From 9ccb9f19fbf0237c0fe06b3e2ea682691d3937b5 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 16 Oct 2018 20:16:04 +0200
Subject: [PATCH] basic demw config

---
 .../overlay/etc/hiera/data/local.yaml         |   3 ++
 .../configuration/POSeIDAS.xml.sh             |  48 ++++++++++++++++++
 .../configuration/application.properties.sh   |  14 +++++
 .../eidasmiddleware.properties.sh             |  22 ++++++++
 .../configuration/metadata-signer-qa.crt      | Bin 0 -> 1318 bytes
 .../serviceprovider-metadata/.placeholder     |   0
 .../configuration/swedenconnect-signer.crt    |  35 +++++++++++++
 7 files changed, 122 insertions(+)
 create mode 100644 demw-1.sveidas.se/overlay/etc/hiera/data/local.yaml
 create mode 100755 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
 create mode 100755 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
 create mode 100755 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
 create mode 100644 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/metadata-signer-qa.crt
 create mode 100644 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder
 create mode 100644 demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/swedenconnect-signer.crt

diff --git a/demw-1.sveidas.se/overlay/etc/hiera/data/local.yaml b/demw-1.sveidas.se/overlay/etc/hiera/data/local.yaml
new file mode 100644
index 00000000..8ba33b95
--- /dev/null
+++ b/demw-1.sveidas.se/overlay/etc/hiera/data/local.yaml
@@ -0,0 +1,3 @@
+---
+demw_tls_server_cert: MIIEcTCCA1mgAwIBAgIIDI0LEBD/wRIwDQYJKoZIhvcNAQELBQAwVzEnMCUGA1UEAwweYm9zIENBIGVJRCBDb21tdW5pY2F0aW9uIENlcnRzMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJERTAeFw0xMzA1MDcwNzQ5MjRaFw0xNjA1MDYwNzQ5MjRaMGgxHjAcBgNVBAMMFWRldi5nb3Zlcm5pa3VzLWVpZC5kZTEYMBYGA1UECwwPdGVzdGNlcnRpZmljYXRlMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJkZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9ea6dQveXgc23F7jteqN9L023MpOI7BnqD4YxsrOMfEhHBj1tcr1VpZgxtamhHKEJEqptN5ObotyA/wKqeIBEzLgfLGqMyPqnSyejELRql1KYi+moCgMWNiU5FAfhd29Rgr8rPhPtBSgkO7DQdXzaTQxDxQssUTlK5AifIl/f0+/emGZUknAIfXxgXlNmuSCijAt1qoNkd+VS05unQFYKqb3BfxFQDgHqdmg0caPDvb5KHYuTMGFhmRe3B8lt5ffM+QaIK8q+qTy2rU/4jS331tauGdxDv/JniOV2z5gzut4H42Naek9SPjgotk0ON8B4ZuSZf23pJ9GqRH1v9u+MCAwEAAaOCAS4wggEqMAwGA1UdEwEB/wQCMAAwPwYDVR0lBDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDDDAfBgNVHSMEGDAWgBQFIqk8+KQR/Sta43Lw85czVJlxjzAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFFdqnSDAvZJe8F6/4VbhECPNIZf/MEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AuYm9zLWJyZW1lbi5kZS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwPAYDVR0RBDUwM4IVZGV2LmdvdmVybmlrdXMtZWlkLmRlghpkZXYtZGVtby5nb3Zlcm5pa3VzLWVpZC5kZTANBgkqhkiG9w0BAQsFAAOCAQEAMZaY6wFGQTrb7Ke2cST6ZJrUhs1H70awcWO5abMmFWipwqhaW95oUmZvMFxEZcehKgDej1ltHhwkvcCbhM97+pxNLJWnmwn8fpDn28xkkG1pcnKfz7Nj+Nn66NMFeSU4LCKjmfqhmiqaxk6JHOqHwoG8c2b6X5krVLhhhbTAW4oojmJUhrjeeglPpD60JneVRy1w8qoRaDd5UFaMgwRgi0Nom8qaIcYTZuJYhIRb5sTR2SAVjbpEMwZq3NqczOFTafB6HFsLiHB/6RSBtqAC9KMC9m4LPEQvAWN8+sTltYPio/IoTIUVrU13uzOmxTGmubQx2St/7IBy5m7dlk0WUQ==
+demw_tls_client_cert: MIIEBjCCAe6gAwIBAgIEW5qctzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJERTEPMA0GA1UECAwGQnJlbWVuMQ8wDQYDVQQHDAZCcmVtZW4xFjAUBgNVBAoMDUdvdmVybmlrdXMgS0cxDDAKBgNVBAsMA0FBQTEdMBsGA1UEAwwUVExTIENsaWVudCBUZXN0IFJvb3QwHhcNMTgwOTEzMTcyMTU5WhcNMjgwOTEzMTcyMTU5WjAWMRQwEgYDVQQDDAtTRUVVTVdURVNUMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrIhhv3LAyliTVQJ+BLj2Kvx3dJnVaU2cmZl3H5bjtwco6vUKYjsa4IvQzPu+OWID9hi36JzFKQmHJf2kCg/AtSi0JLi3/LjpRJ2KmhEHSqk1ZBnQapfj5TVgSx9+LkROrfmBXH3IrqAQBxEKs6xjBRIdqy0R09PkvR62gTCvysp6LJ/+nDd8tdOB4ysQy+NLG+PDXrq6ikJuTPauAfGYTP25rvIWah/0FH7WcEQzEeILOk4Rb1gZFxwDs1Chgh46/bdGp756qyGJ5Vxnf+wBSUZb22NT1DyjmnUNN+hxa9rtcXSvSblZYWlDIFy19ikR2FZv+BjLmv5asbWqezo58CAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAYNzmlPUIWUhG6Tg8aTq36HFYs1LrPHVifE9Ub7xwynQmyDcdduZQsHzEVoXdQn2nRR6Xu2yGSTgXEqwtqg23T1bx1kKkFoeMUwW6uvkwKnE1anWkKeCtjnxtb5akW4T2ZTB7wPGELpHCaRXd484A3Ftm/WpuCRjgbdaBVl9kuVGLu3bun8BIaUfEc3SDvEgA7BX1siYGJRQuXsSovJb1wSLJmFgzRXBvgONAYB1kTnRM8FsuHBID8OIQTWhDldexECyh/rXccsS1sOk9+G87u97Nu5s6wFRA9H0zNIMtqf7IKTRgdh+8D0CuDlJcILRBYczRq7tUXoEGasKhXtmpe3flQmo5aKDxncPb8VzbWD7Nn2lKxywddYKbLZ2SsdQZjsLrVUrJ2EMyJ/VWWGGj7AdNww4pbKEWn/lG9mAp+Ca8bCr1W6p2lI56Snc8MhFggUOWYJ/DaRaSt0PmpyUPu4CIMlBq9ZYi5Dtpkp5ey8yHkh1fRqlgdJnF1apCXB1LfstCwoxb/1CCy++O0Y5OM282/gI9+KWx8K7ysTjP/hNpp8DhLd4dVvcV9FhEbsxMDWL1ZC1EQgDHjnlNj2douzMDI9qZ5Igv7Ru2n9u3jl5yirPtfcTApUCzsT240cw3gwbPEDJQszoziCQ9BfoPtwqbQQDdi17MrO8hgKzE5Ik=
diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
new file mode 100755
index 00000000..80da2efe
--- /dev/null
+++ b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -x
+
+cat<<EOF
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
+    <ServerUrl>https://${PUBLIC_HOSTNAME}/eidas-middleware</ServerUrl>
+    <sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
+    <sessionMaxPendingRequests>500</sessionMaxPendingRequests>
+    <certificateWarningMargin>200</certificateWarningMargin>
+    <TimerConfiguration>
+        <certRenewal length="2" unit="11"/>
+        <blacklistRenewal length="2" unit="11"/>
