Commit 1be9cd94 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

add script for creating stuff needed for ssl between poseidas and ssa-server,...

add script for creating stuff needed for ssl between poseidas and ssa-server, remove obsolete ssl stuff from poseidas and change poseidas config and ssa-server docker stuff
parent a974a871
......@@ -11,3 +11,9 @@ packer/
.idea/
*/_build
#eclipse
.project
.classpath
.settings
*/**/.settings
......@@ -5,5 +5,10 @@ FROM $WILDFLY_IMAGE
# we need this for consuming the eID SOAP service
COPY wsdl/* /opt/jboss/
COPY ssl/poseidas.docker.reqesidta.de.crt /opt/poseidas.docker.reqesidta.de.crt
# install the cert for using ssl when consuming eID SOAP service
USER root
RUN keytool -import -noprompt -cacerts -storepass changeit -alias poseidas.docker.reqesidta.de -file /opt/poseidas.docker.reqesidta.de.crt; exit 0
EXPOSE 9990
-----BEGIN CERTIFICATE-----
MIIDaTCCAlECFEdr/IgW7QmFy6iVqfuCJo1wYOt1MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwxDjAM
BgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMuZG9j
a2VyLnJlcWVzaWR0YS5kZTAeFw0xOTEwMTQxMTUxMDZaFw0yMDEwMTMxMTUxMDZa
MHExCzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwx
DjAMBgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMu
ZG9ja2VyLnJlcWVzaWR0YS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdshI+Yn1vnkF5qXXKjLOW8/6JjCp1fCOCtcK3MTXzlzWvAKXmNEFpqApGC
li5lL1AgWIMEu4So+KA0Irm1RR0pLAnUKFAa7+bJlMIKrVI8TR7/LtPf8E/UzsVL
irkmukxjCRtRFlROVxR9Vi8B7MOQCCKwt4Rg+IOvCTG7LkegRkQ9+V+gKMfdKs0f
fKOSW46eSR+nJFADpMWwgqSqEJ7jcFAVABKVXg/Y67RTtYFiYHAAVDsR2KouME5C
mXrIg+bkoJ4zn07h1Y/GmsrFupbqjBN25WPnaiS+llxGDPOew7wBBvTv1m9p8Ef4
nLDWckiZ4W82dMr++KTOSnhlHyECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAG0Sm
jDvtWyrbtGQU16DNS21kCSxreA0RgSLB5mOlTfVMvzKNnMcJhZuawGM/sVB+AlDy
I8X5a4VVHJMVqltK1zpoePlLaXrTplb3GkeFy3m7BuJu3KnSRaseVAlybF3KFZ/9
zL+PjMy4b7FI6N7wBvx5ZtYgE1MryrlAov+y8e19MEo8UKu5VsEIBMdqQEsaLyuQ
lihUnLc0IMPTsDBgUl73AdaR2lE0uA9cx3hZ2YWAjAJrl95LvZUpUAaRyQVEN3d4
iIBgD8chqnjnvlvzbuadfR1YuG2BKyvkKRGo+QGi9QlhISk/TmB14zTLNOkEREvD
nCfcTzu4papDjMoULQ==
-----END CERTIFICATE-----
poseidas.docker.reqesidta.de.crt is created at and copied from ../poseidas/src/main/resources/ssl/
......@@ -22,14 +22,13 @@ spring.h2.console.enabled=false
spring.h2.console.path=/h2
# tls settings
# no ssl for protoype
server.ssl.enabled = false
#server.ssl.key-store:classpath:tomcat-ssl/tomcat-ssl.jks
#server.ssl.key-store-password:123456
#server.ssl.key-password=123456
#server.ssl.keyStoreType:JKS
#server.ssl.keyAlias:localhost
#server.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
server.ssl.enabled = true
server.ssl.key-store:classpath:ssl/poseidas.docker.reqesidta.de.jks
server.ssl.key-store-password:123456
server.ssl.key-password=123456
server.ssl.keyStoreType:JKS
server.ssl.keyAlias:1
server.ssl.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
# Datasource
spring.datasource.url=jdbc:h2:file:/tmp/test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
......
