Commit 615d2566 authored by Rene Lottes's avatar Rene Lottes
Browse files

Merge branch 'develop' into 'master'

Develop

See merge request oec/reqesidta-prototype/eid-server!7
parents a08c82df 83f679ff
*.jar
target/
packer/
*Jenkinsfile*
......@@ -10,4 +9,19 @@ packer/
*.ipr
.idea/
# built stuff
*/_build
*.jar
*.war*
*.tgz
#netbeans
*/**/nbactions.xml
#eclipse
.project
.classpath
.settings
*/**/.settings
*/**/workspace
#!/bin/bash
#
# script to build and pack the project as archive for delivery to client
#
# tobias.assmann@ecsec.de
PCK_DIR=for-client-delivery
TRG_DIR=eid-server
TRG_ARC=eid-server.tgz
echo "checking java version ..."
command -v java 2>&1 >> /dev/null || { echo "no java found"; exit 1;}
java -version 2>&1 | awk -F '"' '/version/ {print $2}' | grep -q 1.8 || { echo "java version is not 1.8"; exit 1;}
echo "build the whole project ..."
mvn clean install || { echo "maven build failed. please check!"; exit 1; }
echo "copy builded stuff to $PCK_DIR/$TRG_DIR ..."
cp configuration-wizard/target/configuration-wizard-1.2.0-SNAPSHOT.jar $PCK_DIR/$TRG_DIR/poseidas-configuration-wizard.jar
cp docker/sam/sam-1.2.0-SNAPSHOT-thorntail.jar $PCK_DIR/$TRG_DIR/sam/sam-1.2.0-SNAPSHOT-thorntail.jar
cp docker/ssa/dist/ssa-server.war $PCK_DIR/$TRG_DIR/ssa/dist/ssa-server.war
echo "archiving $PCK_DIR/$TRG_DIR to $PCK_DIR/$TRG_ARC ..."
cd $PCK_DIR
test -f $TRG_ARC && rm $TRG_ARC
tar -cvzf $TRG_ARC $TRG_DIR
cd ..
echo "done"
exit 0
#!/bin/bash
# Synchronize this directory with the target on vserver-001.ecsec.de.
# Exclude the dev files and rename the corresponding files on the server.
rsync -av --delete --progress \
--exclude 'docker-compose.yml' \
--exclude 'poseidas/config/POSeIDAS.xml' \
--exclude 'poseidas/db/poseidas.mv.db' \
--exclude 'deploy-to_*.sh' \
--exclude '*.dodeploy' \
--exclude '*.dodeploy' \
./ reqesidta@vserver-001.ecsec.de:/home/reqesidta/docker/
ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/docker-compose_vserver-001.yml /home/reqesidta/docker/docker-compose.yml"
ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/poseidas/config/POSeIDAS_vserver-001.xml /home/reqesidta/docker/poseidas/config/POSeIDAS.xml"
ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/poseidas/db/poseidas_vserver-001.mv.db /home/reqesidta/docker/poseidas/db/poseidas.mv.db"
ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/ssa/config/ssa-server_vserver-001.conf /home/reqesidta/docker/ssa/config/ssa-server.conf"
# Restart / re-build the services
ssh reqesidta@vserver-001.ecsec.de "cd /home/reqesidta/docker && docker-compose up -d --build"
---
version: "3.3"
networks:
reqesidta_net:
driver: bridge
version: "3.4"
services:
facade:
image: "reqesidta/facade"
container_name: "reqesidta_facade"
labels:
- "traefik.enable=true"
# catchall and the middleware used for global http to http redirect
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
build:
context: ./facade
command:
--providers.docker=true
--providers.file.filename=/etc/traefik/traefik-dyn.yml
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
--entryPoints.traefik.address=:8080
--api.insecure=true
--log.level=debug
ports:
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true) remove for prod!
# see http://localhost:8080/dashboard/
- "8080:8080"
networks:
- reqesidta_net
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
poseidas:
image: "reqesidta/poseidas"
container_name: "reqesidta_poseidas"
labels:
- "traefik.enable=true"
- "traefik.http.services.poseidas.loadbalancer.server.port=8443"
- "traefik.http.routers.poseidas.rule=Path(`/POSeIDAS/eidas-middleware/paosreceiver`)"
- "traefik.http.routers.poseidas.entrypoints=web-secure"
- "traefik.http.routers.poseidas.tls=true"
build:
context: ./poseidas
args:
JAR_FILE: POSeIDAS-exec.jar
networks:
reqesidta_net:
aliases:
- poseidas.docker.reqesidta.de
environment:
- JAVA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
ports:
- "127.0.0.1:8443:8443"
- "127.0.0.1:5005:5005"
- "127.0.0.1:5005:5005" # Java Debug Port remove for prod!
networks:
reqesidta_net:
aliases:
- poseidas.docker.reqesidta.de
volumes:
- ./poseidas/config:/opt/poseidas/config
- eidas-database:/opt/poseidas/database
- ./poseidas/db:/opt/poseidas/database
ejbca:
image: "reqesidta/ejbca"
......@@ -34,16 +69,14 @@ services:
# Has to be 'localhost:port' where port matches the host port below,
# because EJBCA creates a TLS certificate with the corresponding CN.
hostname: localhost:8444
networks:
reqesidta_net:
aliases:
- ejbca.docker.reqesidta.de
ports:
- "127.0.0.1:8444:8443"
- "127.0.0.1:8081:8080"
depends_on:
- postgres
links:
- postgres
# DEPRECATED
# links:
# - postgres
environment:
# Format: jdbc:postgresql://hostname:port/database
DATABASE_JDBC_URL: jdbc:postgresql://postgres:5432/ejbca
......@@ -51,36 +84,84 @@ services:
DATABASE_PASSWORD: password
# Disable the need for a client certificate. Doesn't work, see readme.
# TLS_SETUP_ENABLED: simple
networks:
reqesidta_net:
aliases:
- ejbca.docker.reqesidta.de
postgres:
image: "postgres:11.4"
container_name: "reqesidta_postgres"
networks:
- reqesidta_net
ports:
# Only for debugging purposes
# Only for debugging purposes remove for prod!
- "127.0.0.1:5433:5432"
environment:
POSTGRES_USER: ejbca
POSTGRES_PASSWORD: password
webserver:
container_name: "reqesidta_webserver"
build:
context: ./webserver
networks:
- reqesidta_net
ssa:
image: "reqesidta/ssa"
container_name: "reqesidta_ssa"
labels:
- "traefik.enable=true"
- "traefik.http.services.ssa.loadbalancer.server.port=8080"
- "traefik.http.routers.ssa.rule=PathPrefix(`/ssa-server`)"
- "traefik.http.routers.ssa.entrypoints=web-secure"
- "traefik.http.routers.ssa.tls=true"
build:
context: ./ssa
depends_on:
- poseidas
- ejbca
command: /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 --debug 0.0.0.0:9797
ports:
- "127.0.0.1:28080:8080"
- "127.0.0.1:29990:9990"
- "127.0.0.1:9797:9797"
#- "127.0.0.1:29990:9990"
- "127.0.0.1:9797:9797" # Java Debug Port, remove for prod!
volumes:
- ./ssa/dist:/opt/jboss/wildfly/standalone/deployments/:rw
networks:
reqesidta_net:
aliases:
- ssa.docker.reqesidta.de
sam:
image: "reqesidta/sam"
container_name: "reqesidta_sam"
build:
context: ./sam
ports:
- "127.0.0.1:38080:8080"
- "127.0.0.1:9798:5005" # Java Debug Port, remove for prod!
environment:
JAVA_DEBUG: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 # remove for prod!
networks:
reqesidta_net:
aliases:
- sam.docker.reqesidta.de
webui:
image: "reqesidta/webui"
container_name: "reqesidta_web-ui"
labels:
- "traefik.enable=true"
- "traefik.http.services.webui.loadbalancer.server.port=80"
- "traefik.http.routers.webui.rule=PathPrefix(`/`)"
- "traefik.http.routers.webui.entrypoints=web-secure"
- "traefik.http.routers.webui.tls=true"
build:
context: ./web-ui
ports:
- "127.0.0.1:48080:80"
volumes:
- ./webserver/dist:/opt/jboss/wildfly/standalone/deployments/:rw
- ./web-ui/www-data://usr/local/apache2/htdocs/:rw
networks:
reqesidta_net:
aliases:
- webui.docker.reqesidta.de
volumes:
eidas-database:
external: false
networks:
reqesidta_net:
driver: bridge
---
version: "3.4"
services:
facade:
image: "reqesidta/facade"
container_name: "reqesidta_facade"
labels:
- "traefik.enable=true"
build:
context: ./facade
command:
--providers.docker=true
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--log.level=debug
ports:
- "50080:80"
networks:
- reqesidta_net
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
poseidas:
image: "reqesidta/poseidas"
container_name: "reqesidta_poseidas"
labels:
- "traefik.enable=true"
- "traefik.http.services.poseidas.loadbalancer.server.port=8443"
- "traefik.http.routers.poseidas.rule=Path(`/POSeIDAS/eidas-middleware/paosreceiver`)"
- "traefik.http.routers.poseidas.entrypoints=web"
build:
context: ./poseidas
args:
JAR_FILE: POSeIDAS-exec.jar
# ports:
# - "127.0.0.1:8443:8443"
networks:
reqesidta_net:
aliases:
- poseidas.docker.reqesidta.de
volumes:
- ./poseidas/config:/opt/poseidas/config
- ./poseidas/db:/opt/poseidas/database
ejbca:
image: "reqesidta/ejbca"
container_name: "reqesidta_ejbca"
build:
context: ./ejbca
hostname: localhost:8444
# ports:
# - "127.0.0.1:8444:8443"
depends_on:
- postgres
environment:
DATABASE_JDBC_URL: jdbc:postgresql://postgres:5432/ejbca
DATABASE_USER: ejbca
DATABASE_PASSWORD: password
networks:
reqesidta_net:
aliases:
- ejbca.docker.reqesidta.de
postgres:
image: "postgres:11.4"
container_name: "reqesidta_postgres"
environment:
POSTGRES_USER: ejbca
POSTGRES_PASSWORD: password
networks:
- reqesidta_net
ssa:
image: "reqesidta/ssa"
container_name: "reqesidta_ssa"
labels:
- "traefik.enable=true"
- "traefik.http.services.ssa.loadbalancer.server.port=8080"
- "traefik.http.routers.ssa.rule=PathPrefix(`/ssa-server`)"
- "traefik.http.routers.ssa.entrypoints=web"
build:
context: ./ssa
depends_on:
- poseidas
- ejbca
command: /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
# ports:
# - "127.0.0.1:28080:8080"
# volumes:
# - ./ssa/dist:/opt/jboss/wildfly/standalone/deployments/:rw
networks:
reqesidta_net:
aliases:
- ssa.docker.reqesidta.de
sam:
image: "reqesidta/sam"
container_name: "reqesidta_sam"
build:
context: ./sam
# ports:
# - "127.0.0.1:38080:8080"
networks:
reqesidta_net:
aliases:
- sam.docker.reqesidta.de
webui:
image: "reqesidta/webui"
container_name: "reqesidta_web-ui"
labels:
- "traefik.enable=true"
- "traefik.http.services.webui.loadbalancer.server.port=80"
- "traefik.http.routers.webui.rule=PathPrefix(`/`)"
- "traefik.http.routers.webui.entrypoints=web"
build:
context: ./web-ui
ports:
- "127.0.0.1:48080:80"
networks:
reqesidta_net:
aliases:
- webui.docker.reqesidta.de
networks:
reqesidta_net:
driver: bridge
#!/bin/sh
cd /opt/primekey/bin/
cd /opt/primekey/bin/ || exit
# Use the existing CA (see comment below)
CA=ManagementCA
ALIAS=ecsecCMP
CN=sam.docker.reqesidta.de
PW=testtest
# Create a CMP config
./ejbca.sh config cmp addalias $ALIAS
./ejbca.sh config cmp updatealias $ALIAS --key operationmode --value ra
./ejbca.sh config cmp updatealias $ALIAS --key authenticationmodule --value HMAC
./ejbca.sh config cmp updatealias $ALIAS --key authenticationparameters --value testtest
./ejbca.sh config cmp updatealias $ALIAS --key authenticationmodule --value EndEntityCertificate
./ejbca.sh config cmp updatealias $ALIAS --key authenticationparameters --value $CA
./ejbca.sh config cmp updatealias $ALIAS --key allowraverifypopo --value true
./ejbca.sh config cmp updatealias $ALIAS --key ra.caname --value $CA
./ejbca.sh config cmp updatealias $ALIAS --key defaultca --value $CA
# Make script idempotent by always deleting the user first
./ejbca.sh ra delendentity -force --username $CN
# Add end entity for the server key pair
./ejbca.sh ra addendentity --username $CN --password $PW \
--dn "CN=$CN" --caname $CA --type 1 --token P12
# Add entity to admin role
./ejbca.sh roles addrolemember --role "Super Administrator Role" --caname $CA \
--with "CertificateAuthenticationToken:WITH_COMMONNAME" --value $CN
# Enable batch mode
./ejbca.sh ra setclearpwd $CN $PW
# Create p12 file (saved in p12 subfolder)
./ejbca.sh batch
# Various (currently) unused commands:
# Create a new CA. As you can't set auto-activation to true here, you will have
......
# facade for reqesidta
FROM traefik:v2.0
# needed stuff for tls
# see also docker-compose.yml
COPY docker.reqesidta.de.* /certs/
COPY traefik-dyn.yml /etc/traefik/
-----BEGIN CERTIFICATE-----
MIIFHTCCAwWgAwIBAgIUZZUID13TrpYE3dnBHTvHPBrA8uowDQYJKoZIhvcNAQEL
BQAwHjEcMBoGA1UEAwwTZG9ja2VyLnJlcWVzaWR0YS5kZTAeFw0xOTEwMjMxMTQ4
NTlaFw0yMTEwMjIxMTQ4NTlaMB4xHDAaBgNVBAMME2RvY2tlci5yZXFlc2lkdGEu
ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1FxJXoFME26/1WIOD
9qBYEheMq8+LTBiwDn/ocf7MK4tQoYBaVmtoTUz+On9enS3+6OrdlkgYS9UIB2Xg
tmHL8zSIHtanbA6+sFDPoAEzsyrLqxN9gTQhXaonKBtqb6yYGsMWM7HsOIkgRyMB
lq3Zq0F3AEpNzUtQrNja7+YDenkJncHCGr43BNk2RgwskdCWrVsyqkQmTYPO9z92
CP0HKtbUhpAFxPFABPea02b/kUqykm9vSFZVtDSnDOI+LKoZyMtRTwUn5xd72Wrk
rRXN4Dz+fY4PuwCfMV87kOTTiegFAHuZuMzuvg8fBKpzK8/LWoa/bk+Qt/Cpspvd
C9/6SMbMaHinW8NhckL+OuBYDLWgDzCdJ3mMmaulpBbRQ9kxvLAWfcEoWuS5z+WD
Id61BZMTvQW8aCMppHb6tu/EQAVnRtPDKyvyyZ4hMPc/xP4gJxlNPQQj0r2U1RyD
fCH7eBXoTuXWE9JFmjggTF8QJ9ZKXM2dI8cwAcjIjvz36r+TkHxSM9HdXuLonjms
CqTetwc/Ce/wC1+lCLIvxMnDED5glyZwAtKPmgaYIRGBjg4HS+8v/CEJ4PnBQwAD
GyVEj4VQCjOi3ngPdismrbE/TY3dkmSFfMHTrmFQppyXJ8Pa1Y9/b8wlRVEN3bxU
L25z9cpFvTdWPYXdsHrOiStC4wIDAQABo1MwUTAdBgNVHQ4EFgQU+cf0+g9VD59p
LZ2C5XVk1KRloXEwHwYDVR0jBBgwFoAU+cf0+g9VD59pLZ2C5XVk1KRloXEwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAfdEXugT44mvgHnyt9wzd
t/bpOPYTUvbIF12UiYBuXVTvU9nJToTi0xJ2YhlHqnI9lwhFLsxPivZ1Pa/NsasE
Ln54ZiLO8NLxOQxAsHFNXHzS3pHQttAbT/kQwR6mpaXaeoRDq9LFPrvp3OkQ/Hpc
+3x7lbYoB2xCO3QNtmOMtmWRbkbBqL8h4kAoKKAkz94japEB50tXPf6mcprVh5jq
Fw8AOpzGe1KWzA5V3xlWGlDyGxRHTeUQUmGudgAWnBKO8Y7+LMzSZ8QfUDgKNQm8
hxWYmm/M+2WUxN19z9FZAeXsDeePgkjf7foZ7QRni/edZYOnxNt0LvgihUjg78uA
4poCkk5PRfcVOc3Rrz1oYtFa8bKDFrahTGv+ycVeh0oyj2SLFA8RUOoYCYCxW2yb
p3C3Dob4nUP+JUKSDtkbs5O3b8I7TXbEzG1HRHj9vE0eniLJspAxxM56cMQbj9xs
0NRhtGNSnkV862iXQcoTqmttMRbir3hKaN+T+requdpRa3aME7GO8BxjegUTMd6u
DUfZhLst8lpQWOSLua2sB09RCchV/SqP/yphWD42Vkd1obSiLDJWlZpmtTDRD8yI
en//S06mYagA93yuu9JFUwp35iVdVc6R3EAJf/oZSwLOn4S0vVXsVMG+4KQudXna
Q9NVFxPpHUvcgC4Geyx362k=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC1FxJXoFME26/1
WIOD9qBYEheMq8+LTBiwDn/ocf7MK4tQoYBaVmtoTUz+On9enS3+6OrdlkgYS9UI
B2XgtmHL8zSIHtanbA6+sFDPoAEzsyrLqxN9gTQhXaonKBtqb6yYGsMWM7HsOIkg
RyMBlq3Zq0F3AEpNzUtQrNja7+YDenkJncHCGr43BNk2RgwskdCWrVsyqkQmTYPO
9z92CP0HKtbUhpAFxPFABPea02b/kUqykm9vSFZVtDSnDOI+LKoZyMtRTwUn5xd7
2WrkrRXN4Dz+fY4PuwCfMV87kOTTiegFAHuZuMzuvg8fBKpzK8/LWoa/bk+Qt/Cp
spvdC9/6SMbMaHinW8NhckL+OuBYDLWgDzCdJ3mMmaulpBbRQ9kxvLAWfcEoWuS5
z+WDId61BZMTvQW8aCMppHb6tu/EQAVnRtPDKyvyyZ4hMPc/xP4gJxlNPQQj0r2U
1RyDfCH7eBXoTuXWE9JFmjggTF8QJ9ZKXM2dI8cwAcjIjvz36r+TkHxSM9HdXuLo
njmsCqTetwc/Ce/wC1+lCLIvxMnDED5glyZwAtKPmgaYIRGBjg4HS+8v/CEJ4PnB
QwADGyVEj4VQCjOi3ngPdismrbE/TY3dkmSFfMHTrmFQppyXJ8Pa1Y9/b8wlRVEN
3bxUL25z9cpFvTdWPYXdsHrOiStC4wIDAQABAoICAGJboa7OeckNuci8xtIKRpUP
XpMdTqEON+qINZj/MbGbhRPKZHisr7H7KnJ7O2scXDs0Lz0jvwzTQ2YU/pTK+ttX
wZSdi2FsI6YXBg1/jqeSDRCKXw+v+ayVvzF9a0aoWUpUXtnUQjNXkcNiX/Ug7lRn
3CrSkYkolFvBRhfEbV4+SzeZ4/+VnvMrQv9jlIEwwebVSc9/A3z6ZTkoueNWhng6
IG1WmStJCPAIwqPpZuww8i2Ds9rxo1Lxihehu9ChWdKfaS9EiDxgHDU8pf6GtG0Z
+ocPkvWgUHomyt8DmAX9xXPSC1A3O7gAqx3h3uKnTTnadY3MUJL+FU1WoamyJXhV
wIX1smQAOQk7yM7NhMDzVKS1cYCB6TaJoOVrHuLeBFkkNEKoNx2wyg7XVxvCg2r5
yX1MwfdVv/B4nnRPvQGA0ANAYoZfrufuD4sh5FD9x7J+MOa6yp8vA/xyv8vucGMz
N6yrgQ3c+Om8tcyw4pvINE3k5FxI7Z7bHr0/UXPhUzRlxNithWVrtN84IBpWv2Sg
meiugspttVOn5GGUga2hQ6pdVJ0tNwHjgA/xjrr/WMk97uMZYOs7LxS96Wy96LCe
eGFXpb2WQGAwjv/lCqnbY/UOxcutJI9taRXHND8lJeFq8jjDJtrrDI5ZYC5FuoOa
slZOpgL0Sgco+/o/tGZhAoIBAQDeqCV6qvATTAstlXS7Sa/tDYoQC95TQZONWrOI
sr0TwyFzOA/CtCfX4Nbwf93GDWD0+hEOgDRFGjYSQrgKJsYd9E6enBMiHfgsUVSp
B8ZEj2kMf92JqqFoH6huWhxVmWSPqzEImz6avzfZ+X44fSMS0hOE7MjlNUTUskCa
PQaUrowmUwGx6mdRwlfCk4ALQNhc3xd3wH7wuK6SgfpcpI2SDddCUWIhQnyS9ZKf
4eLqWbO+vQ7OGU0+dMntfaUp8DgyN9MVD8eQ1AimvpPpppgQ9sJv5rj0brpyxFPp
11SWyU2MzNYPafVydAwPk6/8nQpi9MSAizkVzOVt/ELFuDhfAoIBAQDQNWi31WnS
oMBbKMHsTaCsHaD01DY3p52MODZ1Opxk91FErvOCvY/UvqzAV9gXrIY57tRvwbZW
0j+2zcjjJVOlJfscOSKKwc5VrFryjQqAoP+c1Utepij3nH0q3Tk4zGkzE3cv3ogu
1bstXL4Mhext0gdtG03zEiorz48/hnix7VD+kBUWAw57LKCHbGOzB6hXO62m/OQV
VP61iJmRboV5O3h+z6DA8HrcBEC5jPcrkuUCE4rly6M7i3B3RDXnKDqKv2/ILvOy
r6GK71/2ZQxIBs5dL1U+BFvB5SuRhM3vClOg70giGupWRqjBto2LgHr/cf3Zibm4
CnivGNSTY5P9AoIBABNsTaCuyrSUPKFkWUOBQRSHytRthJ50qP96uxCgrvfLXN6l
NFLCznr5hSaDsP/26M9WBSjjrCufBrp/EXjpOv0f87/IU671OFH9YkpAgF44uGw7
t0KsHNptcI7302LwN6KEx4k9qa9sIN4l8onQ+L9KjiNZWIkOJYv8ZMBPtIRB2b36
Hbq8fPjX4Dn8Df5tULKBT5XFuA0dvzTOm917CVKFXJLPcKUAHMfhHkJOPTI+Uvy/
l0wJTwC0xWyvOjo3V1+iGQrMTpdmt757/4ExZDCOphWG5fmEs0URtVQ/0YQ52UcA
E2hS0POEBg1Rz9dUh7RsL7wa6Qbq0dTPXa/LyzcCggEAKLJn15cFakA1mRvsW84I
m9vmvDRGrLY8m03Zhyx/qVSWNACmZGW9GW5zwdzpxibYzbYbHAUXKP1LquWqYIvJ
P7yeyrN4Rvr+48wess5SwTW3AObIJqX/1/ZkmN5I8wsxfORPJbIvmEf6oDFCjJwY
zJaDERaHM/3W9F1LuLUGHnEupbNwC69pQzZD4nSTQEk85GAr3zoLMwg8CSu8KKsb
t8iiEtduqofW2+6Q4DPnlELQNImxWp1lOJxWzVkt2BMK7lfg95YF2GVwBAIqFbVG
o0WBTMGVvduIO+wZigYVYqX4FrrutIviRh7lmYefPydL42ZaogzDmm+hi0glNPH/
2QKCAQBQwzW2M4I3OL4HvCSyqDcw9VoWtjEsNF9Ajh3g+tVF+oyS2R57RiQWI7Gw
GIIuYmtP3WYlL2g6pYIiy5SX7fZYBa7mxWrt8sMQ2BuxIqYK0sSO/RFOKePrUOiO
cm+q9MzOVrgZwjgM5NQGpU9HGp68tWe/U3SFrmQbwqQX7Sj7BXlyxpQfFvN0MdUB
TgMCKNJgFToCmF4yma7fgN0UBsNK3oibxlH3p9BIDxq1o6rejTkR8lR4jStyHD26
691V3Y4ACS9K/GX+lOIwc/iRni3UTKFlBE/VQoyTamahDPspe69iXyoN/BLhagHz
zdr/HFODIyfEKzEpfTbTIDSFcSSn
-----END PRIVATE KEY-----
tls:
certificates:
- certFile: /certs/docker.reqesidta.de.cert
keyFile: /certs/docker.reqesidta.de.key
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
<ServerUrl>https://localhost:8443/eidas-middleware</ServerUrl>
<ServerUrl>https://docker.reqesidta.de/POSeIDAS/eidas-middleware</ServerUrl>
<sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>500</sessionMaxPendingRequests>
<TimerConfiguration>
......@@ -9,8 +9,9 @@
<masterAndDefectListRenewal length="2" unit="11"/>
</TimerConfiguration>
<ServiceProvider entityID="providerA" enabled="true">
<EPAConnectorConfiguration updateCVC="true">
<CVCRefID>providerA</CVCRefID>
<EPAConnectorConfiguration updateCVC="false">
<!-- refID of the devDB from 001-->
<CVCRefID>ecsec</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<blackListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</blackListTrustAnchor>
......@@ -35,8 +36,9 @@
<url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>https://localhost:8443/eidas-middleware/paosreceiver</PaosReceiverURL>
<PaosReceiverURL>https://docker.reqesidta.de/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
</EPAConnectorConfiguration>
</ServiceProvider>
<SAMConfig url="http://reqesidta_sam:8080/"></SAMConfig>
</CoreConfiguration>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
<ServerUrl>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware</ServerUrl>
<sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>500</sessionMaxPendingRequests>
<TimerConfiguration>
<certRenewal length="2" unit="11"/>
<blacklistRenewal length="2" unit="11"/>
<masterAndDefectListRenewal length="2" unit="11"/>
</TimerConfiguration>
<ServiceProvider entityID="providerA" enabled="true">
<EPAConnectorConfiguration updateCVC="false">
<!-- refID of the devDB from 001-->
<CVCRefID>ecsec</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<blackListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</blackListTrustAnchor>
<masterListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</masterListTrustAnchor>
<defectListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</defectListTrustAnchor>
<policyImplementationId>govDvca</policyImplementationId>
<sslKeys id="default">
<serverCertificate>MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI</serverCertificate>
<clientCertificate>MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS</clientCertificate>
<clientKey>MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPl8HZGWC0btxLbblFPPoWLGhIYop0RJ1lNoYzb9+BgBiVdFrdJHyuHEurmxtmYKOZdTlo973I471Bq/HxgLmROLWAhzhv7NVTb9Wv9dkbCOWhRTdupUKAhaFqpzcS+TOdpKy/dhsFJ5L1CVcMmQZVP6qn1EDiDZfjtq4APaTpdGmuBdei5uKYZ8imzCywhs+ARY/DZRsGe6EIVEcPRiDVjagtPAr1nUho2n7t2+C3w+yR+z1qU8HbjH7R+IFzkFdTMpIIsbB4hMaRAqFM5cKZkM7rtoRsJ2VymYJAm5mlL74CWIUyCvXZrEEzbbm5/jC+a0LLEj2M/Ud3NO6zz7W3AgMBAAECggEADd7IaMkyy8DP1EmyWXzKWDqYWc8dDB6yMNs0mpw3dU90lQvPWbuV3wuXR2cs11Qj/4gJvB3iyYOPQiOLHgU+oNmGpbNN4zXnnP8PFTDaft1t0QQvFiP8Q6+/X2u+bh9GF8WIdfRzYrlIWY9JsyxISYrgS/1ju8GHwVhpMNftkbGC4Zn5WnjidImG4aWz20q3GiOqirzayIJZny6a9ch4FuDi+4meuc9qAtGR6xpkRAfxirdYDSgS3P/+Y+0kPAgA1SZXmmsrGsTgoeuKl8HusVRzKCfeQqt0vTKcTUhGP0EEoyA0nC6QH6+Pklqu1wtTQ59RevC6M6rqrG4E5WCEaQKBgQDrHcQ9HoCjPp8Qf5L8dRHbKClb64gBuPyDfJ4tpVvpHHCIf9NTcJ0CBC/5ikoVrzrSwlJvGYtHgxZI+EYzn0MCFC6dxvkHeJA/bylwgw7942KzB4ieQdsmQNnLs/9nTdk06yRNkOMX4GUwQArThWsXiNeByibax4nA1GD/yptLyQKBgQDiCCSqwOoMA9Wsdc110rdQ9Uq6f78Tq0N0uNddvnxh/bY6JWYDHck+EXBvEz4cY6NTtaFqCCoophvrqllryBHEYB/ienual6N+e1XfPoUeLwtOAeqBfVd6IraSyS7jdA6fYErAMjFFgcwr6rqIpDW8AzJZNPCAteSmx7xr+rC1fwKBgGwcQNr1xqLJrayRbM4HKtHCMtpggCaCoCH50GYezhdvi1NIq6yHcLq3oDO3Yf98lqjIz8zkSwX0AfBFsUoVZmNzUkgccO/9gR6aB80DhoY54218/lX+5D0/vqYLO1qOEl1h7kx4XePhu8Wm/RNsGuU0eBvnD1y0OeRgA8Y6rJP5AoGAIdnkW+pOYwREAPMXlTi8mZRS38F4BWMV1CpGntSDXk2X9/dX4smYNQJ5mzj/iVLmyAegp/eXEMVn0xCNGdY5yvY2cD21uz5QjwW7o5aCazXSdJlW3JPAARunyi31Jr1f30CVkVkzBdzdjgo2a3ZkUccMyE1kY3JaTxwEvQsrYdMCgYEArObZilqguFcSPJ/NS4/LxT/XoMWYK7My+5Fpyd+HQchVG/ZDLC+GAhwjhylvSwmXEnJgCEggE1OlfyRqwHi4m2yOFupI4P5jd4kBcm1kM6j/MC/pvCHBu+XJ2/MM2kjqwunsVZt0M3frZ0g6T1LSW0bRC8p2Q4B1jHnmJp7Q8PU=</clientKey>
</sslKeys>
<terminalAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ta-service</url>
</terminalAuthService>
<restrictedIdService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/ri-service</url>
</restrictedIdService>
<passiveAuthService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/pa-service</url>
</passiveAuthService>
<dvcaCertDescriptionService sslKeysId="default">
<url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>