+        <masterAndDefectListRenewal length="2" unit="11"/>
+    </TimerConfiguration>
+    <ServiceProvider entityID="qa-se-de-middleware" enabled="true">
+        <EPAConnectorConfiguration updateCVC="true">
+            <CVCRefID>qa-se-de-middleware</CVCRefID>
+            <PkiConnectorConfiguration>
+                <blackListTrustAnchor>MIIEcTCCA1mgAwIBAgIIDI0LEBD/wRIwDQYJKoZIhvcNAQELBQAwVzEnMCUGA1UEAwweYm9zIENBIGVJRCBDb21tdW5pY2F0aW9uIENlcnRzMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJERTAeFw0xMzA1MDcwNzQ5MjRaFw0xNjA1MDYwNzQ5MjRaMGgxHjAcBgNVBAMMFWRldi5nb3Zlcm5pa3VzLWVpZC5kZTEYMBYGA1UECwwPdGVzdGNlcnRpZmljYXRlMR8wHQYDVQQKDBZicmVtZW4gb25saW5lIHNlcnZpY2VzMQswCQYDVQQGEwJkZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9ea6dQveXgc23F7jteqN9L023MpOI7BnqD4YxsrOMfEhHBj1tcr1VpZgxtamhHKEJEqptN5ObotyA/wKqeIBEzLgfLGqMyPqnSyejELRql1KYi+moCgMWNiU5FAfhd29Rgr8rPhPtBSgkO7DQdXzaTQxDxQssUTlK5AifIl/f0+/emGZUknAIfXxgXlNmuSCijAt1qoNkd+VS05unQFYKqb3BfxFQDgHqdmg0caPDvb5KHYuTMGFhmRe3B8lt5ffM+QaIK8q+qTy2rU/4jS331tauGdxDv/JniOV2z5gzut4H42Naek9SPjgotk0ON8B4ZuSZf23pJ9GqRH1v9u+MCAwEAAaOCAS4wggEqMAwGA1UdEwEB/wQCMAAwPwYDVR0lBDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDDDAfBgNVHSMEGDAWgBQFIqk8+KQR/Sta43Lw85czVJlxjzAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFFdqnSDAvZJe8F6/4VbhECPNIZf/MEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AuYm9zLWJyZW1lbi5kZS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwPAYDVR0RBDUwM4IVZGV2LmdvdmVybmlrdXMtZWlkLmRlghpkZXYtZGVtby5nb3Zlcm5pa3VzLWVpZC5kZTANBgkqhkiG9w0BAQsFAAOCAQEAMZaY6wFGQTrb7Ke2cST6ZJrUhs1H70awcWO5abMmFWipwqhaW95oUmZvMFxEZcehKgDej1ltHhwkvcCbhM97+pxNLJWnmwn8fpDn28xkkG1pcnKfz7Nj+Nn66NMFeSU4LCKjmfqhmiqaxk6JHOqHwoG8c2b6X5krVLhhhbTAW4oojmJUhrjeeglPpD60JneVRy1w8qoRaDd5UFaMgwRgi0Nom8qaIcYTZuJYhIRb5sTR2SAVjbpEMwZq3NqczOFTafB6HFsLiHB/6RSBtqAC9KMC9m4LPEQvAWN8+sTltYPio/IoTIUVrU13uzOmxTGmubQx2St/7IBy5m7dlk0WUQ==</blackListTrustAnchor>
+                <masterListTrustAnchor>MIIELTCCA7SgAwIBAgIBBTAKBggqhkjOPQQDAzBVMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQ0wCwYDVQQFEwQwMDA0MRowGAYDVQQDDBFURVNUIGNzY2EtZ2VybWFueTAeFw0xNTA5MjMwODU2MzlaFw0yNjAzMjMyMzU5NTlaMGAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARidW5kMQwwCgYDVQQLDANic2kxDTALBgNVBAUTBDAwMDYxJTAjBgNVBAMMHFRFU1QgQ1NDQSBNYXN0ZXIgTGlzdCBTaWduZXIwggEzMIHsBgcqhkjOPQIBMIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gdH25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlKS0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEAqftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQEDQgAEitE7LDrEMzLs7tPp6pe6BzZJHaThJzm49mUw2x3gKS1iYIeNqXngL5E0sX7MDZZp13dikfbKVln+8k8IiNKrVKOCAYwwggGIMB8GA1UdIwQYMBaAFHD8PNdfzGkLdI7YpGbmsFvP3TmdMB0GA1UdDgQWBBRioyCrfGByzK9GY8va0e1lUoy8czAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0QBCQwIoAPMjAxNTA5MjMwODU2MzlagQ8yMDE4MDkyMzIzNTk1OVowFgYDVR0gBA8wDTALBgkEAH8ABwMBAQEwUQYDVR0RBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDBRBgNVHRIESjBIgRhjc2NhLWdlcm1hbnlAYnNpLmJ1bmQuZGWGHGh0dHBzOi8vd3d3LmJzaS5idW5kLmRlL2NzY2GkDjAMMQowCAYDVQQHDAFEMBQGA1UdJQEB/wQKMAgGBmeBCAEBAzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vd3d3LmJzaS5idW5kLmRlL3Rlc3RfY3NjYV9jcmwwCgYIKoZIzj0EAwMDZwAwZAIwI7b8uJ2wSKDA6YjzLtR9CyOQorXfilVJDVkYkk5zEmVbzA4vLLizjemfYZZQXY/YAjAf6xsMtIIIwJHch1J6Akm8cdjfR653xOx2cLgPCPLOXws3b4Auk2xtolq8YSzD1kA=</masterListTrustAnchor>
+                <defectListTrustAnchor>MIIELTCCA7SgAwIBAgIBBDAKBggqhkjOPQQDAzBVMQswCQYDVQQGEwJERTENMAsGA1UECgwEYnVuZDEMMAoGA1UECwwDYnNpMQ0wCwYDVQQFEwQwMDA0MRowGAYDVQQDDBFURVNUIGNzY2EtZ2VybWFueTAeFw0xNTA5MjMwODU1MjZaFw0yNjAzMjMyMzU5NTlaMGAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARidW5kMQwwCgYDVQQLDANic2kxDTALBgNVBAUTBDAwMDYxJTAjBgNVBAMMHFRFU1QgQ1NDQSBEZWZlY3QgTGlzdCBTaWduZXIwggEzMIHsBgcqhkjOPQIBMIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gdH25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlKS0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEAqftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQEDQgAEphPfzRAJDfLG1r0JpAJYgdRvKc0DacjGhbxhuEWlMRB1XpV3pKPpVHUuraDEaC4Ru8q2W4etyA4Swc8JQ6jdXaOCAYwwggGIMB8GA1UdIwQYMBaAFHD8PNdfzGkLdI7YpGbmsFvP3TmdMB0GA1UdDgQWBBSFeLqnCPkXciiQQOzwVzQDNiNWBDAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0QBCQwIoAPMjAxNTA5MjMwODU1MjZagQ8yMDE4MDkyMzIzNTk1OVowFgYDVR0gBA8wDTALBgkEAH8ABwMBAQEwUQYDVR0RBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDBRBgNVHRIESjBIgRhjc2NhLWdlcm1hbnlAYnNpLmJ1bmQuZGWGHGh0dHBzOi8vd3d3LmJzaS5idW5kLmRlL2NzY2GkDjAMMQowCAYDVQQHDAFEMBQGA1UdJQEB/wQKMAgGBmeBCAEBAzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vd3d3LmJzaS5idW5kLmRlL3Rlc3RfY3NjYV9jcmwwCgYIKoZIzj0EAwMDZwAwZAIwPAvVTvhJuX0dIyd7Ouv0t03J2KA08JehN+RA6oVU7xvS7RbCLIcKNYqVRnC4eJrOAjB1X89X1lH/0Fq3HH1tKXw3ELw62dBrHeHGsn3kcWNXxYqr5iRobwJru3FPk5ka34s=</defectListTrustAnchor>
+                <policyImplementationId>govDvca</policyImplementationId>
+                <sslKeys id="default">
+                    <serverCertificate>${DEMW_TLS_SERVER_CERT}</serverCertificate>
+                    <clientCertificate>${DEMW_TLS_CLIENT_CERT}</clientCertificate>
+                    <clientKey>${DEMW_TLS_CLIENT_KEY}</clientKey>
+                </sslKeys>
+                <terminalAuthService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/ta-service</url>
+                </terminalAuthService>
+                <restrictedIdService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/ri-service</url>
+                </restrictedIdService>
+                <passiveAuthService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/pa-service</url>
+                </passiveAuthService>
+                <dvcaCertDescriptionService sslKeysId="default">
+                    <url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
+                </dvcaCertDescriptionService>
+            </PkiConnectorConfiguration>
+            <PaosReceiverURL>https://${PUBLIC_HOSTNAME}/eidas-middleware/paosreceiver</PaosReceiverURL>
+            <hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
+        </EPAConnectorConfiguration>
+    </ServiceProvider>
+</CoreConfiguration>
+EOF
diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
new file mode 100755
index 00000000..4f99ce4b
--- /dev/null
+++ b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh
@@ -0,0 +1,14 @@
+cat<<EOF
+logging.file=
+poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
+poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
+server.port=${SERVER_PORT:-8443}
+server.ssl.key-password=dummy
+server.ssl.key-store=file\:/tmp/${CERTNAME}.p12
+server.ssl.key-store-password=dummy
+server.ssl.keyAlias=tls
+server.ssl.keyStoreType=PKCS12
+spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
+spring.datasource.url=jdbc\:h2\:file\:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
+spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
+EOF
diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
new file mode 100755
index 00000000..d9a19d1d
--- /dev/null
+++ b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/eidasmiddleware.properties.sh
@@ -0,0 +1,22 @@
+cat<<EOF
+CONTACT_PERSON_COMPANY=Sweden Connect
+CONTACT_PERSON_EMAIL=operations@swedenconnect.se
+CONTACT_PERSON_GIVENNAME=Sweden Connect
+CONTACT_PERSON_SURNAME=Operations
+CONTACT_PERSON_TEL=+46105742100
+COUNTRYCODE=SE
+ENTITYID_INT=qa-se-de-middleware
+SERVER_URL=https://${PUBLIC_HOSTNAME}
+MIDDLEWARE_CRYPT_ALIAS=${MIDDLEWARE_CRYPT_ALIAS:-demw}
+MIDDLEWARE_CRYPT_KEY=/opt/eidas-middleware/configuration/eidasmw-crypto-keystore.jks
+MIDDLEWARE_CRYPT_PIN=${MIDDLEWARE_CRYPT_PIN}
+MIDDLEWARE_SIGN_ALIAS=${MIDDLEWARE_SIGN_ALIAS:-demw}
+MIDDLEWARE_SIGN_KEY=/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks
+MIDDLEWARE_SIGN_PIN=${MIDDLEWARE_SIGN_PIN}
+ORGANIZATION_DISPLAY_NAME=SwedenConnect
+ORGANIZATION_LANG=sv
+ORGANIZATION_NAME=Sweden Connect
+ORGANIZATION_URL=https\://swedenconnect.se
+SERVICE_PROVIDER_CONFIG_FOLDER=/opt/eidas-middleware/configuration/serviceprovider-metadata
+SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/opt/eidas-middleware/configuration/swedenconnect-signer.crt
+EOF
diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/metadata-signer-qa.crt b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/metadata-signer-qa.crt
new file mode 100644
index 0000000000000000000000000000000000000000..f7ead17f52c69448f4be81555fb5d1f84c2d379b
GIT binary patch
literal 1318
zcmXqLVpTF|V&-DvWSDAQ{r9MXornQ18>d#AN85K^Mn-N{27_QjZUas>=1>+kVWwbL
zLv;gH5QmFLF1S23C9^m~!BsaiB{i=kGc7YYu_QA;Pr)fau_(n*+CUPdkeNp)&{4rR
zwInemu_RF;I5Ryjwa7qDoY&CY(8$oz(8$QZ$TUiv*9gP~VlbCBmNqddA$yLIm4Ug5
ziJ!rsiHVD;iHVWn#@UlgO^sF9jU)nVg0I({HC(B9RNm1#M19)bc{`nB_v~kF<LF)d
zwn4?lHR`s_yc4#nE4Mz0{WI5UqR~C=>xS+LL6x^NYIbc`S<Zbl?ERBot{b1`yw&l4
zY4>ru&d(wbOC>k;LsDwjcQ7n(oKsmOu)*x?!W*x68W#R8pEh%*JL9b+nZIp!zaQP(
zcU|!sN9A8;lZ@FCb4+gRkhi$lxIwmHQ-`Shwd+&-ubuqcUt+0xuuSdmq{qv)GW+;;
z7sVfRSa?l5TwW=+*tt&JEkh{rcT&ZakORCdrd!TNbg>ofkzO-JTu;aRX5m}D%;Xz3
z?0;<h^%n~zN;#O^Uf5=4dj9{-i`sEkdCnDc?;prsZ*g-Oi<QM49?pt;H;!vg$h-V1
zef8fqH|1)6K8c^^^|$r;SJ+?sykY9LTUTCdKJqyAJ2`%Gz0DC%RsXp2b2h83mA}k+
zqrvoZ^TM}Azqb6SG{3j5N$$<(S-$7au>Hu=I~)+o`D>-e%w;Ag;sjp(>SCVZ>~!Pl
z;uQ;aX$jgV?Do|8dSYV_vuj(0%U;nG!*9<;1Jw7Huta>3cydF_y6sE)y13K6rTVW`
z&H7rDbWFs2o-;EFUR-9p=IrXW^AA-Rr2A@I+L*b_uiaf(mA;03;lVBE{IvX{x$YL;
zJ)v>kSy(aR`i!4zGK>_&xjr$c?@993Jl6E+L+n*1W<~}^<P-u-{=gK%$dGsFoQ>S}
z578gBBJSCRs+AU;P+9(S!D^l6(kdof_n(V*y|})M*{fY`=@p}83aek7w=rO7j6bfW
zl`(HZ&&q9kUS5}7Q`N8SGb?@Zy}R2hf(~xq^;7L)d)i~Z37_@T=d8Q^U$Wxj<FId>
zoB0mC6Z7L}ZO!bGxNx?>ecAo3AxjoYRPWxu^TfRO0Rr9q$;MtMpFNpcBHXKG`-q_~
zcIHWgTh&!Ei#adq&zW%k*6Npg7&I78cJ{2_C$W8v%(D2imeL+a7fz|PyZLEzwXf%r
zhW|N*+gPu!@l^B4Jr#NChSa5lihfEDDm7-A9hb;6{Qgmhz3B1YQr|y3oNkkCR<@Rf
z8QUyx%<Q=)>Sxw_G^dm2$4spSdv)h}pS-!WeVew=ab=?or*8g}<^82463D|E_;ykI
zSAEu$sfS*3O&7graB%kG2^o2RWD@EOmz2KOvSb!HQ1&AJ{;awX+eHqgeqy_h29!?7
zw~D;Msh9PpZrSuJp+(mFwx*V``@LdF_gHtPC2{Lhm5pB_izH7ib^THkn{-0n=Yn5n
z-Rh&2;isqd%iIXEFmz*$;+oT?b1PQ;!)3M}(W^gy`hKsh`s$ikV)HCq#U=i8QA%&n
ztvN3J-@n?<I~LK<F)98$f0mf;PBrhgWy{VR=4-#v3q9<WwbN#Eq|nX#EDF!8+B=?k
Rr{{cm5|#B+^uJ6n0{{bjI2!-}

literal 0
HcmV?d00001

diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/serviceprovider-metadata/.placeholder
new file mode 100644
