From 6c5d9f962c669c3532c7c7a7651e63637e51e709 Mon Sep 17 00:00:00 2001
From: Felix Hellman <felix@helagon.se>
Date: Wed, 23 Apr 2025 12:39:10 +0200
Subject: [PATCH] Add template files for openid federation services

---
 application-sandbox.yml.erb | 79 +++++++++++++++++++++++++++++++++++++
 docker-compose.yml.yrb      | 10 +++++
 2 files changed, 89 insertions(+)
 create mode 100644 application-sandbox.yml.erb
 create mode 100644 docker-compose.yml.yrb

diff --git a/application-sandbox.yml.erb b/application-sandbox.yml.erb
new file mode 100644
index 0000000..1dc75b1
--- /dev/null
+++ b/application-sandbox.yml.erb
@@ -0,0 +1,79 @@
+server:
+  port: <%= @service_port %>
+  servlet:
+    context-path: /oidf
+  compression:
+    enabled: true
+
+
+credential:
+  bundles:
+    keystore:
+      sign-key-store:
+        location: file:/<%= @keystore_file %>
+        password: changeit
+        type: JKS
+    jks:
+      sign-key-1:
+        store-reference: sign-key-store
+        name: "Sign key 1"
+        key:
+          alias: 1
+          key-password: changeit
+      validation-key-1:
+        store-reference: validation-key-store
+        name: "Validation key 1"
+        key:
+          alias: 1
+          key-password: changeit
+spring:
+  application:
+    name: openid-federation-services
+  ssl:
+    bundle:
+      jks:
+        oidf-internal:
+          truststore:
+            location: file:/<%= @keystore_file %>
+            password: <%= @keystore_password %>
+            type: PKCS12
+
+openid:
+  federation:
+    modules:
+      resolvers:
+        - trusted-keys:
+            - sign-key-1
+          entity-identifier: https://<%= @server_fqdn %>/oidf/resolver
+          trust-anchor: https://<%= @server_fqdn %>/oidf/ta
+      trust-anchors:
+        - entity-identifier: https://<%= @server_fqdn %>/ta
+    storage: memory
+    sign:
+      - sign-key-1
+    registry:
+      integration:
+        enabled: false
+    entities:
+      - subject: https://<%= @server_fqdn %>/oidf/resolver
+        issuer: https://<%= @server_fqdn %>/oidf/resolver
+        hosted-record:
+          metadata:
+            json: |
+              {
+                "federation_entity": {
+                  "organization_name": "Sweden Connect"
+                }
+              }
+      - subject: https://<%= @server_fqdn %>/oidf/ta
+        issuer: https://<%= @server_fqdn %>/oidf/ta
+        hosted-record:
+          metadata:
+            json: |
+              {
+                "federation_entity": { 
+                  "organization_name": "Sweden Connect",
+                  "federation_fetch_endpoint": "https://<%= @server_fqdn %>/oidf/ta/fetch",
+                  "federation_list_endpoint": "https://<%= @server_fqdn %>/oidf/ta/subordinate_listing"
+                }
+              }
diff --git a/docker-compose.yml.yrb b/docker-compose.yml.yrb
new file mode 100644
index 0000000..2173b26
--- /dev/null
+++ b/docker-compose.yml.yrb
@@ -0,0 +1,10 @@
+services:
+  oidf:
+    image: ghcr.io/swedenconnect/openid-federation-services:<%= @version %>
+    ports:
+      - "443:<%= @service_port %>/tcp"
+    environment:
+      SPRING_CONFIG_IMPORT: <%= @config_file %>
+    volumes:
+      - <%= @service_dir %>:/opt/oidf
+      - /etc/ssl:/etc/ssl