#!/bin/bash
#
# tobias.assmann@ecsec.de
#
# run this to create a new certificate and the needed java keystore
#
DOMAIN=poseidas.docker.reqesidta.de
PASS=123456
PWD=`pwd`
SCRIPTPATH="$(dirname "$BASH_SOURCE")"
cd $SCRIPTPATH
openssl genrsa -out $DOMAIN.key 2048
openssl req -new -subj "/C=DE/ST=local/L=local/O=local/OU=it/CN=$DOMAIN" -key $DOMAIN.key -out $DOMAIN.csr
openssl x509 -req -days 365 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
cat $DOMAIN.key > $DOMAIN.pem
cat $DOMAIN.crt >> $DOMAIN.pem
# copy the certificate to the webserver docker
cp $DOMAIN.crt ../../../../../docker/webserver/ssl
openssl pkcs12 -passin pass:$PASS -passout pass:$PASS -export -in $DOMAIN.pem -out $DOMAIN.pkcs12
keytool -importkeystore -deststorepass $PASS -destkeypass $PASS -destkeystore poseidas.docker.reqesidta.de.jks -srckeystore poseidas.docker.reqesidta.de.pkcs12 -srcstoretype PKCS12 -srcstorepass $PASS
echo "Please remember to clean and build the root project and rebuild the docker stuff .... !\n"
echo "Done!"
cd $PWD
exit 0
-----BEGIN CERTIFICATE-----
MIIDaTCCAlECFEdr/IgW7QmFy6iVqfuCJo1wYOt1MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwxDjAM
BgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMuZG9j
a2VyLnJlcWVzaWR0YS5kZTAeFw0xOTEwMTQxMTUxMDZaFw0yMDEwMTMxMTUxMDZa
MHExCzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwx
DjAMBgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMu
ZG9ja2VyLnJlcWVzaWR0YS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdshI+Yn1vnkF5qXXKjLOW8/6JjCp1fCOCtcK3MTXzlzWvAKXmNEFpqApGC
li5lL1AgWIMEu4So+KA0Irm1RR0pLAnUKFAa7+bJlMIKrVI8TR7/LtPf8E/UzsVL
irkmukxjCRtRFlROVxR9Vi8B7MOQCCKwt4Rg+IOvCTG7LkegRkQ9+V+gKMfdKs0f
fKOSW46eSR+nJFADpMWwgqSqEJ7jcFAVABKVXg/Y67RTtYFiYHAAVDsR2KouME5C
mXrIg+bkoJ4zn07h1Y/GmsrFupbqjBN25WPnaiS+llxGDPOew7wBBvTv1m9p8Ef4
nLDWckiZ4W82dMr++KTOSnhlHyECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAG0Sm
jDvtWyrbtGQU16DNS21kCSxreA0RgSLB5mOlTfVMvzKNnMcJhZuawGM/sVB+AlDy
I8X5a4VVHJMVqltK1zpoePlLaXrTplb3GkeFy3m7BuJu3KnSRaseVAlybF3KFZ/9
zL+PjMy4b7FI6N7wBvx5ZtYgE1MryrlAov+y8e19MEo8UKu5VsEIBMdqQEsaLyuQ
lihUnLc0IMPTsDBgUl73AdaR2lE0uA9cx3hZ2YWAjAJrl95LvZUpUAaRyQVEN3d4
iIBgD8chqnjnvlvzbuadfR1YuG2BKyvkKRGo+QGi9QlhISk/TmB14zTLNOkEREvD
nCfcTzu4papDjMoULQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCREUxDjAMBgNVBAgMBWxvY2FsMQ4wDAYD
VQQHDAVsb2NhbDEOMAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAml0MSUwIwYDVQQD
DBxwb3NlaWRhcy5kb2NrZXIucmVxZXNpZHRhLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAx2yEj5ifW+eQXmpdcqMs5bz/omMKnV8I4K1wrcxNfOXN
a8ApeY0QWmoCkYKWLmUvUCBYgwS7hKj4oDQiubVFHSksCdQoUBrv5smUwgqtUjxN
Hv8u09/wT9TOxUuKuSa6TGMJG1EWVE5XFH1WLwHsw5AIIrC3hGD4g68JMbsuR6BG
RD35X6Aox90qzR98o5Jbjp5JH6ckUAOkxbCCpKoQnuNwUBUAEpVeD9jrtFO1gWJg
cABUOxHYqi4wTkKZesiD5uSgnjOfTuHVj8aaysW6luqME3blY+dqJL6WXEYM857D
vAEG9O/Wb2nwR/icsNZySJnhbzZ0yv74pM5KeGUfIQIDAQABoAAwDQYJKoZIhvcN
AQELBQADggEBALnvGf8EEPCm6C6bmBvn6SV3pzL12tky2KvLiGOK2LMK3I+fG0dL
h7sg6DoC2u9pwIgGUOZ0QppHZx5pt/5oiFDVFiDsHEnol6TfdVtIMUm9uV2au2CE
5obeonX0KjcMDMVuEukdXNOWnzFNg4tAGUX3jFF50+c8WM78dt+V+rizH50WOlFI
RnOdCkFB9DfOdG5KO36TB/pIHPFLYYHUVFqAAggmcXobP30KsFV5ChGzawyHH691
ASd9rFQ3sFymtKdkzBXA2WBjgldoh+1Ob6Z/chcGmnYHNgg9+cUI0GDycONIKxYP
sfh4tzpKaMngEphVSxaZSZIw0nUS9ACs47o=
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAx2yEj5ifW+eQXmpdcqMs5bz/omMKnV8I4K1wrcxNfOXNa8Ap
eY0QWmoCkYKWLmUvUCBYgwS7hKj4oDQiubVFHSksCdQoUBrv5smUwgqtUjxNHv8u
09/wT9TOxUuKuSa6TGMJG1EWVE5XFH1WLwHsw5AIIrC3hGD4g68JMbsuR6BGRD35
X6Aox90qzR98o5Jbjp5JH6ckUAOkxbCCpKoQnuNwUBUAEpVeD9jrtFO1gWJgcABU
OxHYqi4wTkKZesiD5uSgnjOfTuHVj8aaysW6luqME3blY+dqJL6WXEYM857DvAEG
9O/Wb2nwR/icsNZySJnhbzZ0yv74pM5KeGUfIQIDAQABAoIBAHUwX/XCSmNHgJ77
Ak8LdKbMmaxjZylzX1Qol76KAD8VC9H16mlza9i10yyPAJHjBBqh52GWtlsOsIv0
FzPqQeMQ/sAH3Gi2a6PDcZdVjuR0ax1795iqUB2ZgKiP68VB7NhWmlNjIywHnUR9
Itgc2XVSfnVkQ3OXSHKZuV1wEZIkozggfwAxCcJiJ96GKhqj/oJTbWZief4ptltU
G9bc/czJ6JTXgPnLVLAX9qoJltvtO9LRaR6r3lJ9V6tPkvTTOrZ1jWEBode5+1Ph
1VttOOpeJCN6Lz+27QgxXyY9wvPBnB0Hw0N7N2yThNL9SPIkSYiSw7ohAi3ttHRe
itUQFcECgYEA7kTXm3/nhKwkHNCU+lncUcDrJw7Bc/WdcZY++J7YXmssS59oy7Kr
0M9ToRDgjPCTo+jhyeiS9VOpaxRcV/sG2qxUydIhI3TJKemq3Y+KsPkm9dFWs0UB
bCFF7q9oljBb6ZEwm2TyN5ACb1g7SevNso3+9GMM3Y1eNniG1vcs5d8CgYEA1kOn
8PXX1/zM4Ak15fBHJ29ZQ4DI+FopcLtyBfYgQzUL+uZ9DM0qOgFeAEgxvkdk93Lu
EZtsS68/rXN/GgL1kOpCz7vpn7z7gi8dRerqEkl7l/MB+PEEicWVHBXAyvypzl7n
LbHSeUbsOiqKZ9UBi6KX3cC5aMUgegyr22Qcmv8CgYAjNDKy+/PmC1UOmNbaInrF
7X4Q+EIm8uw/QxasvzNyx9z0k2n1ZsGyCV/u1UKIMGdv+VGa9mz4KFNIyepW6XT6
zCl+5DgXOAMc2TRwpeu0+CsEeNiZhiGOq1/cwzftsNlzqgsHeqO7B+EEOIISCvAK
aKZ5z0SwW1nHLImnqz+L+wKBgCGZaGuD0b4f+WykZRxSqoXHk0LfniQ710XDTyUa
LIL9fYxxumhYf+eqsTfwGkTRY0becfC246uWprCnbOYCUsnPwnxa5k7TTsliY//D
z8LgXQ494DBOczy7jB9kVeA+8M3Y2f2zZeL4uTCB3URdBaoE7DWs9CY2y1n4RLbZ
oxa3AoGBAIp9sEGLpWl6j/6BtbtSx7V9IXleRPFEUPYbNDksh43LZ8AgibOPuyx7
mNLk7H/ZLBLMS3DkcfkdtNxnuOkIt9QjCiMquEOGdn8a/TOX0e9SXHtygsyMLbkX
7Yk5Jbi0pPfkr45eEsuLDbhIoQaQ/d9NbHmit56yRkchUkQtnUIZ
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAx2yEj5ifW+eQXmpdcqMs5bz/omMKnV8I4K1wrcxNfOXNa8Ap
eY0QWmoCkYKWLmUvUCBYgwS7hKj4oDQiubVFHSksCdQoUBrv5smUwgqtUjxNHv8u
09/wT9TOxUuKuSa6TGMJG1EWVE5XFH1WLwHsw5AIIrC3hGD4g68JMbsuR6BGRD35
X6Aox90qzR98o5Jbjp5JH6ckUAOkxbCCpKoQnuNwUBUAEpVeD9jrtFO1gWJgcABU
OxHYqi4wTkKZesiD5uSgnjOfTuHVj8aaysW6luqME3blY+dqJL6WXEYM857DvAEG
9O/Wb2nwR/icsNZySJnhbzZ0yv74pM5KeGUfIQIDAQABAoIBAHUwX/XCSmNHgJ77
Ak8LdKbMmaxjZylzX1Qol76KAD8VC9H16mlza9i10yyPAJHjBBqh52GWtlsOsIv0
FzPqQeMQ/sAH3Gi2a6PDcZdVjuR0ax1795iqUB2ZgKiP68VB7NhWmlNjIywHnUR9
Itgc2XVSfnVkQ3OXSHKZuV1wEZIkozggfwAxCcJiJ96GKhqj/oJTbWZief4ptltU
G9bc/czJ6JTXgPnLVLAX9qoJltvtO9LRaR6r3lJ9V6tPkvTTOrZ1jWEBode5+1Ph
1VttOOpeJCN6Lz+27QgxXyY9wvPBnB0Hw0N7N2yThNL9SPIkSYiSw7ohAi3ttHRe
itUQFcECgYEA7kTXm3/nhKwkHNCU+lncUcDrJw7Bc/WdcZY++J7YXmssS59oy7Kr
0M9ToRDgjPCTo+jhyeiS9VOpaxRcV/sG2qxUydIhI3TJKemq3Y+KsPkm9dFWs0UB
bCFF7q9oljBb6ZEwm2TyN5ACb1g7SevNso3+9GMM3Y1eNniG1vcs5d8CgYEA1kOn
8PXX1/zM4Ak15fBHJ29ZQ4DI+FopcLtyBfYgQzUL+uZ9DM0qOgFeAEgxvkdk93Lu
EZtsS68/rXN/GgL1kOpCz7vpn7z7gi8dRerqEkl7l/MB+PEEicWVHBXAyvypzl7n
LbHSeUbsOiqKZ9UBi6KX3cC5aMUgegyr22Qcmv8CgYAjNDKy+/PmC1UOmNbaInrF
7X4Q+EIm8uw/QxasvzNyx9z0k2n1ZsGyCV/u1UKIMGdv+VGa9mz4KFNIyepW6XT6
zCl+5DgXOAMc2TRwpeu0+CsEeNiZhiGOq1/cwzftsNlzqgsHeqO7B+EEOIISCvAK
aKZ5z0SwW1nHLImnqz+L+wKBgCGZaGuD0b4f+WykZRxSqoXHk0LfniQ710XDTyUa
LIL9fYxxumhYf+eqsTfwGkTRY0becfC246uWprCnbOYCUsnPwnxa5k7TTsliY//D
z8LgXQ494DBOczy7jB9kVeA+8M3Y2f2zZeL4uTCB3URdBaoE7DWs9CY2y1n4RLbZ
oxa3AoGBAIp9sEGLpWl6j/6BtbtSx7V9IXleRPFEUPYbNDksh43LZ8AgibOPuyx7
mNLk7H/ZLBLMS3DkcfkdtNxnuOkIt9QjCiMquEOGdn8a/TOX0e9SXHtygsyMLbkX
7Yk5Jbi0pPfkr45eEsuLDbhIoQaQ/d9NbHmit56yRkchUkQtnUIZ
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDaTCCAlECFEdr/IgW7QmFy6iVqfuCJo1wYOt1MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwxDjAM
BgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMuZG9j
a2VyLnJlcWVzaWR0YS5kZTAeFw0xOTEwMTQxMTUxMDZaFw0yMDEwMTMxMTUxMDZa
MHExCzAJBgNVBAYTAkRFMQ4wDAYDVQQIDAVsb2NhbDEOMAwGA1UEBwwFbG9jYWwx
DjAMBgNVBAoMBWxvY2FsMQswCQYDVQQLDAJpdDElMCMGA1UEAwwccG9zZWlkYXMu
ZG9ja2VyLnJlcWVzaWR0YS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdshI+Yn1vnkF5qXXKjLOW8/6JjCp1fCOCtcK3MTXzlzWvAKXmNEFpqApGC
li5lL1AgWIMEu4So+KA0Irm1RR0pLAnUKFAa7+bJlMIKrVI8TR7/LtPf8E/UzsVL
irkmukxjCRtRFlROVxR9Vi8B7MOQCCKwt4Rg+IOvCTG7LkegRkQ9+V+gKMfdKs0f
fKOSW46eSR+nJFADpMWwgqSqEJ7jcFAVABKVXg/Y67RTtYFiYHAAVDsR2KouME5C
mXrIg+bkoJ4zn07h1Y/GmsrFupbqjBN25WPnaiS+llxGDPOew7wBBvTv1m9p8Ef4
nLDWckiZ4W82dMr++KTOSnhlHyECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAG0Sm
jDvtWyrbtGQU16DNS21kCSxreA0RgSLB5mOlTfVMvzKNnMcJhZuawGM/sVB+AlDy
I8X5a4VVHJMVqltK1zpoePlLaXrTplb3GkeFy3m7BuJu3KnSRaseVAlybF3KFZ/9
zL+PjMy4b7FI6N7wBvx5ZtYgE1MryrlAov+y8e19MEo8UKu5VsEIBMdqQEsaLyuQ
lihUnLc0IMPTsDBgUl73AdaR2lE0uA9cx3hZ2YWAjAJrl95LvZUpUAaRyQVEN3d4
iIBgD8chqnjnvlvzbuadfR1YuG2BKyvkKRGo+QGi9QlhISk/TmB14zTLNOkEREvD
nCfcTzu4papDjMoULQ==
-----END CERTIFICATE-----
ssa-config {
sessionMaxAge: 60,
sessionCheckAgeInterval: 30,
eidUrl: "http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
eidUrl: "https://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
ca-config: {
caName: 'dummy-caName',
cmpAlias: 'dummy-cmp-alias',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment