From e80d1a5783060de3a273002911540886de870e35 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 10 Sep 2018 12:37:51 +0200
Subject: [PATCH] deploy 1.3.6 along with new p11 config

---
 .../{ => credentials}/pkcs11.cfg              |  0
 .../etc/eidas-connector/eidas-connector.conf  | 76 ++++++++++---------
 .../overlay/etc/eidas-connector/loglevels.xml |  2 +-
 global/overlay/etc/puppet/cosmos-rules.yaml   |  2 +-
 4 files changed, 41 insertions(+), 39 deletions(-)
 rename eidas-connector-common/overlay/etc/eidas-connector/{ => credentials}/pkcs11.cfg (100%)

diff --git a/eidas-connector-common/overlay/etc/eidas-connector/pkcs11.cfg b/eidas-connector-common/overlay/etc/eidas-connector/credentials/pkcs11.cfg
similarity index 100%
rename from eidas-connector-common/overlay/etc/eidas-connector/pkcs11.cfg
rename to eidas-connector-common/overlay/etc/eidas-connector/credentials/pkcs11.cfg
diff --git a/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf
index d44828a9..341811c1 100644
--- a/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf
+++ b/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf
@@ -38,57 +38,59 @@ export IDP_CREDENTIALS=/etc/eidas-connector/credentials
 export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks
 export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver
 
-export IDP_PKCS11_ENABLED=false
-#export IDP_PKCS11_LIBRARY=/usr/safenet/lunaclient/lib/libCryptoki2_64.so
-#export IDP_PKCS11_SLOT=5
-#export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
-#export SP_METADATA_SIGNING_PKCS11_ENABLED=true
-#export IDP_PKCS11_SLOT_LIST_INDEX=1
+export IDP_PKCS11_ENABLED=true
+export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
+export SP_METADATA_SIGNING_PKCS11_ENABLED=true
 
-export IDP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
-export IDP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
-#export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
-#export IDP_SIGNING_PKCS11_PIN=$PKCS11_PIN
-#export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt
+#export IDP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
+#export IDP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
+export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
+export IDP_SIGNING_PKCS11_PIN=$PKCS11_PIN
+export IDP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt
 
-export IDP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
-export IDP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
-#export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
-#export IDP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
-#export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt
+#export IDP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
+#export IDP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
+export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
+export IDP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
+export IDP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt
 
-export IDP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
-export IDP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
-#export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
-#export IDP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
-#export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt
+#export IDP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
+#export IDP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
+export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
+export IDP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
+export IDP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt
 
 export SP_CREDENTIALS=/etc/eidas-connector/credentials
 
-export SP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
-export SP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
-#export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
-#export SP_SIGNING_PKCS11_PIN=$PKCS11_PIN
-#export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt
+#export SP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
+#export SP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
+export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
+export SP_SIGNING_PKCS11_PIN=$PKCS11_PIN
+export SP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt
 
-export SP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
-export SP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
-#export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
-#export SP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
-#export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt
+#export SP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
+#export SP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
+export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
+export SP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
+export SP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt
 
-export SP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
-export SP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
-#export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
-#export SP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
-#export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt
+#export SP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
+#export SP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
+export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
+export SP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
+export SP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
+export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt
 
 # Tomcat settings
 export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat
 export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem
 export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem
 export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem
-export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|130\.242\.125\.\d{1,3}\|81\.236\.48\.\d{1,3}"'
 
 FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities
 FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt
diff --git a/eidas-connector-common/overlay/etc/eidas-connector/loglevels.xml b/eidas-connector-common/overlay/etc/eidas-connector/loglevels.xml
index 5d29ee8d..5ee30e5e 100644
--- a/eidas-connector-common/overlay/etc/eidas-connector/loglevels.xml
+++ b/eidas-connector-common/overlay/etc/eidas-connector/loglevels.xml
@@ -11,7 +11,7 @@
     <variable name="idp.loglevel.spring" value="ERROR" />
     <variable name="idp.loglevel.container" value="ERROR" />
     <variable name="idp.loglevel.xmlsec" value="ERROR" />
-    <variable name="se.elegnamnden.eidas.pkcs11" value="INFO" />
+    <variable name="se.elegnamnden.eidas.pkcs11" value="DEBUG" />
 
     <!-- 
       It is also possible to add loggers and even appenders in this override file.
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 687835b5..72f652d7 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -570,7 +570,7 @@ md-eu1.qa.komreg.net:
    konsulter:
    autoupdate:
    eidas_connector:
-     version: 1.3.5
+     version: 1.3.6
      hostname: connector.eidas.swedenconnect.se
    sunet::frontend::register_sites:
      sites: