQMBSu+F1QKl9aUIuVKwvA2etRA+BFEBsTHl00lcYyfBIlAKO
+TPJ4URq+640K5jtWqd9naPm8ocUmyRWmdes0Bdc6gridX0x9M6tJS3PsNmnz8bnQ
+a1kfy2p6h5dhTIEntGbprRgm0GhR+y4WXsb6i4SshEvtrC03OaR6Y6XxjhKAI1ja
+MNt4a8uKzlzETo0XPMfLEFwGVj4Erhyyo5lUpYFIS2gXVY/ThVa/vrew84gcCkkl
+ybZljC2dDSoWK/7ICqxgeLFsevIIDND62ldoUEpceLcnxyGJlfBuLoe9RcEh13fL
+GjXNAmpgWuTI7amVktSWg+ZywJQnhyVl41V7INfAZHM+LhxL2iCzJdiGxnvZDT81
+9WKJns22xgwQ/xt5dT+NCbyvOkxObTK7F7Vksd3BVAsypLoe1QdsOtUaBayY43hE
+3XeRirrhUn19up4kR6EZpadVSASpFqMfnaki+wKYksonwdVautQ/QzhX896IzYT4
+skuNExrZnGV8ITHrjvWob8haTsmSb7gVN7bzNiuqBbY2sBXikY9D0wzba0zPa3iE
+1l/qClFUBGnVO1twOxAUB6CYm3a8sgVQBrsp+jrcSzL16BRT0ODcNf5NnwS7/+IM
+pzYupSKQ4u562zxbq4Ca4JTtbvwoarLZowYIHhBwk7bvd24UQGnlsA2gFSi0ss2X
+NdUN3k6cZmIZ0LO/vGTjNENwWi1M1tH0CK8T2k0C1q7Os8Q9YwDWakBkWI6baV5h
+K7uKaGE7pnL6iCcpkTpRVeOGl+evajnfI5gPRzwXZL0y4IdvF+nBMZkbbiAo8Vv1
+IIdXUpWv2JA9MvK1os8r7l9AgCZ0KX8YW35S5NI8i02lmI1iNynxhoHhY/6ju0iC
++Li77KIrZl9TlCVaDc/ozfiGqsLaBOw93dS7Em0x8ZtSzbd8QyGbmkQ1gsyuGSZ9
+9in5fHu3we8VjNa6AvQDUkY0o6E3qZDPoUwx9cCWjTqJn1uvy2KQttDYLFY0mAol
+byzlhYIyXYgZo+bqbQcyK1iuEvkcrGq0ciKXG9i9KVP56hazkar117+Rw8yKYgt9
+V3KlWjQK7u+R+Ss512WDIOK+O7WGvj7ne/yvbL59QODGMBvrmPHsSqB71yqHwiys
+iortWFbXkmi+ineMC32alfy6riySP0jWK4BOI2UVFobp1qbBU4ipw0Gu6yDp64Xy
+Xx8FTBJICs3Uz3B/hm0s1hvhpIvC3NxWG+0Cp2Ishzcqxb767z50iTNuD8ve2y5d
+eYwulA2EJFlLx6mEOV3c+Tw/e2OrtcPmTW3T+ASrwpk4GuNBLMGkxD0kyEUb7HAH
+0K+G9ursM1timGozcbuJTMiiEycMmXYvK5z3wh0qSgACLz7UaJ5jUEpAWk7mvpO/
+PGhDy//P2+AKWq3bu0nkZZvtzHHO8EhW9bilmlrnmfkuKXPYSKIIvmv5OSLidVUL
+RT3HAAlRoHqwUGBp5SgvaRuWfMTWgPGC5mXe6Tv8u2Bq/MW34T4gAJQmXf9H2z6M
+ieOHYjD2O63n7T7z0MkZ9tSIaNQB1kffqzCXlCnCd7FCkau3r8AA6UnnKHQpYTrn
+4emkUdIEWHiZHiAzCaMnVVYMam4JUoL/R9Qg4gIltJC6WlHBriS7Ij0WxN/kpuDP
+sUAz7dUZNruogJbDyZJW/TjnFPW4h5FeaPih7C/zQiRnetJimTiXe6iqo2hggUXK
+EpKx0lnniVNm0BRgCq1eop4//+l7oofgT/0tjWj0rGaClNN1MOHjFcOQfcV81nnJ
+W4aJvInqMPzuxOlb92GsAdwlB1fSSGd+eM2H8t0ZqrCpzHXPnI6QtgUHKGSph7VM
+7bp6vCRSazSmbxanwt3GZ9qR89RLehKgalFXf38oHGsxmmtVdlyTrV6/2MP4Bgyp
+CLNdZ6gwzdL8Hkbywf7NLSSsvOXqZ1z++reoJdw5O2nuy5TZMuZ7QhB2XgK4VQzo
+84DXLy2A4q6Kw4d2N0tcq7UdxniqOdNh3SB70QwU6zp9VUzF2hcGglW+hOYAU1MS
+vvBv7Z8xQtWZPhX1CNdLOwz7fetEvM3Ej6ZFzE8lSm2n26ViHmjlogFFh8gsaY4c
+Y4cpoxd/2n0GPh9nxF46KWgnI//VdhQ9kZTs0ctRlzG7u8Md9NHqJjqVpGA8YZvC
+bgr5WcuQtzcV0d8DfDU6PHP1bpXvHlSWXDhYGPJqHFowBe306AiSTko/xuz6FPab
+x4Hmb0tsys+abE2+nbWFupBcBBwYB89yVtABXV6AtUF4acB4jKOEc0dMRY89BgA7
+3emqPRl6TcbKo2ndvmqQ8WoXyK4UQrwWZTfCYO02nmTN/z64CO57DssOcfRGy9//
+oPwByoNXwXnEg6kb2LFM6XUblgtzpWILgpSth2PDPVa4jAw9YKAy2y7/IHLkrUQ5
+0/3ya1PlXkWitiMyZq1gxx9TcBlsIt1EFw6aSQkQIGYYYcjoK2Xw3PmYoNI904Bb
+yiX/h6IBAi1vDQTfa4njbARTzmF5nF3lwqHnOPQlqmjo3KoLlRhyhQ/cs3f8aa5R
+4Gfe/90jF5M+HcJhOwCJPDUXwrKtvggRROJJbl6sTbgvN2dARw0ACbdAPzaR+zme
+i9Lkrx+TNvcBhkECewpvozz/aw48eWBt2OLFM7CgQpJVqCUSE71mcPH2uCNsDCDW
+tDvd7dGU9zvCrFEV
+=L3eA
+-----END PGP MESSAGE-----

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -250,6 +250,31 @@ class md_repo_server($hostname) {
    ensure_resource('class','https_server',{})
 }
 
+class eidas_de_middleware($version="106-rs",$hostname='localhost') {
+   $_version = safe_hiera('eidas_sp_version',$version)
+   $_hostname = safe_hiera('eidas_sp_hostname',$hostname)
+   $poseidas_admin_hashed_password = safe_heira('poseidas_admin_hashed_password')
+   $spring_datasource_password = safe_hiera('spring_datasource_password')
+   $middleware_crypt_pin = safe_hiera('middleware_crypt_pin')
+   $middleware_sign_pin = safe_hiera('middleware_sign_pin')
+   file {['/etc/eidas-middleware','/etc/eidas-middleware/configuration','/etc/eidas-middleware/database']: ensure => directory } ->
+   sunet::docker_run {'eidas-demw':
+      image    => 'docker.sunet.se/eidas-demw',
+      imagetag => $_version,
+      hostname => "${::fqdn}",
+      ports    => ['443:8443'],
+      volumes  => ['/var/log/eidas-middleware:/var/log/eidas-middleware',
+                   '/etc/eidas-middleware:/etc/eidas-middleware',
+                   '/dev/log:/dev/log',
+                   '/etc/ssl:/etc/ssl'],
+      env      => ["CERTNAME=$_hostname",
+                   "POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password",
+                   "SPRING_DATASOURCE_PASSWORD=$spring_datasource_password",
+                   "MIDDLEWARE_CRYPT_PIN=$middleware_crypt_pin",
+                   "MIDDLEWARE_SIGN_PIN=$middleware_sign_pin"]
+   }
+}
+
 class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') {
    $_version = safe_hiera('eidas_sp_version',$version)
    $_hostname = safe_hiera('eidas_sp_hostname',$hostname)