index 00000000..e69de29b
diff --git a/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/swedenconnect-signer.crt b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/swedenconnect-signer.crt
new file mode 100644
index 00000000..8466ecfe
--- /dev/null
+++ b/demw-1.sveidas.se/overlay/opt/eidas-middleware/configuration/swedenconnect-signer.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGFTCCA/2gAwIBAgIJAMRMtpYesnyPMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0x
+IjAgBgNVBAoMGUUtTGVnaXRpbWF0aW9uc27Dg8KkbW5kZW4xFzAVBgNVBAsMDlN3
+ZWRlbiBDb25uZWN0MSwwKgYDVQQDDCNTd2VkZW4gQ29ubmVjdCBtZXRhZGF0YSBz
+aWduZXIgdjIuMDAeFw0xODA1MzAwOTIzMzVaFw0zODA1MzAwOTIzMzVaMIGgMQsw
+CQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hv
+bG0xIjAgBgNVBAoMGUUtTGVnaXRpbWF0aW9uc27Dg8KkbW5kZW4xFzAVBgNVBAsM
+DlN3ZWRlbiBDb25uZWN0MSwwKgYDVQQDDCNTd2VkZW4gQ29ubmVjdCBtZXRhZGF0
+YSBzaWduZXIgdjIuMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPer
+La2IxQHWRFvX5mC8OgYSsZTjNcEGz0vLwBsdckQiBWWgrLdnU6+raS/SlriY4qcZ
+g8CJkhj8CdLBn6UxwdwOy+tGYjyAFCkV2yQ68euyNqwWgT6iiq/dn1kjWzamC18H
+U0LN/c7eieldhdI8edSF9Z6Drjt7s8glP4Lrd1FM5NXWros06fpEs61BoMZrIyei
+ptB4M7XBGJW6mQx3trnN4FnDZIyzNf9H+Z4XvXnn/URLMd0S3hS2uxVS7OGluKY6
+hhXfpcOGwUKcQmE7coI0mhZ9TAsG7h++J/A7aBp3eWr9eXzeFmwg7sHRBtd3LaD+
+yBLXuUFaPHJyOSFCeiys1O1Oh2CGpJIfPHlqmCQmTQrNEtioJyPRVAZamwio+mYt
+EsI8ssPW3/FNEe93cHd88BDhCDtz5oiQiGyflsCWSh4SwjFVVw7jgRGzmkn2TfHv
+yjiiexS8LeleqwMQ95e9dcVbktxBvDnPd0xCAXVL0y2P31DXLYe/2806C/21KWRU
+Z/EtLTQKpxJWhqsZwSZSpxjb6h3l8D9HAm5w4I/4w3JB40R7GJFWtuwh+clRnzC2
+xtN9cGfe+LXG0SG6ObUu9XBVBwNIL2xNgz+eSCv1n/8hlahoZySLtj0AKFQPyWvw
+Bitvvwk8uq3NPpBiz2nilHG3nnzlp+TK6+pjOHOrAgMBAAGjUDBOMB0GA1UdDgQW
+BBTqVEEVOf9SV47Nz0su8/MYAWOy4jAfBgNVHSMEGDAWgBTqVEEVOf9SV47Nz0su
+8/MYAWOy4jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAXjshVZ5td
+ZqClqmZUEEWFh8oDk8lrRkZfXUmThQiKYq7NrLecbquDh1Mglq3zVxndZMAZVzrQ
+3U/EJ7B+LXfd5fnl91+qb5d1bJBs/Om/AyFA/bBnOyYPzkZWf+M8nItzQyOJX7ZO
+kzIOakaet6HR6T7ADk7vfSjqnRLywNL/cq3/if9c5WGh5NUSteltuDHOsm3DwvN4
+aFP+rngiYF1j509wbZOO7koIwZZUG9g0Etv0T8u7xXyZkYxjEfrr4uMf6121PoaP
+7mMU1Msuqw7idRMOj7mL5tIpu1ihw/a2pWqaXkxNsQXpOv+HtpBZ28pzqAtcHt8q
+r5V5Gm+W37RMlnIDsJwgEfA6FKEDqahSRmYnh8v+F9aDRDpGYpwRtK3k0tiy9Kvp
+8o16aCCqLtFU+Lme2NzkcFQubPmkan21M6/VTGP7UrgtvhXAaqYcTQBq/YJ4TiXz
+SBZgjywUi1nMZAzG4KS4jFR27Kdiul3G10I/M7nPtNq51uNspiO117zRo/8qD4wE
+BOoxiQw0f7/UPW8uznHU3DR3JUkTTlUfKHrfB7RZvkqw15bLkH8DpgINkjW+PFzI
+OkY6KYbZj/wwCYBw3rxMb4oY3Lv0S6cLmLvxmkG8eizY9ymwNlr/YAwPeyzuLPRf
+j6+cBKFT97et/lUMyfKVwbmuJNgtABRRcw==
+-----END CERTIFICATE-----