#!/usr/bin/env bash

#
# Template for eIDAS Connector configuration
# Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.
#

#
# Logging settings
#

# Logback log levels
#   There must be a Docker volume mounted to the /etc/eidas-connector directory.
export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml

# Process logs go to stdout
export IDP_LOG_CONSOLE=true

# Syslog (for Audit and F-TICKS)
export IDP_SYSLOG_HOST=syslog.nordu.net
export IDP_SYSLOG_PORT=514

# F-TICKS and Audit
export IDP_FTICKS_FEDERATION_ID=eIDAS

# Different formats -> different facilities (?)
export IDP_FTICKS_SYSLOG_FACILITY=AUTHPRIV
export IDP_AUDIT_SYSLOG_FACILITY=AUTH


# JVM settings
export JVM_MAX_HEAP=1536m
export JVM_START_HEA=512m

export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt

export IDP_CREDENTIALS=/etc/eidas-connector/credentials
export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks
export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver

export IDP_PKCS11_ENABLED=true
export IDP_PKCS11_LIBRARY=/usr/safenet/lunaclient/lib/libCryptoki2_64.so
export IDP_PKCS11_SLOT_LIST_INDEX=5
export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
export SP_METADATA_SIGNING_PKCS11_ENABLED=true

export IDP_SIGNING_KEY=""
export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
export IDP_SIGNING_PKCS11_PIN=$PKCS11_PIN
export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt

export IDP_ENCRYPTION_KEY=""
export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
export IDP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt

export IDP_METADATA_SIGNING_KEY=""
export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
export IDP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt

export SP_CREDENTIALS=/etc/eidas-connector/credentials

export SP_SIGNING_KEY=""
export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
export SP_SIGNING_PKCS11_PIN=$PKCS11_PIN
export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt

export SP_ENCRYPTION_KEY=""
export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
export SP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt

export SP_METADATA_SIGNING_KEY=""
export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
export SP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt

# Tomcat settings
export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat
export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem
export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem
export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem
export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|130\.242\.125\.\d{1,3}\|81\.236\.48\.\d{1,3}"'

FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities
FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt

EIDAS_METADATA_SERVICE_LIST_URL=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml
EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt

EIDAS_METADATA_URL=https://md.eidas.swedenconnect.se/entities
EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt